[Xymon] SELinux and svcstatus.cgi
Ryan Novosielski
novosirj at rutgers.edu
Wed Dec 12 19:13:37 CET 2018
You’d want to look at the contents of the audit log (varies depending on the distribution). I believe there are tools (audit2allow rings a bell) that can help you construct necessary rule changes, but also it may be clearer what specifically is not being allowed.
> On Dec 12, 2018, at 12:50 PM, Frank M. Ramaekers <FRamaekers at ailife.com> wrote:
>
> Well, I have xymon mostly setup, but I’m having difficulty when drilling down into a service that is monitored:
>
> Exec failed for /home/xymon/server/bin/svcstatus.cgi: Permission denied
>
> I thought turning on the httpd_sys_script_exec_t would do the trick:
> -rwxr-xr-x. xymon apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 svcstatus.cgi
>
> …that didn’t help….I’ve verified that it is a SELinux permissions by ‘setenforce 0’ and the script works.
>
> What am I missing?
>
> Frank M. Ramaekers Jr. | Systems Analyst I | CIS Mainframe Services
> Unisys | Skype: 512-387-3949 | Francis.Ramaekers at Unisys.com
>
> <image001.png>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices.
> <image002.jpg> <image003.jpg> <image004.jpg><image005.jpg><image006.jpg><image007.jpg><image008.jpg>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
--
____
|| \\UTGERS, |---------------------------*O*---------------------------
||_// the State | Ryan Novosielski - novosirj at rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
|| \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
`'
More information about the Xymon
mailing list