I‘ve configured my Apache in chrooted jail at /jail/apache directory. However, my syslogd is not working and nothing gets logged using /dev/log and /jail/apache/dev/log. How do I fix this problem under CentOS 5.x AMD64 with SELinux?
By default syslogd daemon is listening to the socket /dev/log. You can verify this using lsof command:
lsof -c syslogd
lsof -c syslogd | grep '/dev/'
Sample outputs:
syslogd 38944 root 0u unix 0xffff8103215b08c0 28951978 /dev/log
However, you need to set additional sockets from that syslogd has to listen for all chrooted environment. By default you can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Edit /etc/sysconfig/syslog, enter:
# vi /etc/sysconfig/syslog
Now, set /jail/apache/dev/log along with default /dev/null syslogd daemon socket path:
SYSLOGD_OPTIONS="-m 0 -a /jail/apache/dev/log"
Save and close the file. Now, restart the syslogd:
# service syslog restart
Make sure your syslogd daemon is listening to the socket /dev/log and /jail/apache/dev/log, enter:
# lsof -c syslogd | grep '/dev/'
Sample outputs:
syslogd 38944 root 0u unix 0xffff8103215b08c0 28951978 /dev/log syslogd 38944 root 7u unix 0xffff8103215b1100 28951980 /jail/apache/dev/log
SELinux Problem
When you restart syslogd and nothing is working as it should be, than SELinux may causing the problem. You will notice that the above command doesn’t indicate that /dev/log and /jail/apache/dev/log sockets used by syslogd. To fix this problem type the following commands:
# setenforce 0
# service syslog restart
# setenforce 1
# lsof -c syslogd | grep '/dev/'
setenforce command with the 1 option to put SELinux in enforcing mode. Use 0 option to put SELinux in permissive mode. This is used for troubleshooting SELinux problems. You may need to patch /etc/init.d/syslog to fix this problem permanently.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
On the SELinux issue, If you set the SELinux context for the file then you should be good to go.
semanage fcontext -a -t devlog_t /path/to/logsocket
restorecon -Fv /path/to/log/socket