Setting up a CentOS 7 machine to allow SNMP SMART monitoring from a Nagios box. I would like to leave SELinux enabled if possible. The error I'm seeing from the Nagios side is:
Code: Select all
UCD-SNMP-MIB::extOutput.1 = STRING: sudo: unable to send audit message: Permission denied
Code: Select all
type=AVC msg=audit(1496756656.702:12003): avc: denied { audit_write } for pid=22703 comm="sudo" capability=29 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=capability
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
Code: Select all
audit2allow -a -M snmpsudo
Code: Select all
semodule -i snmpsudo.pp
If I run
Code: Select all
setenforce 0