Treg's blog

November 4th, 2014

CentOS 6.x, Zabbix and SElinux

Posted by Treg in Linux, Tech

Since Zabbix version 2.2, I’m running into faulty/wrong zabbix-agent SElinux policies. There is not too much information available on the web to fix this issue. The steps underneed should do:

Install Zabbix Agent:
# yum install zabbix22-agent

# Edit the Zabbix Agent config file:
# vi /etc/zabbix/zabbix_agentd.conf

Run the service:
# service zabbix-agentd start

Interprete the audit log and create custom SElinux exceptions:
# cat /var/log/audit/audit.log | grep zab | audit2allow -M zabbix-agent

To install audit2allow:
# yum install policycoreutils-python

Verify the generated SElinux rules:
# vi zabbix-agent.te

Apply the generated SElinux rules:
# semodule -i zabbix-agent.pp

Additional: allow the Zabbix Agent to run on a different port, e.g. on port 8484:
# semanage port -a -t port_t -p tcp 8484

Restart the Zabbix Agent service:
# service zabbix-agentd restart

Verify the Zabbix Agent logs:
# tail /var/log/zabbix/zabbix-agentd.log

Please feel free to optimize the procedure and leave a comment.