Loading...

XML

Word

Printable

Type: Problem report
Resolution: Unresolved
Priority: Trivial
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

On fresh Redhat 9.6 installation, zabbix-agent 7.0.19 doesnt start.

cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.6 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.6"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.6 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://issues.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.6
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.6"
Red Hat Enterprise Linux release 9.6 (Plow)
Red Hat Enterprise Linux release 9.6 (Plow)

rpm -qa -last | grep zabbix
zabbix-agent-7.0.19-release1.el9.x86_64       Tue 28 Oct 2025 06:09:15 AM UTC
zabbix-selinux-policy-7.0.19-release1.el9.x86_64 Tue 28 Oct 2025 06:08:17 AM UTC

 56391:20251028:060957.060 Starting Zabbix Agent [server.com]. Zabbix 7.0.19 (revision a2d0368f1b9).
 56391:20251028:060957.060 **** Enabled features ****
 56391:20251028:060957.060 IPv6 support:          YES
 56391:20251028:060957.060 TLS support:           YES
 56391:20251028:060957.060 **************************
 56391:20251028:060957.060 using configuration file: /etc/zabbix/zabbix_agentd.conf
 56391:20251028:060957.061 listener failed: bind() for [[-]:10150] failed: [13] Permission denied
 56391:20251028:060957.061 Zabbix Agent stopped. Zabbix 7.0.19 (revision a2d0368f1b9).

cat /var/log/audit/audit.log | grep agent
type=SOFTWARE_UPDATE msg=audit(1761631755.940:2392): pid=53991 uid=0 auid=873416138 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="zabbix-agent-7.0.19-release1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=server.com addr=? terminal=pts/1 res=success'UID="root" AUID="user"
type=AVC msg=audit(1761631797.059:2995): avc:  denied  { name_bind } for  pid=56391 comm="zabbix_agentd" src=10150 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631797.059:2995): arch=c000003e syscall=49 success=no exit=-13 a0=4 a1=55945bb44a00 a2=10 a3=7ffdbe3f34dc items=0 ppid=1 pid=56391 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=bind AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=SERVICE_START msg=audit(1761631799.067:2996): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1761631809.123:3036): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1761631809.123:3037): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1761631809.179:3038): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631809.179:3038): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=AVC msg=audit(1761631809.180:3039): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631809.180:3039): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=SERVICE_START msg=audit(1761631809.269:3040): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1761631814.180:3119): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631814.180:3119): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=AVC msg=audit(1761631819.181:3181): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631819.181:3181): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=AVC msg=audit(1761631824.182:3182): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631824.182:3182): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=AVC msg=audit(1761631829.183:3184): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1761631829.183:3184): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=AVC msg=audit(1761631834.184:3207): avc:  denied  { name_connect } for  pid=56561 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=1
type=SYSCALL msg=audit(1761631834.184:3207): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=562f4cef5400 a2=10 a3=0 items=0 ppid=56549 pid=56561 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"
type=SERVICE_STOP msg=audit(1761631835.336:3223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1761631835.455:3224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1761631838.688:3261): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1761631838.813:3262): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zabbix-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1761631843.722:3271): avc:  denied  { name_connect } for  pid=57363 comm="zabbix_agentd" dest=10050 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_agent_port_t:s0 tclass=tcp_socket permissive=1
type=SYSCALL msg=audit(1761631843.722:3271): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=562106f42400 a2=10 a3=0 items=0 ppid=57351 pid=57363 auid=4294967295 uid=986 gid=986 euid=986 suid=986 fsuid=986 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="zabbix" GID="zabbix" EUID="zabbix" SUID="zabbix" FSUID="zabbix" EGID="zabbix" SGID="zabbix" FSGID="zabbix"

cat /var/log/messages | grep agent
Oct 28 06:09:08 server.com python3[53860]: ansible-systemd Invoked with name=zabbix-agent state=stopped daemon_reload=False daemon_reexec=False scope=system no_block=False enabled=None force=None masked=None
Oct 28 06:09:10 server.com python3[53990]: ansible-ansible.legacy.command Invoked with _raw_params=rpm -qa|grep zabbix-agent*|xargs rpm -e; dnf -y install https://repo.zabbix.com/zabbix/7.0/rhel/9/x86_64/zabbix-agent-7.0.19-release1.el9.x86_64.rpm _uses_shell=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None
Oct 28 06:09:23 server.com python3[54573]: ansible-ansible.legacy.stat Invoked with path=/etc/zabbix/zabbix_agentd.conf follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True
Oct 28 06:09:25 server.com python3[54679]: ansible-ansible.legacy.copy Invoked with src=/home/user/.ansible/tmp/ansible-tmp-1761631761.747426-383721-211914510984126/source dest=/etc/zabbix/zabbix_agentd.conf owner=zabbix group=zabbix mode=420 follow=False _original_basename=zabbix_agentd.conf.j2 checksum=6fa2eabc507d12a09be9912e49ecb8429f056f3e backup=False force=True unsafe_writes=False content=NOT_LOGGING_PARAMETER validate=None directory_mode=None remote_src=None local_follow=None seuser=None serole=None selevel=None setype=None attributes=None
Oct 28 06:09:56 server.com python3[56362]: ansible-systemd Invoked with name=zabbix-agent enabled=True state=restarted daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None
Oct 28 06:09:59 server.com systemd[1]: zabbix-agent.service: Can't open PID file /run/zabbix/zabbix_agentd.pid (yet?) after start: Operation not permitted
Oct 28 06:09:59 server.com systemd[1]: zabbix-agent.service: Failed with result 'protocol'.
Oct 28 06:10:01 server.com python3[56532]: ansible-ansible.legacy.command Invoked with _raw_params=cat /var/log/audit/audit.log | grep zabbix_agentd | grep denied | audit2allow -M zabbix_agent_setrlimit > zabbix_agent_setrlimit.te && semodule -i zabbix_agent_setrlimit.pp && systemctl start zabbix-agent _uses_shell=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None
Oct 28 06:10:02 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_bind access on the tcp_socket port 10150. For complete SELinux messages run: sealert -l b851c8d3-367d-4c1a-98f3-54cd4f092a13
Oct 28 06:10:02 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_bind access on the tcp_socket port 10150.#012#012*****  Plugin bind_ports (92.2 confidence) suggests   ************************#012#012If you want to allow /usr/sbin/zabbix_agentd to bind to network port 10150#012Then you need to modify the port type.#012Do#012# semanage port -a -t zabbix_agent_port_t -p tcp 10150#012#012*****  Plugin catchall_boolean (7.83 confidence) suggests   ******************#012#012If you want to allow nis to enabled#012Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.#012#012Do#012setsebool -P nis_enabled 1#012#012*****  Plugin catchall (1.41 confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_bind access on the port 10150 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:09 server.com systemd[1]: zabbix-agent.service: Scheduled restart job, restart counter is at 1.
Oct 28 06:10:09 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:09 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:09 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:09 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:11 server.com python3[56690]: ansible-systemd Invoked with name=zabbix-agent enabled=True state=started daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None
Oct 28 06:10:13 server.com python3[56821]: ansible-ansible.legacy.stat Invoked with path=/root/zabbix_agentd_special.pp follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True
Oct 28 06:10:14 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:14 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:16 server.com python3[56925]: ansible-ansible.legacy.copy Invoked with src=/home/user/.ansible/tmp/ansible-tmp-1761631812.2515776-383972-281136250277957/source dest=/root/ _original_basename=zabbix_agentd_special.pp follow=False checksum=823dcc464342f1fac56d536a9a892cf7a4fec790 backup=False force=True unsafe_writes=False content=NOT_LOGGING_PARAMETER validate=None directory_mode=None remote_src=None local_follow=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Oct 28 06:10:18 server.com python3[57054]: ansible-ansible.legacy.command Invoked with _raw_params=/usr/sbin/semodule -i /root/zabbix_agentd_special.pp && semanage permissive -a zabbix_agent_t _uses_shell=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None
Oct 28 06:10:19 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:19 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:25 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:25 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:29 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:29 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:34 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:34 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012
Oct 28 06:10:35 server.com python3[57194]: ansible-systemd Invoked with name=zabbix-agent enabled=True state=restarted daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None
Oct 28 06:10:35 server.com systemd[1]: zabbix-agent.service: Deactivated successfully.
Oct 28 06:10:38 server.com python3[57343]: ansible-systemd Invoked with name=zabbix-agent enabled=True state=restarted daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None
Oct 28 06:10:38 server.com systemd[1]: zabbix-agent.service: Deactivated successfully.
Oct 28 06:10:43 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050. For complete SELinux messages run: sealert -l 8b70e7ea-1005-4fca-8784-85ba59b5ff1a
Oct 28 06:10:43 server.com setroubleshoot[56392]: SELinux is preventing /usr/sbin/zabbix_agentd from name_connect access on the tcp_socket port 10050.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that zabbix_agentd should be allowed name_connect access on the port 10050 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'zabbix_agentd' --raw | audit2allow -M my-zabbixagentd#012# semodule -X 300 -i my-zabbixagentd.pp#012

To fix, execute:

cat /var/log/audit/audit.log | grep zabbix_agentd | grep denied | audit2allow -M zabbix_agent_setrlimit > zabbix_agent_setrlimit.te && semodule -i zabbix_agent_setrlimit.pp && systemctl restart zabbix-agent

cat zabbix_agent_setrlimit.te

module zabbix_agent_setrlimit 1.0;

require {
        type zabbix_agent_port_t;
        type unreserved_port_t;
        type zabbix_agent_t;
        class tcp_socket { name_bind name_connect };
}

#============= zabbix_agent_t ==============

#!!!! This avc is allowed in the current policy
allow zabbix_agent_t unreserved_port_t:tcp_socket name_bind;
allow zabbix_agent_t zabbix_agent_port_t:tcp_socket name_connect;

Assignee:: Jurijs Klopovskis

Reporter:: Sergejs Pavlovs

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 5 days ago 08:13

Updated:: 5 days ago 08:23

Details

Description

Attachments

Activity

People

Dates