nagios plugins with state files

Vadym Chepkov vchepkov at gmail.com
Thu May 26 11:33:32 UTC 2011 

Hi,

There is a series of nagios plugins which have to record previous call's status in a file.
For example, check_snmp_uptime. It would record the previous uptime of a monitored server into a bdb file and will generate an ERROR state if during a next call uptime was lower then previous.
Unfortunately, there is no suitable context for files like that. even nagios_system_plugin_tmp_t doesn't fit the bill.

# ausearch -m avc -ts today
----
time->Thu May 26 07:13:23 2011
type=SYSCALL msg=audit(1306408403.157:422): arch=40000003 syscall=5 success=yes exit=3 a0=90368a8 a1=80c2 a2=1b6 a3=9026770 items=0 ppid=27717 pid=27718 auid=4294967295 uid=498 gid=493 euid=498 suid=498 fsuid=498 egid=493 sgid=493 fsgid=493 tty=(none) ses=4294967295 comm="check_snmp_upti" exe="/usr/bin/perl" subj=system_u:system_r:nagios_services_plugin_t:s0 key=(null)
type=AVC msg=audit(1306408403.157:422): avc:  denied  { read write open } for  pid=27718 comm="check_snmp_upti" name="__db.t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file
type=AVC msg=audit(1306408403.157:422): avc:  denied  { create } for  pid=27718 comm="check_snmp_upti" name="__db.t100" scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file
type=AVC msg=audit(1306408403.157:422): avc:  denied  { add_name } for  pid=27718 comm="check_snmp_upti" name="__db.t100" scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=dir
type=AVC msg=audit(1306408403.157:422): avc:  denied  { write } for  pid=27718 comm="check_snmp_upti" name="uptime" dev=dm-2 ino=208 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=dir
----
time->Thu May 26 07:13:23 2011
type=SYSCALL msg=audit(1306408403.158:423): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfdab0b0 a2=541ff4 a3=64 items=0 ppid=27717 pid=27718 auid=4294967295 uid=498 gid=493 euid=498 suid=498 fsuid=498 egid=493 sgid=493 fsgid=493 tty=(none) ses=4294967295 comm="check_snmp_upti" exe="/usr/bin/perl" subj=system_u:system_r:nagios_services_plugin_t:s0 key=(null)
type=AVC msg=audit(1306408403.158:423): avc:  denied  { getattr } for  pid=27718 comm="check_snmp_upti" path="/var/spool/nagios/uptime/__db.t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file
----
time->Thu May 26 07:13:23 2011
type=SYSCALL msg=audit(1306408403.168:424): arch=40000003 syscall=38 success=yes exit=0 a0=93ecf70 a1=90368a8 a2=91b048 a3=64 items=0 ppid=27717 pid=27718 auid=4294967295 uid=498 gid=493 euid=498 suid=498 fsuid=498 egid=493 sgid=493 fsgid=493 tty=(none) ses=4294967295 comm="check_snmp_upti" exe="/usr/bin/perl" subj=system_u:system_r:nagios_services_plugin_t:s0 key=(null)
type=AVC msg=audit(1306408403.168:424): avc:  denied  { rename } for  pid=27718 comm="check_snmp_upti" name="__db.t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file
type=AVC msg=audit(1306408403.168:424): avc:  denied  { remove_name } for  pid=27718 comm="check_snmp_upti" name="__db.t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=dir

----
time->Thu May 26 07:31:48 2011
type=SYSCALL msg=audit(1306409508.204:434): arch=40000003 syscall=195 success=yes exit=0 a0=8cb7c68 a1=bfdf8030 a2=423ff4 a3=64 items=0 ppid=28479 pid=28480 auid=4294967295 uid=498 gid=493 euid=498 suid=498 fsuid=498 egid=493 sgid=493 fsgid=493 tty=(none) ses=4294967295 comm="check_snmp_upti" exe="/usr/bin/perl" subj=system_u:system_r:nagios_services_plugin_t:s0 key=(null)
type=AVC msg=audit(1306409508.204:434): avc:  denied  { getattr } for  pid=28480 comm="check_snmp_upti" path="/var/spool/nagios/uptime/t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file
----
time->Thu May 26 07:31:48 2011
type=SYSCALL msg=audit(1306409508.205:435): arch=40000003 syscall=5 success=yes exit=3 a0=8cb7c68 a1=8002 a2=0 a3=88f5770 items=0 ppid=28479 pid=28480 auid=4294967295 uid=498 gid=493 euid=498 suid=498 fsuid=498 egid=493 sgid=493 fsgid=493 tty=(none) ses=4294967295 comm="check_snmp_upti" exe="/usr/bin/perl" subj=system_u:system_r:nagios_services_plugin_t:s0 key=(null)
type=AVC msg=audit(1306409508.205:435): avc:  denied  { open } for  pid=28480 comm="check_snmp_upti" name="t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file
type=AVC msg=audit(1306409508.205:435): avc:  denied  { read write } for  pid=28480 comm="check_snmp_upti" name="t100" dev=dm-2 ino=379 scontext=system_u:system_r:nagios_services_plugin_t:s0 tcontext=system_u:object_r:nagios_system_plugin_tmp_t:s0 tclass=file


Did I miss a proper context or I should create a new type?

Thanks,
Vadym

More information about the selinux mailing list