[CentOS] Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .

Vinicius cviniciusm at uol.com.br
Sat Dec 6 02:43:55 UTC 2008


Hello,

I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but
it is not working.

I'm using the following packages:
httpd-2.2.3-11.el5_2.centos.4
nagios-3.0.6-1.el5.rf
nagios-plugins-1.4.12-1.el5.rf

I followed the steps bellow to try to create a selinux policy to Nagios but it
is failing.

Any help, please?

# setenforce Permissive

# service nagios start

# service httpd start

# grep nagios /var/log/audit/audit.log | audit2allow -M nagios
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i nagios.pp

# semodule -i nagios.pp
libsepol.print_missing_requirements: nagios's global requirements were not met:
type/attribute nagios_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!

# cat nagios.te
module nagios 1.0;

require {
        type nagios_t;
        type sbin_t;
        type ping_t;
        type initrc_var_run_t;
        type var_t;
        type httpd_nagios_script_t;
        class dir { read write search add_name remove_name };
        class fifo_file { write getattr read create };
        class file { rename setattr read create write getattr unlink };
}

#============= httpd_nagios_script_t ==============
allow httpd_nagios_script_t var_t:fifo_file { write getattr };
allow httpd_nagios_script_t var_t:file { read getattr };

#============= nagios_t ==============
allow nagios_t initrc_var_run_t:file write;
allow nagios_t sbin_t:dir search;
allow nagios_t var_t:dir { read write add_name remove_name };
allow nagios_t var_t:fifo_file { read write create getattr };
allow nagios_t var_t:file { rename write getattr setattr read create unlink };

#============= ping_t ==============
allow ping_t var_t:file { read write };


Cordially,
cviniciusm.



More information about the CentOS mailing list