2

I have a Zabbix server running on a RHEL 7 box and when I use the web front end (on the same box) it says Zabbix server is not running.

If I disable SELinux and change nothing else, the web front end says that Zabbix server is successfully running.

Any ideas as to how I can allow Zabbix through? I've already added ports 10050 and 10051 to FirewallD and SELinux won't let me add them in a 'second' time.

Nathan L.
  • 41
  • 1
  • 1
  • 6

5 Answers5

2

I finally figured it out. Zabbix Server has an SELinux bool to allow httpd to communicate with port 10051. To set it, issue the command sudo setsebool httpd_can_connect_zabbix 1.

This will allow web interface to show if the Zabbix Server is enabled or not without having to disable SELinux!

Nathan L.
  • 41
  • 1
  • 1
  • 6
2

No answer gave proper advice on how to update the SELinux rule as well as making the settings persist upon a server reboot, to do so do the following:

# setsebool -P httpd_can_network_connect on
# setsebool -P httpd_can_network_connect=true

This was done on RHEL7.

Paul Roesler
  • 41
  • 3
0

Try getsebool -a to show all the options, active or not for selinux:

httpd_can_network_connect=on

Patrick Silva
  • 1
  • 1
    Welcome to Stack! This question is several years old, already has an answer that the poster accepted. You are better off making new contributions to questions that don't have an answer that is not significantly different than other answers provided. – Rowan Hawkins Aug 07 '21 at 13:33
0

You don't need to sudo setenforce 0

Do not use unreserved_port_t otherwise /var/log/zabbix/zabbix_agentd.log output is

 31542:20220614:214432.987 using configuration file: /etc/zabbix/zabbix_agentd.conf
 31542:20220614:214432.987 listener failed: bind() for [[-]:10050] failed: [13] Permission denied

Instead switch to zabbix_agent_port_t

semanage port --add    --type zabbix_agent_port_t --proto tcp 10050 || \
semanage port --modify --type zabbix_agent_port_t --proto tcp 10050

whereas for the zabbix server use zabbix_port_t for port 10051.

Valdis Vitayaudom
  • 101
0
  1. SELinux

https://www.zabbix.com/forum/showthread.php?t=47375&highlight=selinux You have disabled it - OK

  1. Firewall

Try to turn off firewall also

  1. PHP frontend/zabbix server config

Common problem is when zabbix_server is listening only on IP, not on localhost (netstat -tanp | grep :10051), but frontend is configured for localhost:10051, test and configure frontend/zabbix server properly

# grep ZBX_SERVER /etc/zabbix/web/zabbix.conf.php
$ZBX_SERVER = 'localhost';
$ZBX_SERVER_PORT = '10051';

# telnet localhost 10051
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

If server is listening on all interfaces (localhost included), then I can use also localhost in the frontend config:

# netstat -tanp | grep :10051 | grep LISTEN
tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN      825/zabbix_server
tcp6       0      0 :::10051                :::*                    LISTEN      825/zabbix_server
Jan Garaj
  • 879
  • 1
  • 7
  • 15
  • I appreciate the effort but it looks like these steps are just to get Zabbix running by disabling both SELinux and the firewall. I'm looking to make it work with SELinux. – Nathan L. Feb 10 '15 at 03:17
  • Yes, first identify WHO and WHAT is problem and then tweak settings of problem component. – Jan Garaj Feb 10 '15 at 09:02