Configure SELinux to allow Nagios publickey auth

Nagios is a tool for monitoring servers. In a security-minded environment, you need to make allowances for nagios. It operates over ssh using a public key, which SELinux doesn’t like.

One problem that can occur is that the ~nagios/.ssh/authorized_keys file will not have the right selinux context. Fix that with

semanage fcontext -a -t "ssh_home_t" "/var/spool/nagios(/.*)?"
restorecon -RvF /var/spool/nagios

This will make a new rule in selinux for that directory to have a regular ssh-homedir context, so public keys will work properly. If nagios cannot connect passwordlessly, it will throw fits.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s