Nagios Support Forum

Hi,

Regarding my last message (treated by scottwilkerson) concerning nagvis, I can't let permissive enforce selinux (not authorized in my society for security reasons).

I saw that the context of the .../tmpl/compile seems to be wrong:
ls -lZ /usr/local/nagvis/var/tmpl/compile/
-rw-r--r--. apache apache system_u:object_r:usr_t:s0 classpath.cache.d16.php
drwxr-x---. apache apache system_u:object_r:usr_t:s0 usr

temporarily I have corrected this problem by :
chcon -t httpd_sys_rw_content_t -R /usr/local/nagvis/

But, maybe there are some other wrong contexts in others objects. I saw some other strange comportment, and, to be sure that it is not linked, I want to corrects selinux question before asking you about that.

Is there a selinux policy package I can apply to be able to use NagiosXI with selinux enforcing ? Or how can I correct all not compliant selinux's configurations for NagiosXI ?

Regards.

I tried the procedure https://fportase.wordpress.com/selinux- ... x-enabled/

But can't apply
semodule -i nagios_plugin.pp
libsepol.print_missing_requirements: nagios_plugin's global requirements were not met: type/attribute nagios_log_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).

Running SELinux in an enforcing mode would have a negative impact not only on NagVis but on Nagios XI in general. We do not provide "selinux policy package", and Nagios XI instances with SELinux, running in enforcing mode are NOT officially supported. This is why our installer disables SELinux...

You could enforce SELinux on your Nagios XI server, but you would be on your own. If you decide to go this route, make sure that your XI instance works on a test server, before using it in production. There is a reason why we offer 3 installs with each license, one being a test server:

https://support.nagios.com/kb/article/n ... s-145.html

Hi,

Thanks for the answer, I will see which is the best solution for us.

The post can be closed.

Regards.