Tuesday, July 17, 2012

SELinux/Nagios, and you

I tell ya, selinux almost had me convinced to throw in the towel. I'd find another solution, and then another problem. This went on for the weekend. I didn't throw in the towel, though, because I wanted the system locked down more than the "oh, just disable selinux" crowd would have.

selinux kept preventing nagios from starting up. Here's what I had to ultimately do :
  1. temporarily disable selinux : "setenforce 0"
  2. start nagios : "/etc/init.d/nagios start"
  3. let it run and do it's checks for ten minutes
  4. restart nagios : "/etc/init.d/nagios restart"
  5. stop nagios : "/etc/init.d/nagios stop"
  6. run sealert to build a policy : "sealert -a /var/log/audit/audit.log" - this gave a "catch all" way to create a new module for selinux.
  7. followed the instructions provided by sealert in the previous step on creating and enabling the module.
  8. re-enable selinux : "setenforce 1"
However, there was a problem I just couldn't fix. The disk_check plugin would only work on / - not on /home . I figured this was selinux, but I could never see a message in the usual /var/log/audit/audit.log - I couldn't do the normal "throw the audit log file at 'sealert -a' and build a policy, then use that". Thankfully, a nice website came to the rescue (I'll leave out www.google.com's name to protect the guilty). Though the solution was NOT in the immediate results, tweaking the search request finally yielded something that wasn't NRPE related :


My hat is off to this guy. It's a one-line command that fixes the problem.

No comments:

Post a Comment