Commands to query the auditlog for Zabbix relevant queries and create/import a compiled policy file within Zabbix
Could be adapted to generate policies for any other system.
The suggestion is to set SELinux to permissive (setenforce=0) execute the action and afterwards create the policy based on the logged events. If the policy does not work on the first try after re-enabeling SELinux again it it could happen that a call was blocked (which is also logged within the auditlog) that was not blocked with SELinux in permissive mode. Therefore it could help creating a new human readable policy (.te-file) and checking the first version vs. the second version + merging them.
filename=zabbix-server-frq cat /var/log/audit/audit.log | grep zabbix | audit2allow -m $filename >> $filename.te checkmodule -M -m -o $filename.mod $filename.te semodule_package -o $filename.pp -m $filename.mod semodule -i $filename.pp #restorecon -R -v /run/zabbix/zabbix_server_alerter.sock #suggested by the policygenerator