Nagios and SELinx
Andreas Ericsson
ae at op5.se
Wed Mar 13 11:18:30 CET 2013
On 03/13/2013 12:01 AM, Stephen H. Dawson wrote:
>
> Can Nagios run under SELinux?
>
Yes it can, but the requirements to do so are close to "permissive",
since there's a plethora of programs (plugins) that run under the
Nagios umbrella.
In order for it to be possible, Nagios needs permissions to:
* create any number of outgoing network sockets
* create incoming network sockets (as some plugins work by setting
up a listener and then sending a request)
* create raw sockets (for ping)
* execute suid root programs (for ping)
* create, modify and write files, pipes and sockets on the local fs
* connect to local sockets (for local database checks)
* fork() and run without a tty
* probably a bunch of other things
It's quite a daunting task to get everything right with regards to
selinux, which is why I guess noone's done it yet.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list