系统启动snmpd后发现有大量的审计日志,困扰了我几个月的时间,都没有办法解决,结果最近在一个老外的文章,然后受到启发后结果把问题给搞定了
Jan 14 00:50:39 HMG-102 kernel: audit(1200243039.034:27211): avc: denied { getattr } for pid=19390 comm="snmpd" name="/" dev=sda2 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dirJan 14 00:50:39 HMG-102 kernel: audit(1200243039.034:27212): avc: denied { getattr } for pid=19390 comm="snmpd" name="/" dev=sda2 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dirJan 14 00:50:39 HMG-102 kernel: audit(1200243039.034:27213): avc: denied { getattr } for pid=19390 comm="snmpd" name="/" dev=sda2 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dirJan 14 00:50:39 HMG-102 kernel: audit(1200243039.034:27214): avc: denied { getattr } for pid=19390 comm="snmpd" name="/" dev=sda2 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dirJan 14 00:50:39 HMG-102 kernel: audit(1200243039.069:27215): avc: denied { getattr } for pid=19390 comm="snmpd" name="/" dev=sda7 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:tmp_t tclass=dirJan 14 00:50:39 HMG-102 kernel: audit(1200243039.069:27216): avc: denied { getattr } for pid=19390 comm="snmpd" name="/" dev=sda7 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:tmp_t tclass=dir
#audit2allow -d //查看selinux拒绝了那些snmp正常的操作
allow snmpd_t file_t:dir getattr;
allow snmpd_t tmp_t:dir getattr;
把上面的行输出加入到文件
原因是没有安装selinux-policy-targeted-sources-1.17.30-2.140.noarch.rpm,到处找,终于在上面找到了该RPM,安装后把上面几行输出加入到文件 /etc/selinux/targeted/src/policy/domains/program/snmpd.te中。
#cd /etc/selinux/targeted/src/policy
#make load
#setfiles file_contexts/file_contexts /usr/share/snmp
搞掂。