I'm running Zabbix Server v4.4 and the Zabbix agent on my MySQL server is v4.4 also. I'm using the MySQL package as bundled with CentOS 8.1. For some reason the MySQL Zabbix Agent template will not work when SELinux is in Enforcing mode. I've set it to Permissive mode for now and it works fine. Does anyone know how to resolve the issue so I can put SELinux on my server back into Enforcing mode?
-
-
Same problem with the PostgreSQL template. -
Does anyone have a fix for this? I'd like to set SELinux on my SQL servers back to Enforcing mode. If not, I guess I'll just stop using the Zabbix agent to monitor MySQL and PostgreSQL.Comment
-
I think you might try installing RPM package selinux-policy-targeted. If that won't help you would need to create the SELinux module for agent. There are some people out there with same problem that seem to have found the solution, e. g.:
https://www.zabbix.com/forum/zabbix-...toring-mariadbComment
-
Thanks for the tip. The info in the thread you linked gave me enough information to create my own SELinux policy. This is what I got for CentOS/OL/RHEL 8.1...
Code:module zabbix_agent_mysql 1.0; require { type mysqld_t; type mysqld_etc_t; type zabbix_agent_t; type zabbix_var_lib_t; class file { open read }; class unix_stream_socket connectto; } #============= zabbix_agent_t ============== allow zabbix_agent_t mysqld_etc_t:file { open read }; #!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode' allow zabbix_agent_t mysqld_t:unix_stream_socket connectto; allow zabbix_agent_t zabbix_var_lib_t:file { open read };Comment
Comment