[Nagios-users] Nagios and SELinux issue
Hello list. We're running Nagios 3.0.3 on RHEL 5, and are having an issue with SELinux. A symptom I have noticed it that acknowledging a problem results in the following error: *Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd' * We need to keep SELinux active on the server, so I'll have to configure it to allow for Nagios. Does anyone know what needs to be done to do this? Regards, Kenneth Holter -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios and SELinux issue
Kenneth Holter wrote: We're running Nagios 3.0.3 on RHEL 5, and are having an issue with SELinux. A symptom I have noticed it that acknowledging a problem results in the following error: /Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd' / We need to keep SELinux active on the server, so I'll have to configure it to allow for Nagios. Does anyone know what needs to be done to do this? Did you see http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html Especially the heading: 8) Modify SELinux Settings IM -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios and SELinux issue
H, You have to hit the Selinux docs to help. I usually just disable Selinux. Lex On Wed, Dec 10, 2008 at 8:54 AM, Ian Masters [EMAIL PROTECTED] wrote: Kenneth Holter wrote: We're running Nagios 3.0.3 on RHEL 5, and are having an issue with SELinux. A symptom I have noticed it that acknowledging a problem results in the following error: /Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd' / We need to keep SELinux active on the server, so I'll have to configure it to allow for Nagios. Does anyone know what needs to be done to do this? Did you see http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html Especially the heading: 8) Modify SELinux Settings IM -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Alex Dehaini Developer Site - www.alexdehaini.com Email - [EMAIL PROTECTED] -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios and SELinux issue
Thanks - I missed this part during installation. I'll give it a read. On 12/10/08, Ian Masters [EMAIL PROTECTED] wrote: Kenneth Holter wrote: We're running Nagios 3.0.3 on RHEL 5, and are having an issue with SELinux. A symptom I have noticed it that acknowledging a problem results in the following error: /Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd' / We need to keep SELinux active on the server, so I'll have to configure it to allow for Nagios. Does anyone know what needs to be done to do this? Did you see http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html Especially the heading: 8) Modify SELinux Settings IM -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios and SELinux issue
There should be an option in Selinux to allow certain network services run. Try and narrow your search around that area. Lex On Wed, Dec 10, 2008 at 9:41 AM, Kenneth Holter [EMAIL PROTECTED]wrote: Thanks - I missed this part during installation. I'll give it a read. On 12/10/08, Ian Masters [EMAIL PROTECTED] wrote: Kenneth Holter wrote: We're running Nagios 3.0.3 on RHEL 5, and are having an issue with SELinux. A symptom I have noticed it that acknowledging a problem results in the following error: /Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd' / We need to keep SELinux active on the server, so I'll have to configure it to allow for Nagios. Does anyone know what needs to be done to do this? Did you see http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html Especially the heading: 8) Modify SELinux Settings IM -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Alex Dehaini Developer Site - www.alexdehaini.com Email - [EMAIL PROTECTED] -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios and SELinux issue
-Original Message-
Kenneth Holter wrote:
We're running Nagios 3.0.3 on RHEL 5, and are having an issue with
SELinux. A symptom I have noticed it that acknowledging a problem
results in the following error:
/Error: Could not stat() command file
'/usr/local/nagios/var/rw/nagios.cmd' /
We need to keep SELinux active on the server, so I'll have to
configure
it to allow for Nagios. Does anyone know what needs to be done to do
this?
I kept SELinux in Enforcing mode on CentOS 5.2, so hopefully this will
be similar.
Create a file called mynagios.te, and put this in there:
module mynagios 1.0;
require {
type initrc_tmp_t;
type httpd_sys_script_t;
type usr_t;
type ping_t;
type httpd_t;
type unlabeled_t;
class file execute_no_trans;
class association recvfrom;
class file execute;
class file { read write };
class fifo_file write;
class fifo_file getattr;
}
#= httpd_t ==
allow httpd_t usr_t:file execute_no_trans;
allow httpd_t usr_t:file execute;
#= unlabeled_t ==
allow unlabeled_t self:association recvfrom;
#= httpd_sys_script_t ==
allow httpd_sys_script_t usr_t:fifo_file write;
allow httpd_sys_script_t usr_t:fifo_file getattr;
#= ping_t ==
allow ping_t initrc_tmp_t:file { read write };
To arrive at these settings, I ran Nagios with Enforcing turned on, and
clicked on all the links in the side bar, and tried to do stuff like
send acknowledgements. You can use audit2allow to generate the type
enforcement file above from the audit.log file. I kept finding things
I'd missed, so the above is the result of several iterations of
audit2allow and merging copies of their output into one file:
#audit2allow -m mynagios -l -i audit.log mynagios.te
(Make a backup copy of the .te file somewhere in case you miss something
the first time around)
#gedit mynagios.te (to merge in the settings from the previous .te
file's backup)
#checkmodule -M -m -o mynagios.mod mynagios.te
#semodule_package -o mynagios.pp -m mynagios.mod
#semodule -i mynagios.pp
You can verify your mynagios policy package has been installed with:
#semodule -l
There was already a Nagios policy package installed on CentOS by
default, but it didn't work for me. Maybe it was because I installed
Nagios from source instead of using a package. Anyway, that's why I
called it mynagios, so that it didn't collide with the provided Nagios
package.
Nothing in this message is intended to make or accept and offer or to form a
contract, except that an attachment that is an image of a contract bearing the
signature of an officer of our company may be or become a contract. This
message (including any attachments) is intended only for the use of the
individual or entity to whom it is addressed. It may contain information that
is non-public, proprietary, privileged, confidential, and exempt from
disclosure under applicable law or may constitute as attorney work product. If
you are not the intended recipient, we hereby notify you that any use,
dissemination, distribution, or copying of this message is strictly prohibited.
If you have received this message in error, please notify us immediately by
telephone and delete this message immediately.
Thank you.
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
