SELinux blocking nagios' cgis on FC5

Chris Stankaitis chris.stankaitis at datawire.net
Fri Jun 23 16:31:45 CEST 2006


Jim Perrin wrote:
> On 6/23/06, Miguel Fernandes <esmiguelfc at gmail.com> wrote:
>> Thanks for your quick response Jim,
>>
>> I have checked all the selinux related packages on yum repositories
>> and almost all of them are installed (including selinux-policy,
>> checkpolicy, libselinux and libselinux-devel). There isn't a package
>> named selinux-src. Sorry for asking questions about SELinux on the
>> nagios list, but this is one of my first steps on SELinux and nagios.
>> Thanks!
> 
> 
> Hmm. I'm not sure then. I'm still using RHEL4 and Centos, which has a
> seperate selinux-policy-targeted-sources package. I have no idea how
> they've modified it for FC5.

I run a lot of SELinux boxes, but at this moment our Nagios server
hasn't been upgraded to an SELinux version of RHEL, so what I am about
to say has *not* been tested/confirmed by me.

chances are you need to change the context of the cgi's to make sure
they have the httpd_sys_script_exec_t set so that apache will be allowed
to run the scripts...

Post some of the AVC's that it's thowing to syslog, as well as an ls -lZ
of /etc/nagios if that doesn't fix the problem and I'll see if I can
give you something more concrete to work with.


--Chris

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list