Page 3 of 5
Re: Nagios and NSCA (for Munin)
Posted: Tue Aug 28, 2012 10:17 am
by mguthrie
Is SElinux enabled on the Munin machine?
Re: Nagios and NSCA (for Munin)
Posted: Tue Aug 28, 2012 10:20 am
by gshergill
Hi mguthrie,
How would I go about checking/enabling this please?
Thank you.
Kind Regards,
gshergill
Re: Nagios and NSCA (for Munin)
Posted: Tue Aug 28, 2012 11:05 am
by scottwilkerson
run the following to check
Re: Nagios and NSCA (for Munin)
Posted: Tue Sep 04, 2012 3:56 am
by gshergill
Hi guys,
Sorry for the late response, have been on holiday and just got back in.
I ran the sestatus and recieved the following;
Code: Select all
root@muninnagios:~# sestatus
The program 'sestatus' is currently not installed. You can install it by typing:
apt-get install policycoreutils
After running
apt-get install policycoreutils I re-ran the command above and received the following;
Code: Select all
root@muninnagios:~# sestatus
SELinux status: disabled
What exactly is SELinux used for? I'll looking online for how to enable it, but does it need to be enabled in a specific way?
Thank you.
Kind Regards,
gshergill
Re: Nagios and NSCA (for Munin)
Posted: Tue Sep 04, 2012 3:59 am
by gshergill
Hi guys,
The following is the config file for SELinux (/etc/selinux/config);
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# default - equivalent to the old strict and targeted policies
# mls - Multi-Level Security (for military and educational use)
# src - Custom policy built from source
SELINUXTYPE=default
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
Thank you again.
Kind Regards,
gshergill
Re: Nagios and NSCA (for Munin)
Posted: Tue Sep 04, 2012 11:32 am
by mguthrie
Try setting:
In the selinux config. And then running:
Re: Nagios and NSCA (for Munin)
Posted: Wed Sep 05, 2012 3:38 am
by gshergill
Hi mguthrie,
The following is the output from the setenforce command;
Code: Select all
root@muninnagios:~# setenforce 0
setenforce: SELinux is disabled
The following is the output of the send_nsca command on the Nagios Machine to the Munin machine;
Code: Select all
[root@nagiosxi ~]# /usr/local/nagios/libexec/send_nsca -H 192.168.3.82 -c /usr/local/nagios/etc/send_nsca.cfg
Connection refused by host
Error: Could not connect to host 192.168.3.82 on port 5667
Still the same error of connection refused.
And from the Munin Machine;
Code: Select all
root@muninnagios:~# /usr/sbin/send_nsca -H localhost -c /etc/send_nsca.cfg
Connection refused by host
Error: Could not connect to host localhost on port 5667
Thanks.
Kind Regards,
gshergill
Re: Nagios and NSCA (for Munin)
Posted: Wed Sep 05, 2012 12:11 pm
by mguthrie
Pretty sure you're still getting blocked by the firewall. I didn't see nsca on the list of open ports. Add the following line to /etc/sysconfig/iptables and then restart the iptables service.
Code: Select all
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5667 -j ACCEPT
Re: Nagios and NSCA (for Munin)
Posted: Thu Sep 06, 2012 3:42 am
by gshergill
Hi mguthrie,
On the Nagios XI machine, the following is already in the iptables;
Code: Select all
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 5667 -j ACCEPT
However, I added your line instead.
The Munin machine had no sysconfig folder, nor anywhere to edit the iptables.
Running the commands;
aptitude install sysconftool
Hasn't added the directory for sysconfig.
And trying to install the iptables results in the following;
root@muninnagios:~# aptitude install iptables
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
I'm guessing that's the issue? Being unable to edit the iptables on the Munin machine means there's nothing to allow the port?
Thank you.
Kind Regards,
gshergill
Re: Nagios and NSCA (for Munin)
Posted: Thu Sep 06, 2012 9:06 am
by scottwilkerson
you should be able to run the following command
Code: Select all
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5667 -j ACCEPT