All - Many Thanks to everyone for your help and response.. I appreciate it.. On the other hand.. all good with apache and user (apache) as well. perms are set properly.. yes.. it is about selinux.. Please refer to the link below.. now it works...
http://www.crypt.gen.nz/selinux/disable_selinux.html set it as permissive.. and it works.. Many Thanks again !! Cheers... David Juarez On Mon, May 13, 2013 at 12:46 PM, Castle, Shane <[email protected]>wrote: > Selinux? > > -- > Shane Castle > Data Security Mgr, Boulder County IT > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Ryan Schulze > Sent: Monday, May 13, 2013 12:22 > To: [email protected] > Subject: Re: [ossec-list] Re: Error "Unable to access ossec directory" > using ossec-wui > > Based on your ls output I'd say that the error message is occurring since > Apache isn't allowed to access the directory. Did you add any ACLs to the > directory to allow access that we aren't seeing here? Have you tried just > su'ing to your apache user to see if it can access everything like it needs > to? > > > On 5/10/2013 4:27 PM, David Juarez wrote: > > > still not working... Apache is running well, tested a basic > index.html and works.. except the ossec wui.. > > any recommendations? > > Thanks. > > Regards, > David Juarez > > > On Fri, May 10, 2013 at 2:26 PM, David Juarez <[email protected]> > wrote: > > > here are changes made to ossec_conf.php > > $ossec_dir="/var2/ossec"; > > > the error message I received is coming from: (note below) > > > /* Starting handle */ > $ossec_handle = os_handle_start($ossec_dir); > if($ossec_handle == NULL) > { > echo "<b class='red'>Unable to access ossec > directory.</b><br />\n"; > return(1); > } > > > Looks like somehow can start the os_handle_start > > > > > On Fri, May 10, 2013 at 1:01 PM, David Juarez < > [email protected]> wrote: > > > Hi, > > I am having problems access ossec directory when > trying to use the web > I receive the error message from my browser. > > ""Unable to access ossec directory" > > I can access the webserver from > http://138.202.80.161/ossec-wui/index.php?f=s > > > and I am able to see the tabs where > Main, Search, Integrity Checking, Stats, About.. > > am I missing something.. > > Note: I installed ossec under a diff partition > using LVM > /var2 > > all is working well, except the web.. > > Any recommendations? am I missing something. > your help is greatly appreciated. > > Thanks. > > David Juarez > > I decompresse/untar ossec-wui-0.3.tar.gz. > mv mv ossec-wui* /var/www/html/ossec-wui > > > [root@syslog-rhel63-svr html]# pwd > /var/www/html > [root@syslog-rhel63-svr html]# ls -l > total 4 > drwxr-xr-x. 8 root ossec 4096 May 9 17:08 > ossec-wui > [root@syslog-rhel63-svr html]# ls -l ossec-wui/ > total 92 > -rwxr-xr-x. 1 root ossec 317 May 9 17:08 CONTRIB > drwxr-xr-x. 3 root ossec 4096 May 9 17:08 css > -rw-r--r--. 1 root ossec 218 May 9 17:08 > htaccess_def.txt > drwxr-xr-x. 2 root ossec 4096 May 9 17:08 img > -rwxr-xr-x. 1 root ossec 5177 May 9 17:08 > index.php > drwxr-xr-x. 2 root ossec 4096 May 9 17:08 js > drwxr-xr-x. 3 root ossec 4096 May 9 17:08 lib > -rw-r--r--. 1 root ossec 35745 May 9 17:08 LICENSE > -rw-r--r--. 1 root ossec 462 May 9 17:08 > ossec_conf.php > -rw-r--r--. 1 root ossec 1449 May 9 17:08 README > -rw-r--r--. 1 root ossec 923 May 9 17:08 > README.search > -rwxr-xr-x. 1 root ossec 1824 May 9 17:08 > setup.sh > drwxr-xr-x. 2 root ossec 4096 May 10 12:30 site > drwxrwxrwx. 2 root ossec 4096 May 9 17:08 tmp > > > ran the setup.sh script created 3 users apache, > and nobody > > [root@syslog-rhel63-svr html]# grep ossec > /etc/group > ossec:x:502:apache,nobody > [root@syslog-rhel63-svr html]# > > > Fix permissions > # chmod 770 tmp/ > # chgrp www-data tmp/ > # apachectl restart > > > [root@syslog-rhel63-svr html]# service httpd > status > httpd (pid 13291) is running... > [root@syslog-rhel63-svr html]# ps -ef | grep httpd > root 13291 1 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13293 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13294 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13295 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13296 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13297 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13298 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13299 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13300 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > apache 13301 13291 0 12:40 ? 00:00:00 > /usr/sbin/httpd > root 13388 10691 0 12:55 pts/2 00:00:00 > grep httpd > [root@syslog-rhel63-svr html]# > > > [root@syslog-rhel63-svr html]# df -h > Filesystem Size Used Avail Use% > Mounted on > /dev/sda3 51G 6.0G 43G 13% / > tmpfs 1.9G 72K 1.9G 1% > /dev/shm > /dev/sda1 243M 59M 172M 26% /boot > /dev/mapper/vg--ossec-lv--ossec > 197G 232M 187G 1% /var2 > [root@syslog-rhel63-svr html]# > > > [root@syslog-rhel63-svr html]# ls -ld /var2/ossec/ > dr-xr-x---. 13 root ossec 4096 May 9 15:01 > /var2/ossec/ > > > [root@syslog-rhel63-svr html]# ls -l /var2 > total 24 > drwx------. 2 root root 16384 May 9 14:30 > lost+found > dr-xr-x---. 13 root ossec 4096 May 9 15:01 ossec > drwxr-xr-x. 4 root root 4096 May 9 16:57 > software > [root@syslog-rhel63-svr html]# ls -ld /var2/ossec/ > dr-xr-x---. 13 root ossec 4096 May 9 15:01 > /var2/ossec/ > [root@syslog-rhel63-svr html]# ls -l /var2/ossec/ > total 40 > dr-xr-x---. 3 root ossec 4096 May 9 15:01 > active-response > dr-xr-x---. 2 root ossec 4096 May 9 15:01 > agentless > dr-xr-x---. 2 root ossec 4096 May 9 15:01 bin > dr-xr-x---. 3 root ossec 4096 May 9 15:21 etc > drwxr-x---. 5 ossec ossec 4096 May 9 15:01 logs > dr-xr-x---. 11 root ossec 4096 May 9 15:01 queue > dr-xr-x---. 4 root ossec 4096 May 9 15:01 rules > drwxr-x---. 5 ossec ossec 4096 May 9 15:01 stats > drwxrwx---. 2 root ossec 4096 May 9 15:01 tmp > dr-xr-x---. 3 root ossec 4096 May 9 15:22 var > [root@syslog-rhel63-svr html]# > > > > > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
