[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Big brother and httpd

From: Russell Coker <russell coker com au>
To: fedora-selinux-list redhat com
Cc: Tom Diehl <tdiehl rogueind com>
Subject: Re: Big brother and httpd
Date: Mon, 27 Jun 2005 13:05:32 +1000

On Sunday 26 June 2005 22:42, Tom Diehl <tdiehl rogueind com> wrote:
> > Can you check and make sure /home/bb/bb/www is marked
> > httpd_*_content_t, and not user_home_t...
>
> (pocono pts16) # la -Z /home/bb/bb/www
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t .
> drwxr-xr-x  bb       bb       root:object_r:user_home_t        ..
[...]
> The bb.html and bb2.html files are created every time bb polls the
> machines (every 5 minutes). I have tried doing
> chcon -t httpd_sys_content_t bb?.html on them but they always change back.

Those files are apparently created somewhere else, maybe /home/bb/bb?  Maybe 
if you run your chcon -R operation on /home/bb the results will be better.

A change to bb might help.  You could either have it create the files in an 
appropriate directory that has the desired label or have it chcon them after 
creation (but before moving).  How is the bb program run?  Is it a daemon or 
a cron job?

There has been some work on getting NAGIOS running under SE Linux.  It seems 
that NAGIOS is the leading product in this area.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Follow-Ups:
- Re: Big brother and httpd
  - From: Daniel J Walsh
- Re: Big brother and httpd
  - From: Tom Diehl

References:
- Big brother and httpd
  - From: Tom Diehl
- Re: Big brother and httpd
  - From: Ivan Gyurdiev
- Re: Big brother and httpd
  - From: Tom Diehl

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]