Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 . - Discuss

6 Dec 2008


      Hello,
I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but
it is not working.
I'm using the following packages:
httpd-2.2.3-11.el5_2.centos.4
nagios-3.0.6-1.el5.rf
nagios-plugins-1.4.12-1.el5.rf
I followed the steps bellow to try to create a selinux policy to Nagios but it
is failing.
Any help, please?
# setenforce Permissive
# service nagios start
# service httpd start
# grep nagios /var/log/audit/audit.log | audit2allow -M nagios
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i nagios.pp
# semodule -i nagios.pp
libsepol.print_missing_requirements: nagios's global requirements were not met:
type/attribute nagios_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!
# cat nagios.te
module nagios 1.0;
require {
        type nagios_t;
        type sbin_t;
        type ping_t;
        type initrc_var_run_t;
        type var_t;
        type httpd_nagios_script_t;
        class dir { read write search add_name remove_name };
        class fifo_file { write getattr read create };
        class file { rename setattr read create write getattr unlink };
}
#============= httpd_nagios_script_t ==============
allow httpd_nagios_script_t var_t:fifo_file { write getattr };
allow httpd_nagios_script_t var_t:file { read getattr };
#============= nagios_t ==============
allow nagios_t initrc_var_run_t:file write;
allow nagios_t sbin_t:dir search;
allow nagios_t var_t:dir { read write add_name remove_name };
allow nagios_t var_t:fifo_file { read write create getattr };
allow nagios_t var_t:file { rename write getattr setattr read create unlink };
#============= ping_t ==============
allow ping_t var_t:file { read write };
Cordially,
cviniciusm.