cat
selinux/config
SELINUX=1
Job for zabbix-agent.service failed because a timeout was
exceeded. See "systemctl status zabbix-agent.service" and
"journalctl -xe" for details.
[root@POC002 zabbix]#
[root@POC002 zabbix]# systemctl status zabbix-agent
● zabbix-agent.service - Zabbix Agent
Loaded: loaded
(/usr/lib/systemd/system/zabbix-agent.service; disabled; vendor
preset: disabled)
Active: activating (start) since Tue 2018-12-11
15:11:12 HKT; 54s ago
Process: 20453
ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited,
status=0/SUCCESS)
CGroup:
/system.slice/zabbix-agent.service
├─20455
/usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
├─20456
/usr/sbin/zabbix_agentd: collector [idle 1 sec]
├─20457
/usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
├─20458
/usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
├─20459
/usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
└─20460
/usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
Dec 11 15:11:12 POC002 systemd[1]: Starting Zabbix
Agent...
Dec 11 15:11:12 POC002 systemd[1]: PID file
/run/zabbix/zabbix_agentd.pid not readable (yet?) after
start.
[root@POC002 zabbix]#
[root@POC002 zabbix]#
journalctl -xe
Dec 11 13:06:08 POC002 setroubleshoot[22276]: load_plugins()
plugins.sys_module previously imported
Dec 11 13:06:08 POC002 setroubleshoot[22276]: load_plugins()
plugins.sys_resource previously imported
Dec 11 13:06:08 POC002 setroubleshoot[22276]: load_plugins()
plugins.vbetool previously imported
Dec 11 13:06:08 POC002 setroubleshoot[22276]: load_plugins()
plugins.wine previously imported
Dec 11 13:06:08 POC002 setroubleshoot[22276]: load_plugins()
plugins.xen_image previously imported
Dec 11 13:06:18 POC002 setroubleshoot[22276]: received
signal=14
Dec 11 13:06:18 POC002 setroubleshoot[22276]:
KeyboardInterrupt in RunFaultServer
Dec 11 13:06:18 POC002 setroubleshoot[22276]: writing database
(/var/lib/setroubleshoot/setroubleshoot_database.xml)
modified_count=2
Dec 11 13:06:18 POC002 systemd[1]: zabbix-agent.service
holdoff time over, scheduling restart.
Dec 11 13:06:18 POC002 systemd[1]: Starting Zabbix
Agent...
-- Subject: Unit zabbix-agent.service has begun start-up
-- Defined-By: systemd
-- Support:
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-agent.service has begun starting up.
Dec 11 13:06:18 POC002 zabbix_agentd[23831]: zabbix_agentd
[23833]: cannot open "/var/log/zabbix/zabbix_agentd.log": [13]
Permission denied
Dec 11 13:06:18 POC002 systemd[1]: PID file
/run/zabbix/zabbix_agentd.pid not readable (yet?) after
start.
Dec 11 13:06:18 POC002 systemd[1]: Failed to start Zabbix
Agent.
-- Subject: Unit zabbix-agent.service has failed
-- Defined-By: systemd
-- Support:
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-agent.service has failed.
--
-- The result is failed.
Dec 11 13:06:18 POC002 systemd[1]: Unit zabbix-agent.service
entered failed state.
Dec 11 13:06:18 POC002 systemd[1]: zabbix-agent.service
failed.
Dec 11 13:06:18 POC002 dbus-daemon[799]: 'list' object has no
attribute 'split'
***************************************************************
### 1.
cannot open "/var/log/zabbix/zabbix_agentd.log"
remove
/var/log/zabbix/zabbix_agentd.log
[root@POC002 selinux]# journalctl -xe
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.allow_anon_write previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.allow_execheap previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.allow_execmod previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.allow_execstack previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.allow_ftpd_use_cifs previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.mounton previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.mozplugger previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.mozplugger_remove previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.openvpn previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.public_content previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.qemu_blk_image previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.qemu_file_image previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.restorecon previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.restorecon_source previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.rsync_data previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.samba_share previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.sandbox_connect previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.selinuxpolicy previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.setenforce previously imported
Dec 11 13:27:14 POC002 python[13847]: SELinux is preventing
/usr/sbin/zabbix_agentd from remove_name access on the directory
zabbix_agentd.pid.
***** Plugin catchall (100.
confidence) suggests
**************************
If you believe that zabbix_agentd should be
allowed remove_name access on the zabbix_agentd.pid directory by
default.
Then you should report this as a bug.
You can generate a local policy module to allow
this access.
Do
allow this access for now by executing:
# grep zabbix_agentd /var/log/audit/audit.log |
audit2allow -M mypol
# semodule -i mypol.pp
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.sshd_root previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.swapfile previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.sys_module previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.sys_resource previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.vbetool previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.wine previously imported
Dec 11 13:27:14 POC002 setroubleshoot[13847]: load_plugins()
plugins.xen_image previously imported
***************************************************************
### 2.
grep zabbix_agentd /var/log/audit/audit.log
| audit2allow -M mypol
semodule -i mypol.pp
setenfore
0
### 3.
I had the same issue and it was related to selinux. So I
allowed zabbix_agent_t via semanage
yum install
policycoreutils-python
semanage permissive -a zabbix_agent_t
log
=============
[root@POC002 selinux]#
[root@POC002 selinux]# semodule -i
mypol.pp
semodule: Failed on mypol.pp!
[root@POC002 selinux]# semodule -i
mypol.ppgrep zabbix_agentd /var/log/audit/audit.log | audit2allow
-M mypol
semodule: Failed on mypol.ppgrep!
Nothing to do
[root@POC002 selinux]# grep zabbix_agentd
/var/log/audit/audit.log | audit2allow -M mypol
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i mypol.pp
[root@POC002 selinux]# semodule -i mypol.pp
### 4.
/var/log/zabbix/*log
zabbix_agentd [10758]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [11408]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [11508]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [12182]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [12983]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [13677]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [14475]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [15063]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [15661]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [16334]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [16880]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [17685]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [18475]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [19092]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [19870]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [20493]: cannot open log: cannot create
semaphore set: [28] No space left on device
zabbix_agentd [21196]: cannot open log: cannot create
semaphore set: [28] No space left on device
### cannot create semaphore set:
sysctl -w kernel.sem="500
64000 64 128"
sysctl -w kernel.sem="1000
128000 64 1280"
1.SEMMSL :用于控制每个信号集的最大信号数量。
4.SEMMNI :内核参数用于控制整个 Linux 系统中信号集的最大数量。
0、messages logs
====================
[root@POC002 ~]# systemctl start
zabbix-agent
Job for zabbix-agent.service failed because a timeout was
exceeded. See "systemctl status zabbix-agent.service" and
"journalctl -xe" for details.
[root@POC002 ~]#
[root@POC002 log]# tail -f messages
主要日志如下:
Dec 11 15:45:23 POC002 systemd: Starting Zabbix Agent...
Dec 11 15:45:23 POC002 systemd: PID file
/run/zabbix/zabbix_agentd.pid not readable (yet?) after
start.
Dec 11 15:45:28 POC002 dbus-daemon: 'list' object has no
attribute 'split'
Dec 11 15:46:01 POC002 systemd: Started Session 628148 of user
root.
Dec 11 15:46:01 POC002 systemd: Starting Session 628148 of
user root.
Dec 11 15:46:01 POC002 systemd: Started Session 628147 of user
root.
Dec 11 15:46:01 POC002 systemd: Starting Session 628147 of
user root.
Dec 11 15:46:01 POC002 systemd: Started Session 628149 of user
root.
Dec 11 15:46:01 POC002 systemd: Starting Session 628149 of
user root.
Dec 11 15:46:01 POC002 systemd: Started Session 628150 of user
root.
Dec 11 15:46:01 POC002 systemd: Starting Session 628150 of
user root.
Dec 11 15:46:01 POC002 systemd: Started Session 628151 of user
root.
Dec 11 15:46:01 POC002 systemd: Starting Session 628151 of
user root.
Dec 11 15:46:06 POC002 dbus-daemon: dbus[799]: [system]
Activating service name='org.fedoraproject.Setroubleshootd' (using
servicehelper)
Dec 11 15:46:06 POC002 dbus[799]: [system] Activating service
name='org.fedoraproject.Setroubleshootd' (using
servicehelper)
Dec 11 15:46:06 POC002 dbus-daemon: dbus[799]: [system]
Successfully activated service
'org.fedoraproject.Setroubleshootd'
Dec 11 15:46:06 POC002 dbus[799]: [system] Successfully
activated service 'org.fedoraproject.Setroubleshootd'
Dec 11 15:46:06 POC002 setroubleshoot: Plugin Exception
restorecon_source
Dec 11 15:46:06 POC002 setroubleshoot: SELinux is preventing
/usr/bin/curl from name_connect access on the tcp_socket port 80.
For complete SELinux messages. run sealert -l
f042c474-89e6-4ebc-8265-a529121cb8f8
Dec 11 15:46:06 POC002 python: SELinux is preventing
/usr/bin/curl from name_connect access on the tcp_socket port
80.
***** Plugin catchall_boolean (89.3
confidence) suggests
******************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the
'nis_enabled' boolean.
You can read 'None' man page for more details.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (11.6 confidence)
suggests
**************************
If you believe that curl should be allowed name_connect access
on the port 80 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this
access.
Do
allow this access for now by executing:
# grep curl /var/log/audit/audit.log | audit2allow -M
mypol
# semodule -i mypol.pp
Dec 11 15:46:16 POC002 dbus-daemon: 'list' object has no
attribute 'split'
Dec 11 15:46:17 POC002 dbus[799]: [system] Activating service
name='org.fedoraproject.Setroubleshootd' (using
servicehelper)
Dec 11 15:46:17 POC002 dbus-daemon: dbus[799]: [system]
Activating service name='org.fedoraproject.Setroubleshootd' (using
servicehelper)
Dec 11 15:46:17 POC002 dbus[799]: [system] Successfully
activated service 'org.fedoraproject.Setroubleshootd'
Dec 11 15:46:17 POC002 dbus-daemon: dbus[799]: [system]
Successfully activated service
'org.fedoraproject.Setroubleshootd'
Dec 11 15:46:17 POC002 setroubleshoot: Plugin Exception
restorecon_source
Dec 11 15:46:17 POC002 setroubleshoot: SELinux is preventing
/usr/bin/who from using the signull access on a process. For
complete SELinux messages. run sealert -l
7334a80b-ea35-44ac-8260-57451d97caf8
Dec 11 15:46:17 POC002 python: SELinux is preventing
/usr/bin/who from using the signull access on a process.
***** Plugin catchall (100. confidence)
suggests
**************************
If you believe that who should be allowed signull access on
processes labeled xdm_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this
access.
Do
allow this access for now by executing:
# grep who /var/log/audit/audit.log | audit2allow -M
mypol
# semodule -i mypol.pp
Dec 11 15:46:27 POC002 dbus-daemon: 'list' object has no
attribute 'split'
Dec 11 15:46:36 POC002 dbus-daemon: dbus[799]: [system]
Activating service name='org.fedoraproject.Setroubleshootd' (using
servicehelper)
Dec 11 15:46:36 POC002 dbus[799]: [system] Activating service
name='org.fedoraproject.Setroubleshootd' (using
servicehelper)
Dec 11 15:46:37 POC002 dbus[799]: [system] Successfully
activated service 'org.fedoraproject.Setroubleshootd'
Dec 11 15:46:37 POC002 dbus-daemon: dbus[799]: [system]
Successfully activated service
'org.fedoraproject.Setroubleshootd'
Dec 11 15:46:37 POC002 setroubleshoot: Plugin Exception
restorecon_source
Dec 11 15:46:37 POC002 setroubleshoot: SELinux is preventing
/usr/bin/curl from name_connect access on the tcp_socket port 80.
For complete SELinux messages. run sealert -l
f042c474-89e6-4ebc-8265-a529121cb8f8
Dec 11 15:46:37 POC002 python: SELinux is preventing
/usr/bin/curl from name_connect access on the tcp_socket port
80.
***** Plugin catchall_boolean (89.3
confidence) suggests
******************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the
'nis_enabled' boolean.
You can read 'None' man page for more details.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (11.6 confidence)
suggests
**************************
If you believe that curl should be allowed name_connect access
on the port 80 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this
access.
Do
allow this access for now by executing:
# grep curl /var/log/audit/audit.log | audit2allow -M
mypol
# semodule -i mypol.pp
Dec 11 15:46:47 POC002 dbus-daemon: 'list' object has no
attribute 'split'
Dec 11 15:46:53 POC002 systemd: zabbix-agent.service start
operation timed out. Terminating.
Dec 11 15:46:53 POC002 systemd: Failed to start Zabbix
Agent.
[END] 2018/12/11 15:47:21
0、 END.
====================
