[CentOS-docs] Contribution to wiki: nagios incompatibility with centos 5.2

Mon Sep 14 14:24:36 UTC 2009
Christoph Maser <cmr at financial.com>

Am Montag, den 14.09.2009, 16:15 +0200 schrieb Ralph Angenendt:
> On Mon, 2009-09-14 at 16:11 +0200, Martin Boel, Silverbullet wrote:
> > Hi
> >
> > I would like to contribute to the wiki.centos.org:
> > username: boel
>
> Hmmm. We really do prefer FirstnameLastname.
>
> > subject: nagios incompatibility with centos 5.2
> > location: http://wiki.centos.org/HowTos/Nagios
> > content: A security feature of centos 5.2 SELinux prevents the access
> > from the apache httpd server to the needed /var/nagios files. The error
> > manifests itself in the /var/log/messages as "SELinux is preventing the
> > tac.cgi from using potentially mislabeled files ./status.dat (var_t)". A
> > workaround is to execute the command: chcon -R httpd_sys_content_t
> > /var/nagios
>
> Is that still the case in 5.3?
>
> Ralph



And also does that solve all problems with nagios? What about plugin
execution or external command files? I rather think you should use the
contexts
 - system_u:object_r:nagios_log_t:s0
 - system_u:object_r:nagios_spool_t:s0
 - system_u:object_r:nagios_exec_t:s0
 - system_u:object_r:nrpe_etc_t:s0
 - system_u:object_r:httpd_nagios_script_exec_t:s0

Actually it would be propably up to me to set these correctly in the
rpmforge package....
Maybe some selinux guru can help me out?


financial.com AG

Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553