SELinux problem for SNMP
Giovanni Torres
torresgi at ninds.nih.gov
Thu Mar 5 18:17:06 CET 2009
On your linux machine, do 'df -h' to look at the partitions.
for example, you might have the following partitions:
/
/boot
/home
/var
edit snmpd.conf at somewhere, put the following:
disk /
disk /boot
disk /home
disk /var
also, the view that you create, make sure it is not restricting you to
certain parts of the mib tree, for example, you could try:
# incl/excl subtree mask
view all included .1 80
then restart snmpd.
Giovanni
Satish Patel wrote:
> Thansk your reply
>
> I have checked IPtables and other related stuff with security port
> security i found one thing when i perform snmp CPU Load plugin its
> working fine measn i have access of snmp quary for CPU oid. Then why i
> am not able to Disk monitoring via SNMP?
>
> Notes:- I have few NFS mount point whicg is mounted at /mnt directory is
> this the problem ? might be selinux not allow to snmp query to /mnt
> filesystem. when i check my /var/log/messages file i got Access denied
> on /mnt mounted file system with snmpd error
>
> here my logs
>
> Mar 5 11:34:54 server02 snmpd[17536]: /mnt/to-rap-cm-bak01/h:
> Permission denied
> Mar 5 11:34:54 server02 snmpd[17536]: /mnt/to-rap-cm-bak01/i:
> Permission denied
> Mar 5 11:34:54 server02 snmpd[17536]: /mnt/ustnsto-lin03/opt/comtel:
> Permission denied
> Mar 5 11:34:54 server02 snmpd[17536]: /mnt/ustnsto-lin03/media/usbdisk:
> Permission denied
> Mar 5 11:34:54 server02 kernel: smb_add_request: request [d31eee80,
> mid=22042] timed out!
> Mar 5 11:34:54 server02 kernel: audit(1236270894.187:224715): avc:
> denied { read append } for pid=17536 comm="snmpd" name="snmpd.log"
> dev=dm-3 ino=393320 scontext=root:system_r:snmpd_t
> tcontext=user_u:object_r:var_log_t tclass=file
> Mar 5 11:34:54 server02 kernel: audit(1236270894.187:224716): avc:
> denied { search } for pid=17536 comm="snmpd" name="mnt" dev=dm-0
> ino=65537 scontext=root:system_r:snmpd_t
> tcontext=system_u:object_r:mnt_t tclass=dir
>
>
>
> Regards,
>
> Satish Patel
>
>
> Quoting Giovanni Torres <torresgi at ninds.nih.gov>:
>
>> I have a CentOS machine that has selinux in enforcing/targeted mode and
>> is monitored with snmp checks by nagios successfully. The SE boolean
>> value for snmpd_disable_trans is off on my machine and I can still
>> query snmp. I would recommend the following:
>> . check the firewall/iptables rules for udp port 161
>> . enable logging in iptables to see if the firewall is dropping packets
>> (requires more work)
>> . check the source and string under the com2sec definition in snmpd.conf
>> . check the view definition in snmpd.conf, defaults are a bit restrictive
>> . try using the setroubleshoot browser to see if any snmpd related
>> warnings pop up. These warnings can include a section called Allowing
>> Access.
>>
>> -Giovanni
>>
>>
>> Satish Patel wrote:
>>> I already used this option its not working.
>>>
>>> ----- Original Message ----- From: "Giovanni Torres"
>>> <torresgi at ninds.nih.gov>
>>> To: <nagios-users at lists.sourceforge.net>
>>> Sent: Wednesday, March 04, 2009 10:50 AM
>>> Subject: Re: [Nagios-users] SELinux problem for SNMP
>>>
>>>
>>>> $ getsebool -a | grep snmpd
>>>> snmpd_disable_trans --> off
>>>>
>>>> $ setsebool -P snmpd_disable_trans 1
>>>>
>>>> $ getsebool snmpd_disable_trans
>>>> snmpd_disable_trans --> on
>>>>
>>>> Let me know if that helps you out.
>>>>
>>>> Thanks,
>>>> Giovanni
>>>>
>>>> Satish Patel wrote:
>>>>> I have a selinx its running under default policy. i want SELinux
>>>> disable for SNMP daemon thats it.. if any one know about how to disable
>>>> for snmpd please let me know.
>>>>>
>>>>> I have tried to found on SELinux mailing list as well but not gave
>>>> any appropriate answer.
>>>>>
>>>>> ----- Original Message ----- From: "Lee Azzarello" <lee at dropio.com>
>>>>> To: <nagios-users at lists.sourceforge.net>
>>>>> Sent: Thursday, February 26, 2009 12:09 PM
>>>>> Subject: Re: [Nagios-users] SELinux problem for SNMP
>>>>>
>>>>>
>>>>>> I believe your question would be better served on a list related to
>>>> SELinux.
>>>>>>
>>>>>> In my experience SELinux is overkill for anything but the most
>>>>>> paranoid security situations. Without a complete understanding of
>>>>>> your
>>>>>> entire security landscape, you'll just end up fighting with your own
>>>>>> systems because SELinux is protecting them from you.
>>>>>>
>>>>>> -lee
>>>>>>
>>>>>> On Thu, Feb 26, 2009 at 9:45 AM, Satish Patel <satish at linuxbug.org>
>>>> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have RHEL 5 Box with SELinux enforceing mode now what happend when
>>>>>>> my nagios box trying to use snmp to get CPU load its working
>>>>>>> fine. but
>>>>>>> when it trying to use DISK and MEM infor its failed not response.
>>>>>>> even
>>>>>>> this same plugin working with all my linux client ubuntu, debian,
>>>>>>> Redhat not problem with plugin but i found problem related to
>>>>>>> SELinux
>>>>>>> and i dont want to Disable it so what is the other option and how i
>>>>>>> can disable snmp policy in SELinux to make happy my nagios?
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Satish Patel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>> ------------------------------------------------------------------------------
>>>> >>> Open Source Business Conference (OSBC), March 24-25, 2009, San
>>>> Francisco, CA
>>>>>>> -OSBC tackles the biggest issue in open source: Open Sourcing the
>>>> Enterprise
>>>>>>> -Strategies to boost innovation and cut costs with open source
>>>> participation
>>>>>>> -Receive a $600 discount off the registration fee with the source
>>>> code: SFAD
>>>>>>> http://p.sf.net/sfu/XcvMzF8H
>>>>>>> _______________________________________________
>>>>>>> Nagios-users mailing list
>>>>>>> Nagios-users at lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>>>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>>> reporting any issue.
>>>>>>> ::: Messages without supporting info will risk being sent to
>>>>>>> /dev/null
>>>>>>>
>>>>>>
>>>> ------------------------------------------------------------------------------
>>>> >> Open Source Business Conference (OSBC), March 24-25, 2009, San
>>>> Francisco, CA
>>>>>> -OSBC tackles the biggest issue in open source: Open Sourcing the
>>>> Enterprise
>>>>>> -Strategies to boost innovation and cut costs with open source
>>>> participation
>>>>>> -Receive a $600 discount off the registration fee with the source
>>>> code: SFAD
>>>>>> http://p.sf.net/sfu/XcvMzF8H
>>>>>> _______________________________________________
>>>>>> Nagios-users mailing list
>>>>>> Nagios-users at lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>>> reporting any issue.
>>>>>> ::: Messages without supporting info will risk being sent to
>>>>>> /dev/null
>>>>>>
>>>>>
>>>>>
>>>>>
>>>> ------------------------------------------------------------------------------
>>>> > Open Source Business Conference (OSBC), March 24-25, 2009, San
>>>> Francisco, CA
>>>>> -OSBC tackles the biggest issue in open source: Open Sourcing the
>>>> Enterprise
>>>>> -Strategies to boost innovation and cut costs with open source
>>>> participation
>>>>> -Receive a $600 discount off the registration fee with the source
>>>> code: SFAD
>>>>> http://p.sf.net/sfu/XcvMzF8H
>>>>> _______________________________________________
>>>>> Nagios-users mailing list
>>>>> Nagios-users at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>>> reporting any issue. ::: Messages without supporting info will risk
>>>> being sent to /dev/null
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Open Source Business Conference (OSBC), March 24-25, 2009, San
>>>> Francisco, CA
>>>> -OSBC tackles the biggest issue in open source: Open Sourcing the
>>>> Enterprise
>>>> -Strategies to boost innovation and cut costs with open source
>>>> participation
>>>> -Receive a $600 discount off the registration fee with the source
>>>> code: SFAD
>>>> http://p.sf.net/sfu/XcvMzF8H
>>>> _______________________________________________
>>>> Nagios-users mailing list
>>>> Nagios-users at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>>> reporting any issue.
>>>> ::: Messages without supporting info will risk being sent to /dev/null
>>>>
>>>
>>
>> --
>> Giovanni Torres
>> Network Administrator
>> Contractor - Kelly Services
>> NINDS, NMR Center
>> National Institutes of Health
>> 301-402-3110
>
>
>
--
Giovanni Torres
Network Administrator
Contractor - Kelly Services
NINDS, NMR Center
National Institutes of Health
301-402-3110
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list