Hello,
We are starting our transition to icinga2 from nagios. As we use chef, im working o our deployment on a staging environment and making base configuration of icinga2 and icingaweb2.
We mind about security and use open_basedir restrictions in our php-fpm server and selinux also.
When i first test to create a custom dashboard, server says:
is_dir(): open_basedir restriction in effect. File(/etc/) is not within the allowed path(s): (/var/www/html:/var/log/icingaweb2:/usr/share/icingaweb2/:/usr/share/php/:/etc/icingaweb2/:/opt/rh/rh-php71:/tmp/)
Note we have included /etc/icingaweb2
on our open_basedir restriction, but icinga for some reason php is asking about /etc/
, supouse we add /etc
which is not much secure for us, but then selinux complains about bad label on that path, and grep on /var/log/audit
:
grep denied /var/log/audit/audit.log|audit2allow
#============= httpd_t ==============
#!!!! WARNING: 'etc_t' is a base type.
allow httpd_t etc_t:dir write;
So:
- ¿Why writting on /etc/ on a webapp? ¿shouldnt be better to keep http written files over share dir
/usr/share/icingaweb2
? - ¿Can we change default dashboards path on icingaweb2 config? (didnt found anything)