November 13, 2012

Month, day, and year are required…

Filed under: Linux — joel.cass @ 9:14 am

I had a bit of a brain fart earlier this week whilst trying to diagnose some SELinux issues. I had tried everything. Scanned the messages, audit log, used some tools like audit2allow, and for some reason I just could not get apache to talk to python. SELinux was blocking it, with nothing recorded anywhere. In the end I had to give up and set SELinux to permissive.

At any rate, I was banging my head against a wall with the ausearch program:

ausearch date format unknown

I was almost screaming, pulling my hair out! Geez, the response is so cryptic, the month, day, and year are there, I add the time and then it complains the time is not there! FFS! What date format do you want!!!! Gahhh!

Calm down Joel… Ok, so ausearch –help reveals nothing. What about man ausearch. Ah:

man ausearch

So it should be mm/dd/yyyy, not yyyy/mm/dd or dd/mm/yyyy. It’s making sense now. But why don’t they just state the format in the error message? It’s funny how the web is so focused on UX yet even the latest commands are stuck in the dark ages.

In the end it turned out that execute access was being blocked when python was run under the apache context, this was because I had compiled a special version of python to run with one of our legacy apps. A simple call to chcon to match the context of my compiled python with the installed python resolved the issue. It’s funny how neither audit2allow or scanning the messages and audit log showed the error I was looking for.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment