Nagios and SELinux

From MyWiki

Revision as of 16:32, 1 April 2010 by Admin (Talk | contribs)
Jump to: navigation, search

http://blog.pas.net.au/2009/05/fighting-with-selinux-and-nagios/


[root@master ~]# tail -f /var/log/audit/audit.log


type=AVC msg=audit(1270138956.195:1317143): avc: denied { getattr } for pid=27998 comm="cmd.cgi" path="/usr/local/nagios/var/rw/nagios.cmd" dev=dm-0 ino=2755298 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1270138956.195:1317143): arch=c000003e syscall=4 success=no exit=-13 a0=63a920 a1=7fff110124e0 a2=7fff110124e0 a3=1 items=0 ppid=2405 pid=27998 auid=501 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=37366 comm="cmd.cgi" exe="/usr/local/nagios/sbin/cmd.cgi" subj=user_u:system_r:httpd_sys_script_t:s0 key=(null)


[root@master ~]# vi /tmp/audit.log [root@master ~]# cd /tmp [root@master tmp]# audit2allow -M NagiosRule < audit.log

                                        • IMPORTANT ***********************

To make this policy package active, execute:

semodule -i NagiosRule.pp

[root@master tmp]# semodule -i NagiosRule.pp

Again:

[root@master tmp]# tail -f /var/log/audit/audit.log

type=AVC msg=audit(1270139184.317:1317165): avc: denied { append } for pid=28190 comm="ping" path="/usr/local/nagios/var/host-perfdata" dev=dm-0 ino=2752540 scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1270139184.317:1317165): avc: denied { append } for pid=28190 comm="ping" path="/usr/local/nagios/var/service-perfdata" dev=dm-0 ino=2752541 scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1270139184.317:1317165): avc: denied { read write } for pid=28190 comm="ping" path="/usr/local/nagios/var/spool/checkresults/checkZsKj5r" dev=dm-0 ino=2755492 scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file type=SYSCALL msg=audit(1270139184.317:1317165): arch=c000003e syscall=59 success=yes exit=0 a0=1320e2a0 a1=1320e320 a2=7fffb89bb6f0 a3=0 items=0 ppid=28189 pid=28190 auid=501 uid=513 gid=513 euid=0 suid=0 fsuid=0 egid=513 sgid=513 fsgid=513 tty=(none) ses=40405 comm="ping" exe="/bin/ping" subj=user_u:system_r:ping_t:s0 key=(null) type=AVC msg=audit(1270139188.909:1317166): avc: denied { write } for pid=28195 comm="cmd.cgi" name="nagios.cmd" dev=dm-0 ino=2755298 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1270139188.909:1317166): arch=c000003e syscall=2 success=no exit=-13 a0=63a920 a1=241 a2=1b6 a3=241 items=0 ppid=2400 pid=28195 auid=501 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=37366 comm="cmd.cgi" exe="/usr/local/nagios/sbin/cmd.cgi" subj=user_u:system_r:httpd_sys_script_t:s0 key=(null) type=AVC msg=audit(1270139204.042:1317167): avc: denied { append } for pid=28209 comm="ping" path="/usr/local/nagios/var/host-perfdata" dev=dm-0 ino=2752540 scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1270139204.042:1317167): avc: denied { append } for pid=28209 comm="ping" path="/usr/local/nagios/var/service-perfdata" dev=dm-0 ino=2752541 scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1270139204.042:1317167): avc: denied { read write } for pid=28209 comm="ping" path="/usr/local/nagios/var/spool/checkresults/checkFCUK8v" dev=dm-0 ino=2755483 scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file type=SYSCALL msg=audit(1270139204.042:1317167): arch=c000003e syscall=59 success=yes exit=0 a0=12882a0 a1=1288330 a2=7fff5bb18830 a3=0 items=0 ppid=28208 pid=28209 auid=501 uid=513 gid=513 euid=0 suid=0 fsuid=0 egid=513 sgid=513 fsgid=513 tty=(none) ses=40405 comm="ping" exe="/bin/ping" subj=user_u:system_r:ping_t:s0 key=(null)

[root@master tmp]# vi audit2.log [root@master tmp]# audit2allow -M NagiosRule2 < audit2.log

                                        • IMPORTANT ***********************

To make this policy package active, execute:

semodule -i NagiosRule2.pp

[root@master tmp]# semodule -i NagiosRule2.pp

Retrieved from "http://markelov.org/wiki/index.php?title=Nagios_and_SELinux"
Personal tools