> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.ppThanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Any other thoughts? Thanks, Tim On Wed, Jun 17, 2015 at 5:32 AM, Harold Toms <h.toms at qmul.ac.uk> wrote:> Try something like: > > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp > > > On 16/06/15 15:58, Tim Dunphy wrote: > >> Hey guys,. >> >> I have a centos 7 machine I'm using as a zabbix server. And I noticed >> that >> apache won't start, with this complaint in the error log: >> >> (13)Permission denied: AH00091: httpd: could not open error log file >> /var/log/zabbix_error_log. >> AH00015: Unable to open logs >> >> >> I tried having a look at audit2allow and this is the response I get back: >> >> [root at monitor2:/etc/httpd] #grep http /var/log/audit/audit.log | >> audit2allow >> >> >> #============= httpd_t =============>> allow httpd_t zabbix_log_t:file open; >> >> How can I turn that bit of information into a rule that allows apache >> access to this zabbix log file? >> >> I notice that if I disable selinux using setenfor 0, apache starts up >> without complaint. But I would rather not leave it disabled. >> >> Thanks, >> Tim >> >> > > -- > regards > > Harold Toms > http://iodine.chem.qmul.ac.uk > "Priestley's works... tended to unsettle every thing, and yet settled > nothing." > - Samuel Johnson. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On 17/06/15 15:27, Tim Dunphy wrote:>> Try something like: >> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix >> semodule -i zabbix.pp > > > Thanks for your response! However this is what happens when I try to > install the module: > > [root at monitor2:~] #semodule -i zabbix.pp > libsepol.print_missing_requirements: zabbix's global requirements were not > met: type/attribute zabbix_t (No such file or directory). > libsemanage.semanage_link_sandbox: Link packages failed (No such file or > directory). > semodule: Failed! > > > Any other thoughts? > > Thanks, > Tim > >That's because there's already a zabbix module loaded (the message isn't very informative!). I forgot that the received wisdom is to insert "my" in front of ones own modules i.e.: grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix semodule -i myzabbix.pp -- regards Harold Toms http://iodine.chem.qmul.ac.uk "Priestley's works... tended to unsettle every thing, and yet settled nothing." - Samuel Johnson.
> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.ppHmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp *semodule: Failed on myzabbix.pp!* I also tried: [root at monitor2:~] #semodule -i my_zabbix semodule: Failed on my_zabbix! And [root at monitor2:~] #semodule -i my-zabbix semodule: Failed on my-zabbix! Just in case.. none of that worked. Got any other ideas? :) Tim On Wed, Jun 17, 2015 at 11:24 AM, Harold Toms <h.toms at qmul.ac.uk> wrote:> On 17/06/15 15:27, Tim Dunphy wrote: > >> Try something like: >>> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix >>> semodule -i zabbix.pp >>> >> >> >> Thanks for your response! However this is what happens when I try to >> install the module: >> >> [root at monitor2:~] #semodule -i zabbix.pp >> libsepol.print_missing_requirements: zabbix's global requirements were not >> met: type/attribute zabbix_t (No such file or directory). >> libsemanage.semanage_link_sandbox: Link packages failed (No such file or >> directory). >> semodule: Failed! >> >> >> Any other thoughts? >> >> Thanks, >> Tim >> >> >> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp > > > > -- > regards > > Harold Toms > http://iodine.chem.qmul.ac.uk > "Priestley's works... tended to unsettle every thing, and yet settled > nothing." > - Samuel Johnson. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B