Ad Widget

**cyber** · 04-08-2023, 09:26

zabbix_selinux: Security Enhanced Linux Policy for the zabbix processes - Linux Manuals (8)

https://www.systutorials.com/docs/linux/man/8-zabbix_selinux/

Security-Enhanced Linux secures the zabbix processes via flexible mandatory access control. The zabbix processes execute with the zabbix_t SELinux type. You can

If you want to determine whether zabbix can connect to all TCP ports, you must turn on the zabbix_can_network boolean. Disabled by default.

setsebool -P zabbix_can_network 1

**SanMonitor** · 02-08-2023, 11:13

Hey Sajgon,
any reason why you're not using net.tcp.service[ssh,,port_number] as your check?

**Sajgon107** · 02-08-2023, 11:42

Originally posted by SanMonitor

Hey Sajgon,
any reason why you're not using net.tcp.service[ssh,,port_number] as your check?

Hello,
yes I did try that, still zabbix returns 0 value.

**Vermizz** · 02-08-2023, 12:15

Hi,
can you try using like this: net.tcp.service[ssh] as a simple check
Does the check work on others hosts?
What system are you using on Zabbix Server? Maybe selinux (redhat/centos) or apparmor (ubuntu/debian) block simple check on SSH.

**Sajgon107** · 02-08-2023, 12:19

Originally posted by Vermizz

Hi,
can you try using like this: net.tcp.service[ssh] as a simple check
Does the check work on others hosts?
What system are you using on Zabbix Server? Maybe selinux (redhat/centos) or apparmor (ubuntu/debian) block simple check on SSH.

Hello, I've tried net.tcp.service[ssh] as a simple check but still Im getting 0 in return. Im running zabbix version 6 on centos distribution, when I try to connect from CLI of that linux machine to host over ssh the connection is working, this problem occurs on different hosts as well.

**Vermizz** · 02-08-2023, 12:45

For test only please check selinux is enable "getenforce" if yes disable it for test: "setenforce 0" and execute simple check.

You can also run test like this: Login to Zabbix server and run command: zabbix_get -s 1.1.1.1 -k net.tcp.service[ssh]
Where 1.1.1.1 is your destination hosts.

**Sajgon107** · 03-08-2023, 17:19

Originally posted by Vermizz

For test only please check selinux is enable "getenforce" if yes disable it for test: "setenforce 0" and execute simple check.

You can also run test like this: Login to Zabbix server and run command: zabbix_get -s 1.1.1.1 -k net.tcp.service[ssh]
Where 1.1.1.1 is your destination hosts.

Thanks for help, after turning off getenforce it worked. Can you suggest me how to configure it while keeping getenforce on?
Thanks

**cyber** · 04-08-2023, 09:26

zabbix_selinux: Security Enhanced Linux Policy for the zabbix processes - Linux Manuals (8)

https://www.systutorials.com/docs/linux/man/8-zabbix_selinux/

Security-Enhanced Linux secures the zabbix processes via flexible mandatory access control. The zabbix processes execute with the zabbix_t SELinux type. You can

If you want to determine whether zabbix can connect to all TCP ports, you must turn on the zabbix_can_network boolean. Disabled by default.

setsebool -P zabbix_can_network 1

**Sajgon107** · 04-08-2023, 11:43

Originally posted by cyber

https://www.systutorials.com/docs/li...abbix_selinux/

Thanks a lot, its working now.

Ad Widget

Monitoring SSH (TCP 22 port) not working

Monitoring SSH (TCP 22 port) not working

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment