Hello,
I've setup (via default yum repos) Nagios (nagios-2.11-3.fc9.i386 and all the needed plugs).
I'm getting the following messages when using SELinux in Target/Enabled mode.
My knowledge is very limited with SELinux and I'm trying to learn the proper way to troubleshoot/resolve issues on my own, and hopefully I can use
this as my firts learning curve with it.
Thanks for any suggestions.
---------------------------------------------------------------------------------------------------------------
Summary:
SELinux is preventing ping (ping_t) "read" to /var/spool/nagios/cmd/nagios.cmd
(nagios_spool_t).
Detailed Description:
SELinux denied access requested by ping. It is not expected that this access is
required by ping and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:ping_t:s0
Target Context unconfined_u:object_r:nagios_spool_t:s0
Target Objects /var/spool/nagios/cmd/nagios.cmd [ fifo_file ]
Source ping
Source Path /bin/ping
Port <Unknown>
Host xxxxxxxxxx
Source RPM Packages iputils-20071127-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-84.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name xxxxxxxxxxxxxx
Platform Linux xxxxxxxxxxxxx 2.6.25.14-108.fc9.i686 #1
SMP Mon Aug 4 14:08:11 EDT 2008 i686 i686
Alert Count 23
First Seen Sun 17 Aug 2008 02:06:45 AM EDT
Last Seen Mon 18 Aug 2008 06:11:31 PM EDT
Local ID 67986880-653f-455c-88bb-5598d451bb14
Line Numbers
Raw Audit Messages
host=xxxxxxxxxxx type=AVC msg=audit(1219097491.87:211): avc: denied { read } for pid=6420 comm="ping" path="/var/spool/nagios/cmd/nagios.cmd" dev=dm-0 ino=728571 scontext=system_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:nagios_spool_t:s0 tclass=fifo_file
host=xxxxxxxxxxxxx type=SYSCALL msg=audit(1219097491.87:211): arch=40000003 syscall=11 success=yes exit=0 a0=96dda38 a1=96ddb18 a2=bfec6ae4 a3=0 items=0 ppid=6419 pid=6420 auid=4294967295 uid=493 gid=489 euid=0 suid=0 fsuid=0 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="ping" exe="/bin/ping" subj=system_u:system_r:ping_t:s0 key=(null)
---------------------------------------------------------------------------------------------------------
I've setup (via default yum repos) Nagios (nagios-2.11-3.fc9.i386 and all the needed plugs).
I'm getting the following messages when using SELinux in Target/Enabled mode.
My knowledge is very limited with SELinux and I'm trying to learn the proper way to troubleshoot/resolve issues on my own, and hopefully I can use
this as my firts learning curve with it.
Thanks for any suggestions.
---------------------------------------------------------------------------------------------------------------
Summary:
SELinux is preventing ping (ping_t) "read" to /var/spool/nagios/cmd/nagios.cmd
(nagios_spool_t).
Detailed Description:
SELinux denied access requested by ping. It is not expected that this access is
required by ping and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:ping_t:s0
Target Context unconfined_u:object_r:nagios_spool_t:s0
Target Objects /var/spool/nagios/cmd/nagios.cmd [ fifo_file ]
Source ping
Source Path /bin/ping
Port <Unknown>
Host xxxxxxxxxx
Source RPM Packages iputils-20071127-2.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-84.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name xxxxxxxxxxxxxx
Platform Linux xxxxxxxxxxxxx 2.6.25.14-108.fc9.i686 #1
SMP Mon Aug 4 14:08:11 EDT 2008 i686 i686
Alert Count 23
First Seen Sun 17 Aug 2008 02:06:45 AM EDT
Last Seen Mon 18 Aug 2008 06:11:31 PM EDT
Local ID 67986880-653f-455c-88bb-5598d451bb14
Line Numbers
Raw Audit Messages
host=xxxxxxxxxxx type=AVC msg=audit(1219097491.87:211): avc: denied { read } for pid=6420 comm="ping" path="/var/spool/nagios/cmd/nagios.cmd" dev=dm-0 ino=728571 scontext=system_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:nagios_spool_t:s0 tclass=fifo_file
host=xxxxxxxxxxxxx type=SYSCALL msg=audit(1219097491.87:211): arch=40000003 syscall=11 success=yes exit=0 a0=96dda38 a1=96ddb18 a2=bfec6ae4 a3=0 items=0 ppid=6419 pid=6420 auid=4294967295 uid=493 gid=489 euid=0 suid=0 fsuid=0 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="ping" exe="/bin/ping" subj=system_u:system_r:ping_t:s0 key=(null)
---------------------------------------------------------------------------------------------------------
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
