1nagios_services_pluginS_EsLeilniunxuxP(o8l)icy nagios_sernvaigcieoss__psleurgviinces_plugin_selinux(8)
2
3
4

NAME

6       nagios_services_plugin_selinux - Security Enhanced Linux Policy for the
7       nagios_services_plugin processes
8

DESCRIPTION

10       Security-Enhanced Linux secures  the  nagios_services_plugin  processes
11       via flexible mandatory access control.
12
13       The  nagios_services_plugin  processes  execute  with  the  nagios_ser‐
14       vices_plugin_t SELinux type. You can check if you have these  processes
15       running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep nagios_services_plugin_t
20
21
22

ENTRYPOINTS

24       The  nagios_services_plugin_t  SELinux  type  can  be  entered  via the
25       nagios_services_plugin_exec_t file type.
26
27       The default entrypoint paths for  the  nagios_services_plugin_t  domain
28       are the following:
29
30       /usr/lib(64)?/nagios/plugins/check_nt,       /usr/lib(64)?/nagios/plug‐
31       ins/check_dig,                  /usr/lib(64)?/nagios/plugins/check_dns,
32       /usr/lib(64)?/nagios/plugins/check_rpc,      /usr/lib(64)?/nagios/plug‐
33       ins/check_sip,                  /usr/lib(64)?/nagios/plugins/check_ssh,
34       /usr/lib(64)?/nagios/plugins/check_tcp,      /usr/lib(64)?/nagios/plug‐
35       ins/check_ups,                 /usr/lib(64)?/nagios/plugins/check_dhcp,
36       /usr/lib(64)?/nagios/plugins/check_game,     /usr/lib(64)?/nagios/plug‐
37       ins/check_hpjd,                /usr/lib(64)?/nagios/plugins/check_http,
38       /usr/lib(64)?/nagios/plugins/check_icmp,     /usr/lib(64)?/nagios/plug‐
39       ins/check_ircd,                /usr/lib(64)?/nagios/plugins/check_ldap,
40       /usr/lib(64)?/nagios/plugins/check_nrpe,     /usr/lib(64)?/nagios/plug‐
41       ins/check_ping,                /usr/lib(64)?/nagios/plugins/check_real,
42       /usr/lib(64)?/nagios/plugins/check_smtp,     /usr/lib(64)?/nagios/plug‐
43       ins/check_time,               /usr/lib(64)?/nagios/plugins/check_dummy,
44       /usr/lib(64)?/nagios/plugins/check_fping,    /usr/lib(64)?/nagios/plug‐
45       ins/check_mysql,              /usr/lib(64)?/nagios/plugins/check_ntp.*,
46       /usr/lib(64)?/nagios/plugins/check_pgsql,    /usr/lib(64)?/nagios/plug‐
47       ins/check_breeze,            /usr/lib(64)?/nagios/plugins/check_oracle,
48       /usr/lib(64)?/nagios/plugins/check_radius,   /usr/lib(64)?/nagios/plug‐
49       ins/check_snmp.*,           /usr/lib(64)?/nagios/plugins/check_cluster,
50       /usr/lib(64)?/nagios/plugins/check_mysql_query
51

PROCESS TYPES

53       SELinux defines process types (domains) for each process running on the
54       system
55
56       You can see the context of a process using the -Z option to ps
57
58       Policy governs the access confined processes have  to  files.   SELinux
59       nagios_services_plugin  policy is very flexible allowing users to setup
60       their nagios_services_plugin processes in as secure a method as  possi‐
61       ble.
62
63       The following process types are defined for nagios_services_plugin:
64
65       nagios_services_plugin_t
66
67       Note:  semanage  permissive  -a nagios_services_plugin_t can be used to
68       make the process type nagios_services_plugin_t permissive. SELinux does
69       not  deny  access  to  permissive  process  types, but the AVC (SELinux
70       denials) messages are still generated.
71
72

BOOLEANS

74       SELinux  policy  is  customizable  based  on  least  access   required.
75       nagios_services_plugin  policy  is  extremely  flexible and has several
76       booleans that allow you to manipulate the policy  and  run  nagios_ser‐
77       vices_plugin with the tightest access possible.
78
79
80
81       If you want to allow users to resolve user passwd entries directly from
82       ldap rather then using a sssd server, you  must  turn  on  the  authlo‐
83       gin_nsswitch_use_ldap boolean. Disabled by default.
84
85       setsebool -P authlogin_nsswitch_use_ldap 1
86
87
88
89       If you want to allow all domains to execute in fips_mode, you must turn
90       on the fips_mode boolean. Enabled by default.
91
92       setsebool -P fips_mode 1
93
94
95
96       If you want to allow confined applications to run  with  kerberos,  you
97       must turn on the kerberos_enabled boolean. Enabled by default.
98
99       setsebool -P kerberos_enabled 1
100
101
102
103       If  you  want  to  allow  system  to run with NIS, you must turn on the
104       nis_enabled boolean. Disabled by default.
105
106       setsebool -P nis_enabled 1
107
108
109
110       If you want to allow confined applications to use nscd  shared  memory,
111       you must turn on the nscd_use_shm boolean. Enabled by default.
112
113       setsebool -P nscd_use_shm 1
114
115
116

FILE CONTEXTS

118       SELinux requires files to have an extended attribute to define the file
119       type.
120
121       You can see the context of a file using the -Z option to ls
122
123       Policy governs the access  confined  processes  have  to  these  files.
124       SELinux  nagios_services_plugin  policy is very flexible allowing users
125       to setup their nagios_services_plugin processes in as secure  a  method
126       as possible.
127
128       The following file types are defined for nagios_services_plugin:
129
130
131
132       nagios_services_plugin_exec_t
133
134       - Set files with the nagios_services_plugin_exec_t type, if you want to
135       transition an executable to the nagios_services_plugin_t domain.
136
137
138       Paths:
139            /usr/lib(64)?/nagios/plugins/check_nt,  /usr/lib(64)?/nagios/plug‐
140            ins/check_dig,             /usr/lib(64)?/nagios/plugins/check_dns,
141            /usr/lib(64)?/nagios/plugins/check_rpc, /usr/lib(64)?/nagios/plug‐
142            ins/check_sip,             /usr/lib(64)?/nagios/plugins/check_ssh,
143            /usr/lib(64)?/nagios/plugins/check_tcp, /usr/lib(64)?/nagios/plug‐
144            ins/check_ups,            /usr/lib(64)?/nagios/plugins/check_dhcp,
145            /usr/lib(64)?/nagios/plugins/check_game,
146            /usr/lib(64)?/nagios/plugins/check_hpjd,
147            /usr/lib(64)?/nagios/plugins/check_http,
148            /usr/lib(64)?/nagios/plugins/check_icmp,
149            /usr/lib(64)?/nagios/plugins/check_ircd,
150            /usr/lib(64)?/nagios/plugins/check_ldap,
151            /usr/lib(64)?/nagios/plugins/check_nrpe,
152            /usr/lib(64)?/nagios/plugins/check_ping,
153            /usr/lib(64)?/nagios/plugins/check_real,
154            /usr/lib(64)?/nagios/plugins/check_smtp,
155            /usr/lib(64)?/nagios/plugins/check_time,
156            /usr/lib(64)?/nagios/plugins/check_dummy,
157            /usr/lib(64)?/nagios/plugins/check_fping,
158            /usr/lib(64)?/nagios/plugins/check_mysql,
159            /usr/lib(64)?/nagios/plugins/check_ntp.*,
160            /usr/lib(64)?/nagios/plugins/check_pgsql,
161            /usr/lib(64)?/nagios/plugins/check_breeze,
162            /usr/lib(64)?/nagios/plugins/check_oracle,
163            /usr/lib(64)?/nagios/plugins/check_radius,
164            /usr/lib(64)?/nagios/plugins/check_snmp.*,
165            /usr/lib(64)?/nagios/plugins/check_cluster,
166            /usr/lib(64)?/nagios/plugins/check_mysql_query
167
168
169       Note:  File context can be temporarily modified with the chcon command.
170       If you want to permanently change the file context you need to use  the
171       semanage fcontext command.  This will modify the SELinux labeling data‐
172       base.  You will need to use restorecon to apply the labels.
173
174

COMMANDS

176       semanage fcontext can also be used to manipulate default  file  context
177       mappings.
178
179       semanage  permissive  can  also  be used to manipulate whether or not a
180       process type is permissive.
181
182       semanage module can also be used to enable/disable/install/remove  pol‐
183       icy modules.
184
185       semanage boolean can also be used to manipulate the booleans
186
187
188       system-config-selinux is a GUI tool available to customize SELinux pol‐
189       icy settings.
190
191

AUTHOR

193       This manual page was auto-generated using sepolicy manpage .
194
195

SEE ALSO

197       selinux(8),  nagios_services_plugin(8),   semanage(8),   restorecon(8),
198       chcon(1), sepolicy(8), setsebool(8)
199
200
201
202nagios_services_plugin             19-10-08  nagios_services_plugin_selinux(8)
Impressum