External Commands not working
Scott Gwartney
gwartney at hotmail.com
Thu Mar 17 22:09:00 CET 2005
>From: "Nathan Oyler" <noyler at khimetrics.com>
>To: "Scott Gwartney" <gwartney at hotmail.com>
>CC: <nagios-users at lists.sourceforge.net>
>Subject: RE: [Nagios-users] External Commands not working
>Date: Thu, 17 Mar 2005 13:00:22 -0700
>
> > I ran audit2allow -l -i /var/log/messages Restarted nagios and apache,
> > tried
> > external command and got the same error. The system message showed:
> >
> > audit(1111085444.812:0): avc: denied { getattr } for pid=7241
> > exe=/usr/local/nagios/sbin/cmd.cgi
> > path=/usr/local/nagios/var/rw/nagios.cmd
> > dev=dm-0 ino=3591465 scontext=root:system_r:httpd_sys_script_t
> > tcontext=root:object_r:usr_t tclass=fifo_file
> >
>
>[Nathan Oyler]
>
>I don't know if this is really a solution to you, but I shut off selinux
>to make it work.
>
>http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2825880
>
>
>
> >
> >
> > >From: "Marc Powell" <marc at ena.com>
> > >To: "Scott Gwartney"
> > ><gwartney at hotmail.com>,<nagios-users at lists.sourceforge.net>
> > >Subject: RE: [Nagios-users] External Commands not working
> > >Date: Thu, 17 Mar 2005 12:36:12 -0600
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: nagios-users-admin at lists.sourceforge.net
>[mailto:nagios-users-
> > > > admin at lists.sourceforge.net] On Behalf Of Scott Gwartney
> > > > Sent: Thursday, March 17, 2005 11:49 AM
> > > > To: nagios-users at lists.sourceforge.net
> > > > Subject: [Nagios-users] External Commands not working
> > > >
> > > > I'm running Nagios v.2.0b1 on Fedora 3.0 Apache 2.0.52. When
>trying to
> > > > execute external commands from the web interface I get this error:
> > > >
> > > > Error: Could not stat() command file
> > > > '/usr/local/nagios/var/rw/nagios.cmd'!
> > > >
> > > > The external command file may be missing, Nagios may not be
>running,
> > > > and/or
> > > > Nagios may not be checking external commands.
> > > >
> > > > An error occurred while attempting to commit your command for
> > >processing.
> > > >
> > > > I've followed the directions exactly (several times!). Apache is a
> > >member
> > > > of
> > > > Nagiocmd group, in fact I've tried giving full permissions to
>everyone
> > >on
> > > > the '/usr/local/nagios/var/rw/ folder and all its files with no
> > >success.
> > > >
> > > > Nothing shows up in the httpd logs. The system message log shows
>this:
> > > >
> > > > avc: denied { getattr } for pid=5446
> > >exe=/usr/local/nagios/sbin/cmd.cgi
> > > > path=/usr/local/nagios/var/rw/nagios.cmd dev=dm-0 ino=3591465
> > > > scontext=root:system_r:httpd_sys_script_t
>tcontext=root:object_r:usr_t
> > > > tclass=fifo_file
> > >
> > >This is an SELinux restriction, above and beyond normal file systems
> > >permissions. I have no personal experience with SELinux but I believe
> > >the following command will provide you with the SELinux policy change
> > >you need to make --
> > >
> > >audit2allow -l -i /var/log/messages
> > >
> > >If anyone can come up with a valid, secure SELinux policy change to
> > >allow access to cmd.cgi it should probably go in the FAQ at the
>least. I
> > >think there was one other email in the past week that is likely an
> > >SELinux issue as well.
> > >
> > >--
> > >Marc
> >
> >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real
>users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> > reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
>
>
I turned selinux off completley, rebooted and continue to get the error
messages.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list