LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-23-2016, 03:17 AM   #1
ilesterg
Member
 
Registered: Jul 2012
Distribution: Debian and CentOS/RHEL
Posts: 566

Rep: Reputation: 59
httpd not working with SELinux context?


Hi!

I just tried changing DocumentRoot to /html/ and created a dummy file info.php and then got error 403 on my browser. I tried learning on SELinux following this link, however, I can't seem to get apache reading the file in the new directory. Am I missing something here?

Code:
[root@centos7db httpd]# tail error_log
[Tue Feb 23 09:00:45.773294 2016] [core:notice] [pid 11889] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Feb 23 09:00:45.775719 2016] [suexec:notice] [pid 11889] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::a00:27ff:fe0f:6d3e. Set the 'ServerName' directive globally to suppress this message
[Tue Feb 23 09:00:46.312340 2016] [auth_digest:notice] [pid 11889] AH01757: generating secret for digest authentication ...
[Tue Feb 23 09:00:46.314434 2016] [lbmethod_heartbeat:notice] [pid 11889] AH02282: No slotmem from mod_heartmonitor
[Tue Feb 23 09:00:46.365046 2016] [mpm_prefork:notice] [pid 11889] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 configured -- resuming normal operations
[Tue Feb 23 09:00:46.365089 2016] [core:notice] [pid 11889] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Feb 23 09:00:49.698045 2016] [authz_core:error] [pid 11892] [client 192.168.84.1:50719] AH01630: client denied by server configuration: /html/info.php
[Tue Feb 23 09:01:59.369171 2016] [authz_core:error] [pid 11894] [client 192.168.84.1:50721] AH01630: client denied by server configuration: /html/info.php
[Tue Feb 23 09:03:44.337058 2016] [authz_core:error] [pid 11891] [client 192.168.84.1:50726] AH01630: client denied by server configuration: /html/info.php

[root@centos7db httpd]# tail access_log
192.168.84.1 - - [23/Feb/2016:09:00:28 +0100] "GET /info.php HTTP/1.1" 403 210 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:RESERVED)"
192.168.84.1 - - [23/Feb/2016:09:00:32 +0100] "GET /info.php HTTP/1.1" 403 210 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:RESERVED)"
::1 - - [23/Feb/2016:09:00:37 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/5.4.16 (internal dummy connection)"
::1 - - [23/Feb/2016:09:00:37 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/5.4.16 (internal dummy connection)"
::1 - - [23/Feb/2016:09:00:37 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/5.4.16 (internal dummy connection)"
::1 - - [23/Feb/2016:09:00:37 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/5.4.16 (internal dummy connection)"
::1 - - [23/Feb/2016:09:00:37 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/5.4.16 (internal dummy connection)"
192.168.84.1 - - [23/Feb/2016:09:00:49 +0100] "GET /info.php HTTP/1.1" 403 210 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:RESERVED)"
192.168.84.1 - - [23/Feb/2016:09:01:59 +0100] "GET /info.php HTTP/1.1" 403 210 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:RESERVED)"
192.168.84.1 - - [23/Feb/2016:09:03:44 +0100] "GET /info.php HTTP/1.1" 403 210 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:RESERVED)"
[root@centos7db httpd]#


Files:
[root@centos7db /]# ls -Z | grep [h]tml
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root@centos7db /]# ls -Z /html/
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 info.php
[root@centos7db /]#
TIA.

Last edited by ilesterg; 02-23-2016 at 03:19 AM.
 
Old 02-23-2016, 04:14 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,756

Rep: Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063Reputation: 1063
First of all turn SELinux off or set it to Non-Enforcing and try it.
If you still get a 403 then the problem isn't SELinux.
If you don't get a problem then yeah, it's SELinux that's causing the problem. Unfortunately can't give you more help than that other than google
 
  


Reply

Tags
apache, httpd, selinux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] selinux quota context paul2015 Linux - Security 3 06-26-2015 06:18 PM
[SOLVED] SELinux context change shfyang Linux - Security 1 09-27-2014 01:32 AM
SELinux change context to my own name kingkashif Programming 1 03-16-2013 08:44 AM
[SOLVED] SELinux - Best Context to Use dcarrington Linux - Server 7 07-11-2012 05:25 PM
SElinux context problem Bit-Devil Linux - Security 0 12-04-2009 07:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration