Quick Links

Workaround for Nagios check_linux_raid failure in RHEL / CentOS 6.2

I recently stumbled upon another Nagios plugin that no longer works with SELinux under RHEL / CentOS 6.2: check_linux_raid.

Just like the check_disk plugin, it has the nagios_checkdisk_plugin_exec_t SELinux type. As of May 2012, this problem has not yet been fixed.

The workaround is simple, as with the check_disk plugin:

chcon -t nagios_unconfined_plugin_exec_t /usr/lib64/nagios/plugins/check_linux_raid

Or, for 32-bit systems:

chcon -t nagios_unconfined_plugin_exec_t /usr/lib/nagios/plugins/check_linux_raid

May 8th, 2012 | Tags: , , , , | Category: Work | Leave a comment

PNP4Nagios with SElinux on CentOS / RHEL 6

PNP4Nagios is commonly used to add performance graphs to a Nagios installation.

For additional security, SElinux is enabled on the monitoring host. There is no standard SElinux policy for applications like PNP4Nagios, so we need to develop a custom policy. This sounds harder than it actually is:

Run the software as you normally would (SElinux will interfere, so prepare for errors)
Extract audit messages and use them to create or update a local SElinux policy for the software
Repeat until everything works

In this example, I am running Nagios 3.2.3 with PNP4Nagios 0.6.16 on EL6, 64-bit.

After configuring Nagios and PNP4Nagios integration in Synchronous Mode (see [...]

Continue reading PNP4Nagios with SElinux on CentOS / RHEL 6

February 13th, 2012 | Tags: , , , , , | Category: Work | Comments are closed

Workaround for Nagios check_disk failure in RHEL / CentOS 6.2

After updating from EL 6.1 to 6.2, the Nagios “check_disk” plugin suddenly stopped working with “Permission denied” errors. This problem is related to the SElinux policy (you *are* running with SElinux enabled, aren’t you?).

By default, these AVC denials are not logged in /var/log/audit/audit.log which makes this problem harder to spot (if you want, you can enable all audit-messages by running semodule -DB).

There are at least two relevant entries in Bugzilla:

Bug 771245 – nagios-plugins-disk fails when checking /boot on RHEL6.2 boxes
Bug 768055 – SELinux silent denials of Nagios NRPE check of /boot

Fortunately, there is a simple workaround while we wait for an updated [...]

Continue reading Workaround for Nagios check_disk failure in RHEL / CentOS 6.2

January 18th, 2012 | Tags: , , , , | Category: Work | Comments are closed

Controlling the Foscam FI8919W IP Camera

The Foscam FI8919W Pan-Tilt camera supports a number of preset locations, or Presets.

The onboard web interface does not seem to offer a way to configure these presets – but there is another way!

I have written a couple of small shell scripts (for Linux or Mac OS X) that allow you to set a preset, move to a preset and even take a snapshot right from the command line.

The first script stores the current camera position into the specified preset.

You need to open a web browser or camera app (my favorite: Live Cams Pro on iPad/iPhone) and set the camera position.

Then, [...]

Continue reading Controlling the Foscam FI8919W IP Camera

January 3rd, 2012 | Tags: , , | Category: Personal | Comments are closed

Making Cobbler work with SElinux on CentOS / RHEL 6

By default, Cobbler will not work properly on a CentOS / RHEL 6 machine with SElinux enabled. The easy way out is to disable SElinux entirely, but I prefer to write a custom policy instead – it is not that difficult.

The basic approach is this:

Use Cobbler as you normally would (you will trigger several SElinux denials, so expect errors)
Extract the relevant SElinux audit messages; convert them into a local policy
Load your local policy
Repeat steps 1..3 until everything works as expected

First attempt: the “cobbler import” command fails; rsync cannot access files on the mounted DVD ISO. Time to start writing a [...]

Continue reading Making Cobbler work with SElinux on CentOS / RHEL 6

December 19th, 2011 | Tags: , , , , | Category: Work | One comment - (Comments are closed)
 
  Older Entries »