selinux policy

Question

selinux policy

Closed this issue 9 years ago · 5 comments

If selinux is enabled, ossec-wui is normally unable to access various ossec log files. One way to fix this is to install a selinux targeted policy.

module ossec-wui 1.0;

require {
    type var_log_t;
    type httpd_t;
    type var_t;
    class file { read getattr open };
}

#============= httpd_t ==============
allow httpd_t var_log_t:file read;
allow httpd_t var_t:file { read getattr open };

The above would go into a TE file (/etc/selinux/targeted/ossec-wui/ossec-wui.te) and then installed using:

checkmodule -M -m ossec-wui.te -o ossec-wui.mod
semodule_package -o ossec-wui.pp -m ossec-wui.mod
semodule -i ossec-wui.pp

Answer 1 · 2015-09-16T22:19:47.000Z

i think i have a similar issue with not being able to search for log output....
i always get the:
Total alerts found: 55
Nothing returned (or search expired).

but it doesnt display any search results :(

Answer 2 · 2015-12-29T22:23:51.000Z

Info now included in README.

Answer 3 · 2015-12-29T22:25:29.000Z

👍 top, thanks!

Answer 4 · 2019-04-19T05:43:16.000Z

Not working for me with ossec 3.2, on centos 7.
Search is working correctly only when selinux is disabled.
Maybe there should be some policy for tmp folder with write access ?

Answer 5 · 2019-04-19T07:26:36.000Z

Solved by:
cd /var/www/html/ossec-wui
chcon -R -t httpd_sys_rw_content_t tmp