Hi,
John Simino wrote on 27/09/2018 21:37:
I’ll add to the conversation that we also write our http logs to the /opt/Observium/logs directory so use this for semanage.
semanage fcontext -a -t httpd_sys_rw_content_t "/opt/observium(/.*)?"
I'm not selinux specialist, but as I see: https://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selin...
httpd_sys_rw_content_t - Readable and writable directories and files used by Apache.
I not see reasons for make this dir writable for apache, as I think here enough:
semanage fcontext -a -t httpd_sys_content_t "/opt/observium(/.*)?"
semanage fcontext -a -t httpd_log_t "/opt/observium/logs(/.*)?"
restorecon -Rv /opt/observium/logs
restorecon -Rv /opt/observium
fping doesn’t seem to have any problems.
Please take a moment to complete the City of Mesquite customer satisfaction survey https://www.surveymonkey.com/r/Z8MHD2G.
John Simino Network Administrator | Information Technology 777 N Galloway Ave | Mesquite, TX 75149 (972) 216-6654 | jsimino@cityofmesquite.com mailto:jsimino@cityofmesquite.com | www.cityofmesquite.com http://www.cityofmesquite.com https://www.facebook.com/mesquitetexas https://twitter.com/cityofmesquite https://www.youtube.com/user/cityofmesquitetexas https://instagram.com/cityofmesquite
*From:*observium observium-bounces@observium.org *On Behalf Of *Tom Laermans *Sent:* Thursday, September 27, 2018 11:51 AM *To:* observium@observium.org *Subject:* [External] Re: [Observium] make selinux enforcing again
Oh, oops - also, thanks for this! :-)
On 9/27/2018 6:50 PM, Tom Laermans wrote:
We don't develop for Red Hat at all, so it's going to be hard to keep that up to date. You missed being able to launch fping from Apache, by the way ;-) Tom On 9/27/2018 10:54 AM, David Pinkerton wrote: As Red Hat consultant it makes me sad to see the first instruction to install software is to disable SELinux. It really isn't that hard to learn. My observium installation (on RHEL 7) Assuming Observium is installed in /opt/observium # ensure semange is installed yum install policycoreutils-python # set policy to allow apache to write to observium directories # this could be restricted to read-only on all except rrd & logs. semanage fcontext -a -t httpd_sys_rw_content_t "/opt/observium(/.*)?" # apply policy restorecon -R -v /opt/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpostman.memetic.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fobservium&data=02%7C01%7Cjsimino%40cityofmesquite.com%7C6524a4d1ddda4b57b05e08d624996e85%7C569b24ee3c1843c889d404993c7c22b6%7C1%7C0%7C636736638739603201&sdata=C7BP7oDZNQ12hBwfYODu2gF3SgxTzyHJ6n%2FOswWI1wM%3D&reserved=0> _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpostman.memetic.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fobservium&data=02%7C01%7Cjsimino%40cityofmesquite.com%7C6524a4d1ddda4b57b05e08d624996e85%7C569b24ee3c1843c889d404993c7c22b6%7C1%7C0%7C636736638739603201&sdata=C7BP7oDZNQ12hBwfYODu2gF3SgxTzyHJ6n%2FOswWI1wM%3D&reserved=0>*WARNING:*This email is from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. Forward to the helpdesk@cityofmesquite.com mailto:helpdesk@cityofmesquite.comor call us at 972-216-6622 if you are unsure.
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
