Applicable to:
- Plesk Onyx for Linux
Symptoms
-
All websites are down after changing virtual hosts' location when SELinux in the enforcing mode:
# getenforce
Enforcing -
The following rows can be found in
/var/log/audit/audit.log
:CONFIG_TEXT: type=AVC msg=audit(1497589270.824:43672): avc: denied
{ read } for pid=24968 comm="/usr/sbin/httpd" name=".htaccess" dev="vda1" ino=26584342 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file -
The next rows can be found in
/var/log/messages
:CONFIG_TEXT: pod8 python: SELinux is preventing fail2ban-server from search access on the directory /home/vhosts/system.#012#012**** Plugin catchall (100. confidence) suggests *************************#012#012If you believe that fail2ban-server should be allowed search access on the system directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'fail2ban-server' --raw | audit2allow -M my-fail2banserver#012# semodule -i my-fail2banserver.pp#012
Cause
This is an internal issue with ID #PPPM-6521, which is planned to be fixed in future product updates.
Resolution
As a temporal workaround apply the solution below:
-
Connect to the server via SSH.
-
Set SELinux to permissive mode prior to changing vhosts' location:
# setenforce permissive
Note: If the server is rebooted SELinux will be back in Enforcing mode. To disable it permanently, apply the steps from the article.
Comments
0 comments
Please sign in to leave a comment.