We are starting our transition to icinga2 from nagios. As we use chef, im working o our deployment on a staging environment and making base configuration of icinga2 and icingaweb2.
We mind about security and use open_basedir restrictions in our php-fpm server and selinux also.
When i first test to create a custom dashboard, server says:
is_dir(): open_basedir restriction in effect. File(/etc/) is not within the allowed path(s): (/var/www/html:/var/log/icingaweb2:/usr/share/icingaweb2/:/usr/share/php/:/etc/icingaweb2/:/opt/rh/rh-php71:/tmp/)
Note we have included
/etc/icingaweb2 on our open_basedir restriction, but icinga for some reason php is asking about
/etc/, supouse we add
/etc which is not much secure for us, but then selinux complains about bad label on that path, and grep on
grep denied /var/log/audit/audit.log|audit2allow #============= httpd_t ============== #!!!! WARNING: 'etc_t' is a base type. allow httpd_t etc_t:dir write;
- ¿Why writting on /etc/ on a webapp? ¿shouldnt be better to keep http written files over share dir
- ¿Can we change default dashboards path on icingaweb2 config? (didnt found anything)