Question
· Jul 8, 2022

CSP event log error

Hello, would anyone know where in Linux I need to change permissions on this? 

it is running a full Apache install and not what came with Cache.

Discussion (13)1
Log in or sign up to continue

$ sudo find / -name "CSP.log" 2>/dev/null

Also if selinux enabled and blocking:
$ sestatus
SELinux status: enabled

Validate. (Example correct path as location above)

$ ls -Z /opt/webgateway/logs/CSP.log

Correction. (Example correct path as location above)

$ sudo semanage fcontext -a -t httpd_log_t /opt/webgateway/logs/CSP.log
$ sudo restorecon -v /opt/webgateway/logs/CSP.log

hmm no I have cspgateway  and I'm running RHEL 7

  find / -name "CSP.log" 2>/dev/null
/opt/cspgateway/bin/CSP.log
/DSA200/cachesys/csp/bin/CSP.log
[root@facstestlinux localusers]# ls -Z /opt/cspgateway
drwxr-xr-x. root   root   unconfined_u:object_r:usr_t:s0   apache
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   bin
drwxr-xr-x. root   root   unconfined_u:object_r:usr_t:s0   cache
drwxr-xr-x. root   root   unconfined_u:object_r:usr_t:s0   util

and

root@facstestlinux localusers]# ls -Z /DSA200/cachesys/csp

drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 bin
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 broker
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 Default.csp
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 docbook
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 favicon.ico
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 samples
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 sys
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 user
 

still not working and I tried the whole dir after just doing the log file also restarted httpd and nada...

[root@facstestlinux localusers]#  chown apache:apache /opt/cspgateway/bin/*
[root@facstestlinux localusers]# ls -Z /opt/cspgateway/bin
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   cconnect.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa22Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa24Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa2Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSP.bak
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPcgiSys
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSP.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSP.log
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPn3.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPn3Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPnsd
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPRT.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   libcrypto.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   libssl.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   libz.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   nph-CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   nph-CSPcgiSys
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   temp
 

Taking a step back and please don't be offended but I just wanted to confirm something.
When accessing the Web Gateway does the URL in the browser contain the superserver port number.
ie: Is this: http://servername:52773/csp/bin/Systems/Module.cxw  (Internal WebServer)
or http://servername/csp/bin/Systems/Module.cxw  (External WebServer)

Also...
In the Web Gateway under Configuration -> Default Parameters.
Do you have a non-default value set for "Event Log File"

EDIT: Sorry, didn't notice that Alex Woodhead had already provided this answer ...

If SELinux is enabled, you may need to run the following commands as root:

# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webgateway/logs/CSP.log'
# restorecon -v '/opt/webgateway/logs/CSP.log'

Note that the '#' character represents the root account prompt and is not part of the command.

I didn't realize that selinux was part of RHEL and I changed the path to reflect where the log files is.

facstestlinux mgr]#  semanage fcontext -a -t httpd_sys_rw_content_t '/opt/cspgateway/bin/CSP.log'
[root@facstestlinux mgr]# restorecon -v '/opt/cspgateway/bin/CSP.log'
restorecon reset /opt/cspgateway/bin/CSP.log context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0
[root@facstestlinux mgr]#