如何使我的 bash 脚本能够为 cron 中运行的 clamscan 创建日志文件?

如何使我的 bash 脚本能够为 cron 中运行的 clamscan 创建日志文件?

我在 bash 中创建了一个自定义clamscan( clamav) ,当我在 shell 中运行它时一切都很好,但如果我在 a 中运行它cron,它就无法创建日志文件。

这是错误:

  1. /root/Scripts/clamscan :第 9 行:/var/log/clamscan/weekly/clamscan-Test-2014-09-16.log:没有这样的文件或目录
  2. /bin/bash: /root/Scripts/clamscan: 权限被拒绝
  3. 我还收到来自 cron 的电子邮件:消息正文为空;希望没问题
  4. 在“如果可以的话”邮件之前,我收到一封空电子邮件,没有任何消息

如果我在 shell 中运行该脚本,它会毫无问题地创建日志文件。

问题:

  1. 我需要做什么bash script才能让它写入适当的文件?
  2. 为什么我会收到这些错误?

这是脚本:

#!/bin/bash
FILENAMEDATE=$(date +"%F")

/usr/bin/clamscan -i -r --log=/var/log/clamscan/weekly/clamscan-Test-$FILENAMEDATE.log /home/Username/Downloads >/dev/null 2>/dev/null

if [ $? -gt 0 ];
then
SUBJECT="Virus Report for `uname -n`, `date +%m-%d-%Y`"
mail -s "$SUBJECT" 'Email' < /var/log/clamscan/weekly/clamscan-Test-$FILENAMEDATE.log
fi

这是/etc/crontab:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO="Email"

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed
 56 13  *  *  * root  /bin/bash /root/Scripts/clamscan

答案1

您的 clamscan 似乎没有在输出中生成任何日志文件。只需更改clamscan blah blah >/dev/null 2>/dev/nullclamscan blah blah &>/tmp/scan.log检查 scan.log - 可能会有一些提示。

答案2

我找到了答案:

请注意,该系统是 Fedora 20。

SELinux 拒绝 clamscan 对系统进行写入、创建等操作。

因此,请按照 SELinux 故障排除程序中有关允许 clamscan 访问的说明进行操作,并对所有访问重复此操作。 mailx 上也有一个拒绝,但没有做任何进程可见的事情,它有效!

以下是 SELinux 的两个拒绝:

SELinux is preventing /usr/bin/mailx from ioctl access on the file .

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that mailx should be allowed ioctl access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep mail /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:system_mail_t:s0-s0:c0.c1023
Target Context                system_u:object_r:user_home_t:s0
Target Objects                 [ file ]
Source                        mail
Source Path                   /usr/bin/mailx
Port                          <Unknown>
Host                          Hostname
Source RPM Packages           mailx-12.5-10.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-183.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     Hostname
Platform                      Linux Hostname 3.16.2-200.fc20.x86_64 #1 SMP Mon
                              Sep 8 11:54:45 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-09-16 17:42:37 GMT
Last Seen                     2014-09-16 17:42:37 GMT
Local ID                      abc31a8e-345d-4d49-adf4-42cefab652a0

Raw Audit Messages
type=AVC msg=audit(1410889357.123:13483): avc:  denied  { ioctl } for  pid=32125 comm="mail" path="PathToLogFile.log" dev="dm-3" ino=2760739 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1410889357.123:13483): arch=x86_64 syscall=ioctl success=no exit=EACCES a0=0 a1=5401 a2=7fff29623700 a3=8 items=0 ppid=32089 pid=32125 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=765 comm=mail exe=/usr/bin/mailx subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)

Hash: mail,system_mail_t,user_home_t,file,ioctl

SELinux is preventing /usr/bin/clamscan from unlink access on the file .

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that clamscan should be allowed unlink access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep clamscan /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:antivirus_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                 [ file ]
Source                        clamscan
Source Path                   /usr/bin/clamscan
Port                          <Unknown>
Host                          Hostname
Source RPM Packages           clamav-0.98.4-1.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-183.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     Hostname
Platform                      Linux Hostname 3.16.2-200.fc20.x86_64 #1 SMP Mon
                              Sep 8 11:54:45 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-09-16 18:28:11 GMT
Last Seen                     2014-09-16 18:28:11 GMT
Local ID                      513c5c73-1ca8-4715-8b6a-458010ede5bf

Raw Audit Messages
type=AVC msg=audit(1410892091.713:13684): avc:  denied  { unlink } for  pid=1305 comm="clamscan" name="eicar.com.txt" dev="dm-4" ino=10769 scontext=system_u:system_r:antivirus_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1410892091.713:13684): arch=x86_64 syscall=unlink success=no exit=EACCES a0=21fecf0 a1=3aa5db9a10 a2=0 a3=3a7478742e6d6f63 items=0 ppid=1302 pid=1305 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=792 comm=clamscan exe=/usr/bin/clamscan subj=system_u:system_r:antivirus_t:s0-s0:c0.c1023 key=(null)

Hash: clamscan,antivirus_t,user_home_t,file,unlink

相关内容