[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: AWStats



Dear Mickey,

I noticed your post right before going to lunch. I was planning on responding when I got back, but you beat me to the punch! Thanks for your response. I believe that you are 90% of the way to your destination...

# ls -Z /usr/share/awstats/wwwroot/cgi-bin/
-rwxr-xr-x  root     root     system_u:object_r:usr_t awredir.pl
-rwxr-xr-x  root     root     system_u:object_r:usr_t awstats.pl

Changing the type gets the script running:

# chcon -t httpd_sys_script_exec_t /usr/share/awstats/wwwroot/cgi-bin/*
# ls -Z /usr/share/awstats/wwwroot/cgi-bin/
-rwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_exec_t
awredir.pl
-rwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_exec_t
awstats.pl

This is correct, so far.

However, the script reports an error.

Error: AWStats database directory defined in config file by 'DirData'
parameter (/var/lib/awstats) does not exist or is not writable.

# ls -Z /var/lib
...
drwxr-xr-x  root     root     system_u:object_r:var_lib_t      awstats
...

Changing the type allows the script to run:

# chcon -t httpd_sys_script_rw_t /var/lib/awstats
# ls -Z /var/lib
...
drwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_rw_t
awstats
...

You have changed the policy on the /var/lib/awstats folder, but not on its contents, as you successfully did on the files in the cgi-bin, above. In the case of the cgi-bin, it seems you achieved this with a wildcard (*). Just chcon the contents (the actual AWStats databases) in /var/lib/awstats, and you'll be good to go. You can do this one file at a time, or by using a wildcard (*) as you did above, or, best of all, recursively through the directory for all time, with:

chcon -R -h -t httpd_sys_script_ra_t /var/lib/awstats

This will make the existing contents of the directory, and any new databases added to the directory in the future (db's for new virtual hosts, for instance) properly permissioned, so long as future files added to the directory are created properly.

(You might note that I recommended chcon'ing your awstats database folder _ra_t, and not _rw_t, as you had done originally. This just removes the right of awstats.pl to ever erase one of the databases.)

This should get your web reporting working. However, it does not resolve the final issue, which I am still working out. There exists an option in the web reporting pages called 'Update Now'. It allows you to update reports from the web server's logs without performing the log parsing from the command line. You must change the directive 'AllowToUpdateStatsFromBrowser' from 0 to 1 in your awstats .conf file to activate this practical feature. However, I have found that the web-based update process needs access to the system's httpd access_log file (usually in /var/log/httpd). I have changed permissions on this file to httpd_sys_script_ra_t, but it was not sufficient to make the update feature work. Hopefully, someone will be able to help here. I'll post if I get the answer.

Finally, I noticed that the changes to policy would not take until I closed the browser window in which I was trying to access AWStats, and reloaded it in a new window.

Hope this helps,

Steven Stromer


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]