Quick Links

PNP4Nagios with SElinux on CentOS / RHEL 6

PNP4Nagios is commonly used to add performance graphs to a Nagios installation.

For additional security, SElinux is enabled on the monitoring host. There is no standard SElinux policy for applications like PNP4Nagios, so we need to develop a custom policy. This sounds harder than it actually is:

Run the software as you normally would (SElinux will interfere, so prepare for errors)
Extract audit messages and use them to create or update a local SElinux policy for the software
Repeat until everything works

In this example, I am running Nagios 3.2.3 with PNP4Nagios 0.6.16 on EL6, 64-bit.

After configuring Nagios and PNP4Nagios integration in Synchronous Mode (see [...]

Continue reading PNP4Nagios with SElinux on CentOS / RHEL 6

February 13th, 2012 | Tags: , , , , , | Category: Work | Comments are closed

Making Cobbler work with SElinux on CentOS / RHEL 6

By default, Cobbler will not work properly on a CentOS / RHEL 6 machine with SElinux enabled. The easy way out is to disable SElinux entirely, but I prefer to write a custom policy instead – it is not that difficult.

The basic approach is this:

Use Cobbler as you normally would (you will trigger several SElinux denials, so expect errors)
Extract the relevant SElinux audit messages; convert them into a local policy
Load your local policy
Repeat steps 1..3 until everything works as expected

First attempt: the “cobbler import” command fails; rsync cannot access files on the mounted DVD ISO. Time to start writing a [...]

Continue reading Making Cobbler work with SElinux on CentOS / RHEL 6

December 19th, 2011 | Tags: , , , , | Category: Work | One comment - (Comments are closed)

Tip: Importing multiple CentOS Linux DVDs into Cobbler

Linux distributions are getting larger and larger; CentOS 6.0 64-bit won’t fit on a single DVD anymore. A Cobbler-based provisioning server will normally import only one DVD. So, how do you get around this?

Import the first DVD as usual
Manually add content from the second DVD

Import the first DVD (ISO image):

mkdir /mnt/dvd1; mount -o ro,loop /tmp/CentOS-6.0-x86_64-bin-DVD1.iso /mnt/dvd1

DISTRO=centos60-x86_64
cobbler import –name=${DISTRO} –path=/mnt/dvd1

Watch the output from Cobbler closely – it will basically tell show you the commands you need to import the second DVD

Import the second DVD (ISO image):

mkdir /mnt/dvd2; mount -o ro,loop /tmp/CentOS-6.0-x86_64-bin-DVD2.iso [...]

Continue reading Tip: Importing multiple CentOS Linux DVDs into Cobbler

August 17th, 2011 | Tags: , , , | Category: Work | One comment - (Comments are closed)

Tip: Fedora 14 and Dropbox

The current version of Dropbox does not behave nicely on Fedora 14 – the Dropbox update daemon attempts to execute code from stack. This is prohibited by SELinux (and rightly so).

There is a workaround (taken from the Dropbox Support forum):

/usr/bin/execstack -c ~/.dropbox-dist/_ctypes.so

Let’s hope that Dropbox releases a proper fix for this problem soon.

May 2nd, 2011 | Tags: , , , , , | Category: Work | Comments are closed

Tip: Configuring network aliases with NetworkManager on Fedora 14

Linux supports the concept of “network aliases”; a NIC with more than one IP-address.

Previously, with networking managed by /etc/init.d/network, you would create a configuration file (/etc/sysconfig/network-scripts/ifcfg-eth0:0) holding the IP-address information for alias “0” of network interface “eth0“.

With NetworkManager, things become more complicated for non-trivial network configurations. The primary interface settings are in /etc/sysconfig/network-scripts/ifcfg-eth0 as usual:

DEVICE=”eth0″
NM_CONTROLLED=”yes”
ONBOOT=yes
HWADDR=00:04:23:C0:FF:EE
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME=”System eth0″
UUID=5fb06bd0-0bb0-7ffb-45f1-deadbeefc0ffee

Based on a comment by Cristiano, I added a script to NetworkManager that would take care of configuring any [...]

Continue reading Tip: Configuring network aliases with NetworkManager on Fedora 14

April 4th, 2011 | Tags: , , , , | Category: Work | Comments are closed
 
  Older Entries »