klaubert
ModSecurity: Audit log: Failed to create subdirectories
pls help me to solve this [:error] [pid 34915] [client 192.168.100.10:51750] [client 192.168.100.10] ModSecurity: Audit log: Failed to create subdirectories: /var/log/mlogc/data/20180714/20180714-1714 (Permission denied) [hostname "192.168.100.26"] [uri "/.noindex.html"] [unique_id "W0nM78slVvAqGUJmnQuyNQAAAAQ"]
I had the same problem because apache is running not only with the user www-data, but with all kind of virtual users, like this:
AssignUserId #2010 #2010
After several attempts, I decided to run a script everyday at 23h59 to create all the folders necessary for the next day with the right permissions.
The right permissions are 0777 on folders because every user (virtual or not) must be able to write there.
Not the best for security, but I didn't find a better way to do it.
Here is my script:
#!/bin/bash
DAY=$(date -d 'tomorrow' '+%Y%m%d');
DIR="/var/log/modsec/data/$DAY"
if ! test -d $DIR; then
mkdir $DIR
chmod 0777 $DIR
fi
for ((i=0;i<=23;i++)); do
if [ $i -lt 10 ]; then
HOUR="0$i"
else
HOUR=$i
fi
for ((j=0;j<=59;j++)); do
if [ $j -lt 10 ]; then
MIN="0$j"
else
MIN=$j
fi
DIR="/var/log/modsec/data/$DAY/$DAY-$HOUR$MIN"
if ! test -d $DIR; then
mkdir $DIR
chmod 0777 $DIR
fi
done
done
I don't have the problem anymore.
Hope this help.
@quenenni thanks for ur respons, i will try it soon. hopefully it can help me. thanks.
@quenenni hey, i has use ur script but the apache need to make directory again call /var/log/mlogc/date/date-time/time-uniqe_id
ModSecurity: Audit log: Failed to create file: /var/log/mlogc/data/20180718/20180718-1637/20180718-163739-W08KY8uo9q6YSsBO83ilkAAAAAQ (Permission denied) [hostname "192.168.100.26"] [uri "/data"] [unique_id "W08KY8uo9q6YSsBO83ilkAAAAAQ"]
how i can add unique_id on the script ?
i solved my issues with chcon -R -t httpd_sys_rw_content_t /var/log/mlogc/data/*
dont forget to semanage fcontext -a -t httpd_sys_rw_content_t '/var/log/mlogc/data/'
