1nagios_services_pluginS_EsLeilniunxuxP(o8l)icy nagios_sernvaigcieoss__psleurgviinces_plugin_selinux(8)
2
3
4

NAME

6       nagios_services_plugin_selinux - Security Enhanced Linux Policy for the
7       nagios_services_plugin processes
8

DESCRIPTION

10       Security-Enhanced Linux secures  the  nagios_services_plugin  processes
11       via flexible mandatory access control.
12
13       The  nagios_services_plugin  processes  execute  with  the  nagios_ser‐
14       vices_plugin_t SELinux type. You can check if you have these  processes
15       running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep nagios_services_plugin_t
20
21
22

ENTRYPOINTS

24       The  nagios_services_plugin_t  SELinux  type  can  be  entered  via the
25       nagios_services_plugin_exec_t file type.
26
27       The default entrypoint paths for  the  nagios_services_plugin_t  domain
28       are the following:
29
30       /usr/lib(64)?/nagios/plugins/check_nt,       /usr/lib(64)?/nagios/plug‐
31       ins/check_dig,                  /usr/lib(64)?/nagios/plugins/check_dns,
32       /usr/lib(64)?/nagios/plugins/check_rpc,      /usr/lib(64)?/nagios/plug‐
33       ins/check_sip,                  /usr/lib(64)?/nagios/plugins/check_ssh,
34       /usr/lib(64)?/nagios/plugins/check_tcp,      /usr/lib(64)?/nagios/plug‐
35       ins/check_ups,                 /usr/lib(64)?/nagios/plugins/check_dhcp,
36       /usr/lib(64)?/nagios/plugins/check_game,     /usr/lib(64)?/nagios/plug‐
37       ins/check_hpjd,                /usr/lib(64)?/nagios/plugins/check_http,
38       /usr/lib(64)?/nagios/plugins/check_icmp,     /usr/lib(64)?/nagios/plug‐
39       ins/check_ircd,                /usr/lib(64)?/nagios/plugins/check_ldap,
40       /usr/lib(64)?/nagios/plugins/check_nrpe,     /usr/lib(64)?/nagios/plug‐
41       ins/check_ping,                /usr/lib(64)?/nagios/plugins/check_real,
42       /usr/lib(64)?/nagios/plugins/check_smtp,     /usr/lib(64)?/nagios/plug‐
43       ins/check_time,               /usr/lib(64)?/nagios/plugins/check_dummy,
44       /usr/lib(64)?/nagios/plugins/check_fping,    /usr/lib(64)?/nagios/plug‐
45       ins/check_mysql,              /usr/lib(64)?/nagios/plugins/check_ntp.*,
46       /usr/lib(64)?/nagios/plugins/check_pgsql,    /usr/lib(64)?/nagios/plug‐
47       ins/check_breeze,            /usr/lib(64)?/nagios/plugins/check_oracle,
48       /usr/lib(64)?/nagios/plugins/check_radius,   /usr/lib(64)?/nagios/plug‐
49       ins/check_snmp.*,           /usr/lib(64)?/nagios/plugins/check_cluster,
50       /usr/lib(64)?/nagios/plugins/check_mysql_query
51

PROCESS TYPES

53       SELinux defines process types (domains) for each process running on the
54       system
55
56       You can see the context of a process using the -Z option to ps
57
58       Policy governs the access confined processes have  to  files.   SELinux
59       nagios_services_plugin  policy is very flexible allowing users to setup
60       their nagios_services_plugin processes in as secure a method as  possi‐
61       ble.
62
63       The following process types are defined for nagios_services_plugin:
64
65       nagios_services_plugin_t
66
67       Note:  semanage  permissive  -a nagios_services_plugin_t can be used to
68       make the process type nagios_services_plugin_t permissive. SELinux does
69       not  deny  access  to  permissive  process  types, but the AVC (SELinux
70       denials) messages are still generated.
71
72

BOOLEANS

74       SELinux  policy  is  customizable  based  on  least  access   required.
75       nagios_services_plugin  policy  is  extremely  flexible and has several
76       booleans that allow you to manipulate the policy  and  run  nagios_ser‐
77       vices_plugin with the tightest access possible.
78
79
80
81       If you want to allow all domains to execute in fips_mode, you must turn
82       on the fips_mode boolean. Enabled by default.
83
84       setsebool -P fips_mode 1
85
86
87

FILE CONTEXTS

89       SELinux requires files to have an extended attribute to define the file
90       type.
91
92       You can see the context of a file using the -Z option to ls
93
94       Policy  governs  the  access  confined  processes  have to these files.
95       SELinux nagios_services_plugin policy is very flexible  allowing  users
96       to  setup  their nagios_services_plugin processes in as secure a method
97       as possible.
98
99       The following file types are defined for nagios_services_plugin:
100
101
102
103       nagios_services_plugin_exec_t
104
105       - Set files with the nagios_services_plugin_exec_t type, if you want to
106       transition an executable to the nagios_services_plugin_t domain.
107
108
109       Paths:
110            /usr/lib(64)?/nagios/plugins/check_nt,  /usr/lib(64)?/nagios/plug‐
111            ins/check_dig,             /usr/lib(64)?/nagios/plugins/check_dns,
112            /usr/lib(64)?/nagios/plugins/check_rpc, /usr/lib(64)?/nagios/plug‐
113            ins/check_sip,             /usr/lib(64)?/nagios/plugins/check_ssh,
114            /usr/lib(64)?/nagios/plugins/check_tcp, /usr/lib(64)?/nagios/plug‐
115            ins/check_ups,            /usr/lib(64)?/nagios/plugins/check_dhcp,
116            /usr/lib(64)?/nagios/plugins/check_game,
117            /usr/lib(64)?/nagios/plugins/check_hpjd,
118            /usr/lib(64)?/nagios/plugins/check_http,
119            /usr/lib(64)?/nagios/plugins/check_icmp,
120            /usr/lib(64)?/nagios/plugins/check_ircd,
121            /usr/lib(64)?/nagios/plugins/check_ldap,
122            /usr/lib(64)?/nagios/plugins/check_nrpe,
123            /usr/lib(64)?/nagios/plugins/check_ping,
124            /usr/lib(64)?/nagios/plugins/check_real,
125            /usr/lib(64)?/nagios/plugins/check_smtp,
126            /usr/lib(64)?/nagios/plugins/check_time,
127            /usr/lib(64)?/nagios/plugins/check_dummy,
128            /usr/lib(64)?/nagios/plugins/check_fping,
129            /usr/lib(64)?/nagios/plugins/check_mysql,
130            /usr/lib(64)?/nagios/plugins/check_ntp.*,
131            /usr/lib(64)?/nagios/plugins/check_pgsql,
132            /usr/lib(64)?/nagios/plugins/check_breeze,
133            /usr/lib(64)?/nagios/plugins/check_oracle,
134            /usr/lib(64)?/nagios/plugins/check_radius,
135            /usr/lib(64)?/nagios/plugins/check_snmp.*,
136            /usr/lib(64)?/nagios/plugins/check_cluster,
137            /usr/lib(64)?/nagios/plugins/check_mysql_query
138
139
140       Note: File context can be temporarily modified with the chcon  command.
141       If  you want to permanently change the file context you need to use the
142       semanage fcontext command.  This will modify the SELinux labeling data‐
143       base.  You will need to use restorecon to apply the labels.
144
145

COMMANDS

147       semanage  fcontext  can also be used to manipulate default file context
148       mappings.
149
150       semanage permissive can also be used to manipulate  whether  or  not  a
151       process type is permissive.
152
153       semanage  module can also be used to enable/disable/install/remove pol‐
154       icy modules.
155
156       semanage boolean can also be used to manipulate the booleans
157
158
159       system-config-selinux is a GUI tool available to customize SELinux pol‐
160       icy settings.
161
162

AUTHOR

164       This manual page was auto-generated using sepolicy manpage .
165
166

SEE ALSO

168       selinux(8),   nagios_services_plugin(8),   semanage(8),  restorecon(8),
169       chcon(1), sepolicy(8), setsebool(8)
170
171
172
173nagios_services_plugin             20-05-05  nagios_services_plugin_selinux(8)
Impressum