SELinux prevents installation of maldet.service

Question

SELinux prevents installation of maldet.service

Gazoo opened this issue 4 years ago · 3 comments

LMD will not install properly on a server with SELinux enabed:

Running the installer:

# sh install.sh 
Failed to enable unit: Unit file maldet.service does not exist.
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks <proj@r-fx.org>
            (C) 2019, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
imported config options from /usr/local/maldetect.last/conf.maldet
maldet(43858): {sigup} performing signature update check...
maldet(43858): {sigup} local signature set is version 201907043616
maldet(43858): {sigup} new signature set 2020092217227 available
maldet(43858): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(43858): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(43858): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(43858): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(43858): {sigup} verified md5sum of maldet-clean.tgz
maldet(43858): {sigup} unpacked and installed maldet-clean.tgz
maldet(43858): {sigup} signature set update completed
maldet(43858): {sigup} 17046 signatures (14228 MD5 | 2035 HEX | 783 YARA | 0 USER)

Trying to enable maldet:

# systemctl enable maldet
Failed to enable unit: Unit file maldet.service does not exist.

This is because the maldet.service has the wrong SElinux labels.

To fix:

restorecon -v /usr/lib/systemd/system/maldet.service
Relabeled /usr/lib/systemd/system/maldet.service from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:systemd_unit_file_t:s0

Now we can enable the maldet.service

systemctl enable maldet.service
Created symlink /etc/systemd/system/multi-user.target.wants/maldet.service → /usr/lib/systemd/system/maldet.service.

Answer 1 · 2021-01-11T13:48:26.000Z

Hi, i have the same problem. I'm using centOS 8.3 and after running the restorecon line I could enable the service. but if i redo the installation with sudo (if i just use sh a lot of errors from lacking permissions appear), i got the 'service does not exist' at first again. i tried sudo su as well and then just called sh ./install.sh but it's the same.

Answer 2 · 2021-06-17T09:30:08.000Z

Not an issue | Red Hat Bugzilla #1972704

Answer 3 · 2023-03-30T19:02:32.000Z

closed relative to #413