[Xymon] SELinux and svcstatus.cgi

Ryan Novosielski novosirj at rutgers.edu
Wed Dec 12 19:13:37 CET 2018

You’d want to look at the contents of the audit log (varies depending on the distribution). I believe there are tools (audit2allow rings a bell) that can help you construct necessary rule changes, but also it may be clearer what specifically is not being allowed.

> On Dec 12, 2018, at 12:50 PM, Frank M. Ramaekers <FRamaekers at ailife.com> wrote:
> Well, I have xymon mostly setup, but I’m having difficulty when drilling down into a service that is monitored:
> Exec failed for /home/xymon/server/bin/svcstatus.cgi: Permission denied
> I thought turning on the httpd_sys_script_exec_t would do the trick:
> -rwxr-xr-x. xymon apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 svcstatus.cgi
> …that didn’t help….I’ve verified that it is a SELinux permissions by ‘setenforce 0’ and the script works.
> What am I missing?
> Frank M. Ramaekers Jr. | Systems Analyst I | CIS Mainframe Services
> Unisys | Skype: 512-387-3949 | Francis.Ramaekers at Unisys.com
> <image001.png>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices.
> <image002.jpg>  <image003.jpg> <image004.jpg><image005.jpg><image006.jpg><image007.jpg><image008.jpg>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon

|| \\UTGERS,  	 |---------------------------*O*---------------------------
||_// the State	 |         Ryan Novosielski - novosirj at rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\    of NJ	 | Office of Advanced Research Computing - MSB C630, Newark

More information about the Xymon mailing list