Ad Widget

**V.N.** · 28-10-2015, 15:29

Add info

Config file of agent is attached.

Of course, I have .my.cnf in /etc/zabbix, but I don't understand the error. Debug level in agent_conf didn't clarify anything, the same phrase and that's all concerning mysqladmin.

P.S. I uninstalled Mariadb and installed MySQL instead.... But the same error, so MariaDB is not guilty. Any ideas?

**V.N.** · 28-10-2015, 15:31

Config

Forgot to attach config

Attached Files

zabbix_agentd.conf.txt (5.6 KB, 144 views)

**V.N.** · 28-10-2015, 16:23

My OS is Centos 7.
Seems to me that the problem is OS, not mysql or mariadb.
On Centos 6.7 everything works.

**ingus.vilnis** · 29-10-2015, 13:31

Hello and welcome to Zabbix forums!

First thing I would start on CentOS 7 is to check if SELinux is not in your way.
Check the current status.

Code:

getenforce

If the mode is "Enforcing" then temporary disable it.

Code:

setenforce 0

Try if everything works now.

If it does then set SELinux back to Enforcing and check /var/log/audit for detailed error messages. Additionally learn how to allow all that stuff though SELinux filters.

If that is not the case and SELinux is in "Permissive" mode already then it is something else but first try above.

Best Regards,
Ingus

**V.N.** · 30-10-2015, 07:29

Hello!
Thanks for the reply. Really the problem is SELinux. But if I don't want to disable it do I need make custom policy?
I found built-in module in SELinux named Zabbix and version 1.6.

Code:

[root@mos-sr-rm0106bs ~]# semodule -l | grep zabbix
zabbix  1.6.0
[root@mos-sr-rm0106bs ~]#

Is it OK? Does it work or should it to work?

**ingus.vilnis** · 30-10-2015, 09:31

Hi,

SELinux is not that difficult to manage.
First check what settings do you have.

Code:

getsebool -a
getsebool -a | grep zabbix

Check all Zabbix related and of they are off, turn them on. (use -P to make the change permanent also after reboot)

Code:

setsebool -P zabbix_can_network=1

Then you probably have something more than that in the audit log. Check what else is blocked and try to create a policy.
Here is a nice tutorial how to do so.

http://robinbowes.com/article.php/20060206181015320

Best Regards,
Ingus

**V.N.** · 30-10-2015, 12:45

Well, I have made them friends at last.
I made the new police for SELinux. In my case the problem was in Zabbix agent attempting to access mysql, so the policy text is below

Code:

module zabbix-mysql 1.0;

require {
        type mysqld_var_run_t;
        type mysqld_etc_t;
        type zabbix_agent_t;
        type mysqld_t;
        class sock_file write;
        class unix_stream_socket connectto;
        class file { read open };
}

#============= zabbix_agent_t ==============
allow zabbix_agent_t mysqld_etc_t:file read;

#!!!! This avc is allowed in the current policy
allow zabbix_agent_t mysqld_etc_t:file open;

#!!!! This avc is allowed in the current policy
allow zabbix_agent_t mysqld_t:unix_stream_socket connectto;
allow zabbix_agent_t mysqld_var_run_t:sock_file write;

Using this info it's possible to compile the policy.
I hope this info will be useful to somebody.

Ad Widget

Monitoring MariaDB

Monitoring MariaDB

Comment

Comment

Comment

Comment

Comment

Comment

Comment