linux-malware-detect icon indicating copy to clipboard operation
linux-malware-detect copied to clipboard

Published 20 hours ago verified publisher icon rfxn

SELinux preventing write access to /usr/local/maldetect/tmp

Open ghost opened this issue 8 years ago • 3 comments

Feb 23 11:15:06 localhost.localdomain python[62666]: SELinux is preventing /usr/bin/clamscan from write access on the file /usr/local/maldetect/tmp/.clamscan.result.278

I think it has to do with file type; when I run ls -Z this is what I have in this directory: I am not sure what the file type is supposed to be, but I am sure it's not supposed to be usr_t

-r--------. root root system_u:object_r:usr_t:s0 CHANGELOG dr-x------. root root system_u:object_r:usr_t:s0 clean -r--------. root root system_u:object_r:usr_t:s0 conf.maldet -r--------. root root system_u:object_r:usr_t:s0 conf.maldet.cron -r--------. root root system_u:object_r:usr_t:s0 COPYING.GPL dr-x------. root root system_u:object_r:usr_t:s0 cron lrwxrwxrwx. root root system_u:object_r:usr_t:s0 event_log -> /usr/local/maldetect/logs/event_log -r--------. root root system_u:object_r:usr_t:s0 hookscan.sh -r--------. root root system_u:object_r:usr_t:s0 ignore_file_ext -r--------. root root system_u:object_r:usr_t:s0 ignore_inotify -r--------. root root system_u:object_r:usr_t:s0 ignore_paths -r--------. root root system_u:object_r:usr_t:s0 ignore_sigs dr-x------. root root system_u:object_r:usr_t:s0 internals dr-x------. root root system_u:object_r:usr_t:s0 logs -r--------. root root system_u:object_r:usr_t:s0 maldet -r--------. root root system_u:object_r:usr_t:s0 maldet.1 -r--------. root root system_u:object_r:usr_t:s0 modsec.sh -r--------. root root system_u:object_r:usr_t:s0 monitor_paths dr-x------. root root system_u:object_r:usr_t:s0 pub dr-x------. root root system_u:object_r:usr_t:s0 quarantine -r--------. root root system_u:object_r:usr_t:s0 README dr-x------. root root system_u:object_r:usr_t:s0 service dr-x------. root root system_u:object_r:usr_t:s0 sess dr-x------. root root system_u:object_r:usr_t:s0 sigs dr-x------. root root system_u:object_r:usr_t:s0 sigs.old dr-x------. root root system_u:object_r:usr_t:s0 tmp -r--------. root root system_u:object_r:usr_t:s0 uninstall.sh -r--------. root root system_u:object_r:usr_t:s0 VERSION -r--------. root root system_u:object_r:usr_t:s0 VERSION.hash

ghost avatar Feb 23 '17 16:02 ghost

Are you using v1.5 or the latest commit of 1.6? @tmccaff

Thanks for reporting!

rfxn avatar Feb 24 '17 19:02 rfxn

i was facing this problem in maldetect1.6.2, the SELinux warnings are generated for following issues:

  1. maldetect uses /usr/local/maldetect/tmp during clamscan
  2. maldetect tries to write log in /usr/local/maldetect/logs

i solved it as follows:

first create log dir

sudo mkdir -p /var/log/maldetect

then add following lines in /usr/local/maldetect/conf.maldet.cron

tmpdir="/var/tmp"
logdir="/var/log/maldetect"

umairsiddiqui avatar Aug 19 '17 19:08 umairsiddiqui

additionally for systemd service scans

edit either /etc/sysconfig/maldet (centos/rhel ) or /etc/default/maldet (ubuntu/debian)

and add following lines

tmpdir="/var/tmp"
logdir="/var/log/maldet"

umairsiddiqui avatar Aug 20 '17 08:08 umairsiddiqui