Unable to edit sources

[pythiangrp]

I am trying to increase the Raw Data Lifetime of a source from the default value of 24 hours to 5 days, but am not able.
When I edit the source, I can change the value, but clicking on the save button simply appears to refresh the screen.
As a further test, and potentially related item, nothing happens when click on the stop button to stop the source. Despite clicking stop, the webpage tells me the source is still running with the same pid, and I can confirm this by looking at the command line and running a ps.
I have restarted both the nagiosna service, as well as the host itself, but neither has helped.

Any assistance is appreciated.
Thanks!
Andre

[Box293]

What version of Network Analyzer are you using?

I am trying to increase the Raw Data Lifetime of a source from the default value of 24 hours to 5 days, but am not able.
When I edit the source, I can change the value, but clicking on the save button simply appears to refresh the screen.
As a further test, and potentially related item, nothing happens when click on the stop button to stop the source. Despite clicking stop, the webpage tells me the source is still running with the same pid, and I can confirm this by looking at the command line and running a ps.

Run this in an SSH session on your NA server:

Code: Select all

tail -f /usr/local/nagiosna/var/backend.log /usr/local/nagiosna/var/cmdsubsys.log

Now go and try to edit the source to 5 days. Is anything reported in the SSH session?
Now go and try to stop the source. Is anything reported in the SSH session?

[pythiangrp]

Here is the output, as requested.....

[root@XXXXXXXXXXXX ~]# tail -f /usr/local/nagiosna/var/backend.log /usr/local/nagiosna/var/cmdsubsys.log
==> /usr/local/nagiosna/var/backend.log <==
2015-10-20 08:10:05 DEBUG : Checks found: ()
2015-10-20 08:10:05 INFO : Ran checks successfully
2015-10-20 08:10:05 INFO : Successfully reaped nfcapd file.
2015-10-20 08:10:10 INFO : Parsing data for the source id: 11
2015-10-20 08:10:10 DEBUG : Arguments: /usr/local/nagiosna/var/XXXXXXX/flows, nfcapd.201510200805, 11 (XXXXXX being another unrelated server to the one I am trying to change)
2015-10-20 08:10:10 DEBUG : Running checks...
2015-10-20 08:10:10 DEBUG : Getting relevant checks for source id: 11
2015-10-20 08:10:10 DEBUG : Checks found: ()
2015-10-20 08:10:10 INFO : Ran checks successfully
2015-10-20 08:10:10 INFO : Successfully reaped nfcapd file.

==> /usr/local/nagiosna/var/cmdsubsys.log <==
..................................Finished running commands.
tail: /usr/local/nagiosna/var/cmdsubsys.log: file truncated
..................................Finished running commands.
tail: /usr/local/nagiosna/var/cmdsubsys.log: file truncated
..........^C

[tmcdonald]

What NNA version is this?

[pythiangrp]

We are using version 2R1.0

[Box293]

Let's check some file / folder permissions, run this in an SSH session on your NA server and post back the output:

Code: Select all

ls -al /usr/local/nagiosna/

[pythiangrp]

Here you go....

ls -al /usr/local/nagiosna/
total 36
drwsrwsr-t. 7 nna nnacmd 4096 Mar 5 2015 .
drwxr-xr-x. 13 root root 4096 Mar 5 2015 ..
drwsrwsr-t. 2 nna nnacmd 4096 Mar 13 2015 bin
drwsrwsr-t+ 2 nna nnacmd 4096 Mar 5 2015 etc
drwsrwsr-t. 2 nna nnacmd 4096 Mar 5 2015 scripts
drwsrwsr-t. 2 nna nnacmd 4096 Mar 5 2015 tmp
drwsrwsr-x+ 16 nna nnacmd 4096 Oct 21 03:35 var

Not sure if it helps or not, but was also doing a little more playing yesterday, and although I am able to create new sources from the GUI, I am not able to start, stop or delete them from the GUI.

Thanks,
Andre

[tgriep]

Can you run the following in a shell on the NA system and post the output?

Code: Select all

chage -l nna
grep nna /etc/passwd
grep nna /etc/group

Can you run the following tail and try and stop a source and post the output of the tail?

Code: Select all

tail -f /var/log/httpd/error_log /var/log/httpd/access_log

[pythiangrp]

As requested, here is the output:

chage -l nna
Last password change : Mar 05, 2015
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

grep nna /etc/passwd
nna500:/home/nna:/bin/bash

grep nna /etc/group
apache48:nna
nnacmd500:nna,apache

and looks like a potential sudo issue:

==> /var/log/httpd/error_log <==
sudo: sorry, you must have a tty to run sudo

==> /var/log/httpd/access_log <==
10.237.96.228 - - [21/Oct/2015:14:10:29 -0400] "POST /nagiosna/index.php/api/system/stop HTTP/1.1" 200 12 "http://ottprodmon04.pythian.intra/nagio ... /sources/2" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
10.237.96.228 - - [21/Oct/2015:14:10:30 -0400] "POST /nagiosna/index.php/api/system/source_status HTTP/1.1" 200 203 "http://ottprodmon04.pythian.intra/nagio ... /sources/2" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
10.237.240.216 - - [21/Oct/2015:14:10:32 -0400] "GET /nagiosna/index.php/api/sources/read?token=4ebcab61a318607ad7e9622d54e443d29cf884d5&q%5Bsid%5D=3 HTTP/1.1" 200 195 "-" "Python-urllib/2.6"

That being said, I am not sure what needs to be changed in sudo. Here is the sudoers file:

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

Cmnd_Alias SUDOSH = /usr/bin/shell

# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
# You have to run "ssh -t hostname sudo <cmd>".
#
Defaults requiretty

#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home

Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.da
#
#

+TPGSA ALL = (ALL) SUDOSH
tpgsa ALL = (ALL) SUDOSH
%linuxadmins ALL = (ALL) ALL

Please note that SUDOSH is an app we use to track what is being run when people elevate their permissions to root (http://sourceforge.net/projects/sudosh2/)

Thanks,
Andre

[tgriep]

The sudoers file the NA system uses in the /etc/sudoers.d folder and it is called nagiosna. Here is what it looks like.

Code: Select all

Defaults:%nnacmd !requiretty

Cmnd_Alias LIST = /sbin/iptables --list
Cmnd_Alias SAVE = /etc/init.d/iptables save
Cmnd_Alias UPDATE = /sbin/iptables -I INPUT -p udp -j ACCEPT --dport *
Cmnd_Alias DAEMONCTL = /usr/local/nagiosna/bin/rc.py *

Defaults:nna !requiretty
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/change_timezone.sh
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/upgrade_to_latest.sh

%nnacmd ALL=(ALL) NOPASSWD:LIST
%nnacmd ALL=(ALL) NOPASSWD:SAVE
%nnacmd ALL=(ALL) NOPASSWD:UPDATE
%nnacmd ALL=(ALL) NOPASSWD:/bin/kill *
%nnacmd ALL=(ALL) NOPASSWD:DAEMONCTL

But it looks like the #includedir /etc/sudoers.da line in your /etc/sudoers file may not be pointing to that folder. Try editing the /etc/sudoers file and change this line from

Code: Select all

#includedir /etc/sudoers.da

to

Code: Select all

#includedir /etc/sudoers.d

Save it out and see if that resolves the issue.