Hey everyone,
Could use some advice on this one.
I've been seeing things like this in the error logs for some domains, this one happens with a php page as well as an image/gif for the same URI / vHost.
Ive also seen things like this in the messages log (hundreds of times per day)
Now im not a mod sec or seLinux expert, so any guidance/advice would be appreciated.
Could use some advice on this one.
I've been seeing things like this in the error logs for some domains, this one happens with a php page as well as an image/gif for the same URI / vHost.
Code:
[Fri Aug 03 09:49:05 2007] [error] [client 63.229.62.13] ModSecurity: Failed to access DBM file "/tmp/resource": Permission denied [hostname "xxx.xxx.xxx"] [uri "/somefile.php"] [unique_id "VktVbgoHAlYAACiwdcoAAAAB"]
[Fri Aug 03 09:47:59 2007] [error] [client 63.229.62.13] ModSecurity: Failed to access DBM file "/tmp/resource": Permission denied [hostname "xxx.xxx.xxx"] [uri "/images/pl-icon.gif"] [unique_id "Ul0PYwoHAlYAACi2fJwAAAAH"]
Ive also seen things like this in the messages log (hundreds of times per day)
Code:
kernel: audit(1186383597.339:59647): avc: denied { read } for pid=21851 comm="httpd" name="resource.dir" dev=dm-0 ino=14270486 scontext=root:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file
kernel: audit(1186413106.133:68435): avc: denied { read write } for pid=5543 comm="httpd" name="resource.dir" dev=dm-0 ino=14270486 scontext=root:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file
Code:
$ls -laZ /tmp/resource*
-rw-r----- apache apache /tmp/resource.dir
-rw-r----- apache apache root:object_r:tmp_t /tmp/resource.pag
$lsattr /tmp/resource*
------------- /tmp/resource.dir
------------- /tmp/resource.pag
$cat /etc/fstab | grep /tmp
dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
$cat /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
$/usr/sbin/getenforce
Enforcing
Now im not a mod sec or seLinux expert, so any guidance/advice would be appreciated.