SELinux + ClamAV + FastCGI

Support for security such as Firewalls and securing linux
Post Reply
tobyjoe
Posts: 3
Joined: 2005/06/04 17:07:22

SELinux + ClamAV + FastCGI

Post by tobyjoe » 2005/06/04 17:45:03

I've been setting up a CentOS 4 box for the past couple of weeks, and have only had a couple of SELinux related problems thus far.

Everything seems to be secured fairly well, and I like the additional security of SELinux. I'm trying to to get frustrated and, like so many others, disable it.

The two problems I've been having are with ClamAV/freshclam and FastCGI.

The ClamAV problem is that freshclam cannot notify clamd of virus definition updates. The error message sent via email to my admin account is:

/etc/cron.daily/freshclam:

ERROR: Clamd was NOT notified: Can't connect to clamd through /var/run/amavis/clamd.ctl
connect(): Permission denied

Everything should be configured correctly and /var/run/amavis/clamd.ctl is the proper path. From my research, this seems to be a fairly simple SELinux problem. I've found info on various mailing lists regarding patches for ClamAV and freshclam, but honestly, I have no idea how to write a policy or apply a patch. I've been reading up a bit, and I'm a programmer, so I'm following along ok, but I'd prefer not to screw up my SELinux policies and such.

Any advice for getting this problem solved?

The next problem is similar, and has to do with FastCGI.

When I add the FastCGI directives (LoadModule) to my Apache conf and run configtest, I get:

FastCgiIpcDir /tmp/fcgi_ipc: access for server (uid -1, gid -1) failed: write not allowed

The /tmp/fcgi_ipc dir is chowned to apache and chmodded to 755, as it is on all my non-SELinux systems (RHEL3).

Anyone have experience running these to under SELinux?

Post Reply

Return to “CentOS 4 - Security Support”