Use the ausearch utility to check the Access Vector Cache (AVC) messages and see if SELinux denies any of the FglAM actions:
The -m option specifies what kind of information ausearch returns. The -ts option specifies the time stamp. For example, -ts today returns messages from the whole day.
a |
Open the /etc/selinux/config file and change SELinux mode to permissive. Using permissive mode will force SELinux to accept all FglAM actions. SELinux will log all the denials regarding to FglAM actions that would have been denied in enforcing mode, by identifying them one at a time as the FglAM gets permissions granted individually. |
d |
Use the 'journalctl -t setroubleshoot --since= [time]' utility to view more information about the AVC message: # journalctl -t setroubleshoot --since=11:18 – Logs begin at Tue 2020-11-03 10:37:14 CST, end at Wed 2020-11-04 11:19:27 CST. – Nov 04 11:18:30 centos82-s1 setroubleshoot[1416]: SELinux is preventing quest-fglam from execute access on the file fglam. For complete SELinux messages run: sealert -l 06149362-e530-4f52-a081-53751a98eab7 Replace [time] with the machine restart time. |
e |
Use the 'sealert -l [AVC message ID]' utility to further inspect the AVC message: |
i |
Check if there are still denials about FglAM actions. If yes, repeat Step a to Step i until no denials to FglAM actions are found. |
The Agent Manager supports the SSH (secure shell) protocol for remote monitoring of hosts running Linux® and UNIX® operating systems. SSH is a protocol which encrypts all traffic between the client and the server, and supports a wide variety of secure authentication mechanisms. SSH is available for installation on all platforms supported for remote monitoring by Foglight.
As described in Installing the Agent Manager using the installer interface and Installing the Agent Manager from the command line , you can install an init.d-style script called quest-fglam in the init.d directory on your system. This script is called when the host on which the Agent Manager is installed starts or shuts down, allowing it to run as a daemon.
Even if you choose not to install the init.d script during the installation, or if you do not perform the installation as the root user, the installer generates scripts that can perform the necessary setup.
These scripts are fglam-init-script-installer.sh and fglam-init-script.sh, and they are located in the <fglam_home>/state/default/ directory.
The script fglam-init-script-installer.sh installs the script fglam-init-script.sh into your system’s init.d directory as quest-fglam. Your system’s init.d process then uses quest-fglam to run the Agent Manager as a daemon.
1 |
Launch a command shell on the Agent Manager machine and navigate to the <fglam_home>/state/default/ directory. |
2 |
Optional. If you want to make any edits to fglam-init-script.sh to customize it for your system, do so prior to running fglam-init-script-installer.sh. |
IMPORTANT: Any customizations that you make to the script fglam-init-script.sh are not supported by Quest Software Inc.. |
4 |
IMPORTANT: This script must be run as root. |
5 |
To remove the init.d script, follow the instructions in To remove the init.d script used to run the Agent Manager as a daemon on UNIX®: .
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center