RE: [Nagios-users] External Commands not working
Nagios network monitoring software is enterprise server monitoring
Brought to you by:
egalstad,
sawolf-nagios
Menu
▾
▴
RE: [Nagios-users] External Commands not working
|
From: Nathan O. <no...@kh...> - 2005-03-17 20:00:33
|
> I ran audit2allow -l -i /var/log/messages Restarted nagios and apache,
> tried
> external command and got the same error. The system message showed:
>=20
> audit(1111085444.812:0): avc: denied { getattr } for pid=3D7241
> exe=3D/usr/local/nagios/sbin/cmd.cgi
> path=3D/usr/local/nagios/var/rw/nagios.cmd
> dev=3Ddm-0 ino=3D3591465 scontext=3Droot:system_r:httpd_sys_script_t
> tcontext=3Droot:object_r:usr_t tclass=3Dfifo_file
>=20
[Nathan Oyler]=20
I don't know if this is really a solution to you, but I shut off selinux
to make it work.=20
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825880
>=20
>=20
> >From: "Marc Powell" <ma...@en...>
> >To: "Scott Gwartney"
> ><gwa...@ho...>,<nag...@li...>
> >Subject: RE: [Nagios-users] External Commands not working
> >Date: Thu, 17 Mar 2005 12:36:12 -0600
> >
> >
> >
> > > -----Original Message-----
> > > From: nag...@li...
[mailto:nagios-users-
> > > ad...@li...] On Behalf Of Scott Gwartney
> > > Sent: Thursday, March 17, 2005 11:49 AM
> > > To: nag...@li...
> > > Subject: [Nagios-users] External Commands not working
> > >
> > > I'm running Nagios v.2.0b1 on Fedora 3.0 Apache 2.0.52. When
trying to
> > > execute external commands from the web interface I get this error:
> > >
> > > Error: Could not stat() command file
> > > '/usr/local/nagios/var/rw/nagios.cmd'!
> > >
> > > The external command file may be missing, Nagios may not be
running,
> > > and/or
> > > Nagios may not be checking external commands.
> > >
> > > An error occurred while attempting to commit your command for
> >processing.
> > >
> > > I've followed the directions exactly (several times!). Apache is a
> >member
> > > of
> > > Nagiocmd group, in fact I've tried giving full permissions to
everyone
> >on
> > > the '/usr/local/nagios/var/rw/ folder and all its files with no
> >success.
> > >
> > > Nothing shows up in the httpd logs. The system message log shows
this:
> > >
> > > avc: denied { getattr } for pid=3D5446
> >exe=3D/usr/local/nagios/sbin/cmd.cgi
> > > path=3D/usr/local/nagios/var/rw/nagios.cmd dev=3Ddm-0 =
ino=3D3591465
> > > scontext=3Droot:system_r:httpd_sys_script_t
tcontext=3Droot:object_r:usr_t
> > > tclass=3Dfifo_file
> >
> >This is an SELinux restriction, above and beyond normal file systems
> >permissions. I have no personal experience with SELinux but I believe
> >the following command will provide you with the SELinux policy change
> >you need to make --
> >
> >audit2allow -l -i /var/log/messages
> >
> >If anyone can come up with a valid, secure SELinux policy change to
> >allow access to cmd.cgi it should probably go in the FAQ at the
least. I
> >think there was one other email in the past week that is likely an
> >SELinux issue as well.
> >
> >--
> >Marc
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick
> _______________________________________________
> Nagios-users mailing list
> Nag...@li...
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
|