Applicable to:
- Plesk for Linux
Symptoms
-
An email from cron.daily is sent with the following content:
PLESK_INFO: /etc/cron.daily/logrotate:
error: stat of /var/ossec/logs/active-responses.log failed: Permission denied
error: stat of /var/ossec/logs/ossec.log failed: Permission denied -
Permissions on the files mentioned in the error log are correct (644 and owner ossec):
# ls -l /var/ossec/logs/
total 440
-rw-r--r--. 1 ossec ossec 0 Mar 26 03:26 active-responses.log
drwxrwx---. 4 ossec ossec 67 Apr 13 00:00 alerts
drwxr-x---. 4 ossec ossec 50 Apr 13 00:00 archives
drwxr-x---. 4 ossec ossec 50 Apr 13 00:00 firewall
-rw-r--r--. 1 ossec ossec 13024 Apr 12 10:47 ossec.log
Cause
SELinux blocks access to logfiles located in /var/ossec/logs (part of Imunify extension for Plesk) during log rotation.
Resolution
Adjust the SELinux configuration for the log directory:
- Connect to the Plesk server via SSH.
-
Adjust the SELinux configuration for the log directory:
# checkmodule -M -m -o /var/imunify360/imunify360.mod /opt/imunify360/venv/share/imunify360/imunify360.te
# semodule_package -o /var/imunify360/imunify360.pp -m /var/imunify360/imunify360.mod
# semodule -i /var/imunify360/imunify360.pp
# semanage fcontext -a -t var_log_t '/var/ossec/logs(/.*)?'
# restorecon -Frvv /var/ossec/logs
-
Restart OSSEC and Imunify360 services:
# systemctl restart ossec-hids
# service imunify360 restart
Comments
Hi
The following command returns
# checkmodule -M -m -o /var/imunify360/imunify360.mod
checkmodule: unable to open policy.conf
also
# /opt/imunify360/venv/share/imunify360/imunify360.te
bash: /opt/imunify360/venv/share/imunify360/imunify360.te: Permission denied
Can you pls help me ?
Regards
Elias
had made same mistake as you Elias - with checkmodule you need to include full command !
checkmodule -M -m -o /var/imunify360/imunify360.mod /opt/imunify360/venv/share/imunify360/imunify360.tePlease sign in to leave a comment.