Rt and SeLinux

RT Users
1

Hello to all,
I am trying to configure Rt-3.6.1 on my CentOs server with SeLinux feature enabled. Everything goes well, but when i try to open RT on web browser it gives me an error. I can not disable selinux feature, because it is not in the company policy. So, i have to configure it with selinux. I have seen in mailing list Archives that one gentleman has configured it in his Fedora-3. So, i am requesting to that gentleman and to the whole members that please help me. I will be very thankful to you all for the same.

I am giving my errors for the initial troubleshooting, hope it helps :

tail -f /var/log/httpd/error_log

[Tue Mar 20 03:55:05 2007] [error] Cannot write to ‘/opt/rt3/var/log/rt.log’: Permission denied at /usr/lib/perl5/site_perl/5.8.5/Log/Dispatch/File.pm line 86.\n

#tail -f /var/log/messages

Mar 20 03:54:37 cs4 kernel: audit(1174380877.908:4213): avc: denied { search } for pid=1797 comm=“httpd” name=“rt-3.6.1” dev=hda3 ino=5571946 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir

Mar 20 03:54:37 cs4 kernel: audit(1174380877.908:4214): avc: denied { search } for pid=1797 comm=“httpd” name=“rt-3.6.1” dev=hda3 ino=5571946 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir

Mar 20 03:54:38 cs4 kernel: audit(1174380878.135:4215): avc: denied { search } for pid=1797 comm=“httpd” name=“rt-3.6.1” dev=hda3 ino=5571946 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir

Mar 20 03:54:38 cs4 kernel: audit(1174380878.135:4216): avc: denied { search } for pid=1797 comm=“httpd” name=“rt-3.6.1” dev=hda3 ino=5571946 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir

Mar 20 03:54:38 cs4 kernel: audit(1174380878.136:4217): avc: denied { search } for pid=1797 comm=“httpd” name=“rt-3.6.1” dev=hda3 ino=5571946 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir

Mar 20 03:54:38 cs4 kernel: audit(1174380878.136:4218): avc: denied { search } for pid=1797 comm=“httpd” name=“rt-3.6.1” dev=hda3 ino=5571946 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir

I think this is an issue of selinux, because whole RT directory is in 777 mode.
Any help can resolve my problem in great deal. So, please help me.

Bijayant Kumar
Send instant messages to your online friends http://uk.messenger.yahoo.com

2

Hi

Hello to all, I am trying to configure Rt-3.6.1 on my CentOs server
with SeLinux feature enabled.

You probably want to investigate audit2allow :
http://www.linuxcommand.org/man_pages/audit2allow1.html

3

Toby Darling wrote:

Hi

Hello to all, I am trying to configure Rt-3.6.1 on my CentOs server
with SeLinux feature enabled.

You probably want to investigate audit2allow :
http://www.linuxcommand.org/man_pages/audit2allow1.html

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

i would also look at
*chcon -t httpd_sys_content_t public_html
this command is for allowing html pages to be served via apache when
seliux is enabled, play around with it to allow your log files to be
created/read.

Chaim Rieger

4

We’re building up our second generation RT server. As we do so, we want
to be intentional about our monitoring of this server. We are looking
to create two types of monitoring: realtime and periodical (daily or
weekly).

Some examples we’re currently planning:

Periodical

  • DB size
  • HDD space
  • email log

Realtime

  • System Memory/Proc usage
  • RT usage (possible?)

    • of currently logged in users

    • list of currently logged in users
  • Sent/Rcvd Email Count
  • Open tix per queue

If anyone can give me some additional examples of things they are
monitoring on their RT servers, I would appreciate it. I would also be
grateful of any help confirming if it is possible (and then how) to
monitor the aforementioned RT items.

Thank you,

Ryan Roland

Network & Security Administrator
Information Technology
Division of Recreational Sports
Indiana University