Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sun Jun 24, 2018 5:08 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: ICMP device down detection not working due to SELinux
PostPosted: Fri Oct 13, 2017 2:13 am 
Offline
Cacti User

Joined: Wed May 27, 2009 5:10 pm
Posts: 135
Cacti 1.1.24
OS Centos 7
PHP 5.4
Using cmd.php
Apache 2.4.6

In the device settings I have down device detection using icmp ping. This is saying icmp timeout, unless I set selinux to permissive. I'm trying to find a solution which is not disabling selinux but it's proving extremely difficult. I've found a number of threads and they mostly end with the OP stating they've disabled SELinux and it's fixed. Or they've applied some strange selinux policy effectively disabling selinux anyway.

I've done pretty well with everything working to this point with selinux enabled and I'd hope to keep it enabled. Can anyone here point me in the right direction to get "downed device detection" / icmp ping working without breaking the security of the server? I was hoping to find a solution that allows httpd to send a ping and that's it or something along those lines. To be honest I'm not actually sure if it's possible but I'm keen to try and find out.

Please could someone whom knows more than me on this provide some guidance? Or point me in a positive direction?

Many thanks


Top
 Profile  
 
 Post subject: Re: ICMP device down detection not working due to SELinux
PostPosted: Fri Oct 13, 2017 2:42 am 
Offline
Cacti User

Joined: Wed May 27, 2009 5:10 pm
Posts: 135
Found this: https://bugzilla.redhat.com/show_bug.cgi?id=958239


Top
 Profile  
 
 Post subject: Re: ICMP device down detection not working due to SELinux
PostPosted: Mon Oct 23, 2017 8:22 pm 
Offline
Cacti User

Joined: Wed May 27, 2009 5:10 pm
Posts: 135
Bump.

Does cacti work with SELinux enabled?


Top
 Profile  
 
 Post subject: Re: ICMP device down detection not working due to SELinux
PostPosted: Wed Nov 08, 2017 2:16 pm 
Offline

Joined: Mon Mar 05, 2012 9:42 am
Posts: 1
Have you set the selinux boolean httpd_can_network_connect to true ??

I have cacti running selinux enforced under OEL7.4 with the 1.1.24 tarball and mariadb 10.2.9.

it's doable.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group