|
|
I recently stumbled upon another Nagios plugin that no longer works with SELinux under RHEL / CentOS 6.2: check_linux_raid.
Just like the check_disk plugin, it has the nagios_checkdisk_plugin_exec_t SELinux type. As of May 2012, this problem has not yet been fixed.
The workaround is simple, as with the check_disk plugin:
chcon -t nagios_unconfined_plugin_exec_t /usr/lib64/nagios/plugins/check_linux_raid
Or, for 32-bit systems:
chcon -t nagios_unconfined_plugin_exec_t /usr/lib/nagios/plugins/check_linux_raid
PNP4Nagios is commonly used to add performance graphs to a Nagios installation.
For additional security, SElinux is enabled on the monitoring host. There is no standard SElinux policy for applications like PNP4Nagios, so we need to develop a custom policy. This sounds harder than it actually is:
Run the software as you normally would (SElinux will interfere, so prepare for errors)
Extract audit messages and use them to create or update a local SElinux policy for the software
Repeat until everything works
In this example, I am running Nagios 3.2.3 with PNP4Nagios 0.6.16 on EL6, 64-bit.
After configuring Nagios and PNP4Nagios integration in Synchronous Mode (see [...]
Continue reading PNP4Nagios with SElinux on CentOS / RHEL 6
After updating from EL 6.1 to 6.2, the Nagios “check_disk” plugin suddenly stopped working with “Permission denied” errors. This problem is related to the SElinux policy (you *are* running with SElinux enabled, aren’t you?).
By default, these AVC denials are not logged in /var/log/audit/audit.log which makes this problem harder to spot (if you want, you can enable all audit-messages by running semodule -DB).
There are at least two relevant entries in Bugzilla:
Bug 771245 – nagios-plugins-disk fails when checking /boot on RHEL6.2 boxes
Bug 768055 – SELinux silent denials of Nagios NRPE check of /boot
Fortunately, there is a simple workaround while we wait for an updated [...]
Continue reading Workaround for Nagios check_disk failure in RHEL / CentOS 6.2
In a previous blog post, I described how to use Twitter for Nagios notifications – dubbing it “Twagios”.
A couple of months later, Twitter stopped supporting basic authentication (username/password). This meant that the old (simple) way of sending notifications stopped working. In this post, I’ll explain how I replaced the old Twagios with a new script – “Twagios 2.0″
First of all, a big thank you to Jeff Miller for writing this excellent post on using the Python tweepy library to create a simple command line client. I simply followed Jeff’s instructions…
Install the tweepy library
Create a new OAuth registration at [...]
Continue reading Twagios 2.0 – Nagios notifications revisited
Several customer sites use Nagios for monitoring and alerting. Nagios can send out notifications about problems in a variety of ways, for example using email, pager, SMS and even Twitter. I based my configuration on this post.
Configuring Twitter notifications takes a couple of steps:
Set up a new “Twitter Bot” account to be used for Nagios notifications.
Create a new Nagios contact to send out notifications for your hosts and services.
Define the appropriate notify-by-twitter and host-notify-by-twitter commands.
Setting up the Twitter Bot account
Go to twitter.com and create a new account for your Twitter Bot.
Go to Settings, and mark the updates as Private. Otherwise, [...]
Continue reading Twagios – Use Twitter for Nagios notifications
|
|