SELInux blocking Nagios

jamesbotta · Post by **jamesbotta** » Fri Dec 06, 2013 12:13 pm

I am a new user of CentOS. I've configured a server with CentOs 6.5. I've compiled and installed Nagios 4.0.2. It works, but when I load the nagios webserver I cannot do anything. In fact on the screen there is the error:
"Error: Could not read object configuration data!"
and in the audit.log I find the error:
"type=AVC msg=audit(1386346725.545:708): avc: denied { read } for pid=20616 comm="showlog.cgi" name="objects.cache" dev=dm-0 ino=2884918 scontext=unconfined_u:system_r:httpd_sys_script_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1386346725.545:708): arch=c000003e syscall=2 success=no exit=-13 a0=183a180 a1=0 a2=181 a3=30 items=0 ppid=20390 pid=20616 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="showlog.cgi" exe="/usr/lib64/nagios/cgi-bin/showlog.cgi" subj=unconfined_u:system_r:httpd_sys_script_t:s0 key=(null)"
How can I solve this problem?
Thank you in advance

sreinhardt · Post by **sreinhardt** » Fri Dec 06, 2013 12:19 pm

well the normal suggestion is to disable selinux, however if that or putting it into permissive mode is not an option, there are several guides out there. I know that all of them are for 3.5 or older and with some of the new worker logic, it may not correctly apply with 4.0.x.

jamesbotta · Post by **jamesbotta** » Fri Dec 06, 2013 2:15 pm

sreinhardt wrote:well the normal suggestion is to disable selinux, however if that or putting it into permissive mode is not an option, there are several guides out there. I know that all of them are for 3.5 or older and with some of the new worker logic, it may not correctly apply with 4.0.x.

I have also tried these guides, even creating new policies for the specfic problem. But it doesn't solve

slansing · Post by **slansing** » Fri Dec 06, 2013 2:19 pm

What is the output of:

Code: Select all

sestatus

IvanAK · Post by **IvanAK** » Sun Dec 08, 2013 8:25 pm

If you can get to the nagios page but have error or you see the hosts, services, maps, home, host groups and other buttons from the left ( the left panel ) and when you go to one of them you get the error .. rather than leave SELinux off permanently, it’s better to correct the SELinux settings, and you can do this with the following commands:

chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

PS – You can also see in the httpd error log “ [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0” which is also a bit of a giveaway

I have found this here and for me it works ...

sreinhardt · Post by **sreinhardt** » Mon Dec 09, 2013 10:15 am

thanks for the hint Ivan, hopefully that helps james!

patrickh99 · Post by **patrickh99** » Wed Mar 04, 2015 10:52 am

I found you need to run the following selinux commands. The second is different from most other posts I have seen:

chcon -R -t httpd_sys_content_t /usr/local/nagios/share/
chcon -R -t httpd_sys_script_exec_t /usr/local/nagios/sbin/

Since .../nagios/sbin contains scripts, it needs script permissionts

tmcdonald · Post by **tmcdonald** » Wed Mar 04, 2015 10:55 am

Thanks for the post, but this thread is over a year old. I will be closing it now.

Nagios Support Forum

SELInux blocking Nagios

SELInux blocking Nagios

Re: SELInux blocking Nagios

Re: SELInux blocking Nagios

Re: SELInux blocking Nagios

Re: SELInux blocking Nagios

Re: SELInux blocking Nagios

Re: SELInux blocking Nagios

Re: SELInux blocking Nagios