On a CentOS 7 server, I noticed that setroubleshootd seemed to be using an inordinate percentage of the CPU's time when I ran the top command. When I used the ausearch command to query the audit daemon logs for entries that might have been created by setroubleshootd, I saw references to the
cometchat/.htaccessfile in a user's directory beneath the directory where her Simple Machines Forum (SMF) software resided. I also found tens of thousands of references to that file in the
/var/log/messagesfile. The server runs Security-Enhanced Linux (SELinux) and I found that I needed to update the SELinux context for the file to stop such entries being logged.
[ More Info ]