Dear ,
I have Nagios XI which was compromised and I managed to restrict the access to it.
Now I need to clear up the available Nagios on my server then do clean new installation.
Please advise asap.
Best regards,
Haitha
Clean Install
-
habuhejleh
- Posts: 32
- Joined: Thu Feb 08, 2018 3:24 am
Re: Clean Install
Dear All,
Please note that I inserted the script "./uninstall_xi.sh" into the nagios xi via WinSCP then I ran the command "./uninstall_xi.sh" it started the process but it failed as below:
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... 64&repo=os error was
14: PYCURL ERROR 7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
Note that I opened in the firewall from external only
72.14.181.71 (assets.nagios.com) and 50.116.21.73 (api.nagios.com).
So why it is failing as above?
Should I open extra external IP's?
Is there away I can uninstall then install it manually through WinSCP?
Please advise asap.
Please note that I inserted the script "./uninstall_xi.sh" into the nagios xi via WinSCP then I ran the command "./uninstall_xi.sh" it started the process but it failed as below:
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... 64&repo=os error was
14: PYCURL ERROR 7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
Note that I opened in the firewall from external only
72.14.181.71 (assets.nagios.com) and 50.116.21.73 (api.nagios.com).
So why it is failing as above?
Should I open extra external IP's?
Is there away I can uninstall then install it manually through WinSCP?
Please advise asap.
Re: Clean Install
If a system has been compromised I would definitely go the route of at least reimaging the OS as well and then doing the clean install of XI.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
habuhejleh
- Posts: 32
- Joined: Thu Feb 08, 2018 3:24 am
Re: Clean Install
Well, I opened external connection limited to:
72.14.181.71 (assets.nagios.com) and 50.116.21.73 (api.nagios.com) but the uninstall did not workout and gave error
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... 64&repo=os error was
14: PYCURL ERROR 7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
What else I should open for external?
Please advise.
72.14.181.71 (assets.nagios.com) and 50.116.21.73 (api.nagios.com) but the uninstall did not workout and gave error
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... 64&repo=os error was
14: PYCURL ERROR 7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
What else I should open for external?
Please advise.
Re: Clean Install
This scripts uses "yum remove", e.g.
so you would need to have access to yum repos... Can you add/remove packages via yum or run "yum update" successfully?
Code: Select all
yum remove mysql postgresql -yBe sure to check out our Knowledgebase for helpful articles and solutions!
-
habuhejleh
- Posts: 32
- Joined: Thu Feb 08, 2018 3:24 am
Re: Clean Install
No I cannot, I get this error:
[root@um-isp-nagios-redline ~]# yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metal ... =epel-6&ar ch=x86_64 error was
14: PYCURL ERROR 7 - "Failed to connect to 2610:28
3001:dead:beef:cafe:fed3 : Network is unreachable"
* base: centos.mirror.iweb.ca
* epel: epel.besthosting.ua
* extras: centos.mirror.iweb.ca
* updates: centos.mirror.iweb.ca
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://ftp.hosteurope.de/mirror/centos. ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2a01:488:10:1::50ed:888a: Network is unreachable"
Trying other mirror.
http://ftp.jaist.ac.jp/pub/Linux/CentOS ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2001:df0:2ed:feed::feed: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
http://mirror.centos.org/centos/6/os/x8 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2c0f:f738
e::: Network is unreachable"
Trying other mirror.
http://mirror.us.leaseweb.net/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2604:9a00
a0b8::5: Network is unreachable"
Trying other mirror.
http://mirrors.coreix.net/centos/6/os/x ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2a01:c0:2:3d::2: Network is unreachable"
Trying other mirror.
Once again please advise what are the IP addresses I should open further??
And also can I update manually?
[root@um-isp-nagios-redline ~]# yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metal ... =epel-6&ar ch=x86_64 error was
14: PYCURL ERROR 7 - "Failed to connect to 2610:28
3001:dead:beef:cafe:fed3 : Network is unreachable"* base: centos.mirror.iweb.ca
* epel: epel.besthosting.ua
* extras: centos.mirror.iweb.ca
* updates: centos.mirror.iweb.ca
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://ftp.hosteurope.de/mirror/centos. ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2a01:488:10:1::50ed:888a: Network is unreachable"
Trying other mirror.
http://ftp.jaist.ac.jp/pub/Linux/CentOS ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2001:df0:2ed:feed::feed: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
http://mirror.centos.org/centos/6/os/x8 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2c0f:f738
e::: Network is unreachable"Trying other mirror.
http://mirror.us.leaseweb.net/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2604:9a00
a0b8::5: Network is unreachable"Trying other mirror.
http://mirrors.coreix.net/centos/6/os/x ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2a01:c0:2:3d::2: Network is unreachable"
Trying other mirror.
Once again please advise what are the IP addresses I should open further??
And also can I update manually?
Re: Clean Install
Let step back for a moment. You are not able to run yum commands because you closed the Internet connection to your Nagios XI server. Opening a few IP addresses won't work as you re going to have some random IPs when accessing these mirrors... The best route to go would be what cdienger suggested:
Once you start "fresh" with a clean system, you could do an "offline" install (if you wish).
https://repo.nagios.com/?repo=offline#install
Uninstalling Nagios XI won't guarantee that you are not going to have some malicious code left by the hackers somewhere else...If a system has been compromised I would definitely go the route of at least reimaging the OS as well and then doing the clean install of XI.
Once you start "fresh" with a clean system, you could do an "offline" install (if you wish).
https://repo.nagios.com/?repo=offline#install
Be sure to check out our Knowledgebase for helpful articles and solutions!