By default cronolog (cronolog-1.6.2-1) will not work under selinux. You'll see audit errors in /var/log/messages that say :
This is cronolog trying to create a new year folder and a new symbolic link to your most current access log. These two functions are done when cronolog is given the --symlink paramter and told to order rolled over logs in year by year folders. Here's more about cronolog usage.
This solution is for Red Hat Enterprise Linux 4 (RHEL4) though it should apply for other selinux enabled OS's.
First make sure that the directory that the logs are being written to, or more specifically the directory in which cronolog is trying to create a symbolic link or a year directory, also known to selinux as the target directory, has a target security context of "httpd_log_t". You can verify this by doing a :
and confirming that the security context is correct. You should see something like this :
If the security context is not correct, use the "chcon" command to set it.
Once you've confirmed that the target directory has a security context of httpd_log_t, all you have to do is create a custom policy.
You can read about how to do this here. Here are the steps
- Install the selinux-policy-targeted-sources rpm
- Stop apache
- Create a new local custom security policy (Here I'm using nano, you can use whatever editor you want vi/emacs/etc)
- Add in the following text to local.te
- Save the file
- Compile the new policy
- Start apache
At this point check your /var/log/messages and your log directory and you should see no more selinux audit messages and that cronolog has created it's directories and symbolic links.