On Tue, 2013-10-29 at 16:08 +0100, Alexander Vierschilling wrote:
> Hello together,
>  
> I´ve got a question and I hope you can help me to handle the problem.
> It´s about a mysql_health_check called via nrpe.
> I want to check "slow-queries" in our mysql-database. Therefore  I
> call my NRPE-Check which calls the mysql check on the remote-machine.
> So far so good. Now, the mysql_check needs a dir called
> check_mysql_health in /var/tmp. 
>  
> ls -Z displays : 
> drwxr-xr-x. nrpe   nrpe
> unconfined_u:object_r:nagios_services_plugin_exec_t:s0
> check_mysql_health
>  
> my plugin's context is 
> -rwxrwxrwx. nagios nrpe
> unconfined_u:object_r:nagios_services_plugin_exec_t:s0
> check_mysql_health


You can try to disable SELinux only for check_mysql_health by setting
it's context to nagios_unconfined_plugin_exec_t for check_mysql_health
script:
system_u:object_r:nagios_unconfined_plugin_exec_t:s0

I didn't test it for mysql_health, as I check MySQL remotely and not via
NRPE, but for some other checks via NRPE this mostly solves SELinux
issues (except plugins with sudo calls, they need more adjustments).

You can for sure also have a look at audit.log and write a proper policy
(easiest way is to let you create one with audit2allow, but this
sometimes allow too much)...


Regards,
René


>  
> when I turn off selinux, everything works fine and nrpe shows the
> results in my monitoring-system.
>  
> Does someone have a good hint for me? :)
>  
> Greets,
> Alex
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> icinga-users mailing list
> icinga-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/icinga-users


------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
icinga-users mailing list
icinga-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/icinga-users

Reply via email to