After doing a clean install of zabbix-proxy on a CentOS 6 server, all our icmpping / icmppingsec items started to return zero values.
Zabbix debug log showed following lines:
31790:20140611:073610.004 In process_ping() hosts_count:1
31790:20140611:073610.004 /tmp/zabbix_proxy_31790.pinger
31790:20140611:073610.004 10.211.7.245
31790:20140611:073610.004 /usr/sbin/fping -C5 -p200 -b1024 -t1000 2>&1
The problem was in SELinux policy, however audit.log did not show any blocked events until the following command was run:
yum install -y policycoreutils-python /usr/sbin/semodule -DBThe -D option disables dontaudit rules; the -B option rebuilds policy.
type=SYSCALL msg=audit(1402473587.551:550371): arch=c000003e syscall=5 success=no exit=-13 a0=0 a1=7fff2c862c70 a2=7fff2c862c70 a3=238 items=0 ppid=16064 pid=16065 auid=0 uid=500 gid=500 euid=500 suid=0 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=87526 comm="fping" exe="/usr/sbin/fping" subj=unconfined_u:system_r:ping_t:s0 key=(null) type=AVC msg=audit(1402473588.556:550372): avc: denied { getattr } for pid=16067 comm="fping" path="/tmp/zabbix_proxy_31776.pinger" dev=dm-0 ino=784936 scontext=unconfined_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=fileTo add an exception for this event run following command:
grep fping /var/log/audit/audit.log | audit2allow -M zabbix_fping semodule -i zabbix_fping.ppNow icmpping / icmppingsec checks should succeed:
29940:20140611:071726.366 In process_ping() hosts_count:1 29940:20140611:071726.366 /tmp/zabbix_proxy_29940.pinger 29940:20140611:071726.366 10.20.2.20 29940:20140611:071726.366 /usr/sbin/fping -C5 -p200 -b24 -t900 2>&1