FYI: An Selinux Hack

Home » CentOS » FYI: An Selinux Hack
CentOS No Comments

We’ve got a website that was written years ago, and maintained by various people since. For some unknown reason, the original person or persons hard-coded, in a number of scripts, for these perl CGI scripts to write to a logfile… in the websites cgi-bin directory.

*DUH*

And the guy who was more-or-less maintaining it fixed one or two (I don’t know how, he probably hardcoded), but the rest still wrote to the same log. No, I can’t go in and fix it all.

So, to shut up selinux, I moved the logs to /var/log/httpd/website/, and made a symlink from the cgi-bin location to there… and it worked. No garbage from selinux.

Of *course* it’s a hack, but I figured there are others out there in the same position – aren’t allowed to go fix it *right* (as in, they should read a config file in /etc…), have to have selinux at least permissive, and want to cut down the noise in the logs.

mark

LEAVE A COMMENT