?
Solved

"kernel: audit" message recurring in /var/log/messages

Posted on 2008-02-08
5
Medium Priority
?
821 Views
Last Modified: 2013-12-16
Running RHEL4 2.6.9-55.0.2.ELhugemem on Dell PowerEdge 6850.
Constantly getting "kernel: audit" messages in my /var/log/messages file.
Running a Library application database with patrons accessing through web interface.
Would like to clean these messages out of my log. How do I do that?
Sample of messages:
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10474): avc:  denied  { search } for
pid=16634 comm="httpd" name="WWW" dev=dm-12 ino=1101085 scontext=root:system_r:httpd_t t
context=user_u:object_r:file_t tclass=dir
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10475): avc:  denied  { getattr } for
 pid=16634 comm="httpd" name="WWW" dev=dm-12 ino=1101085 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:file_t tclass=dir
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10476): avc:  denied  { getattr } for
 pid=16634 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:system_r:htt
pd_t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10477): avc:  denied  { read } for  pi
d=16634 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:system_r:httpd_
t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.267:10478): avc:  denied  { execute } for
 pid=7229 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:system_r:http
d_t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.267:10479): avc:  denied  { execute_no_tra
ns } for  pid=7229 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:syst
em_r:httpd_t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.270:10480): avc:  denied  { search } for
pid=7229 comm="cgisirsi" name="sirsi" dev=dm-12 ino=868353 scontext=root:system_r:httpd_
t tcontext=root:object_r:file_t tclass=dir
0
Comment
Question by:slcoit
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 20850616
> How do I do that?

change in /etc/selinux/config
SELINUX=permissive
to
SELINUX=disabled

then reboot
0
 

Author Comment

by:slcoit
ID: 20896289
I don't believe disabling SELinux is what I want to do.
I saw somewhere that the roles that are assigned to objects, such as root:syst
em_r:httpd_t tcontext=user_u:object_r:file_t tclass=file in the messages, could be the problem.
My problem is that I do not know what the correct roles should be and where to change them.
I would like to correct the situation and still have SELinux working.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 1000 total points
ID: 20899338
> I would like to correct the situation and still have SELinux working.

Your SELinux is _not_ working now. It's just logging, nothing more.
Permissive mode means everything is permitted to everyone but all possible violations are logged. It would work only if you change it to 'strict' or 'targeted'.

> My problem is that I do not know what the correct roles should be

If you want to fix file labels you may read the following PAQs:
http://www.experts-exchange.com/OS/Linux/Administration/Q_22803703.html?sfQueryTermInfo=1+audit+selinux
http://www.experts-exchange.com/Security/Operating_Systems_Security/Linux/Q_21487176.html?sfQueryTermInfo=1+audit+selinux

If you need to know more about predefined policy for apache, read 'man httpd_selinux'
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21133321
Forced accept.

Computer101
EE Admin
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Can you run Linux on a Windows system?  Yep.  Here's how.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month4 days, 13 hours left to enroll

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question