Hi,
Regarding my last message (treated by scottwilkerson) concerning nagvis, I can't let permissive enforce selinux (not authorized in my society for security reasons).
I saw that the context of the .../tmpl/compile seems to be wrong:
ls -lZ /usr/local/nagvis/var/tmpl/compile/
-rw-r--r--. apache apache system_u:object_r:usr_t:s0 classpath.cache.d16.php
drwxr-x---. apache apache system_u:object_r:usr_t:s0 usr
temporarily I have corrected this problem by :
chcon -t httpd_sys_rw_content_t -R /usr/local/nagvis/
But, maybe there are some other wrong contexts in others objects. I saw some other strange comportment, and, to be sure that it is not linked, I want to corrects selinux question before asking you about that.
Is there a selinux policy package I can apply to be able to use NagiosXI with selinux enforcing ? Or how can I correct all not compliant selinux's configurations for NagiosXI ?
Regards.
SELinux configuration
Re: SELinux configuration
I tried the procedure https://fportase.wordpress.com/selinux- ... x-enabled/
But can't apply
semodule -i nagios_plugin.pp
libsepol.print_missing_requirements: nagios_plugin's global requirements were not met: type/attribute nagios_log_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
But can't apply
semodule -i nagios_plugin.pp
libsepol.print_missing_requirements: nagios_plugin's global requirements were not met: type/attribute nagios_log_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
Re: SELinux configuration
Running SELinux in an enforcing mode would have a negative impact not only on NagVis but on Nagios XI in general. We do not provide "selinux policy package", and Nagios XI instances with SELinux, running in enforcing mode are NOT officially supported. This is why our installer disables SELinux...
You could enforce SELinux on your Nagios XI server, but you would be on your own. If you decide to go this route, make sure that your XI instance works on a test server, before using it in production. There is a reason why we offer 3 installs with each license, one being a test server:
https://support.nagios.com/kb/article/n ... s-145.html
You could enforce SELinux on your Nagios XI server, but you would be on your own. If you decide to go this route, make sure that your XI instance works on a test server, before using it in production. There is a reason why we offer 3 installs with each license, one being a test server:
https://support.nagios.com/kb/article/n ... s-145.html
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: SELinux configuration
Hi,
Thanks for the answer, I will see which is the best solution for us.
The post can be closed.
Regards.
Thanks for the answer, I will see which is the best solution for us.
The post can be closed.
Regards.