3

I'm trying to get mod_security and hit the very common hostname error of

[alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of "computername.domain.com"

This normally means an entry is required in the hosts file. However I have tried all combinations for the hostname; localhost (127.0.0.1), local IP address (192.168....) and public IP address ("122.56.11.156"). I have also tried all combinations for Apache's ServerName; computer.domain, domain, IP addresses and not setting it at all. Nothing seems to work for me.

Currently my /etc/hosts file looks like:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1              computername.domain.com computername localhost.localdomain localhost    
::1             localhost6.localdomain6 localhost6
192.168.0.102           computername.domain.com computername

#192.168.0.102          computername.hostingprovider.local  computername  # NIC <eth0>
#122.56.11.156          computername.domain.com computername

Ping works, also hostname shows

[root@computername~]# hostname
computername.domain.com

The public dns doesn't have computername as a subdomain so what is the correct IP address / ServerName combo to use? What happens with duplicate entries on hosts? What does mod_unqiue_id check that could cause it to fail?

Thanks for any help you can provide

The underlying problem

Thanks for the strace suggestion. On starting apache I got the following.

1377  open("/etc/hosts", O_RDONLY)      = -1 EACCES (Permission denied)

So quickly sanity check permissions and:

# ll /etc/hosts
-rw-r--r-- 2 root root 608 Jul 22 16:01 /etc/hosts

But turned out be SELinux, see below

KCD
  • 878
  • 3
  • 11
  • 23

2 Answers2

4

The problem was SELinux

#less /var/log/audit/audit.log

type=AVC msg=audit(1311546944.235:1040): avc:  denied  { read } for  pid=1396 comm="httpd" 
name="hosts" dev=dm-0 ino=262931 
scontext=user_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file

In my case the following solved it:

# ls -lZ /etc/hosts
-rw-r--r--  root root system_u:object_r:initrc_tmp_t   /etc/hosts
# setenforce 0
# restorecon -R -F -v /etc/hosts
# setenforce 1
# ls -lZ /etc/hosts
-rw-r--r--  root root system_u:object_r:etc_t          /etc/hosts
KCD
  • 878
  • 3
  • 11
  • 23
3

I'd be looking for typos and other "stupidly simple" mistakes we all make from time to time (I use my wife as a proof-reader), but if that doesn't work I'd just fire up strace to see what mod_security is trying to do. It might not be reading /etc/hosts -- perhaps it's taking a failure to resolve the name via DNS as some sort of hard failure instead, or something else.

At any rate, I'd be putting the machine's name in DNS anyway. It just saves so many hassles.

womble
  • 95,029
  • 29
  • 173
  • 228
  • Yes I've been struggling to rule out problems existing between the keyboard and the chair. Asking our hosting provider to add the computer name to the DNS would help but it would be nice to know why apache doesn't seem to process the hosts file – KCD Jul 24 '11 at 23:24
  • Awarded this as the solution because strace identified the true problem and a DNS entry would've solved it either way – KCD Jul 25 '11 at 01:11
  • It'd be worth putting the reason you found in as an answer, for future searchers who come across your question and would like to know exactly what the answer was. I'm curious too, now. – womble Jul 25 '11 at 05:27
  • I'm one step ahead of you, see the third section added to the question. SELinux was the problem, I'll edit it to make it clearer. Thanks again for your help! – KCD Jul 25 '11 at 22:03
  • I'm saying make it an *answer*, not part of your question -- self-answering is explicitly encouraged, as not everyone who finds the question will read the whole question, they'll skim just enough to see that it fits their problem and then skip straight to the answers. – womble Jul 25 '11 at 22:25
  • Fair enough. Only reason I didn't do that is so I could credit you with the answer :) – KCD Jul 25 '11 at 22:32
  • I'm wonderfully selfless... although you don't *have* to take away my precioussssssss accepted tick. – womble Jul 25 '11 at 22:33
  • Ha indeed, chances are you'll answer my next question anyway (note to self - learn about StackExchange 'Chat') – KCD Jul 25 '11 at 22:44