1nagios_services_pluginS_EsLeilniunxuxP(o8l)icy nagios_sernvaigcieoss__psleurgviinces_plugin_selinux(8)
2
3
4

NAME

6       nagios_services_plugin_selinux - Security Enhanced Linux Policy for the
7       nagios_services_plugin processes
8

DESCRIPTION

10       Security-Enhanced Linux secures  the  nagios_services_plugin  processes
11       via flexible mandatory access control.
12
13       The  nagios_services_plugin  processes  execute  with  the  nagios_ser‐
14       vices_plugin_t SELinux type. You can check if you have these  processes
15       running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep nagios_services_plugin_t
20
21
22

ENTRYPOINTS

24       The  nagios_services_plugin_t  SELinux  type can be entered via the na‐
25       gios_services_plugin_exec_t file type.
26
27       The default entrypoint paths for  the  nagios_services_plugin_t  domain
28       are the following:
29
30       /usr/lib(64)?/nagios/plugins/check_nt,       /usr/lib(64)?/nagios/plug‐
31       ins/check_dig,                  /usr/lib(64)?/nagios/plugins/check_dns,
32       /usr/lib(64)?/nagios/plugins/check_rpc,      /usr/lib(64)?/nagios/plug‐
33       ins/check_sip,                  /usr/lib(64)?/nagios/plugins/check_ssh,
34       /usr/lib(64)?/nagios/plugins/check_tcp,      /usr/lib(64)?/nagios/plug‐
35       ins/check_ups,                 /usr/lib(64)?/nagios/plugins/check_dhcp,
36       /usr/lib(64)?/nagios/plugins/check_game,     /usr/lib(64)?/nagios/plug‐
37       ins/check_hpjd,                /usr/lib(64)?/nagios/plugins/check_http,
38       /usr/lib(64)?/nagios/plugins/check_icmp,     /usr/lib(64)?/nagios/plug‐
39       ins/check_ircd,                /usr/lib(64)?/nagios/plugins/check_ldap,
40       /usr/lib(64)?/nagios/plugins/check_nrpe,     /usr/lib(64)?/nagios/plug‐
41       ins/check_ping,                /usr/lib(64)?/nagios/plugins/check_real,
42       /usr/lib(64)?/nagios/plugins/check_smtp,     /usr/lib(64)?/nagios/plug‐
43       ins/check_time,               /usr/lib(64)?/nagios/plugins/check_dummy,
44       /usr/lib(64)?/nagios/plugins/check_fping,    /usr/lib(64)?/nagios/plug‐
45       ins/check_mysql,              /usr/lib(64)?/nagios/plugins/check_ntp.*,
46       /usr/lib(64)?/nagios/plugins/check_pgsql,    /usr/lib(64)?/nagios/plug‐
47       ins/check_breeze,            /usr/lib(64)?/nagios/plugins/check_oracle,
48       /usr/lib(64)?/nagios/plugins/check_radius,   /usr/lib(64)?/nagios/plug‐
49       ins/check_snmp.*,           /usr/lib(64)?/nagios/plugins/check_cluster,
50       /usr/lib(64)?/nagios/plugins/check_mysql_query
51

PROCESS TYPES

53       SELinux defines process types (domains) for each process running on the
54       system
55
56       You can see the context of a process using the -Z option to ps
57
58       Policy governs the access confined processes have  to  files.   SELinux
59       nagios_services_plugin  policy is very flexible allowing users to setup
60       their nagios_services_plugin processes in as secure a method as  possi‐
61       ble.
62
63       The following process types are defined for nagios_services_plugin:
64
65       nagios_services_plugin_t
66
67       Note:  semanage  permissive  -a nagios_services_plugin_t can be used to
68       make the process type nagios_services_plugin_t permissive. SELinux does
69       not  deny  access to permissive process types, but the AVC (SELinux de‐
70       nials) messages are still generated.
71
72

BOOLEANS

74       SELinux policy is customizable based on  least  access  required.   na‐
75       gios_services_plugin policy is extremely flexible and has several bool‐
76       eans that allow you  to  manipulate  the  policy  and  run  nagios_ser‐
77       vices_plugin with the tightest access possible.
78
79
80
81       If you want to allow all domains to execute in fips_mode, you must turn
82       on the fips_mode boolean. Enabled by default.
83
84       setsebool -P fips_mode 1
85
86
87

MANAGED FILES

89       The SELinux process type nagios_services_plugin_t can manage files  la‐
90       beled  with the following file types.  The paths listed are the default
91       paths for these file types.  Note the processes UID still need to  have
92       DAC permissions.
93
94       krb5_host_rcache_t
95
96            /var/tmp/krb5_0.rcache2
97            /var/cache/krb5rcache(/.*)?
98            /var/tmp/nfs_0
99            /var/tmp/DNS_25
100            /var/tmp/host_0
101            /var/tmp/imap_0
102            /var/tmp/HTTP_23
103            /var/tmp/HTTP_48
104            /var/tmp/ldap_55
105            /var/tmp/ldap_487
106            /var/tmp/ldapmap1_0
107
108

FILE CONTEXTS

110       SELinux requires files to have an extended attribute to define the file
111       type.
112
113       You can see the context of a file using the -Z option to ls
114
115       Policy governs the access  confined  processes  have  to  these  files.
116       SELinux  nagios_services_plugin  policy is very flexible allowing users
117       to setup their nagios_services_plugin processes in as secure  a  method
118       as possible.
119
120       The following file types are defined for nagios_services_plugin:
121
122
123
124       nagios_services_plugin_exec_t
125
126       - Set files with the nagios_services_plugin_exec_t type, if you want to
127       transition an executable to the nagios_services_plugin_t domain.
128
129
130       Paths:
131            /usr/lib(64)?/nagios/plugins/check_nt,  /usr/lib(64)?/nagios/plug‐
132            ins/check_dig,             /usr/lib(64)?/nagios/plugins/check_dns,
133            /usr/lib(64)?/nagios/plugins/check_rpc, /usr/lib(64)?/nagios/plug‐
134            ins/check_sip,             /usr/lib(64)?/nagios/plugins/check_ssh,
135            /usr/lib(64)?/nagios/plugins/check_tcp, /usr/lib(64)?/nagios/plug‐
136            ins/check_ups,            /usr/lib(64)?/nagios/plugins/check_dhcp,
137            /usr/lib(64)?/nagios/plugins/check_game,         /usr/lib(64)?/na‐
138            gios/plugins/check_hpjd,  /usr/lib(64)?/nagios/plugins/check_http,
139            /usr/lib(64)?/nagios/plugins/check_icmp,         /usr/lib(64)?/na‐
140            gios/plugins/check_ircd,  /usr/lib(64)?/nagios/plugins/check_ldap,
141            /usr/lib(64)?/nagios/plugins/check_nrpe,         /usr/lib(64)?/na‐
142            gios/plugins/check_ping,  /usr/lib(64)?/nagios/plugins/check_real,
143            /usr/lib(64)?/nagios/plugins/check_smtp,         /usr/lib(64)?/na‐
144            gios/plugins/check_time, /usr/lib(64)?/nagios/plugins/check_dummy,
145            /usr/lib(64)?/nagios/plugins/check_fping,        /usr/lib(64)?/na‐
146            gios/plugins/check_mysql,               /usr/lib(64)?/nagios/plug‐
147            ins/check_ntp.*,         /usr/lib(64)?/nagios/plugins/check_pgsql,
148            /usr/lib(64)?/nagios/plugins/check_breeze,       /usr/lib(64)?/na‐
149            gios/plugins/check_oracle,  /usr/lib(64)?/nagios/plugins/check_ra‐
150            dius, /usr/lib(64)?/nagios/plugins/check_snmp.*, /usr/lib(64)?/na‐
151            gios/plugins/check_cluster,             /usr/lib(64)?/nagios/plug‐
152            ins/check_mysql_query
153
154
155       Note:  File context can be temporarily modified with the chcon command.
156       If you want to permanently change the file context you need to use  the
157       semanage fcontext command.  This will modify the SELinux labeling data‐
158       base.  You will need to use restorecon to apply the labels.
159
160

COMMANDS

162       semanage fcontext can also be used to manipulate default  file  context
163       mappings.
164
165       semanage  permissive  can  also  be used to manipulate whether or not a
166       process type is permissive.
167
168       semanage module can also be used to enable/disable/install/remove  pol‐
169       icy modules.
170
171       semanage boolean can also be used to manipulate the booleans
172
173
174       system-config-selinux is a GUI tool available to customize SELinux pol‐
175       icy settings.
176
177

AUTHOR

179       This manual page was auto-generated using sepolicy manpage .
180
181

SEE ALSO

183       selinux(8),  nagios_services_plugin(8),   semanage(8),   restorecon(8),
184       chcon(1), sepolicy(8), setsebool(8)
185
186
187
188nagios_services_plugin             23-02-03  nagios_services_plugin_selinux(8)
Impressum