diff --git a/roles/nagios_server/files/selinux/nagios_nrpe.mod b/roles/nagios_server/files/selinux/nagios_nrpe.mod
new file mode 100644
index 0000000000..80aff88beb
Binary files /dev/null and b/roles/nagios_server/files/selinux/nagios_nrpe.mod differ
diff --git a/roles/nagios_server/files/selinux/nagios_nrpe.pp b/roles/nagios_server/files/selinux/nagios_nrpe.pp
new file mode 100644
index 0000000000..857c18b557
Binary files /dev/null and b/roles/nagios_server/files/selinux/nagios_nrpe.pp differ
diff --git a/roles/nagios_server/files/selinux/nagios_nrpe.te b/roles/nagios_server/files/selinux/nagios_nrpe.te
new file mode 100644
index 0000000000..098dd49488
--- /dev/null
+++ b/roles/nagios_server/files/selinux/nagios_nrpe.te
@@ -0,0 +1,32 @@
+module nagios_nrpe 1.0;
+
+require {
+        type nagios_t;
+        type nagios_checkdisk_plugin_t;
+        type nagios_unconfined_plugin_t;
+        type nrpe_t;
+        type system_mail_t;
+        class process { noatsecure rlimitinh siginh };
+        class tcp_socket { read write };
+}
+
+#============= nagios_checkdisk_plugin_t ==============
+# src="nagios_checkdisk_plugin_t" tgt="nrpe_t" class="tcp_socket", perms="{ read write }"
+# comm="check_disk" exe="" path="socket:[270138836]"
+allow nagios_checkdisk_plugin_t nrpe_t:tcp_socket { read write };
+
+#============= nagios_t ==============
+# src="nagios_t" tgt="nagios_unconfined_plugin_t" class="process", perms="{ noatsecure rlimitinh siginh }"
+# comm="check_ping" exe="" path=""
+allow nagios_t nagios_unconfined_plugin_t:process { noatsecure rlimitinh siginh };
+# src="nagios_t" tgt="system_mail_t" class="process", perms="{ noatsecure rlimitinh siginh }"
+# comm="sendmail" exe="" path=""
+allow nagios_t system_mail_t:process { noatsecure rlimitinh siginh };
+
+#============= nrpe_t ==============
+# src="nrpe_t" tgt="nagios_checkdisk_plugin_t" class="process", perms="{ noatsecure rlimitinh siginh }"
+# comm="check_disk" exe="" path=""
+allow nrpe_t nagios_checkdisk_plugin_t:process { noatsecure rlimitinh siginh };
+# src="nrpe_t" tgt="nagios_unconfined_plugin_t" class="process", perms="{ noatsecure rlimitinh siginh }"
+# comm="check_swap" exe="" path=""
+allow nrpe_t nagios_unconfined_plugin_t:process { noatsecure rlimitinh siginh };
diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml
index fc25dc0511..e91a075395 100644
--- a/roles/nagios_server/tasks/main.yml
+++ b/roles/nagios_server/tasks/main.yml
@@ -468,3 +468,15 @@
   when: selinux_module is changed
   tags:
   - nagios_server
+
+- name: Copy over our custom selinux module
+  copy: src=selinux/nagios_nrpe.pp dest=/usr/local/share/nagios-policy/nagios_nrpe.pp
+  register: selinux_module2
+  tags:
+  - nagios_server
+
+- name: Install our custom selinux module
+  command: semodule -i /usr/local/share/nagios-policy/nagios_nrpe.pp
+  when: selinux_module2 is changed
+  tags:
+  - nagios_server