Advertisements
Well, that is not recommended. We need to keep the selinux enforcing and configure nrpe with selinux. it was very difficult in old days. But not now. We will see how to install and configure nrpe with selinux.
First of all we have to install a couple of softwares to ease the process. setroubleshoot and setroubleshoot-server. This is very important. Without this we cant move ahead.
#yum install setroubleshoot setroubleshoot-serverThen restart the nrpe service and run the commands from the icinga node. We can see a lot of errors in the journalctl log.
#systemctl restart auditd.service (please note: this will fail)
#service auditd restart
Once we run almost all the checks we will have 99% selinux rules required in the journal log.
So we will grep the nrpe related lines and generate a te(type enforcement) file. Here we are using nagios_user as the nrpe user.
#grep "nrpe\|nagios_user\|check_" /var/log/audit/audit.log | audit2allow -m nrpe_plugins > nrpe_plugins.teNow compile it:
#checkmodule -M -m -o nrpe_plugins.mod nrpe_plugins.techeckmodule is a program that checks and compiles a SELinux security policy module into a binary representation.
Creating policy:
#semodule_package -o nrpe_plugins.pp -m nrpe_plugins.modsemodule_package is the tool used to create a SELinux policy module package from a binary policy module and optionally other data such as file contexts.
once the policy file is ready, you can copy the policy file to the similar systems and install the policy using the following command,
#semodule -i nrpe_plugins.pp
During all these process, you can check the logs using,
#journalctl -b -0
or
#journalctl -f (for real time)
To view the installed selinux modules on the server you can use the command
#semodule -l
To remove any installed selinux modules on the server you can use the command
#semodule -r module_name_to_be_removed
No comments:
Post a Comment
Be nice. That's all.