RE: [Nagios-users] External Commands not working
Nagios network monitoring software is enterprise server monitoring
Brought to you by:
egalstad,
sawolf-nagios
From: Nathan O. <no...@kh...> - 2005-03-17 20:00:33
|
> I ran audit2allow -l -i /var/log/messages Restarted nagios and apache, > tried > external command and got the same error. The system message showed: >=20 > audit(1111085444.812:0): avc: denied { getattr } for pid=3D7241 > exe=3D/usr/local/nagios/sbin/cmd.cgi > path=3D/usr/local/nagios/var/rw/nagios.cmd > dev=3Ddm-0 ino=3D3591465 scontext=3Droot:system_r:httpd_sys_script_t > tcontext=3Droot:object_r:usr_t tclass=3Dfifo_file >=20 [Nathan Oyler]=20 I don't know if this is really a solution to you, but I shut off selinux to make it work.=20 http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825880 >=20 >=20 > >From: "Marc Powell" <ma...@en...> > >To: "Scott Gwartney" > ><gwa...@ho...>,<nag...@li...> > >Subject: RE: [Nagios-users] External Commands not working > >Date: Thu, 17 Mar 2005 12:36:12 -0600 > > > > > > > > > -----Original Message----- > > > From: nag...@li... [mailto:nagios-users- > > > ad...@li...] On Behalf Of Scott Gwartney > > > Sent: Thursday, March 17, 2005 11:49 AM > > > To: nag...@li... > > > Subject: [Nagios-users] External Commands not working > > > > > > I'm running Nagios v.2.0b1 on Fedora 3.0 Apache 2.0.52. When trying to > > > execute external commands from the web interface I get this error: > > > > > > Error: Could not stat() command file > > > '/usr/local/nagios/var/rw/nagios.cmd'! > > > > > > The external command file may be missing, Nagios may not be running, > > > and/or > > > Nagios may not be checking external commands. > > > > > > An error occurred while attempting to commit your command for > >processing. > > > > > > I've followed the directions exactly (several times!). Apache is a > >member > > > of > > > Nagiocmd group, in fact I've tried giving full permissions to everyone > >on > > > the '/usr/local/nagios/var/rw/ folder and all its files with no > >success. > > > > > > Nothing shows up in the httpd logs. The system message log shows this: > > > > > > avc: denied { getattr } for pid=3D5446 > >exe=3D/usr/local/nagios/sbin/cmd.cgi > > > path=3D/usr/local/nagios/var/rw/nagios.cmd dev=3Ddm-0 = ino=3D3591465 > > > scontext=3Droot:system_r:httpd_sys_script_t tcontext=3Droot:object_r:usr_t > > > tclass=3Dfifo_file > > > >This is an SELinux restriction, above and beyond normal file systems > >permissions. I have no personal experience with SELinux but I believe > >the following command will provide you with the SELinux policy change > >you need to make -- > > > >audit2allow -l -i /var/log/messages > > > >If anyone can come up with a valid, secure SELinux policy change to > >allow access to cmd.cgi it should probably go in the FAQ at the least. I > >think there was one other email in the past week that is likely an > >SELinux issue as well. > > > >-- > >Marc >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > Nagios-users mailing list > Nag...@li... > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null |