Hi,

John Simino wrote on 27/09/2018 21:37:

I’ll add to the conversation that we also write our http logs to the /opt/Observium/logs directory so use this for semanage.

 

semanage fcontext -a -t httpd_sys_rw_content_t "/opt/observium(/.*)?"

I'm not selinux specialist, but as I see:
https://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/

httpd_sys_rw_content_t - Readable and writable directories and files used by Apache.

I not see reasons for make this dir writable for apache, as I think here enough:

 semanage fcontext -a -t httpd_sys_content_t "/opt/observium(/.*)?"

semanage fcontext -a -t httpd_log_t "/opt/observium/logs(/.*)?"

restorecon -Rv /opt/observium/logs

restorecon -Rv /opt/observium

 

 

fping doesn’t seem to have any problems.

 


Please take a moment to complete the City of Mesquite customer satisfaction survey.

John Simino
Network Administrator | Information Technology
777 N Galloway Ave | Mesquite, TX 75149
(972) 216-6654 | jsimino@cityofmesquite.com | www.cityofmesquite.com
   

From: observium <observium-bounces@observium.org> On Behalf Of Tom Laermans
Sent: Thursday, September 27, 2018 11:51 AM
To: observium@observium.org
Subject: [External] Re: [Observium] make selinux enforcing again

 

Oh, oops - also, thanks for this! :-)

On 9/27/2018 6:50 PM, Tom Laermans wrote:

We don't develop for Red Hat at all, so it's going to be hard to keep that up to date.

You missed being able to launch fping from Apache, by the way ;-)

Tom

On 9/27/2018 10:54 AM, David Pinkerton wrote:


As Red Hat consultant it makes me sad to see the first instruction to install software is to disable SELinux.

 

It really isn't that hard to learn.

 

My observium installation (on RHEL 7)

 

Assuming Observium is installed in /opt/observium

 

# ensure semange is installed

yum install policycoreutils-python

 

# set policy to allow apache to write to observium directories

# this could be restricted to read-only on all except rrd & logs.

semanage fcontext -a -t httpd_sys_rw_content_t "/opt/observium(/.*)?"

 

# apply policy

restorecon -R -v /opt/observium

 




_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 




_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 

 

WARNING: This email is from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. Forward to the helpdesk@cityofmesquite.com or call us at 972-216-6622 if you are unsure.



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

--
Mike Stupalov
Observium Limited, http://observium.org