Hi, On 1/25/2007 10:44 PM, Petersen, Mark wrote: > Can you move the cgi's (or possibly hardlink them) to someplace that > apache will let them run (say /var/www/nagios2/cgi-bin)? Otherwise you > might need some sort of a compile option to just install them there. > Someone more familiar with the build process might be able to help here.
That would not help, given a tightly locked SELinux system, I believe. > There's also ways to hack apache (may require recompile) to allow this, > but I'm under the impression from these two posts that SELinux would > disallow those changes to take effect? The point is to configure SELinux to allow whatever is necessary. This will not only be apache and the cgis, but also the monitoring plugins and, of course, nagios itself. I've never used SELinux, but AFAIK you can run a system, log all the activities, review that log to make sure everything is ok, and convert that in a ruleset which allows just what you observed. This will not work where programs do things that were never observed. Just think about event handler scripts that never got triggered in your observation phase. In short, you will need someone who actually knows that SELinux stuff and has access to the machine in question. A security oriented person would hopefully never install SELinux rules on such a machine that he did not review or even create himself. Sounds like that servers admin :-) Arno > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Jiann-Ming Su > Sent: Thursday, January 25, 2007 2:27 PM > To: nagios-users@lists.sourceforge.net > Subject: [Nagios-users] nagios and selinux? > > What's the proper way to configure nagios and selinux to work > together? I've run into the same problem as described here: > > > http://www.redhat.com/archives/fedora-list/2005-September/msg02007.html > > Setting selinux to permissive got my test nagios going. But, now I > need to migrate to a production system with selinux set to enforcing > and type set to targeted. Thanks for any tips. > -- IT-Service Lehmann [EMAIL PROTECTED] Arno Lehmann http://www.its-lehmann.de ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
