similar to: selinux allow apache log access

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).

> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp

Try something like: grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix semodule -i zabbix.pp On 16/06/15 15:58, Tim Dunphy wrote: > Hey guys,. > > I have a centos 7 machine I'm using as a zabbix server. And I noticed that > apache won't start, with this complaint in the error log: > > (13)Permission denied: AH00091: httpd: could not open error log file >

> > What turns up in myzabbix.te? Same deal. :( #semodule -i myzabbix.te semodule: Failed on myzabbix.te! sigh... but thanks any other clues? On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote: > On 17/06/15 16:29, Tim Dunphy wrote: > >> That's because there's already a zabbix module loaded (the message isn't >>> very

On 06/17/2015 04:03 PM, Jonathan Billings wrote: > On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote: >> No prob! Thanks for all the help! But in searching my system I don't find >> anything of the sort. >> >> [root at monitor2:~] #updatedb >> [root at monitor2:~] #locate myzabbix.te >> [root at monitor2:~] #find / -name "myzabbix.*"

> > Sorry, I didn't put that very clearly. Could you show us the contents of > myzabbix.te. No prob! Thanks for all the help! But in searching my system I don't find anything of the sort. [root at monitor2:~] #updatedb [root at monitor2:~] #locate myzabbix.te [root at monitor2:~] #find / -name "myzabbix.*" I also did search using 'yum provides' to find

I've install yum-cron on a new CentOS 7 host and after a recent update I am now getting daily repeating emails about that update instead of the single notification I was expecting. Does anyone know what's going on? Kirk

Hi all, Thanks for all your suggestions. Here's where I'm at with this. Can you give details about your puppetmasterd setup ? it seems that > you're using Foreman as puppet ENC. > Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using foreman, sorry I hadn't thought to mention it! > Foreman works fine with selinux enabled : that's what

I've just noticed the i386 Centos 7.4 updates have appeared, including bringing it to kernel 3.10.0-693.2.2. I suspect that a great deal of work had to go in to achieving this. May I say a big "Thank-You" to everyone who has made this possible! -- regards Harold Toms

I have no idea of the current dependency problem. I think your original problem was caused by mv'ing files from an nfs share to /etc which maintained the context. And SELinux prevented puppet from accessing nfs_t type. If you had just run restorecon on the object it would have set it back to the correct/default context. You might want to setup an alias mv "mv -Z" This changes

On 17/06/15 16:29, Tim Dunphy wrote: >> That's because there's already a zabbix module loaded (the message isn't >> very informative!). I forgot that the received wisdom is to insert "my" in >> front of ones own modules i.e.: >> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix >> semodule -i myzabbix.pp > > > Hmm no luck

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

I am running Puppet 2.7.x (x varies from 14 to 20 on different machines). I am trying to use Puppet to deploy a new Zabbix agent configuration file. On all machines where the file wasn''t a symlink, the deployment worked. However, every machine where it is a link, Puppet refuses to replace teh link with a regular file or do anything with it. I''ve read the type reference, and

Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm

Hi, This one is driving me crazy. Problem is Puppet try to start some services (in this case zabbix-agent) before it is installed. My puppet-master is Debian 5.05 with Puppet 2.6.0 (from squeeze). Target system is FreeBSD 8.1 with Puppet 2.6.1 (from packages-8- stable). When I run puppet manually in debug-mode I get: MASTER: debug: Adding relationship from Package[zabbix-agent] to File[zabbix-

Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

Hi all, I''m trying to come up with a lens for the zabbix agent config files. I find the lens language untransparent at best, so I''m struggeling to figure out what''s up. The debugging possibilities are extremely limited. Here''s what I have now: zabbix.aug: ==== (** An adjusted copy of the postfix_main module **) module Zabbix_agent = autoload xfm

I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my