Big brother and httpd

[Russell Coker]

On Sunday 26 June 2005 22:42, Tom Diehl <tdiehl at rogueind.com> wrote:
> > Can you check and make sure /home/bb/bb/www is marked
> > httpd_*_content_t, and not user_home_t...
>
> (pocono pts16) # la -Z /home/bb/bb/www
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t .
> drwxr-xr-x  bb       bb       root:object_r:user_home_t        ..
[...]
> The bb.html and bb2.html files are created every time bb polls the
> machines (every 5 minutes). I have tried doing
> chcon -t httpd_sys_content_t bb?.html on them but they always change back.

Those files are apparently created somewhere else, maybe /home/bb/bb?  Maybe 
if you run your chcon -R operation on /home/bb the results will be better.

A change to bb might help.  You could either have it create the files in an 
appropriate directory that has the desired label or have it chcon them after 
creation (but before moving).  How is the bb program run?  Is it a daemon or 
a cron job?

There has been some work on getting NAGIOS running under SE Linux.  It seems 
that NAGIOS is the leading product in this area.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page