Our systems team asked if would be enable SELinux on our Nagios XI servers (now on RHEL 9). I don't know if or when SELinux would have been disabled on them. There doesn't seem to be an official stance either way from Nagios, and anything I've found so far seems to suggest disabling SELinux because it can interfere with the proper functioning of Nagios components.
Thoughts?
Thanks in advance.
SELinux on Nagios XI Servers
Re: SELinux on Nagios XI Servers
It will stop some things from working...
You can search the internet for selinux nagios and read stuff.
You can set it to permissive, then over time grep the things it logs, build a series of commands to set selinux to allow what it wants to disallow related to nagios, and pipe those into the shell.
Hopefully nagios folks will chime in with their views.
You can search the internet for selinux nagios and read stuff.
You can set it to permissive, then over time grep the things it logs, build a series of commands to set selinux to allow what it wants to disallow related to nagios, and pipe those into the shell.
Hopefully nagios folks will chime in with their views.
Re: SELinux on Nagios XI Servers
Hi shoreypu,
SELinux is not officially supported in Nagios XI, so it is recommended to disable SELinux or set to permissive mode . You are correct that it can interfere with proper functioning of Nagios components
As kg2857 suggested, you might be able to get SELinux working with Nagios, but you are likely going to have to figure out which selinux allow commands to run over time and possibly have other unforeseen issues.
Here is an older forum post that goes into a bit more detail about SELinux and Nagios issues:
viewtopic.php?t=49969
SELinux is not officially supported in Nagios XI, so it is recommended to disable SELinux or set to permissive mode . You are correct that it can interfere with proper functioning of Nagios components
As kg2857 suggested, you might be able to get SELinux working with Nagios, but you are likely going to have to figure out which selinux allow commands to run over time and possibly have other unforeseen issues.
Here is an older forum post that goes into a bit more detail about SELinux and Nagios issues:
viewtopic.php?t=49969
Cheers,
- Cole
- Cole
Re: SELinux on Nagios XI Servers
Cole,
For "SELinux is not officially supported in Nagios XI," is this documented somewhere, so I can send it to our systems and security teams?
Also, that older forum you sent says that the installer disables SELinux. Is that still the case in the current installers?
Thanks again to both you and kg2857 for your responses.
John
For "SELinux is not officially supported in Nagios XI," is this documented somewhere, so I can send it to our systems and security teams?
Also, that older forum you sent says that the installer disables SELinux. Is that still the case in the current installers?
Thanks again to both you and kg2857 for your responses.
John
Re: SELinux on Nagios XI Servers
Hi John,
I asked our support team for any documentation that indicates our current official stance on SELinux. I will keep you updated when I hear back, which I'm sure will be soon!
I can confirm that the XI installer still disables SELinux in the current installer.
I asked our support team for any documentation that indicates our current official stance on SELinux. I will keep you updated when I hear back, which I'm sure will be soon!
I can confirm that the XI installer still disables SELinux in the current installer.
Cheers,
- Cole
- Cole
Re: SELinux on Nagios XI Servers
Thanks Cole.
Could you also inquire if SELinux could be run, but in permissive mode only? Our systems team (and most likely from our cyber team) are looking to have SELinux enabled on all systems. From there perspective, the fewer exceptions, the better.
Could you also inquire if SELinux could be run, but in permissive mode only? Our systems team (and most likely from our cyber team) are looking to have SELinux enabled on all systems. From there perspective, the fewer exceptions, the better.
Re: SELinux on Nagios XI Servers
Permissive means it will just log issues but not block things.
Re: SELinux on Nagios XI Servers
Hey John,
Support was able to direct me to an official document that is more of a position regarding generic hardening, but SELinux is mentioned:
https://nagios.force.com/support/s/arti ... stribution
In regards to your most recent question, kg2857 is correct again, you should be able to run selinux in permissive mode.
Support was able to direct me to an official document that is more of a position regarding generic hardening, but SELinux is mentioned:
https://nagios.force.com/support/s/arti ... stribution
In regards to your most recent question, kg2857 is correct again, you should be able to run selinux in permissive mode.
Cheers,
- Cole
- Cole
Re: SELinux on Nagios XI Servers
For a little bit more context, it’s technically possible to run Nagios XI under SELinux, however doing so requires extensive customization of SELinux policies. This isn’t just a one-time configuration. Any changes to XI, including updates, modifications, or the addition of custom plugins, can introduce new access requirements that would need to be manually addressed with additional policies. Since each environment is different, there is no universal policy that can be applied across all installations, which is part of the reason we don't officially support it.