Nagios, nrpe and selinux policies (audit)

โ€”

by

in

Selinux seems to “dontaudit” logs by default. This means that when selinux is permissive, your plugins will work, and when you setenforce 1 your server, plugins fail. This all happens without warnings. If you see this happening:

  1. Disable dontaudit: semodule -DB
  2. See avc entries filling up audit.log, pipe through audit2allow.
  3. Enable again: semodule -B