OSSEC“无法检索警报”
OSSEC“无法检索警报”
提问于 2013-05-24 11:49:56
我试图了解Ossec,但是,当我访问主选项卡中的Ossec web UI时,Ossec向我展示:
“无法检索警报”
我看到了alerts.log文件,我可以读取不同的问题。
为什么我看不到网络上的警报?
有关详细信息,请参阅:
Ossec Installation: /var/ossec
Ossec permissions: ossec:ossec
Ossec web UI installation: /var/www/
Ossec web UI permission: apache:apacheossec用户在apache组中。
谢谢你,对不起,我的英语很差
回答 1
Server Fault用户
回答已采纳
发布于 2013-05-27 08:45:07
我的饮食问题的答案。
问题是Selinux,你可以做两件事:
选项1-禁用Selinux:
#vi /etc/selinux/config改变这个
SELINUX=enforcing为
SELINUX=disabled重新启动系统。
选项2-许可证与Selinux选项。
如果您需要Selinux active,您可以对Selinux说允许此操作。
安装:
yum install setroubleshoot执行以下操作:
sealert -a /var/log/audit/audit.log这表明Selinux拒绝的aplications,同样在这个文件中,您可以看到解决方案,参见示例:
SELinux is preventing /usr/sbin/httpd from getattr access on the archivo /var/ossec/queue/syscheck/syscheck.
***** Sugerencia de complemento catchall_labels (83.8 confidence) **********
Sidesea permitir que httpd tenga getattr acceso al syscheck file
Entoncesnecesita modificar la etiqueta en /var/ossec/queue/syscheck/syscheck
Hacer
# semanage fcontext -a -t FILE_TYPE '/var/ossec/queue/syscheck/syscheck'
donde FILE_TYPE es uno de los siguientes: dirsrv_config_t,
httpd_mediawiki_htaccess_t, fail2ban_var_lib_t, abrt_var_run_t, krb5_conf_t,
udev_tbl_t, httpd_tmp_t, smokeping_var_lib_t, shell_exec_t,
httpd_w3c_validator_htaccess_t, mysqld_etc_t, cvs_data_t, calamaris_www_t,
dirsrvadmin_tmp_t, cobbler_etc_t, sysctl_crypto_t, httpd_cache_t, httpd_tmpfs_t,
httpd_helper_exec_t, iso9660_t, dbusd_etc_t, dirsrv_share_t, var_lib_t,
user_cron_spool_t, configfile, httpd_squirrelmail_t, cfengine_var_log_t,
httpd_php_exec_t, httpd_nagios_htaccess_t, abrt_t, httpd_mediawiki_tmp_t, lib_t,
samba_var_t, dirsrv_var_log_t, zarafa_var_lib_t, abrt_helper_exec_t, net_conf_t,
ld_so_t, cert_type, etc_runtime_t, git_system_content_t, dirsrv_var_run_t,
puppet_var_lib_t, public_content_t, httpd_var_lib_t, httpd_var_run_t, logfile,
anon_inodefs_t, sysctl_kernel_t, httpd_modules_t, user_tmp_t,
httpd_awstats_htaccess_t, httpd_dirsrvadmin_htaccess_t, textrel_shlib_t,
httpd_user_htaccess_t, chroot_exec_t, httpd_sys_content_t, public_content_rw_t,
httpd_suexec_exec_t, application_exec_type, httpd_bugzilla_htaccess_t,
httpd_cobbler_htaccess_t, rpm_script_tmp_t, httpd_nutups_cgi_htaccess_t,
mailman_data_t, mailman_cgi_exec_t, httpd_apcupsd_cgi_htaccess_t, gitosis_var_lib_t,
system_dbusd_var_lib_t, dirsrvadmin_config_t, httpd_cvs_htaccess_t,
httpd_git_htaccess_t, httpd_sys_htaccess_t, httpd_squid_htaccess_t,
squirrelmail_spool_t, httpd_munin_htaccess_t, dirsrvadmin_unconfined_script_exec_t,
mailman_archive_t, httpd_prewikka_htaccess_t, passenger_var_lib_t,
passenger_var_run_t, cobbler_var_lib_t, user_home_t, bin_t, rpm_tmp_t, httpd_t,
lib_t, puppet_tmp_t, ld_so_cache_t, usr_t, abrt_var_cache_t,
httpd_rotatelogs_exec_t, locale_t, httpd_unconfined_script_exec_t,
httpd_smokeping_cgi_htaccess_t, etc_t, fonts_t, nagios_etc_t, nagios_log_t,
sssd_public_t, proc_t, httpd_keytab_t, sysfs_t, krb5_keytab_t, passenger_exec_t,
cluster_conf_t, httpd_config_t, fonts_cache_t, httpd_exec_t, httpd_lock_t,
httpd_log_t, httpd_prewikka_script_exec_t, httpd_munin_ra_content_t,
httpd_munin_rw_content_t, httpd_nutups_cgi_content_t, httpd_sys_script_exec_t,
httpd_dirsrvadmin_script_exec_t, httpd_git_script_exec_t, httpd_cvs_script_exec_t,
httpd_bugzilla_ra_content_t, httpd_bugzilla_rw_content_t,
httpd_nutups_cgi_script_exec_t, root_t, httpd_cvs_ra_content_t,
httpd_cvs_rw_content_t, httpd_git_ra_content_t, httpd_git_rw_content_t,
httpd_nagios_content_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t,
httpd_sys_rw_content_t, httpd_w3c_validator_content_t, httpd_nagios_ra_content_t,
httpd_nagios_rw_content_t, httpd_nutups_cgi_ra_content_t,
httpd_nutups_cgi_rw_content_t, httpd_cobbler_script_exec_t,
httpd_mediawiki_script_exec_t, httpd_smokeping_cgi_script_exec_t,
httpd_apcupsd_cgi_content_t, httpd_git_content_t, httpd_user_content_t,
httpd_apcupsd_cgi_ra_content_t, httpd_apcupsd_cgi_rw_content_t,
httpd_mediawiki_ra_content_t, httpd_mediawiki_rw_content_t,
httpd_smokeping_cgi_content_t, httpd_cvs_content_t, httpd_sys_content_t,
httpd_squid_ra_content_t, httpd_squid_rw_content_t, httpd_prewikka_content_t,
httpd_munin_script_exec_t, httpd_smokeping_cgi_ra_content_t,
httpd_smokeping_cgi_rw_content_t, httpd_w3c_validator_script_exec_t,
httpd_prewikka_ra_content_t, httpd_prewikka_rw_content_t, httpd_user_script_exec_t,
httpd_bugzilla_content_t, httpd_munin_content_t, httpd_squid_content_t,
httpd_mediawiki_content_t, httpd_awstats_script_exec_t,
httpd_dirsrvadmin_ra_content_t, httpd_dirsrvadmin_rw_content_t, krb5_host_rcache_t,
httpd_apcupsd_cgi_script_exec_t, httpd_dirsrvadmin_content_t,
httpd_cobbler_content_t, httpd_squid_script_exec_t,
httpd_w3c_validator_ra_content_t, httpd_w3c_validator_rw_content_t,
httpd_nagios_script_exec_t, httpd_awstats_ra_content_t, httpd_awstats_rw_content_t,
httpd_awstats_content_t, httpd_user_ra_content_t, httpd_user_rw_content_t,
httpd_bugzilla_script_exec_t, httpdcontent,httpd_cobbler_ra_content_t,
httpd_cobbler_rw_content_t.
Luego ejecute:
restorecon -v '/var/ossec/queue/syscheck/syscheck'
***** Sugerencia de complemento catchall (17.1 confidence) *****************
Sicree que de manera predeterminada, httpd debería permitir acceso getattr sobre syscheck file.
Entoncesdebería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Hacer
permita el acceso momentáneamente executando:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp解释以下内容:
# semanage fcontext -a -t FILE_TYPE '/var/ossec/queue/syscheck/syscheck'这个,暂时允许这个申请
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp这两个命令,总是允许这个应用程序。
而且,如果您有桌面,您可以转到图形Selinux应用程序,并看到相同的信息。
PD:对不起,我知道报告是西班牙语的,但是命令如果是重要的,这个命令在西班牙语或英语中是一样的。
回头见!
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/510549
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号