Selinux? -- Shane Castle Data Security Mgr, Boulder County IT
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Schulze Sent: Monday, May 13, 2013 12:22 To: [email protected] Subject: Re: [ossec-list] Re: Error "Unable to access ossec directory" using ossec-wui Based on your ls output I'd say that the error message is occurring since Apache isn't allowed to access the directory. Did you add any ACLs to the directory to allow access that we aren't seeing here? Have you tried just su'ing to your apache user to see if it can access everything like it needs to? On 5/10/2013 4:27 PM, David Juarez wrote: still not working... Apache is running well, tested a basic index.html and works.. except the ossec wui.. any recommendations? Thanks. Regards, David Juarez On Fri, May 10, 2013 at 2:26 PM, David Juarez <[email protected]> wrote: here are changes made to ossec_conf.php $ossec_dir="/var2/ossec"; the error message I received is coming from: (note below) /* Starting handle */ $ossec_handle = os_handle_start($ossec_dir); if($ossec_handle == NULL) { echo "<b class='red'>Unable to access ossec directory.</b><br />\n"; return(1); } Looks like somehow can start the os_handle_start On Fri, May 10, 2013 at 1:01 PM, David Juarez <[email protected]> wrote: Hi, I am having problems access ossec directory when trying to use the web I receive the error message from my browser. ""Unable to access ossec directory" I can access the webserver from http://138.202.80.161/ossec-wui/index.php?f=s and I am able to see the tabs where Main, Search, Integrity Checking, Stats, About.. am I missing something.. Note: I installed ossec under a diff partition using LVM /var2 all is working well, except the web.. Any recommendations? am I missing something. your help is greatly appreciated. Thanks. David Juarez I decompresse/untar ossec-wui-0.3.tar.gz. mv mv ossec-wui* /var/www/html/ossec-wui [root@syslog-rhel63-svr html]# pwd /var/www/html [root@syslog-rhel63-svr html]# ls -l total 4 drwxr-xr-x. 8 root ossec 4096 May 9 17:08 ossec-wui [root@syslog-rhel63-svr html]# ls -l ossec-wui/ total 92 -rwxr-xr-x. 1 root ossec 317 May 9 17:08 CONTRIB drwxr-xr-x. 3 root ossec 4096 May 9 17:08 css -rw-r--r--. 1 root ossec 218 May 9 17:08 htaccess_def.txt drwxr-xr-x. 2 root ossec 4096 May 9 17:08 img -rwxr-xr-x. 1 root ossec 5177 May 9 17:08 index.php drwxr-xr-x. 2 root ossec 4096 May 9 17:08 js drwxr-xr-x. 3 root ossec 4096 May 9 17:08 lib -rw-r--r--. 1 root ossec 35745 May 9 17:08 LICENSE -rw-r--r--. 1 root ossec 462 May 9 17:08 ossec_conf.php -rw-r--r--. 1 root ossec 1449 May 9 17:08 README -rw-r--r--. 1 root ossec 923 May 9 17:08 README.search -rwxr-xr-x. 1 root ossec 1824 May 9 17:08 setup.sh drwxr-xr-x. 2 root ossec 4096 May 10 12:30 site drwxrwxrwx. 2 root ossec 4096 May 9 17:08 tmp ran the setup.sh script created 3 users apache, and nobody [root@syslog-rhel63-svr html]# grep ossec /etc/group ossec:x:502:apache,nobody [root@syslog-rhel63-svr html]# Fix permissions # chmod 770 tmp/ # chgrp www-data tmp/ # apachectl restart [root@syslog-rhel63-svr html]# service httpd status httpd (pid 13291) is running... [root@syslog-rhel63-svr html]# ps -ef | grep httpd root 13291 1 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13293 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13294 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13295 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13296 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13297 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13298 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13299 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13300 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd apache 13301 13291 0 12:40 ? 00:00:00 /usr/sbin/httpd root 13388 10691 0 12:55 pts/2 00:00:00 grep httpd [root@syslog-rhel63-svr html]# [root@syslog-rhel63-svr html]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 51G 6.0G 43G 13% / tmpfs 1.9G 72K 1.9G 1% /dev/shm /dev/sda1 243M 59M 172M 26% /boot /dev/mapper/vg--ossec-lv--ossec 197G 232M 187G 1% /var2 [root@syslog-rhel63-svr html]# [root@syslog-rhel63-svr html]# ls -ld /var2/ossec/ dr-xr-x---. 13 root ossec 4096 May 9 15:01 /var2/ossec/ [root@syslog-rhel63-svr html]# ls -l /var2 total 24 drwx------. 2 root root 16384 May 9 14:30 lost+found dr-xr-x---. 13 root ossec 4096 May 9 15:01 ossec drwxr-xr-x. 4 root root 4096 May 9 16:57 software [root@syslog-rhel63-svr html]# ls -ld /var2/ossec/ dr-xr-x---. 13 root ossec 4096 May 9 15:01 /var2/ossec/ [root@syslog-rhel63-svr html]# ls -l /var2/ossec/ total 40 dr-xr-x---. 3 root ossec 4096 May 9 15:01 active-response dr-xr-x---. 2 root ossec 4096 May 9 15:01 agentless dr-xr-x---. 2 root ossec 4096 May 9 15:01 bin dr-xr-x---. 3 root ossec 4096 May 9 15:21 etc drwxr-x---. 5 ossec ossec 4096 May 9 15:01 logs dr-xr-x---. 11 root ossec 4096 May 9 15:01 queue dr-xr-x---. 4 root ossec 4096 May 9 15:01 rules drwxr-x---. 5 ossec ossec 4096 May 9 15:01 stats drwxrwx---. 2 root ossec 4096 May 9 15:01 tmp dr-xr-x---. 3 root ossec 4096 May 9 15:22 var [root@syslog-rhel63-svr html]# -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
