{"id":98,"date":"2018-02-22T18:51:25","date_gmt":"2018-02-22T14:51:25","guid":{"rendered":"https:\/\/andre.hwt.ru\/?p=98"},"modified":"2018-02-22T18:51:25","modified_gmt":"2018-02-22T14:51:25","slug":"selinux-%d0%b2-centos","status":"publish","type":"post","link":"https:\/\/andre.hwt.ru\/?p=98","title":{"rendered":"Selinux \u0432 CentOS"},"content":{"rendered":"<p>\u041f\u043e\u0434\u043e\u0439\u0434\u0435\u0442 \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0441 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c Selinux.<\/p>\n<p>\u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u043b zabbix-agent \u043d\u0430 \u0445\u043e\u0441\u0442\u0435 \u0433\u0434\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d selinux.<\/p>\n<p>\u0421\u043e\u0431\u0438\u0440\u0430\u0435\u043c \u043b\u043e\u0433\u0438 \u0430\u0443\u0434\u0438\u0442\u0430 \u043f\u043e \u0437\u0430\u0431\u0431\u0438\u043a\u0441\u0443.<!--more--><\/p>\n<p><code>grep 'denied.*zabbix_agent' \/var\/log\/audit\/audit.log | audit2allow -m zabbixsudoallow &gt; zabbixsudoallow.te<\/code><\/p>\n<p>\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c, \u0447\u0442\u043e \u043f\u043e\u043f\u0430\u043b\u043e \u0432 \u043f\u0440\u0430\u0432\u0438\u043b\u0430<\/p>\n<p><code>less zabbixsudoallow.te<\/code><\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u0432\u043e\u0439 \u043c\u043e\u0434\u0443\u043b\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0434\u043b\u044f \u0437\u0430\u0431\u0431\u0438\u043a\u0441\u0430<\/p>\n<p><code>grep 'denied.*zabbix_agent' \/var\/log\/audit\/audit.log | audit2allow -M zabbixsudoallow<\/code><\/p>\n<p>\u0414\u0430\u043b\u0435\u0435 \u0432\u043d\u043e\u0441\u0438\u043c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f<\/p>\n<p><code>semodule -i zabbixsudoallow.pp<\/code><\/p>\n<p>\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0430\u0433\u0435\u043d\u0442, \u0441\u043c\u043e\u0442\u0440\u0438\u043c\u00a0\u00a0\/var\/log\/audit\/audit.log \u0435\u0441\u043b\u0438 \u043e\u043f\u044f\u0442\u044c\u00a0'denied.*zabbix_agent' \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442, \u0442\u043e \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u043c \u0432\u0441\u0435 \u0441 \u043d\u0430\u0447\u0430\u043b\u0430.<\/p>\n<p>&nbsp;<\/p>\n<p>\u0415\u0441\u043b\u0438 \u043d\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u0432 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c\u0441\u044f, \u0442\u043e\u043b\u044c\u043a\u043e<\/p>\n<p><code>grep 'denied.*zabbix_agent' \/var\/log\/audit\/audit.log | audit2allow -M zabbixsudoallow\u00a0<\/code><\/p>\n<p>\u0438<\/p>\n<p><code>semodule -i zabbixsudoallow.pp<\/code><\/p>\n<p>\u0415\u0441\u043b\u0438 \u0432 \u0430\u0443\u0434\u0438\u0442\u0435 \u043d\u0435\u0442 \u0437\u0430\u043f\u0440\u0435\u0442\u043e\u0432, \u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0432\u0441\u0435 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0442\u043e \u0434\u0435\u043b\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435.<\/p>\n<p><code>semodule -DB<\/code><\/p>\n<p>\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \"\u043f\u043e\u0434\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435\" \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f (<strong>dontaudit<\/strong>).<\/p>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e \u043a\u0430\u043a \u043d\u0430\u0434\u043e, \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u043c <strong>dontaudit<\/strong>.<\/p>\n<p><code>semodule -B<\/code><\/p>\n<p>\u041f\u043e\u0434\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043e \u043d\u0430\u00a0<a href=\"https:\/\/wiki.centos.org\/HowTos\/SELinux\">https:\/\/wiki.centos.org\/HowTos\/SELinux<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u041f\u043e\u0434\u043e\u0439\u0434\u0435\u0442 \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0441 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c Selinux. \u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u043b zabbix-agent \u043d\u0430 \u0445\u043e\u0441\u0442\u0435 \u0433\u0434\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d selinux. \u0421\u043e\u0431\u0438\u0440\u0430\u0435\u043c \u043b\u043e\u0433\u0438 \u0430\u0443\u0434\u0438\u0442\u0430 \u043f\u043e \u0437\u0430\u0431\u0431\u0438\u043a\u0441\u0443.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[32,43],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=\/wp\/v2\/posts\/98"}],"collection":[{"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=98"}],"version-history":[{"count":1,"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=\/wp\/v2\/posts\/98\/revisions"}],"predecessor-version":[{"id":99,"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=\/wp\/v2\/posts\/98\/revisions\/99"}],"wp:attachment":[{"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=98"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=98"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andre.hwt.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=98"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}