User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1 I installed Zabbix 1.8.5-2.el6 from the EPEL on a fresh CentOS6 box with SELinux enforcing policy by default. All components install an run fine. Web Interface anyhow shows the Zabbix-Server as although the rest is shown fine. Connectivity issues can be ruled out (Web-IF on localhost as well as server, configfiles correct). Setting SELinux to permissive fixes this issue, and Zabbix Web shows the server as up. The Zabbix-Forum has this entry http://www.zabbix.com/forum/showpost.php?p=10460&postcount=10 which describes what the Zabbix-Web needs to access to recognize the status of the server process, maybe it helps adapting the SELiunx policy. Reproducible: Always Actual Results: Zabbix-Web does not report Zabbix-Server status correct. Expected Results: Zabbix-Web Interface should report Zabbix-Server status correct. The Zabbix-Forum has this entry http://www.zabbix.com/forum/showpost.php?p=10460&postcount=10 which describes what the Zabbix-Web needs to access to recognize the status of the server process, maybe it helps adapting the SELiunx policy.
The quoted Zabbix Forum link is out of date - this is more up to date http://www.zabbix.com/forum/showthread.php?t=23878 Note that the solution I have quoted: semanage port -a -t http_port_t -p tcp 10051 works, but not after a reboot. I am still working on a solution will post it here and in the Zabbix Forum when I get one.
One of the solutions is to turn on one this boolean: httpd_can_network_connect Run `setsebool httpd_can_network_connect=1' to have it persistent.
this problem is still not resolved....
I added a note on the 2.0.8-3 README. David's suggestion is a bit too permissive. In the README I suggest to audit2allow and create a policy module to make it persistent.
A README will not help a user. The package should work when installed by the user.
on 6.4, being close to disabling selinux, i opted for httpd_can_network_connect. given that i suspect ldap auth also to require connectivity, this should save the remaining sanity i might have :)
Since I can't think of a better solution than that and it being documented, I guess we can close this issue.