Centos – set selinux permissive without reboot

You can view the current mode SELinux operates in, by executing the sestatus comman:

# sestatus

You can change the mode by editing the file /etc/selinux/config and change the SELINUX=enforcing line to SELINUX=permissive

# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

By executing once again the sestatus command you ‘ll get the output:

# sestatus

SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted

My way to change the current mode is to reboot the machine. Today I discovered that you can change the current mode by using the setenforce command.

man pages gives this as usage:

setenforce [ Enforcing | Permissive | 1 | 0 ]

so you can execute

# setenforce 0

to change SELinux currend mode to permissive.

No more reboots and downtime because of selinux!!!

Install Nagios to Centos 6.4

In this step by step guide, we will install nagios. Nagios is a great (if not the greatest) opensource monitoring tool. You can use to monitor your hole datacenter, or lot’s of datacenters, services and networks.

1. Install the epel repository

Supposing you have not allready installed epel repository, run the following command:

# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

2. Disable selinux, iptables

In order to disable selinux edit /etc/selinux/config

# vi /etc/selinux/config

and set

SELINUX=disabled

I do not recommend to disable iptables, but setting correctly it depends on your servers configuration

I disabled iptables here just to ensure that everything works and then I will apply my firewall policy.

To disable iptables you have to run the following command:

# service iptables stop
# chkconfig iptables off

To confirm that the service is not running, run the following command:

# service iptables status

and the output should be like this:

iptables: Firewall is not running.

Then run the following command to ensure that is turned off, on boot

# chkconfig --list iptables

and the output should be this:

iptables        0:off   1:off   2:off    3:off    4:off    5:off    6:off

reboot your system to take effect selinux configuration.
To confirm that your system has disabled selinux run:

# sestatus
SELinux status: disabled

Be carefull if you didn’t run

# chkconfig iptables off

then after the system reboots, the iptables service will be up.

3. Nagios Installation

Now you can install nagios using yum

# yum install nagios

When the installation completes it’s procedure, you should run:

# service httpd restart
# service nagios restart

and then visit:

http://your-ip/nagios/

there will be a basic authentication, and you can login giving the following default credentials for nagios:

username: nagiosadmin
password: nagiosadmin

You can also change these credentials to whatever you want:

# htpasswd /etc/nagios/htpasswd nagiosadmin

and here enter the password you want.

 4. Change the theme of nagios

You can stay with the nagios default theme, but you can also change it to one of your choice. I like this theme:

http://www.be-root.com/downloads/nagios/vautour/vautour_style.zip

and here I will describe how to install it.

# cd /tmp
# wget http://www.be-root.com/downloads/nagios/vautour/vautour_style.zip
# mkdir vautour
# mv vautour_style.zip vautour
# cd vautour
# unzip vautour_style.zip
# mv vautour/ /usr/share/nagios/.
# cd /usr/share/nagios/
# mv html html-backup
# mv vautour/ html
# chmod 775 html

if you miss unzip package install it via yum.

# yum install unzip

5. Install check_mysql_health

I found this plugin very helpfull to monitor my MySQL server.

to install it follow these instructions:

# cd /tmp
# wget http://labs.consol.de/download/shinken-nagios-plugins/check_mysql_health-2.1.8.2.tar.gz
# gtar -xzpf check_mysql_health-2.1.8.2.tar.gz
# cd check_mysql_health-2.1.8.2
# ./configure -prefix=/usr/lib64/nagios/ --with-nagios-user=nagios --with-nagios-group=nagios --with-perl=/usr/bin/perl --with-mymodules-dir=/usr/lib64/nagios/plugins --with-mymodules-dyn-dir=/usr/lib64/nagios/plugins
# cp -p /usr/lib64/nagios/libexec/check_mysql_health /usr/lib64/nagios/plugins/.

 

6. Configure nagios

In order to organize better your configuration files, I recommend that you should separate each configuration file for each purpose.

I add a file in /etc/nagios/conf.d/

hostgroups.cfg

and a file

servicegroups.cfg

where I include the declaration of the hostgroups and servicegroups respectively.

Then I create files for each servicegroup in /etc/nagios/objects/ for example I have a hostgroup of webservers, then I create a file webservers.cfg in this directory where I declare hosts and services. Then I add this file path to /etc/nagios/nagios.cfg as here:

# Definitions for monitoring the webservers
cfg_file=/etc/nagios/objects/webservers.cfg

7. Validate Configuration

Before restarting the nagios service, you should check the configuration spelling. This can be done, by run:

nagios -v /etc/nagios/nagios.cfg

I ‘ll try to update this post, and describe how to use check_mysql_health and other tools of nagios.