0

I was trying to deploy Nagios on a VM running CentOS 7, and as most, ran into "Could not stat() nagios.cmd" problem. I did set permissions for users apache and nagios to acccess the file, and now am fighting with SELinux to both allow apache and nagios to modify the command file. The apparent problem is, Nagios got installed to /usr/local/nagios instead of /usr/lib/nagios which seems to be the predefined location for Nagios, based on /etc/selinux/targeted/contexts/files/file_contexts content. Currently, Apache process already running as httpd_t, while Nagios processes are running under initrc_t (default started by init) context. Current folder settings are all files under system_u:object_r:usr_t:s0 context, starting from /usr/local/nagios and below.

So, I wonder, what context (user, role, type) I should set and where, regarding Nagios files, so I can safely enable SELinux and not run into either Nagios not starting, or Apache not able to modify the command file?

Keith
  • 4,637
  • 15
  • 25
Vesper
  • 794
  • 1
  • 9
  • 32
  • Please post the output of `cat /var/log/audit/audit.log | audit2allow` – shodanshok May 30 '17 at 19:01
  • @shodanshok That might not be necessary, given the file/program context. This will at most add a workaround, but not provide a cure. – Vesper May 31 '17 at 09:22
  • `audit2allow` does **not** automatically change anything. It simply suggest some modification to the SELINUX policy. Its output can be useful to understand what specific privilege SELINUX is not granting. – shodanshok May 31 '17 at 15:03
  • @shodanshok `audit2allow` plain curses "error 2 no such file `'/etc/selinux/targeted/contexts/files/file_contexts.local'`. The dir contains: file_contexts file_contexts.homedirs file_contexts.subs media file_contexts.bin file_contexts.homedirs.bin file_contexts.subs_dist – Vesper Jun 02 '17 at 08:07
  • Your selinux policy seems corrupted. I suggest you to reinstall/update it and relabel the entire filesystem. – shodanshok Jun 02 '17 at 08:11
  • @shodanshok This is possible, if only there is a working context for nagios-4 installed in default location. From what I'm reading, my distro has contexts for nagios-3 only. Also the missing file problem was solved with `touch`. – Vesper Jun 02 '17 at 13:45

0 Answers0