[ossec-list] Re: OSSEC Web Interface--Unable to access ossec directory

[MdMonk <mdmonk@xxxxxxxxx>]

That's an selinux message. Are you running selinux in "ENFORCING"
mode? If so, you will have to grant the web server proc read-access to
the ossec directory/log files.

What do you have in your /etc/sysconfig/selinux config file?

-Chuck (mdmonk)

On 8/13/07, Robert5156 <gidituri_ravi1@xxxxxxxxxxx> wrote:
>
> I followed the instructi0ons in the link below
>
> http://www.ossec.net/wiki/index.php/OSSECWUI:Install
>
> for installing web interface.
>
> I did add the web user to the ossec group and i did restart the apache
> service.
>
> When i access the site "http ://anyhost/ossec-wui/" i am getting the
> error on the web page saying
>
> "Unable to access ossec directory"
>
>
> I also get a notification from OSSEC installed on this system saying
> the following
>
> OSSEC HIDS Notification.
> 2007 Aug 13 16:09:20
>
> Received From: systemname->/var/log/messages
> Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the
> system."
> Portion of the log(s):
>
> Aug 13 16:09:19 systemname kernel: audit(1187046559.343:130): avc:
> denied  { read } for  pid=29595 comm="httpd" name="ossec" dev=dm-0
> ino=16957254 scontext=root:system_r:httpd_t:s0
> tcontext=root:object_r:var_t:s0 tclass=dir
>
>  --END OF NOTIFICATION
>
>
> Help please.
> apache is my web user.Found by using ps -aux | grep http
>
> The tmp/ folder inside ossec-wui folder has the following permissions
>
> drwxrwxrwx 2 root apache  4096 Aug 13 15:05 tmp
>
> The etc/group file has
> "ossec:x:3004:apache" added
>
> /var/ossec is the dir which has ossec installed.The permissions for
> ossec folder are as follows.
>
> dr-xr-xr-- 11 root    ossec   4096 Aug  8 11:07 ossec
>
> Help please. Running Fedora 6
>
>