CODEWITHSUNDEEP
emailloggingcentosapache2mod-evasive
smepie
smepie

Reputation: 509

CentOS, mod_evasive log write permissions and email issue

i'm on CentOS 6.5 now, installed mod_evasive some time ago but email notify and logging never worked...

into messages log i have many lines like this...

mod_evasive[4548]: Couldn't open logfile /var/log/httpd/evasive/dos-157.xxx.xxx.xxx: Permission denied

on CentOS I thought that the owner of the directory /var/log/httpd/evasive should be "apache" and that is with 755.. no way...

then, mailx is already installed and updated... someone says to see into mod_evasive20.c but i can't find this mod_evasive20.c file on my CentOS... where can be? is it possible to send with sendmail instead of mailx? thanks

Upvotes: 0

Views: 10294

Answers (4)

Mayank Dudakiya
Mayank Dudakiya

Reputation: 3879

I had faced the same issue while creating new project into the centos7.

ErrorLog /var/log/httd/mydomain_error.log

CustomLog /var/log/httpd/mydomain_access.log

Solution:

You need to disable the SELinux and Your issue will be resolved.

FOr that you need to follow the following steps.

1) Check the SELinux Status

sestatus

OutPut will be like this

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

2) Disable SELinux

You can temporarily change the SELinux mode from targeted to permissive with the following command:

sudo setenforce 0

You can see more here : https://linuxize.com/post/how-to-disable-selinux-on-centos-7/

Upvotes: 0

Andrea Bravetti
Andrea Bravetti

Reputation: 51

On CentOS /var/log/httpd has permission 700 and is owned by root, so you need to move /var/log/httpd/evasive to /var/log/evasive and do:

chown 0:apache /var/log/evasive
chmod 770 /var/log/evasive

If you use SELinux:

semanage fcontext --add -t httpd_sys_rw_content_t "/var/log/evasive(/.*)?"
restorecon -r /var/log/evasive

And add this line to /etc/httpd/conf.d/mod_evasive.conf:

DOSLogDir /var/log/evasive

Upvotes: 4

domi27
domi27

Reputation: 6923

Ok, you're facing two problems, first file permission to mod_evasive logdir and second the mail command isn't found.

1) file permission to "DOSLogDir"

You must ensure the apache's user has execute and write permissions through the whole directory tree to target "DOSLogDir". See this example from an ubuntu system

root@ubuntu:/var/log# ll
drwxr-xr-x  3 root   adm    4096 Mar 10 14:06 apache2/

root@ubuntu:/var/log# ll apache2
drwxrwxr-x 2 root www-data   4096 Mar 10 14:25 mod_evasive/

root@ubuntu:/var/log# ll apache2/mod_evasive/
-rw-r--r-- 1 www-data www-data    5 Mar 10 14:25 dos-172.16.245.1
-rw-r--r-- 1 www-data www-data    5 Mar 10 14:19 dos-172.16.245.129

2) access mail binary

The mail binary is defined in mod_evasive20.c indeed, row 45 :

    #define MAILER  "/bin/mail %s"

Try to get a symlink on mailx to be used by mod_evasive

ln -s $(which mailx) /bin/mail

Upvotes: 2

smepie
smepie

Reputation: 509

understood,

for whom have the same problem hope this helps...

if mod_evasive is not able to write on the dir it doesn't even send the email so commented out the DOSLogDir and so it writes to tmp...

don't know if can use another directory but for the moment problem is solved

Upvotes: 1

Related Questions