os_lib_syscheck.php

dan (ddp) Tue, 24 Jul 2012 07:21:12 -0700

Yep, looks like selinux is causing issues. From the logs you provided:

type=AVC msg=audit(1343138510.186:21503): avc:  denied  { getattr }
for  pid=1800 comm="httpd" path="/var/ossec/queue/syscheck/syscheck"
dev=dm-0 ino=21298 scontext=sy
stem_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
...
type=AVC msg=audit(1343138510.186:21504): avc:  denied  { read } for
pid=1800 comm="httpd" name="syscheck" dev=dm-0 ino=21298
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:var_t:s0 tclass=file



Give httpd access and try again.

On Tue, Jul 24, 2012 at 10:09 AM, Kashirin, Anton
<[email protected]> wrote:
> In /var/log/audit/audit.log I have next:
>
> "/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.185:21497): avc:  denied  { getattr } for
> pid=1800 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.185:21497): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.185:21498): avc:  denied  { read } for
> pid=1800 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.185:21498): arch=40000003 syscall=5
> success=no exit=-13 a0=12098e0 a1=0 a2=1b6 a3=12098e0 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21499): avc:  denied  { getattr } for
> pid=1800 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21499): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21500): avc:  denied  { read } for
> pid=1800 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21500): arch=40000003 syscall=5
> success=no exit=-13 a0=1209a10 a1=0 a2=1b6 a3=1209a10 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21501): avc:  denied  { getattr } for
> pid=1800 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21501): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21502): avc:  denied  { read } for
> pid=1800 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21502): arch=40000003 syscall=5
> success=no exit=-13 a0=1209bd8 a1=0 a2=1b6 a3=1209bd8 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21503): avc:  denied  { getattr } for
> pid=1800 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=dm-0
> ino=21298 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21503): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21504): avc:  denied  { read } for
> pid=1800 comm="httpd" name="syscheck" dev=dm-0 ino=21298
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21504): arch=40000003 syscall=5
> success=no exit=-13 a0=1209310 a1=0 a2=1b6 a3=1209310 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21505): avc:  denied  { getattr } for
> pid=1800 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=dm-0
> ino=21298 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21505): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138510.186:21506): avc:  denied  { read } for
> pid=1800 comm="httpd" name="syscheck" dev=dm-0 ino=21298
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138510.186:21506): arch=40000003 syscall=5
> success=no exit=-13 a0=1209310 a1=0 a2=1b6 a3=1209310 items=0 ppid=1792
> pid=1800 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21507): avc:  denied  { getattr } for
> pid=1802 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17230 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21507): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21508): avc:  denied  { read } for
> pid=1802 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17230 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21508): arch=40000003 syscall=5
> success=no exit=-13 a0=1186694 a1=0 a2=1b6 a3=1186694 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21509): avc:  denied  { getattr } for
> pid=1802 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21509): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21510): avc:  denied  { read } for
> pid=1802 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21510): arch=40000003 syscall=5
> success=no exit=-13 a0=11869f8 a1=0 a2=1b6 a3=11869f8 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21511): avc:  denied  { getattr } for
> pid=1802 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21511): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21512): avc:  denied  { read } for
> pid=1802 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21512): arch=40000003 syscall=5
> success=no exit=-13 a0=1186b28 a1=0 a2=1b6 a3=1186b28 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.392:21513): avc:  denied  { getattr } for
> pid=1802 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.392:21513): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.393:21514): avc:  denied  { read } for
> pid=1802 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.393:21514): arch=40000003 syscall=5
> success=no exit=-13 a0=1186cf0 a1=0 a2=1b6 a3=1186cf0 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.393:21515): avc:  denied  { getattr } for
> pid=1802 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=dm-0
> ino=21298 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.393:21515): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.393:21516): avc:  denied  { read } for
> pid=1802 comm="httpd" name="syscheck" dev=dm-0 ino=21298
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.393:21516): arch=40000003 syscall=5
> success=no exit=-13 a0=1186428 a1=0 a2=1b6 a3=1186428 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.393:21517): avc:  denied  { getattr } for
> pid=1802 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.393:21517): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138512.393:21518): avc:  denied  { read } for
> pid=1802 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138512.393:21518): arch=40000003 syscall=5
> success=no exit=-13 a0=1186b28 a1=0 a2=1b6 a3=1186b28 items=0 ppid=1792
> pid=1802 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.655:21519): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path="/var/ossec/queue/agent-info/SRV008-10.12.198.133" dev=dm-0 ino=17234
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.655:21519): arch=40000003 syscall=195
> success=no exit=-13 a0=1186840 a1=bf879e3c a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.655:21520): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path="/var/ossec/queue/agent-info/SRVAP295-10.15.129.182" dev=dm-0 ino=17236
> scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0
> tclass=file
>
> type=SYSCALL msg=audit(1343138513.655:21520): arch=40000003 syscall=195
> success=no exit=-13 a0=1186840 a1=bf879e3c a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21521): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17230 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21521): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21522): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17230 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21522): arch=40000003 syscall=5
> success=no exit=-13 a0=1186cd4 a1=0 a2=1b6 a3=1186cd4 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21523): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21523): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21524): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21524): arch=40000003 syscall=5
> success=no exit=-13 a0=1186f1c a1=0 a2=1b6 a3=1186f1c items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21525): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21525): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21526): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21526): arch=40000003 syscall=5
> success=no exit=-13 a0=118704c a1=0 a2=1b6 a3=118704c items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21527): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21527): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21528): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21528): arch=40000003 syscall=5
> success=no exit=-13 a0=118a7cc a1=0 a2=1b6 a3=118a7cc items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21529): avc:  denied  { getattr } for
> pid=1799 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=dm-0
> ino=21298 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21529): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21530): avc:  denied  { read } for
> pid=1799 comm="httpd" name="syscheck" dev=dm-0 ino=21298
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21530): arch=40000003 syscall=5
> success=no exit=-13 a0=1186798 a1=0 a2=1b6 a3=1186798 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21531): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17230 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21531): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21532): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17230 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21532): arch=40000003 syscall=5
> success=no exit=-13 a0=1186cd4 a1=0 a2=1b6 a3=1186cd4 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21533): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21533): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21534): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B
> dev=dm-0 ino=17120 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21534): arch=40000003 syscall=5
> success=no exit=-13 a0=118ad88 a1=0 a2=1b6 a3=118ad88 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21535): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21535): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21536): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=28535256303038292031302E31322E3139382E3133332D3E737973636865636B
> dev=dm-0 ino=17233 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21536): arch=40000003 syscall=5
> success=no exit=-13 a0=118ae74 a1=0 a2=1b6 a3=118ae74 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21537): avc:  denied  { getattr } for
> pid=1799 comm="httpd"
> path=2F7661722F6F737365632F71756575652F737973636865636B2F285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21537): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21538): avc:  denied  { read } for
> pid=1799 comm="httpd"
> name=285352564150323935292031302E31352E3132392E3138322D3E737973636865636B2D7265676973747279
> dev=dm-0 ino=17257 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21538): arch=40000003 syscall=5
> success=no exit=-13 a0=118a7cc a1=0 a2=1b6 a3=118a7cc items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21539): avc:  denied  { getattr } for
> pid=1799 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=dm-0
> ino=21298 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21539): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21540): avc:  denied  { read } for
> pid=1799 comm="httpd" name="syscheck" dev=dm-0 ino=21298
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21540): arch=40000003 syscall=5
> success=no exit=-13 a0=1186798 a1=0 a2=1b6 a3=1186798 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21541): avc:  denied  { getattr } for
> pid=1799 comm="httpd" path="/var/ossec/logs/alerts/alerts.log" dev=dm-0
> ino=17336 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21541): arch=40000003 syscall=196
> success=no exit=-13 a0=bf878e6c a1=bf878ccc a2=536ff4 a3=3 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
> type=AVC msg=audit(1343138513.656:21542): avc:  denied  { read } for
> pid=1799 comm="httpd" name="alerts.log" dev=dm-0 ino=17336
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1343138513.656:21542): arch=40000003 syscall=5
> success=no exit=-13 a0=1186b88 a1=0 a2=1b6 a3=1186b88 items=0 ppid=1792
> pid=1799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
> sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
>
>
>
>
>
> Best regards,
>
> Anton Kashirin
>
>
>
>
>
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of dan (ddp)
> Sent: Tuesday, July 24, 2012 5:55 PM
> To: [email protected]
> Subject: Re: [ossec-list] Permission denied in
> /var/www/html/lib/os_lib_syscheck.php
>
>
>
> On Tue, Jul 24, 2012 at 8:57 AM, Kashirin, Anton <[email protected]>
> wrote:
>
>> Dan, sorry:
>
>>
>
>> 1. "step 1.5: are you using linux? If so, are you using selinix? If
>
>> so, have you checked those logs to make sure it's not blocking access?"
>
>>
>
>> Yes, Im using Linux - CentOS
>
>>
>
>> When I see about selinux and logs? (Im new in linux)
>
>
>
> /var/log/auditd or something maybe? Ask your admin. Depending on the version
> of CentOS it could be enabled by default, so definitely find the logs and
> see if that's blocking the access.
>
>
>
>>
>
>> 2. "Perhaps it's corrupted. Clear it out and restart the OSSEC processes."
>
>>
>
>> I cleared logs and restart OSSEC processes. In
>
>> /var/ossec/logs/ossec.log now I have next:
>
>>
>
>>
>
>
>
> Nothing about the corrupted entries, so I guess running syscheck_control for
> that database helped get rid of those logs.
>
>
>
>>
>
>> 2012/07/24 10:50:20 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>
>
> You should fix that.
>
>
>
>> 2012/07/24 10:50:26 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 12:01:48 ossec-rootcheck: INFO: Starting rootcheck scan.
>
>>
>
>> 2012/07/24 12:05:59 ossec-rootcheck: INFO: Ending rootcheck scan.
>
>>
>
>> 2012/07/24 12:33:06 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 12:33:12 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 12:33:16 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 12:33:21 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 12:33:27 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 13:55:59 ossec-syscheckd: INFO: Starting syscheck scan.
>
>>
>
>> 2012/07/24 14:04:13 ossec-syscheckd: INFO: Ending syscheck scan.
>
>>
>
>> 2012/07/24 14:16:27 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 14:16:33 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 14:16:37 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 14:16:42 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 14:16:48 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 16:00:08 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 16:00:14 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 16:00:18 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 16:00:23 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>> 2012/07/24 16:00:29 ossec-remoted(1213): WARN: Message from
>
>> 10.14.252.17 not allowed.
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> Best regards,
>
>>
>
>> Anton Kashirin
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> -----Original Message-----
>
>> From: [email protected] [mailto:ossec-list@googlegrou
>
>> ps.com] On Behalf Of dan (ddp)
>
>>
>
>> Sent: Tuesday, July 24, 2012 4:11 PM
>
>> To: [email protected]
>
>> Subject: Re: [ossec-list] Permission denied in
>
>> /var/www/html/lib/os_lib_syscheck.php
>
>>
>
>>
>
>>
>
>> On Tue, Jul 24, 2012 at 7:08 AM, Kashirin, Anton
>
>> <[email protected]>
>
>> wrote:
>
>>
>
>>> Ок. But I still receive next notification every 1-2 minutes:
>
>>
>
>>>
>
>>
>
>>
>
>>
>
>> Ok what? What have you done? Why haven't you answered the questions I
>
>>
>
>> asked? You're asking for help, but not accepting it. Many of us have
>
>>
>
>> better things to do than try to force you to accept help.
>
>>
>
>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> OSSEC HIDS Notification.
>
>>
>
>>>
>
>>
>
>>> 2012 Jul 24 12:17:11
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> Received From: SRVAP280->/var/log/httpd/error_log
>
>>
>
>>>
>
>>
>
>>> Rule: 31412 fired (level 5) -> "PHP internal error (missing file)."
>
>>
>
>>>
>
>>
>
>>> Portion of the log(s):
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> [Tue Jul 24 12:17:10 2012] [error] [client 10.14.64.18] PHP Warning:
>
>>
>
>>> fopen(/var/ossec/queue/syscheck/(SRV008)
>
>>> 10.12.198.133->syscheck-registry):
>
>>
>
>>> failed to open stream: Permission denied in
>
>>
>
>>> /var/www/html/lib/os_lib_syscheck.php on line 165, referer:
>
>>
>
>>> http://srvap280.rccf.ru/index.php
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> --END OF NOTIFICATION
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> Information for Tshoot:
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> [root@SRVAP280 syscheck]# uname -a
>
>>
>
>>>
>
>>
>
>>> Linux SRVAP280.rccf.ru 2.6.32-71.el6.i686 #1 SMP Fri Nov 12 04:17:17
>
>>> GMT
>
>>
>
>>> 2010 i686 i686 i386 GNU/Linux
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> [root@SRVAP280 ossec]# ll
>
>>
>
>>>
>
>>
>
>>> total 40
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  3 root  ossec 4096 Jul  9 18:05 active-response
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  2 root  ossec 4096 Jul  9 18:05 agentless
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  2 root  ossec 4096 Jul  9 18:05 bin
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  3 root  ossec 4096 Jul 13 11:25 etc
>
>>
>
>>>
>
>>
>
>>> drwxr-x---.  5 ossec ossec 4096 Jul  9 18:05 logs
>
>>
>
>>>
>
>>
>
>>> drwxrwx---. 11 root  ossec 4096 Jul  9 18:05 queue
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  3 root  ossec 4096 Jul  9 18:05 rules
>
>>
>
>>>
>
>>
>
>>> drwxr-x---.  5 ossec ossec 4096 Jul  9 18:09 stats
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  2 root  ossec 4096 Jul  9 18:05 tmp
>
>>
>
>>>
>
>>
>
>>> dr-xr-x---.  3 root  ossec 4096 Jul 23 15:43 var
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> [root@SRVAP280 queue]# ll
>
>>
>
>>>
>
>>
>
>>> total 36
>
>>
>
>>>
>
>>
>
>>> drwxr-xr-x. 2 ossecr ossec 4096 Jul 13 12:30 agent-info
>
>>
>
>>>
>
>>
>
>>> drwxr-xr-x. 2 ossec  ossec 4096 Jul  9 18:05 agentless
>
>>
>
>>>
>
>>
>
>>> drwxrwx---. 2 ossec  ossec 4096 Jul 23 15:43 alerts
>
>>
>
>>>
>
>>
>
>>> drwxr-x---. 2 ossec  ossec 4096 Jul  9 18:05 diff
>
>>
>
>>>
>
>>
>
>>> drwxr-x---. 2 ossec  ossec 4096 Jul  9 18:09 fts
>
>>
>
>>>
>
>>
>
>>> drwxrwx---. 2 ossec  ossec 4096 Jul 23 15:43 ossec
>
>>
>
>>>
>
>>
>
>>> drwxr-xr-x. 2 ossecr ossec 4096 Jul 13 12:30 rids
>
>>
>
>>>
>
>>
>
>>> drwxr-x---. 2 ossec  ossec 4096 Jul 13 12:31 rootcheck
>
>>
>
>>>
>
>>
>
>>> drwxrwxrwx. 2 ossec  ossec 4096 Jul 24 14:04 syscheck
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> [root@SRVAP280 syscheck]# ll
>
>>
>
>>>
>
>>
>
>>> total 384
>
>>
>
>>>
>
>>
>
>>> -rw-rw-rw-. 1 ossec ossec      0 Jul 23 15:45 (SRV008)
>
>>
>
>>> 10.12.198.133->syscheck
>
>>
>
>>>
>
>>
>
>>> -rw-rw-rw-. 1 ossec ossec   1434 Jul 24 08:53 (SRV008)
>
>>
>
>>> 10.12.198.133->syscheck-registry
>
>>
>
>>>
>
>>
>
>>> -rw-rw-rw-. 1 ossec ossec      0 Jul 23 15:45 (SRVAP295)
>
>>
>
>>> 10.15.129.182->syscheck
>
>>
>
>>>
>
>>
>
>>> -rw-rw-rw-. 1 ossec ossec    131 Jul 24 10:51 (SRVAP295)
>
>>
>
>>> 10.15.129.182->syscheck-registry
>
>>
>
>>>
>
>>
>
>>> -rw-rw-rw-. 1 ossec ossec 449938 Jul 23 15:52 syscheck
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> [root@SRVAP280 etc]# cat /etc/group
>
>>
>
>>>
>
>>
>
>>> …
>
>>
>
>>>
>
>>
>
>>> apache:x:48:
>
>>
>
>>>
>
>>
>
>>> ossec:x:500:apache
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> Please help me!
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> Best regards,
>
>>
>
>>>
>
>>
>
>>> Anton Kashirin
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>>

Re: [ossec-list] Permission denied in /var/www/html/lib/os_lib_syscheck.php

Reply via email to