Setup and initial testes FAQ
/var/log/audit/audit.log .
Using the tools audit2why and audit2allow
you can analyze and create a module with a security policy that can be
added with the command line:
semodule –iHere is a policy file for Mooshak module mooshak 1.0; require { type home_root_t; type httpd_sys_script_t; class file { setattr read create ioctl write getattr unlink open append }; class dir { setattr read create write rmdir remove_name open add_name }; } #============= httpd_sys_script_t ============== allow httpd_sys_script_t home_root_t:dir { setattr read create write rmdir remove_name open add_name }; allow httpd_sys_script_t home_root_t:file { setattr read create getattr write ioctl unlink open append };(Answer contributed by David Carvalho - david@di.ubi.pt) <Directory /home/*/public_html/cgi-bin> Options +ExecCGI -Includes -Indexes SetHandler cgi-script </Directory> mooshak - and the CGI scripts should run
with the same user. The suexec module of Apache runs
CGI scripts in users directories as the corresponding and ensures that
scripts cannot be invoked by other users. Mooshak expects
suexec in order to run properly.
If you have this kind of error then you probably don't have
Of course that you can just give all permissions to all data files by
executing httpd start , intead of startssl solved this
problem. Apparently this script sets important environment variables
|