Page 3 of 4
Re: Unable to write to check_result_path
Posted: Thu May 11, 2017 3:46 pm
by pratik.patel
same issue.... I have PM you log
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 2:42 am
by pratik.patel
[root@xxxxx ]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 4:05 am
by pratik.patel
selinux is in enforcing mode and due to security I am not suppose to disable it. In my company every machine running centos 7 has selinux in enforcing mode.
When I disabled it to check whether it solves my issue or not and it did solve my issue but I do not wan to make it disabled.
So do you have any other solution with selinux enabled ?
Thanks,
Pratik
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 8:54 am
by dwhitfield
When you say same issue, you mean you are not able to run the upgrade with SELinux turned off?
We do not support SELinux in enforcing, but if you have an SELinux expert in your organization, they may be able to get it working. I know some customers have gotten it working. It's likely you'll have to turn if off for upgrades, but if you can script the appropriate context that may end up not being a big deal.
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 9:18 am
by pratik.patel
with selinux enabled I am able to run upgrade.
with same issue mean to say (selinux enabled):
Error: Unable to write to check_result_path ('/usr/local/nagios/var/spool/checkresults') - Permission denied
getting below message:
PROFILE BUILD FAILED
Array
(
)
CODE: 1
when I disable selinux above issues are solved.
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 10:25 am
by dwhitfield
pratik.patel wrote:when I disable selinux above issues are solved.
For clarity, you mean all of the issues, or just the profile issue?
While
https://support.nagios.com/forum/viewto ... =7&t=33090 is strictly speaking for Core, it may help you set up your SE Linux context correctly.
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 11:02 am
by pratik.patel
both profile issue and check_result_path permission issue. I don't know what else is hidden in nagios xi
Re: Unable to write to check_result_path
Posted: Fri May 12, 2017 11:30 am
by dwhitfield
pratik.patel wrote:I don't know what else is hidden in nagios xi
In large part,
/usr/local/nagios vs.
/usr/local/nagiosxi.
It will vary some from version to version, but there's also the following:
Code: Select all
/run/systemd/generator.late/nagiosxi.service
/run/systemd/generator.late/runlevel5.target.wants/nagiosxi.service
/run/systemd/generator.late/runlevel4.target.wants/nagiosxi.service
/run/systemd/generator.late/runlevel3.target.wants/nagiosxi.service
/run/systemd/generator.late/runlevel2.target.wants/nagiosxi.service
/sys/fs/cgroup/systemd/system.slice/nagiosxi.service
/etc/httpd/conf.d/ssl.conf.nagiosxibackup
/etc/httpd/conf.d/nagiosxi.conf
/etc/rc.d/init.d/nagiosxi
/etc/rc.d/rc2.d/S99nagiosxi
/etc/rc.d/rc3.d/S99nagiosxi
/etc/rc.d/rc4.d/S99nagiosxi
/etc/rc.d/rc5.d/S99nagiosxi
/etc/cron.d/nagiosxi
/etc/logrotate.d/nagiosxi
/var/lib/yum/repos/x86_64/7/nagiosxi-deps
/var/lib/yum/yumdb/n/072cf97190d0b3d4fe50664c6a7e4fd4954889fc-nagiosxi-deps-el7-5.4.3-1-noarch
/var/lib/mysql/nagiosxi
/var/cache/yum/x86_64/7/nagiosxi-deps
/var/tmp/yum-nagios-CoRuMV/x86_64/7/nagiosxi-deps
/usr/local/nagios/share/images/logos/nagiosxiserver.png
/usr/local/nagios/libexec/check_nagiosxiserver.php
/store/backups/mysql/
/store/backups/nagiosxi
Re: Unable to write to check_result_path
Posted: Mon May 15, 2017 8:08 am
by pratik.patel
dwhitfield wrote:We do not support SELinux in enforcing, but if you have an SELinux expert in your organization, they may be able to get it working. I know some customers have gotten it working. It's likely you'll have to turn if off for upgrades, but if you can script the appropriate context that may end up not being a big deal.
Is this specified in any of your document that you do not support selinux in enforcing? And company using centos 7 always has selinux enabled due to PCI compliance.
Re: Unable to write to check_result_path
Posted: Mon May 15, 2017 9:21 am
by dwhitfield
2. We recommend and will only support installing Nagios XI on a newly installed, “clean” system (a bare
minimal install with nothing else installed or configured).
https://assets.nagios.com/downloads/nag ... -Linux.pdf
SELinux is not in enforcing by default, and thus is something configured.
This is not to say that once you get things installed you can't turn it on. We certainly have customers that do that. However, if you run into issues, we may have you turn it off as a trouble-shooting step. We do not test SELinux in enforcing mode, so even if you can get it to work, we cannot guarantee it will continue to work.