"kernel: audit" message recurring in /var/log/messages

Running RHEL4 2.6.9-55.0.2.ELhugemem on Dell PowerEdge 6850.
Constantly getting "kernel: audit" messages in my /var/log/messages file.
Running a Library application database with patrons accessing through web interface.
Would like to clean these messages out of my log. How do I do that?
Sample of messages:
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10474): avc:  denied  { search } for
pid=16634 comm="httpd" name="WWW" dev=dm-12 ino=1101085 scontext=root:system_r:httpd_t t
context=user_u:object_r:file_t tclass=dir
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10475): avc:  denied  { getattr } for
 pid=16634 comm="httpd" name="WWW" dev=dm-12 ino=1101085 scontext=root:system_r:httpd_t
tcontext=user_u:object_r:file_t tclass=dir
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10476): avc:  denied  { getattr } for
 pid=16634 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:system_r:htt
pd_t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.264:10477): avc:  denied  { read } for  pi
d=16634 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:system_r:httpd_
t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.267:10478): avc:  denied  { execute } for
 pid=7229 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:system_r:http
d_t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.267:10479): avc:  denied  { execute_no_tra
ns } for  pid=7229 comm="httpd" name="cgisirsi" dev=dm-12 ino=1720325 scontext=root:syst
em_r:httpd_t tcontext=user_u:object_r:file_t tclass=file
Feb  8 06:01:17 dat2 kernel: audit(1202468477.270:10480): avc:  denied  { search } for
pid=7229 comm="cgisirsi" name="sirsi" dev=dm-12 ino=868353 scontext=root:system_r:httpd_
t tcontext=root:object_r:file_t tclass=dir
slcoitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NopiusCommented:
> How do I do that?

change in /etc/selinux/config
SELINUX=permissive
to
SELINUX=disabled

then reboot
0
slcoitAuthor Commented:
I don't believe disabling SELinux is what I want to do.
I saw somewhere that the roles that are assigned to objects, such as root:syst
em_r:httpd_t tcontext=user_u:object_r:file_t tclass=file in the messages, could be the problem.
My problem is that I do not know what the correct roles should be and where to change them.
I would like to correct the situation and still have SELinux working.
0
NopiusCommented:
> I would like to correct the situation and still have SELinux working.

Your SELinux is _not_ working now. It's just logging, nothing more.
Permissive mode means everything is permitted to everyone but all possible violations are logged. It would work only if you change it to 'strict' or 'targeted'.

> My problem is that I do not know what the correct roles should be

If you want to fix file labels you may read the following PAQs:
http://www.experts-exchange.com/OS/Linux/Administration/Q_22803703.html?sfQueryTermInfo=1+audit+selinux
http://www.experts-exchange.com/Security/Operating_Systems_Security/Linux/Q_21487176.html?sfQueryTermInfo=1+audit+selinux

If you need to know more about predefined policy for apache, read 'man httpd_selinux'
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.