Ok, so I was able to get this almost working.
I've created a user and a group (nfsen/nfsenadmin) that own the files in
/var/nfsen (pids, filters, and data, I moved profile-data and profile-stat to
/var/nfsen), and made nfscapd have the selinux type httpd_exec_t. Then I moved
the socket file from /var/nfsen/run (which needs to be type httpd_cache_t) to
its own directory /var/nfsen/socket, which has a type of
httpd_sys_rw_content_t. It also has a user of system_u, but when the file is
created, it refuses to use that, and is created with unconfinded_u (I think).
So I just run a restorecon after the nfsen start.
All that gets nfcapd to do the right thing and create data.
I then grabbed all the httpd_t entries from /var/log/audit/audit.log and piped
that into audit2allow to create a new policy.
So that gets me almost there. But when going to the nfsen.php page, I get
ERROR: nfsend connect() error: Permission denied!
If I set just the httpd_t module to permissive, I get a working screen. But I
really need the whole thing.
Any ideas on getting the rest of the way to full SELInux compliance?
Thanks, Paul.
From: Fabián Mejía [mailto:[email protected]]
Sent: Thursday, July 11, 2013 12:54 PM
To: [email protected]
Subject: Re: [Nfdump-discuss] nfcapd not getting any data on new install
Hello Paul
I still have this issue (partially). People in this list said me there is a
rule blocking the traffic, but iptables/ip6tables and selinux are shutdown or
disable (how you say). I found that nfdump saves data only if they come from
same network (from server's point of view), I explained it here:
http://www.mail-archive.com/[email protected]/msg00810.html
It works but I don't know why I can't set other internal interface as source
interface in the router's config (ip flow-export source <interface>). The
routing is OK and iptables/ip6tables/selinux are down.
If you solve this, please report it to the list.
Saludos,
Fabián Mejía
El 2013-07-10 15:37, Root, Paul T escribió:
Hi,
I'm building nfdump-1.6.10 and nfsen-1.3.6p1 on a RHEL 6
server. I've shutdown iptables and ip6tables and have selinux set to
disabled. Eventually, I'll need all of those running.
Like a few others before me, I'm not getting anything in the
data files. All of them are sized at 276 bytes. IE no data.
I have tcpdump running on the port and I see packets come in
every 5 seconds from the router, actually it's an ASA.
I configured nfdump with: --enable-nsel -enable-nfprofiles
-enable-nftracker. And various combinations of all three of those. But never
any data.
Sorry, I can't cut and paste, it's a physically separated
network, no access from outside.
Is there a way to look at the tcpdump data to see if that is
good stuff, or is there a way with nfcapd to give more info on why its ignoring
the packets.
My setup and observed results are identical to this thread:
http://www.mail-archive.com/[email protected]/msg00807.html
though my packet sizes on the tcpdump are larger. 1000 to 1500
bytes mostly. I have followed the advice of both replies, to no avail.
Any help would be appreciated.
Thanks,
Paul.
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
