[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No audit lines produced

I'm trying to debug a Nagios plugin that isn't playing nicely with SELinux. It executes a system binary to get statistics about DHCP pool usage, and obviously SELinux stamps on that access and the plugin only returns partial data.
In Permissive mode the plugin works, it Enforcing it doesn't. But in neither mode are there any debug messages in audit.log 

[jg4461@dhcp1 ~]$ sudo setenforce 0
[jg4461@dhcp1 ~]$ /usr/lib64/nagios/plugins/check_nrpe -H localhost -c check_dhcpd_pools OK - all pools less than 80% full | MAYHEM! rnw-652=45.491%;80;90, rnw-653=47.619%;80;90, rnw-654=51.570%;80;90, rnw-655=45.998%;80;90, rnw-656=49.949%;80;90, rnw-657=48.126%;80;90, rnw-658=45.390%;80;90, rnw-659=0.101%;80;90, rnw-ratelimited-660=0.811%;80;90, rnw-onlinepayment-661=0.507%;80;90, rnw-onlinepayment-662=0.304%;80;90, rnw-onlinepayment-663=0.405%;80;90, rnw-consoles-665=1.317%;80;90, rnw-message-666=0.101%;80;90, rnw-instructions-667=9.411%;80;90 

[jg4461@dhcp1 ~]$ sudo setenforce 1
[jg4461@dhcp1 ~]$ /usr/lib64/nagios/plugins/check_nrpe -H localhost -c check_dhcpd_pools 
OK - all pools less than 80% full |
Regardless of the SELinux mode, the same 3 log lines are printed in audit.log:
type=USER_CMD msg=audit(1337077807.188:273642): user pid=1593 uid=0 auid=56933 ses=12137 subj=unconfined_u:system_r:nrpe_t:s0 msg='cwd="/" cmd="/usr/lib64/nagios/plugins/check_dhcpd_pools" terminal=? res=success' type=CRED_ACQ msg=audit(1337077807.191:273643): user pid=1594 uid=0 auid=56933 ses=12137 subj=unconfined_u:system_r:nrpe_t:s0 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' type=USER_START msg=audit(1337077807.191:273644): user pid=1594 uid=0 auid=56933 ses=12137 subj=unconfined_u:system_r:nrpe_t:s0 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Anyone have any idea how I can see the deny messages and make a policy from them? 

Cheers,
Jonathan
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux
Google
  Web www.spinics.net