zabbix,selinux , Zabbix external checks cannot be executed due to SELinux


Zabbix external checks cannot be executed due to SELinux

Question:

Tag: zabbix,selinux

I try to implement external checks in Zabbix 2.2. I've created simple bash script for SSL verification which should be executed by zabbix service. The script is located in /var/lib/zabbixsrv/externalchecks directory. Even if there are 777 permission for the .sh script I still receive message telling

unable to execute /var/lib/zabbixsrv/externalscripts/test.sh: Permission denied

I've got same message when I try to run the command even as root. The ls -Z /var/lib/zabbixsrv/externalscripts/test.sh command output says:

-rwxrwxrwx. zabbixsrv zabbixsrv unconfined_u:object_r:default_t:s0 /var/lib/zabbixsrv/externalscripts/test.sh

There is no message relating this in /var/log/massages. Does anybody know how to force selinux to allow execute zabbixsrv user the script without disabling selinux?

Which zabbix service (zabbix-server, zabbix-agent, ...) should execute the external checks script?


Answer:

The main issue was in /etc/fstab configuration file. The Zabbix has defined as default values for script /var/lib/zabbixsrv/excernalscripts directory. My server has /var mounted with rw and noexec permissions.

I've already moved the script to different location and change the configuration file accordingly. Checks are working fine now.

Thanks everybody for any contribution relating this topic.


Related:


Zabbix configuration - Action


zabbix
The action which I'm configuring is used to sending email notification. The problem is that if I use the macros in action's name and message the email will not be send out, if using just plain text the email can be sent out succesfully. I'm using the media type of...

Logstash filter section


filter,logstash,zabbix
Could you please advise how to filter a specific words with Logstash 1.5? For example, it's necessary to filter the following words: Critical, Exit, Not connected. As I remember, in previous versions of Logstash (i.e 1.4 and earlier) it has been possible with grep filter. Currently my logstash.conf contains: input...

Where does zabbix store trapper data?


zabbix
I'm trying to retreive the results from all trapper items, I assume it is stored in the database under the history table but would like to confirm if maybe it's stored somewhere else.

zabbix api get all host names


python,zabbix
I'm using Python to query a Zabbix server in an attempt to get a list of hostids and hostnames. I'm testing with the following: zapi = ZabbixAPI(server=server, log_level=debuglevel) zapi.login(username, password) hosts = zapi.host.get({"params":{"output":"hostid", "name"}}) print hosts The above test only prints out the hostids. The host names are not retrieved....

SELINUX blocking php-fpm and nginx working together?


linux,nginx,php-fpm,selinux,centos7
I'm having some issues with SELINUX. When trying to visit my website I get 403 forbidden from nginx and the server pops up with an error and says to use grep NGINX /var/log/audit/audit.log | audit2allow -M mypol which i did however, when trying to load the page it now says...

Zabbix external checks cannot be executed due to SELinux


zabbix,selinux
I try to implement external checks in Zabbix 2.2. I've created simple bash script for SSL verification which should be executed by zabbix service. The script is located in /var/lib/zabbixsrv/externalchecks directory. Even if there are 777 permission for the .sh script I still receive message telling unable to execute /var/lib/zabbixsrv/externalscripts/test.sh:...

Zabbix JMX monitoring with agent auto-registration


jmx,zabbix
I can see how to configure a jmx server for a host using the zabbix UI. I must enter the host IP address and port. My use case has many aws ec2 instances that come and go according to scaling requirements, so I want these instances to auto-register with the...

How to skip reading the timestamp in zabbix?


logging,monitoring,zabbix
I have created a zabbix alert to return log messages whenever there is any ERROR or WARNING in the file : Item : Type : Zabbix agent (active) key : log[/usr/local/panorama/acs/standalone/log/server.log,WARN\s*\[|ERROR\s*\[,,,,\0] Type of information : Log Log Time Format : yyyy-MM-ddThh:mm:ss,SSS And an alert : Name : Error/Warning log at...

Zabbix Monitoring Tool Database Connection issue


mysql,connectivity,zabbix
I am trying to install Zabbix Monitoring server on Linux Cent OS 6.x. I have installed Zabbix 2.4 version on it. I have followed the following article of Zabbix to configure it: https://www.zabbix.com/documentation/2.4/manual/installation/install_from_packages Once I reach at IPAddress/zabbix at browser settings, I have successfully passed PHP settings and configuration stage....

Scripting with PuTTY's PSFTP and suppressing the output


ruby,windows,putty,zabbix
I'm trying to write a ruby script that executes PuTTY's PSFTP program and receive the output to use in further processing and then report a number to Zabbix. However, when I run the script, PSFTP outputs a bit of text that throws off my Zabbix item. C:\Ruby\>corporate_sftp3 -o xml Using...

SELinux prevents ssh with RSA key


ssh,nfs,selinux
I forgot that I had enabled SELinux on one of my web servers. So when I went to log into the host with my user account and ssh key, I was getting permission denied errors. [[email protected]:~] #ssh [email protected] Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Hmmm... So I consoled into the server and was...

Is it possible to use the package name as the domain name in Android SELinux?


android,selinux
Android SELinux( or you can say SEAndroid) defines many domains which include system_app, platform_app, isolated_app, etc. Each domain has different meanings, for example, system_app includes all the apps which share the system uid, and the platform_app includes all the apps which sign the platform key. All the SE files are...

How to find difference between two arrays in PHP?


php,arrays,zabbix
Here is array 1: Array ( [ABC01] => 10.123.456.78 [ABC02] => 10.123.456.79 [ABC03] => 10.123.456.80 [ZYX99] => 10.123.456.81 ) Here is array 2: Array ( [0] => ABC01 [1] => ABC02 [2] => ABC03 ) I'm trying to find the difference between these two arrays and return the following (as...

Unable to change filesystem label using selinux policy module


fedora,selinux,libselinux
I am using fedora 21 I have written a selinux policy moudle for an application. I have defined new types is .te file and created a .fc file in which defines the labelling of files with the types I have created. i can successfully load the policy using "make load"....

SELinux Permission Denied for a new framework service in android


android,selinux
I have added a new System Service into Android Framework in earlier versions (4.4) following this tutorial from Texas Instruments But when I try to do a similar thing in Android Lollipop, the SELinux policy denies me to do so. This is the output from logcat. 05-11 15:49:51.362 248 248...