We keep getting agent errors/not updating with the auto update. There are several threads on this but no resolution that I can see. One post indicated a centos/RHEL bug but I was able to find that the Selinux was actually stopping the RPM update. It looks like the SOFTWARE_UPDATE type was added some time ago but after spending some time to see if I can whitelist this I am not finding much on the this Seliunx type.
This thread pointing me in the Selinux direction.
Some of the 75 centos host that we monitor has the Selinux disabled and the update works fine but the ones that have the Selinux enabled and is set to enforcing will not update automatically, we have to login and then update manually with cmk-update-agent –u which really defeats the auto update function.
A large portion of these servers are customer servers and they are not going to give us permission to disable Seliunx so I wanted see if anyone here has any input?
We use xinetd for the agent and it runs with the root user.
Selinux log entry;
type=SOFTWARE_UPDATE msg=audit(1629349829.684:196386): pid=14601 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 msg='sw=“check-mk-agent-2.0.0p9-1.c2508fa13e1e3d24.noarch” sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm=“rpm” exe="/usr/bin/rpm" hostname=? addr=? terminal=? res=failed