SELinux and svcstatus.cgi
Well, I have xymon mostly setup, but I'm having difficulty when drilling down into a service that is monitored:
Exec failed for /home/xymon/server/bin/svcstatus.cgi: Permission denied
I thought turning on the httpd_sys_script_exec_t would do the trick: -rwxr-xr-x. xymon apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 svcstatus.cgi
...that didn't help....I've verified that it is a SELinux permissions by 'setenforce 0' and the script works.
What am I missing?
Frank M. Ramaekers Jr. | Systems Analyst I | CIS Mainframe Services Unisys | Skype: 512-387-3949 | Francis.Ramaekers at Unisys.com
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. [Grey_LI]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_company_unisys&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=CnksYwgmFb44n_RTOxVrqDXwfPXGLnL5UQvao-6Ycj4&e=> [Grey_TW] <https://urldefense.proofpoint.com/v2/url?u=http-3A__twitter.com_unisyscorp&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=azx1iUh4cBHdpPaNQ6cgJNP9WXMp7VeCkNFzKM7FZ8U&e=> [Grey_GP] <https://urldefense.proofpoint.com/v2/url?u=https-3A__plus.google.com_-2BUnisysCorp_posts&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=iKc41JV7t6CD1Q5QnyEFrTilgOHl1vIgL9Vpp-0e6_Y&e=> [Grey_YT] <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.youtube.com_theunisyschannel&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=QYQdy-yN458JpsjLhKiyWyqo8XpaJo-OSSCvwTYpRW0&e=> [Grey_FB] <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.facebook.com_unisyscorp&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=9pY-EWaFU_JKejs-GZUeJa0YiaSnAFAvrvOaIeuDNEg&e=> [Grey_Vimeo] <https://urldefense.proofpoint.com/v2/url?u=https-3A__vimeo.com_unisys&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=h4oBZ37EbNQfGwAwuwG_jjY-HEzHlSYYHI5SfYkVTSg&e=> [Grey_UB] <https://urldefense.proofpoint.com/v2/url?u=http-3A__blogs.unisys.com_&d=DwMFAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=yLPqjYkkebylxrYeSv25H83UikQGBqGZ3iXKQmCqm68&s=m2ordeCyKBBqh39_rNFENshTVkhT1FvbLVjn_t7j6Pk&e=>
This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at PrivacyAct at torchmarkcorp.com.
You’d want to look at the contents of the audit log (varies depending on the distribution). I believe there are tools (audit2allow rings a bell) that can help you construct necessary rule changes, but also it may be clearer what specifically is not being allowed.
On Dec 12, 2018, at 12:50 PM, Frank M. Ramaekers <FRamaekers at ailife.com> wrote:
Well, I have xymon mostly setup, but I’m having difficulty when drilling down into a service that is monitored:
Exec failed for /home/xymon/server/bin/svcstatus.cgi: Permission denied
I thought turning on the httpd_sys_script_exec_t would do the trick: -rwxr-xr-x. xymon apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 svcstatus.cgi
…that didn’t help….I’ve verified that it is a SELinux permissions by ‘setenforce 0’ and the script works.
What am I missing?
Frank M. Ramaekers Jr. | Systems Analyst I | CIS Mainframe Services Unisys | Skype: 512-387-3949 | Francis.Ramaekers at Unisys.com
<image001.png>
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <image002.jpg> <image003.jpg> <image004.jpg><image005.jpg><image006.jpg><image007.jpg><image008.jpg>
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
--
|| \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - novosirj at rutgers.edu || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark `'
participants (2)
-
FRamaekers@ailife.com
-
novosirj@rutgers.edu