nagios_selinux
Nagios 3.5.0 on CentOS
Centos 6.4 / Nagios 3.5.0
Install semanage
yum -y install policycoreutils-python-2.0.83-19.30.el6.x86_64
Create plugin
mkdir -p /etc/selinux/targeted/nagios vi /etc/selinux/targeted/nagios/nagios_plugin.te
module nagios_plugin 1.0; require { type nagios_t; type nagios_log_t; type var_t; type ping_t; type httpd_t; type httpd_sys_content_t; type httpd_nagios_script_t; type httpd_sys_script_t; type usr_t; type procmail_t; type system_mail_t; class process { signal sigkill ptrace }; class dir { read write search add_name remove_name }; class file manage_file_perms; class file write; class fifo_file { read write create open getattr }; } #============= httpd_nagios_script_t ================= allow httpd_nagios_script_t var_t:file { read getattr }; allow httpd_nagios_script_t var_t:fifo_file { write getattr }; #============= httpd_t ============== allow httpd_t var_t:file { read getattr }; #============= nagios_t ============== #allow nagios_t self:process ptrace; allow nagios_t system_mail_t:process { signal sigkill }; allow nagios_t httpd_sys_content_t:file { write getattr }; allow nagios_t var_t:dir { read write add_name remove_name }; allow nagios_t var_t:fifo_file { read write create open getattr }; allow nagios_t var_t:file manage_file_perms; #============= ping_t ============== allow ping_t var_t:file { read write }; allow ping_t usr_t:file write; #============= httpd_sys_script_t ============== allow httpd_sys_script_t usr_t:fifo_file { getattr write open }; #============= procmail_t ============== allow procmail_t nagios_log_t:dir search;
Compile plugin
make -f /usr/share/selinux/devel/Makefile
Load plugin
setenforce 0 semodule -i nagios_plugin.pp setenforce 1
nagios_selinux.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1