SELinux fix for syslog-ng with LibreNMS on Centos (#11014)

* Add SELinux policy for syslog-ng on Centos * Update Syslog.md * Update Syslog.md
2024-10-07 16:52:45 +00:00 · 2020-01-09 12:50:54 +01:00
parent 13c6309e81
commit 859e18ea65
1 changed files with 31 additions and 0 deletions
--- a/doc/Extensions/Syslog.md
+++ b/doc/Extensions/Syslog.md
@@ -111,6 +111,37 @@ Add the following to your LibreNMS `config.php` file to enable the Syslog extens
 $config['enable_syslog'] = 1;
 ```

+
+If no messages make it to the syslog tab in LibreNMS, chances are you experience an issue with SELinux. If so, create a file mycustom-librenms-rsyslog.te , with the following content:
+
+```
+module mycustom-librenms-rsyslog 1.0;
+
+require {
+        type syslogd_t;
+        type httpd_sys_rw_content_t;
+        type ping_exec_t;
+        class process execmem;
+        class dir { getattr search write };
+        class file { append getattr execute open read };
+}
+
+#============= syslogd_t ==============
+allow syslogd_t httpd_sys_rw_content_t:dir { getattr search write };
+allow syslogd_t httpd_sys_rw_content_t:file { open read append getattr };
+allow syslogd_t self:process execmem;
+allow syslogd_t ping_exec_t:file execute;
+```
+
+Then, as root, execute the following commands:
+
+```ssh
+checkmodule -M -m -o mycustom-librenms-rsyslog.mod mycustom-librenms-rsyslog.te
+semodule_package -o mycustom-librenms-rsyslog.pp -m mycustom-librenms-rsyslog.mod
+semodule -i mycustom-librenms-rsyslog.pp
+```
+
+
 ### rsyslog

 If you prefer rsyslog, here are some hints on how to get it working.