On new install, unable to stop, start, or delete sources

[robertf]

I have installed NNA on a brand new system, but I have having issues starting, stopping, and deleting newly created sources. In order for a source to start I have to run the following command on the NNA Host:

Code: Select all

$ sudo /usr/local/nagiosna/bin/nagiosna start

Once done, the source changes from a stopped state to a started state and I start collecting netflows appropriately. That might not be too bad except I cant stop or delete a source from the web page either. I believe it must be a permissions problem, but everything looks ok. After looking through some past support cases, you have normally asked for the following in one way or another, so I am including it here from the onset. Note: I have also sanitized the data.

Code: Select all

$ sudo grep include /etc/sudoers
#includedir /etc/sudoers.d

$ sudo ls -lastr /etc/sudoers.d
total 20
 4 -rw-r--r--    1 root root   575 May 28 15:16 nagiosna
12 drwxr-xr-x. 122 root root 12288 Jul  8 13:40 ..
 4 drwxr-x---.   2 root root  4096 Jul  8 13:42 .

$ sudo cat /etc/sudoers.d/nagiosna
Defaults:%nnacmd !requiretty

Cmnd_Alias LIST	= /sbin/iptables --list
Cmnd_Alias SAVE = /etc/init.d/iptables save
Cmnd_Alias UPDATE = /sbin/iptables -I INPUT -p udp -j ACCEPT --dport *
Cmnd_Alias DAEMONCTL = /usr/local/nagiosna/bin/rc.py *

Defaults:nna !requiretty
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/change_timezone.sh
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/upgrade_to_latest.sh

%nnacmd ALL=(ALL) NOPASSWD:LIST
%nnacmd ALL=(ALL) NOPASSWD:SAVE
%nnacmd ALL=(ALL) NOPASSWD:UPDATE
%nnacmd ALL=(ALL) NOPASSWD:/bin/kill *
%nnacmd ALL=(ALL) NOPASSWD:DAEMONCTL


$ ls -lastr /usr/local/nagiosna/var
total 60
 4 drwsrwsr-t  7 nna nnacmd  4096 May 28 15:16 ..
24 -rw-rw-r--+ 1 nna nnacmd 17923 Jul  8 11:22 backend.log
 4 drwxrwsr-x+ 4 nna nnacmd  4096 Jul  8 11:22 serverX
 4 drwxrwsr-x+ 4 nna nnacmd  4096 Jul  8 11:22 serverY
 4 drwxrwsr-x+ 3 nna nnacmd  4096 Jul  8 11:22 VMwareVDI
 4 drwxrwsr-x+ 3 nna nnacmd  4096 Jul  8 11:22 VMwareProd
 4 drwxrwsr-x+ 3 nna nnacmd  4096 Jul  8 11:22 AlcatelSwitches
 4 drwsrwsr-x+ 8 nna nnacmd  4096 Jul  8 11:22 .
 4 drwxrwsr-x+ 3 nna nnacmd  4096 Jul  8 11:22 ToRVMSwitches
 4 -rw-rw-r--+ 1 nna nnacmd    31 Jul  8 11:24 cmdsubsys.log


$ uname -a
Linux NNAHost 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux

$ cat /etc/*release
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Red Hat Enterprise Linux Server release 6.6 (Santiago)
Red Hat Enterprise Linux Server release 6.6 (Santiago)

$ ps aux | grep nfcapd
forknerr 13309  0.0  0.0 103252   836 pts/1    S+   13:57   0:00 grep nfcapd
nna      23581  0.0  0.6  17852  6936 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 1 -l /usr/local/nagiosna/var/serverX/flows -p 9912 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/serverX/9912.pid -D -e -w -z
nna      23582  0.0  0.0   6568   652 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 1 -l /usr/local/nagiosna/var/serverX/flows -p 9912 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/serverX/9912.pid -D -e -w -z
nna      23589  0.0  0.2  17852  2744 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 2 -l /usr/local/nagiosna/var/serverY/flows -p 23456 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/serverY/23456.pid -D -e -w -z
nna      23590  0.0  0.0   6568   652 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 2 -l /usr/local/nagiosna/var/serverY/flows -p 23456 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/serverY/23456.pid -D -e -w -z
nna      23621  0.0  0.5  17852  5484 ?        S    11:22   0:01 /usr/local/bin/nfcapd -I 3 -l /usr/local/nagiosna/var/VMwareVDI/flows -p 8081 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/VMwareVDI/8081.pid -D -e -w -z
nna      23622  0.0  0.0   6568   656 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 3 -l /usr/local/nagiosna/var/VMwareVDI/flows -p 8081 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/VMwareVDI/8081.pid -D -e -w -z
nna      23653  0.0  0.5  17852  5532 ?        S    11:22   0:05 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/VMwareProd/flows -p 8082 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/VMwareProd/8082.pid -D -e -w -z
nna      23654  0.0  0.0   6568   656 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/VMwareProd/flows -p 8082 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/VMwareProd/8082.pid -D -e -w -z
nna      23716  0.0  0.2  17852  2700 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 6 -l /usr/local/nagiosna/var/ToRVMSwitches/flows -p 16343 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/ToRVMSwitches/16343.pid -D -e -w -z
nna      23717  0.0  0.0   6568   648 ?        S    11:22   0:00 /usr/local/bin/nfcapd -I 6 -l /usr/local/nagiosna/var/ToRVMSwitches/flows -p 16343 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/ToRVMSwitches/16343.pid -D -e -w -z

$ which rrdtool
/usr/local/bin/rrdtool

$ sh /usr/local/nagiosna/bin/nagiosna start
Traceback (most recent call last):
  File "/usr/local/nagiosna/bin/rc.py", line 30, in <module>
    handler = logging.handlers.RotatingFileHandler('/usr/local/nagiosna/var/backend.log', 'a', 1048576, 10)
  File "/usr/lib64/python2.6/logging/handlers.py", line 112, in __init__
    BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/lib64/python2.6/logging/handlers.py", line 64, in __init__
    logging.FileHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/lib64/python2.6/logging/__init__.py", line 827, in __init__
    StreamHandler.__init__(self, self._open())
  File "/usr/lib64/python2.6/logging/__init__.py", line 846, in _open
    stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: '/usr/local/nagiosna/var/backend.log'

$ sudo sh /usr/local/nagiosna/bin/nagiosna start
Add extension: 2 byte input/output interface index
Add extension: 4 byte input/output interface index
Add extension: 2 byte src/dst AS number
Add extension: 4 byte src/dst AS number
NagiosNA backend started...

$ sudo tail /var/log/messages
Jul  8 13:57:59 NNAHost nfcapd[23716]: launcher exit status: 0
Jul  8 13:57:59 NNAHost nfcapd[23716]: Terminating nfcapd.
Jul  8 13:57:59 NNAHost nfcapd[13604]: Add extension: 2 byte input/output interface index
Jul  8 13:57:59 NNAHost nfcapd[13604]: Add extension: 4 byte input/output interface index
Jul  8 13:57:59 NNAHost nfcapd[13604]: Add extension: 2 byte src/dst AS number
Jul  8 13:57:59 NNAHost nfcapd[13604]: Add extension: 4 byte src/dst AS number
Jul  8 13:57:59 NNAHost nfcapd[13604]: Bound to IPv4 host/IP: any, Port: 1099
Jul  8 13:57:59 NNAHost nfcapd[13606]: Launcher[13607] forked
Jul  8 13:57:59 NNAHost nfcapd[13606]: Startup.
Jul  8 13:57:59 NNAHost nfcapd[13607]: Launcher: Startup. auto-expire enabled

[jolson]

The first thing that I would make sure of is that SELinux is in disabled mode.

Code: Select all

sestatus

After verifying that selinux is disabled, you will need to reboot your server.

I would be interested in the output of your httpd error log and access log:

Code: Select all

cat /var/log/httpd/error_log
cat /var/log/httpd/access_log

[robertf]

Thank you for putting me on the right track. I guess I was wondering why there were not NA logs in /usr/local/nagiosna, and instead I should have been looking at the error logs I knew about.

So to answer your questions, and provide you with the solution.

Forgive me Red Hat, but Selinux is disabled.

Code: Select all

$ sudo sestatus
SELinux status:                 disabled

$ sudo tail -f /var/log/httpd/error_log
[Thu Jul 09 03:10:02 2015] [notice] SIGHUP received.  Attempting to restart
[Thu Jul 09 03:10:02 2015] [notice] Digest: generating secret for digest authentication ...
[Thu Jul 09 03:10:02 2015] [notice] Digest: done
[Thu Jul 09 03:10:02 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
sudo: sorry, you must have a tty to run sudo
sudo: sorry, you must have a tty to run sudo
sudo: sorry, you must have a tty to run sudo
$ sudo cat /var/log/httpd/access_log
$

The sudo errors were triggered when I selected either the delete or start links from the source page. These error messages are a result of a default implementation of requiretty in the /etc/sudoers file on Red Hat installs. By default it looks like this:

Code: Select all

Defaults    requiretty

There seems to be a certain degree of agreement that this can be "safely" commented out:

Code: Select all

#Defaults    requiretty

By commenting this out I eliminated the error messages, and stop, start, and delete links now work as expected.

But because I only want to open what is needed, and no more; therefore, I removed the tty requirement for the nna user only:

Code: Select all

Defaults:nna    !requiretty

[robertf]

I was getting the following error in /var/log/httpd/error_log

Code: Select all

sudo: sorry, you must have a tty to run sudo

The fix is in /etc/sudoers. By default Red Hat has the following setting:

Code: Select all

Defaults    requiretty

You can comment out the line entirely, but I prefer to only open up what is needed. So I removed the tty access to only the nna user thusly:

Code: Select all

Defaults:nna    !requiretty

[jolson]

robertf,

We very much appreciate the detailed solution you've documented here. Are we alright to lock this thread and mark it as resolved?

[robertf]

yes