Hello,
There was a bit of confusion about nfsen not working under Fedora
I have successfully installed nfsen on a recent Fedora system (Fedora 7,
in fact). As was to be expected, the problem lies with selinux.
You have to allow the webserver to access the socket nfsen needs to
communicate.
I have appended a policy file which does this the quick and dirty way
(i.e. gives http all the necessary privelidges). A cleaner way would be
the correct labeling of the respective file. Maybe if the weather is bad
enough I'll do this.
Meanwhile install the attached policy using the commands:
checkmodule -M -m -o nfsen.mod nfsen.te
semodule_package -o nfsen.pp -m nfsen.mod
semodule -i nfsen.pp
The last step has to be executed as root
Also, don't forget to allo the netflow stream at the firewile, if you
sensor is not the local host: /etc/sysconfig/iptables is your friend (or
via gui system-config-securitylevel).
Cheers
Serge
# Allow httpd to access sockets
# Install using the following commands
#
# checkmodule -M -m -o nfsen.mod nfsen.te
# semodule_package -o nfsen.pp -m nfsen.mod
# semodule -i nfsen.pp
#
# The last step has to be executed as root
#
module nfsen 1.0;
require {
type unconfined_t;
type httpd_t;
type usr_t;
class sock_file write;
class unix_stream_socket connectto;
}
#============= httpd_t ==============
allow httpd_t unconfined_t:unix_stream_socket connectto;
allow httpd_t usr_t:sock_file write;
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
