This article has been archived and is no longer maintained by ForgeRock.
The following tools are used in this process:
- SELinux troubleshooting tool - displays all the violations that have been logged to the /var/log/audit/audit.log file along with possible solutions. When SELinux is in Enforcing mode, all configured parameters are enforced and any violations are logged to the /var/log/audit/audit.log file.
- GUI configuration tool - provides useful utilities for operating and managing SELinux, including restorecon. The restorecon utility enables you to restore a file's default SELinux security contexts.
These are third-party tools that we suggest can be used for troubleshooting but are not supported by ForgeRock.
To prepare for a successful install:
- Install these tools using the following terminal command: yum install setroubleshoot policycoreutils-gui
- Enable communication between Apache and Tomcat using the following terminal commands: # setsebool -P httpd_can_network_connect on # setsebool -P httpd_can_network_relay on
- Change the default SELinux type context for files in the directory with agent configuration files, such as /opt/web_agent, with the following command if installing the Apache Web Policy Agent: restorecon -v /opt/web_agents/apache22_agent/lib/*
- Identify and diagnose any other SELinux issues that may exist on your system using the following command: sealert -b /var/log/audit/audit.log The SELinux Alert Browser is displayed.
- Click Troubleshoot to display all the logged alerts along with suggested solutions.
- Implement the suggested solutions or similar to resolve all the logged alerts. You can now proceed to install OpenAM and the Apache Web Policy Agent.
You can use -a instead of -b in the sealert command to show a command line equivalent of the SELinux Alert Browser.