Ad Widget

Collapse

Zabbix server Permission denied

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • tluo
    Junior Member
    • Mar 2016
    • 10
    #1

    Zabbix server Permission denied

    I keep getting the error below in my zabbix_server:

    9585:20160314:104304.513 failed to kill [/usr/lib/zabbix/externalscripts/aaa.py "1.1.1.1"]: [13] Permission denied
    9619:20160314:104305.365 item "1.1.1.1:aaa.py[{HOST.CONN}]" became not supported: Timeout while executing a shell script.
    9617:20160314:104623.612 item "1.1.1.1:aaa.py[{HOST.CONN}]" became supported

    The selinux bool have been set:
    # getsebool -a |grep zabbix
    httpd_can_connect_zabbix --> on
    zabbix_can_network --> on

    It is Centos 7.2, Zabbix 2.4.7.

    I appreciate anybody's help.
    Tags: None
    • jan.garaj
      Senior Member
      Zabbix Certified Specialist
      • Jan 2010
      • 506
      #2
      Check your audit log file, probably:
      Code:
      grep zabbix /var/log/audit/audit.log | grep denied
      and add permissions, which have blocked by selinux.
      Devops Monitoring Expert advice: Dockerize/automate/monitor all the things.
      My DevOps stack: Docker / Kubernetes / Mesos / ECS / Terraform / Elasticsearch / Zabbix / Grafana / Puppet / Ansible / Vagrant

        Comment

        • tluo
          Junior Member
          • Mar 2016
          • 10
          #3
          Thank you Garaj,
          I ran the below command, it looks fixed.

          # grep zabbix ../audit/audit.log|audit2allow
          #============= zabbix_t ==============
          allow zabbix_t cert_t:dir write;
          allow zabbix_t cert_t:file write;
          allow zabbix_t snmpd_var_lib_t:dir { write add_name };
          allow zabbix_t snmpd_var_lib_t:file { write create };

          #!!!! This avc is allowed in the current policy
          allow zabbix_t transproxy_port_t:tcp_socket name_connect;
          allow zabbix_t zabbix_script_trocess signal;

            Comment

            Previous template Next
            Working...