Error message:
root@nginx39 owasp-modsecurity-crs-3.0.2]# service nginx start
Redirecting to /bin/systemctl start nginx.service
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@nginx39 owasp-modsecurity-crs-3.0.2]# journalctl -xe
Oct 28 13:15:08 nginx39 nginx[194506]: nginx: [emerg] "modsecurity_rules_file" directive Failed to open file: /var/log/modsec_audit.log in /etc/nginx/conf.d/demo.t3st.org.conf:10
Oct 28 13:15:08 nginx39 systemd[1]: nginx.service: control process exited, code=exited status=1
Oct 28 13:15:08 nginx39 systemd[1]: Failed to start NGINX Plus - high performance web server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Resolution:
You must either give the directory structure a context of httpd_sys_rw_content_t, or give them a context of public_content_rw_t and enable allow_httpd_anon_write and/or allow_httpd_sys_script_anon_write. See the httpd_selinux(8) man page for details.
Solution
# Install semanage, used to configure certain parts of SELinux policy without
# requiring modification to or recompilation from policy sources.
yum install policycoreutils-python
chcon -R -t httpd_sys_rw_content_t /var/log
semanage fcontext -a -t httpd_sys_rw_content_t "/var/log(/.*)?"