To check if SELinux is enabled or disabled, you can us the sestatus command
sestatus
Or you can grep what is in the SELinux config
cat /etc/selinux/config | grep SELINUX=.*abled
Check SELinux Status
Reply
Tag Archives: selinux
semanage Allow and Delete ports in CentOS
The commands are for CentOS, but should work on Fedora and RedHat.
If semanage is not installed refer to here.
You would typically use this along with the systems firewall to allow a port through. Guide for firewalld and iptables. If you change it in the firewall and fail to add/edit it in semanage you can potentially get weird behavior like sshd not wanting to start after changing the port.
Add port
semanage port -a -t ssh_port_t -p tcp 2222
The above command allows the sshd service to start, using port 2222.
List allowed ports
semanage port -l
You can use grep to filter the results
Example:
[admin@localhost ~]# semanage port -l | grep ssh ssh_port_t tcp 2222, 22 [admin@localhost ~]#
Delete port
semanage port -d -p tcp 2222
Other examples
Allow SNMP
semanage port -a -t snmp_port_t -p udp 161
Install semanage on CentOS 7
semanage is part of the policycoreutils-python package, as is seen when you run “yum provides semanage”. So you need to install the package to get the semanage functionality.
yum install policycoreutils-python
You should be good to go.
LibreNMS not able to ping device and can’t change device name
If your having issues in the LibreNMS web interface changing a devices IP address or you can’t add a new one because it says it can’t ping the device, it is probably because SELinux is causing issues.
As far as changing a devices ip address, it looks like SELinux is not allowing Apache write access to the /opt/librenms/rrd directory
Temporary fix is to run
setenforce 0
You can permenatly disable SElinux by opening up “/etc/selinux/config” and changing “SELINUX=enforcing” to “SELINUX=disabled” and rebooting.
Renaming of x.x.x.x failed . Does your web server have permission to modify the rrd files?
It looks like there may be a bug where you’ll try to change the IP of a device and get the above error. It looks like the issue has something to do with the ip address. If your trying to change the IP on a router that has multiple IP addresses, try a different address in LibreNMS.
How To Enable/Disable SELinux
Disable SELinux
You can manually edit the SELinux config file in /etc/selinux/config and change the variable SELINUX=enforcing to disabled
vi /etc/selinux/config
... SELINUX=disabled ...
or you can use this little command
sed -i.bak -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
Enable SELinux
You can enable SELinux manually the same as above but set SELINUX=disabled to SELINUX=enforcing
vi /etc/selinux/config
... SELINUX=enforcing ...
or
sed -i.bak -e 's/^SELINUX=.*/SELINUX=enforcing/g' /etc/selinux/config