CentOS 5 :: Why The Selinux Module For Nagios Doesn't Work
Dec 8, 2009
Is there a reason why the selinux module for nagios just doesn't work? I'm running CentOS release 5.4 (Final) and did "yum install nagios" and now have nagios-3.2.0-1.el5.rf installed. I'm having to create policy after policy after policy, and still haven't reached the end of the rainbow.
I suppose after I run out of selinux violations, I could figure out how to combine all of these modules and post the result, but it seems really, really weird to think that I'm the only person who has ever installed nagios from the repo with SELinux enabled.
I am trying to use CentOS 5.4 to set up a secure laptop, largely because of it's SELinux functionality. Unfortunately I couldn't get wireless to work properly using the default NetworkManager so I installed wicd. Initially it buggered up my whole installation but after relabelling files using SEL I can now use my system again. but.. I can't use it with SELinux enabled, as it denies the required accesses for wicd to work. I also get similar SELinux denials for wpa_supplicant. A couple of snippets from /var/log/audit/audit.log -
I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
Since my Asus WL-3300 seems to be having trouble, I bought a USB adapter -- a Linksys WUSB54G ver 4. Version 4 was apparently important because it came with a Ralink 2570 chip -- and that's supposed to work with Linux (which is why I chose it).I think it will work because, without loading any drivers, Net Manager can see the local routers (about seven of them). But when I choose mine, though it asks for a WEP key, it never connects. I'm not sure now what driver is loading that *almost* works with it. But I think I may still need to load the driver from: URl...But when you read the page it says that the driver has entered the "Mainline Kernel" -- and I'm wondering if that is why the adaptor almost works.So the questions:
1) Without a driver, should this Ralink 2570 be working at all?
2) How do I find what driver *is* loading?
3) Modprobe doesn't seem to be able to find any rt25x00 module, is this right -- or is there some other name I should be looking for?
iwlink scan, ifconfig, etc., all see the adapter as wlan0.lsusb shows the adapter.I'm going to keep searching, but wrote this in case there is something really simple that I'm overlooking.
I am using the "extend" function of snmpd to run a script in order to extend a monitoring platform. This script being ran by snmpd needs to write to a file in /tmp for later parsing, but SELinux is stopping it from writing to the file under /tmp. The following two lines from my audit.log file show what is happening:
I am trying to install a Sunix 4018T dual parallel port card on a pc with Mandriva Linux 2010.1: Dealer told me that linux has driver for this card already so I inserted it and turned on my pc. Unfortunately when I try to install my Okidata ML320, cups it's not showing any parallel ports. I try to update all the system with last patches and packages :I tested the card on a pc with windows xp, installed my printer and it works perfectly.
This will be a little long (having read Phil's 'how to ask questions' FAQ). I'm trying to get OpenVPN working between my CentOS server and some Windoze laptops running XP. There seems to be plenty of sample config files available, but to date, none of them have worked for me. Pulling out my trusty Wireshark, I've found some clues,
BACKGROUND: My local subnet (NAT'ed by my gateway router) is 192.168.52.x. My router has been configured with a conduit (port-forward) for port 1194 (the standard OpenVPN port), which points towards my CentOS server.The CentOS server is .52.112, and the supplicant is .52.110. I have tried the lient both inside and outside my local subnet, with no difference in events or outcomes.
i am trying to install centos 5.5 x86_64 as a guest OS in vmware server 2.0.2 using netinstall iso. Installation runs fine until the point, when it tries to install selinux-policy-targeted-2.4.6-279.el5.noarch, the whole virtual pc hangs at this.any ideas? i tried to google few things about this, but i have found nothing. this has happened 3 times in row, whole virtual pc always hangs at the same package. i dont have any other problems with vmware, gentoo runs and installs fine in it.i would prefer to do installation using netinstall.iso, it would take a lot of time to download all cds or whole dvd and all i require is a very basic set of packages.
Update was successful (I didn't see any errors). Then I rebooted pc and found out that my web is extreamly slow. In httpd logs I found: php -> file_get_contents [URL] always dies (timeout error, but somedomain.com is fine, I can telnet it easy on 80) I was wounder if it's update problem and tried yum:
>yum update Loaded plugins: fastestmirror Determining fastest mirrors Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=5&arch=i386&repo=os error was [Errno 4] IOError: <urlopen error (-3, 'Temporary failure in name resolution')> Error: Cannot find a valid baseurl for repo: base
so you doesn't work too... I have no proxies, I tried to reboot pc, I tried: yum clean all
1) Installed Cent os 5.4 in my system (name it as "guest os").
2) Downloaded the full kernel source, and patched the vanilla kernel to export symbol table (2 line change) [URL] (Yes I know that kernel should not be touched, if touched you should not seek help here . but I felt I didnt do any big change in kernel there). Besides we unset the config_smp & config_preempt parameter to make the kernel as not SMP and not preemptive .
3) Then compiled and booted with the new kernel 2.6.18, everything went fine . Now my gust os box is loading fine and I dont have any issue .
So now I need to install this above machine as guest OS in one more XEN machine cent os 5.4 (name it as "xen os").
So we created the image out of the above box "guest os" and added it as VM in xen os . But while booting it always hangs under some error like "/usb device sort of thing" (I dont have the screen where it hangs, but I do have the equivalent xen log from XEN OS linked to [URL] .
1) what the error is, and what need to be changed in my guest os build .
2) In general I am new to this VM and XEN installation, to be frank I am completely zero . Does changing the native os 5.4 to guest os need any change in kernel or something.
3) Does this case possible, install plain cent os in xen machine. After then patch the kernel in VM and boot with that . I guess it should not be possible ...
4) If possible guide me to some documentation where I can learn few basics over this.
I am trying to monitor a Centos 5.3 box using SNMP and I am having a lot of trouble getting the data that i need from it. Everytime I try to get information from the UCD-SNMP MIB it returns "End of MIB". It is my understanding that UCD-SNMP is a standard package when Net-SNMP is installed and should always be there. Then why can't I access it? I have tried removing the reinstalling Net-SNMP, but that hasn't worked. My server is update date on all it's patches as well. It is quite old hardware, but I don't believe that should affect SNMP from being gathered. Iptables is down, and I cant' even get it from the local machine.
I have a dedicated server running CentOS 5, Plesk 9.2.2, SMTP Postfix and Courier-IMAP.The issue I have is that on all domains on the server receiving email works fine however sending email never seems to work. This is from email programs, my phone, webmail and PHP. None of them seem to be able to send email. If it is of worth Spam Assassin is running however I don't feel it is causing any problems.
I'm quite new to Linux and totally new to CentOS. I need it to isntall a Lotus Domino Server, and for security reason i'd like to install the Acronis Linux agent to backup this server with my Win Acronis enterprise server. I have installed a new CentOS server 5.4 on a Vmware virtual machine, then installed the Acronis Linux agent following the instruction here [URL].. The agent seems to work because with the command "/etc/init.d/acronis_agent status" the sistem respond with "Acronis Agenti is running"
But i can't connect to the agent from the server console!
I have disabled the firewall to avoid any connectin problem...
system-config-samba doean't work from terminal neither it is shown in graphical mode, i cannot see system > administration > servers. Server is missing.
I'm a visual effects artist and although many VFX post production houses use linux, I've always used windows because of the programs. At this point, I've migrated to different programs which are also available on linux. The only set of programs I won't have, would be the Adobe Suite. So, I decided to finally start using linux again. I used it back when I was a kid for a few years, but just to have it really. We mainly use macs at work, but I'm switching to linux now.
Since I mainly use Autodesk Maya, the first choice would've been RHEL. Which is why I'm here now, you can guess.
I've downloaded the .iso of CentOS 5.5 and checked it against the hashes and it came out fine. I burned it to a DVD and booted my main computer (I have 3 I plan on installing it onto) and tested the media, came back fine.
I have two HDs, one 1.5TB SATA and one 150GB SATA. The 1.5TB is the C: drive of windows, and I've shrunk it to allow 80GB for linux.
So that is sda. sda1 is the windows partition and I make sda2 ext3 out of the empty space by choosing the custom partition scheme. It installs fine.
However, booting up the computer boots straight to windows. No GRUB.
I've reinstalled many times now, changing the GRUB from sda to sda1 to sda2. Nothing.
[url]
I've adapted that guide to CentOS and tried that, but whenever I select the CentOS option during bootup, the computer instantly restarts itself.
I've tried reinstalling the GRUB via a Live CD like many googled sites say to, but I always get errors.
If I find the /boot/grub/stage1, it says it can't be found.
If I try to setup GRUB, it says /boot/grub/stage1 is unreadable
So, I download the Ubuntu CD and install that. I use the guide previously posted to do the same thing, by installing GRUB onto sda2 where Ubuntu is.
So I pick that option on startup and it brings me to Ubuntu's GRUB menu. It all works fine. CentOS doesn't though.
Ubuntu is using GRUB2, so it has a grub.cfg file. Inside the file near the end, it lists Ubuntu as (hd0,2) and windows as (hd0,1).
That shouldn't be right? What's (hd0,0) then?
The CentOS grub.conf file lists CentOS as (hd0,1) and windows as (hd0,0). That should be correct. But I change it anyway to (hd0,2) and (hd0,1) and it still doesn't work.
We are running CentOS 5.3 on a Logic Supply PT109, a ruggedized PC. For some reason the serial ports don't work when the IRQ is configured (i.e. setting IRQ to 0 makes it work, but performance suffers with the polling).
I've used minicom, picocom, and plain old cat and echo talk to the port both with a loopback connector and to another PC. statserial shows the control lines changing as I change the various settings and connect the loopback connector. I am confident that the hardware is fine as DOS diagnostics show the COMx ports working with various baud rates. I have tried changing the IRQ from the default of 11 to 3 and 4, turning flow control on/off, and tried another PT109.
strace shows data being written, but none being received, so my theories are either the interrupts aren't being generated (doubtful since the ports tested okay with DOS) or the serial driver isn't handling the interrupt. The serial handler shows up in /proc/interrupts when the port is opened. The interrupt counts do go up slowly, but not in response to activity that I can correlate:
I have installed ubuntu and Centos 5 , but when i do sudo update-grub , the new centos 5 is not detected. Some days ago i did the same (i installed ubuntu , and then Centos 5) , but i had to format the hard disk because some problems i had. The thing is that in that first time update-grub worked , but now not , why? Shouldn't be detected this time too? I have to manually add the new entry to the grub no?
Trying to migrate our news server to a new instance on centos5 and having issues with the makehistory utility. It errors out and then just creates all null values for the overview database. Here is the output:
We have a Blade server connected to a two internal ESM Cisco switch. We want to have a active-backup configuration with bonding. We follow the documentation and we hace configured the next:
My problem is that I cant "rewrite" older password to new. It looks like I do:
Changing password for user johny. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
all looks OK but after set up new password I can log in using OLD and NEW password. It's very unsecure for me. So in fact I cant change password and it looks like centos create next password to one accout and one account have more then one password... how can I prevent it? pls help me couse its very unsecure in my case.user looks in file shadow /etc/shadow like this:
I'll start by saying that most of this is built inside of a 64bit ESXi 4.1.0 server. Should be obvious by the picture below.
Trying to set up a bridged CentOS box. Ultimate goal is to set up a Transparent Firewall. The machine labeled 'Desktop' is a Windows XP running DHCP. It gets assigned an Internet routeble IP address. At this point, nothing is running a firewall.
Symptoms: Gateway can ping CentOS bridge CentOS bridge can ping gateway CentOS bridge can resolve DNS names and ping FQDNs on the Internet. CentOS bridge CAN NOT ping Desktop
