[CentOS-devel] Nagios + selinux
Jeff Sheltren
sheltren at cs.ucsb.edu
Thu Mar 1 10:52:01 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 1, 2007, at 3:47 AM, Christoph Maser wrote:
> Hi lists
>
> it seems the rpmforge nagios package does not work out of the box if
> selinux is turned on. A log from someone complaining about it (the
> nagios cgis) not working:
>
> ---
> [Thu Mar 01 15:58:30 2007] [notice] suEXEC mechanism enabled
> (wrapper: /usr/sbin/suexec)
> [Thu Mar 01 15:58:30 2007] [notice] Digest: generating secret for
> digest authentication ...
> [Thu Mar 01 15:58:30 2007] [notice] Digest: done
> [Thu Mar 01 15:58:30 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Thu Mar 01 15:58:30 2007] [notice] LDAP: SSL support unavailable
> [Thu Mar 01 15:58:30 2007] [notice] mod_python: Creating 4 session
> mutexes based on 256 max processes and 0 max threads.
> [Thu Mar 01 15:58:30 2007] [notice] Apache/2.0.52 (CentOS)
> configured -- resuming normal operations
> [Thu Mar 01 15:58:38 2007] [error] [client 127.0.0.1] (13)
> Permission denied: exec of '/usr/lib/nagios/cgi/status.cgi' failed,
> referer: http://127.0.0.1/nagios/side.html
> [Thu Mar 01 15:58:38 2007] [error] [client 127.0.0.1] Premature end
> of script headers: status.cgi, referer: http://127.0.0.1/nagios/
> side.html
> [Thu Mar 01 15:58:39 2007] [error] [client 127.0.0.1] (13)
> Permission denied: exec of '/usr/lib/nagios/cgi/tac.cgi' failed,
> referer: http://127.0.0.1/nagios/side.html
> ---
>
> I would like to make proper rules for this rpm but i have
> absolutely no clue about selinux and policies. Any hints what to
> read, where to start?
>
> Chris
>
I've found this helpful:
http://fedoraproject.org/wiki/SELinux
- -Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFF5rBVKe7MLJjUbNMRAhHPAJ4ieYMEbtZNWaNBPe0ZwKmvqA+P1ACfXk/R
PGa90+HMekMxcPt2873MkEQ=
=W+gO
-----END PGP SIGNATURE-----
More information about the CentOS-devel
mailing list