Announcement

Collapse
No announcement yet.

SELinux policy (imunify360.te) doesn't exist

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    SELinux policy (imunify360.te) doesn't exist

    I'm trying to get ImunifyAV (the free version) to work with SELinux. I'm following the guide at https://docs.imunify360.com/installa...elinux-support

    After installing ImunifyAV this command fails:

    Code:
    # checkmodule -M -m -o /var/imunify360/imunify360.mod /opt/alt/python38/share/imunify360/imunify360.te
checkmodule: unable to open /opt/alt/python38/share/imunify360/imunify360.te
    The file /opt/alt/python38/share/imunify360/imunify360.te doesn't exist.:

    Code:
    # ls -1RfA /opt/alt/python38/share/imunify360/
/opt/alt/python38/share/imunify360/:
scripts

/opt/alt/python38/share/imunify360/scripts:
create_default_config
imunify-doctor.sh
imunify-force-update.sh
update_components_versions.py​
    I'm testing ImunifyAV on my localhost, which runs AlmaLinux 8.8 (no hosting control panel). The output of the install script looked fine to me (it didn't install the graphical user interface but I'm fine with that) and everything works, but I'm running into lots of SELinux denials. I think I might have missed a step somewhere?
    Tags: None
  • #2
    Hi,

    Try to find the template file in another location rather than the one mentioned in our documentation and apply the SELinux policy using the new path. You can use this:

    HTML Code:
    # find / -name imunify360.te 2>/dev/null
    ​

    Comment

    • #3
      Originally posted by alevchenko View Post
      Hi,

      Try to find the template file in another location rather than the one mentioned in our documentation and apply the SELinux policy using the new path. You can use this:

      HTML Code:
      # find / -name imunify360.te 2>/dev/null
      ​
      I did try that but it didn't find anything.

      I'm wondering if I should have installed an RPM for the SELinux policy?

      Will have a look with a fresh pair of eyes tomorrow.

      Comment

      • #4
        I installled ImunifyAV on a headless AlmaLinux 8 VM and that works fine. The /opt/alt/python38/share/imunify360/imunify360.te file still doesn't exist (and the find command doesn't find it either) but I'm not getting any SELinux warnings.

        Comment

        • #5
          Hello Beepmode,

          It seems the issue is resolved, also this SE template is not required for ImunifyAV. Nonetheless I checked the SELinux policy configuration template for the Imunify360 can be found:

          Code:
          /opt/imunify360/venv/share/imunify360/imunify360.te
          I can see that this template was moved there in one of the previous releases. It provides exceptions and permissions for https scripts to write to the socket
          Code:
          allow httpd_sys_script_t lib_t:sock_file write
          Among with other exclusions required when functioning under restrictions imposed by SELinux. Although with ImunifyAV those exceptions are not required, and Antivirus should function as long as WEB path can be served with standard targeted policies on AlmaLinux 8.

          Comment

          Previous template Next
          Working...
          X