On 3/13/2013 9:51 AM, Jonathan Gazeley wrote:
> The end result is a fairly permissive SELinux policy *for Nagios* but
> still far better than not having SELinux at all.
That's exactly what I did, too. If it helps you get jump started, I
ended up with a .te file that looks like this. I don't run any of the
popular Nagios add-ons except for Check_MK, so your mileage may vary.
module mynagios 1.0;
require {
type initrc_tmp_t;
type httpd_t;
type httpd_sys_script_t;
type initrc_t;
type ping_t;
type unlabeled_t;
type usr_t;
type var_lib_t;
class association recvfrom;
class dir { create setattr };
class fifo_file write;
class fifo_file getattr;
class file execute;
class file execute_no_trans;
class file { read write };
class sock_file write;
class unix_stream_socket connectto;
}
#============= httpd_t ==============
allow httpd_t usr_t:file execute_no_trans;
allow httpd_t usr_t:file execute;
allow httpd_t usr_t:fifo_file getattr;
allow httpd_t usr_t:fifo_file write;
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t usr_t:sock_file write;
allow httpd_t var_lib_t:dir { create setattr };
#============= unlabeled_t ==============
allow unlabeled_t self:association recvfrom;
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t usr_t:fifo_file write;
allow httpd_sys_script_t usr_t:fifo_file getattr;
#============= ping_t ==============
allow ping_t initrc_tmp_t:file { read write };
--
-Chris
Nothing in this message is intended to make or accept an offer or to form a
contract, except that an attachment that is an image of a contract bearing the
signature of an officer of our company may be or become a contract. This
message (including any attachments) is intended only for the use of the
individual or entity to whom it is addressed. It may contain information that
is non-public, proprietary, privileged, confidential, and exempt from
disclosure under applicable law or may constitute as attorney work product. If
you are not the intended recipient, we hereby notify you that any use,
dissemination, distribution, or copying of this message is strictly prohibited.
If you have received this message in error, please notify us immediately by
telephone and delete this message immediately.
Thank you.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
