FAILED SU (to nagios)

fraguillen · Post by **fraguillen** » Wed Jul 04, 2018 4:13 pm

Good Morning

When I consult the /var/log/messages this line appears:

Jul 4 09:31:04 nagios01 su: FAILED SU (to nagios) nagios on none

I searched everywhere without finding an answer to this message.

Thanks for the help you could give me.

Nagios XI 5.5.0
Red Hat 7.5 x64, Esx Virtual Machine
No Gnome installed, no using proxy, Yes, we are using SSL

Best regards...

scottwilkerson · Post by **scottwilkerson** » Thu Jul 05, 2018 10:49 am

I've not seen this before, but my guess would be that you have configured a command in nagios that either in the command or within a script that the command executes that us trying to run the su command.

I would start by seeing if there are any non-OK services that you might be able to attribute this to.

khr0nos · Post by **khr0nos** » Wed Jul 11, 2018 5:50 am

Also had the same "issue" after upgrading, although those messages have stopped, I managed to find this:

Code: Select all

Jul  6 17:36:04 sitomnagxi01 su: FAILED SU (to nagios) nagios on none

Code: Select all

time->Fri Jul  6 17:36:04 2018
type=PROCTITLE msg=audit(1530894964.014:2334759): proctitle=7375006E6167696F73002D6300746F756368202F7573722F6C6F63616C2F6E6167696F732F7661722F6E6167696F732E636F6E66696774657374
type=PATH msg=audit(1530894964.014:2334759): item=0 name="/var/log/btmp" inode=895853 dev=fd:04 mode=0100600 ouid=0 ogid=22 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1530894964.014:2334759):  cwd="/home/nagios"
type=SYSCALL msg=audit(1530894964.014:2334759): arch=c000003e syscall=2 success=yes exit=3 a0=55fff0d170d0 a1=1 a2=60f1 a3=5b3f9a74 items=1 ppid=24815 pid=24817 auid=1001 uid=1001 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=124289 comm="su" exe="/usr/bin/su" key="session"

scottwilkerson · Post by **scottwilkerson** » Wed Jul 11, 2018 8:36 am

Are you experiencing any problems? Does it log just when starting the nagios service or something?

fraguillen · Post by **fraguillen** » Wed Jul 11, 2018 9:16 am

Hi:

In my case it does not present problems but it bothers me to see that line.

I do not know if you will have to see the fact that I added "su nagios nagios" to the logrotate so that I could execute the process.

Best regards....

scottwilkerson · Post by **scottwilkerson** » Wed Jul 11, 2018 11:22 am

fraguillen wrote: I do not know if you will have to see the fact that I added "su nagios nagios" to the logrotate so that I could execute the process.

What did you do?

fraguillen · Post by **fraguillen** » Wed Jul 11, 2018 1:02 pm

Yes, for example, in my log configuration file in the folder /etc/logrotate.d there is a file where I configured the logrotation for the .log files of nagios:

/usr/local/nagiosxi/var/*log {
missingok
notifempty
size 5M
rotate 1
compress
su nagios nagios
}

I do not know if the warning is there

scottwilkerson · Post by **scottwilkerson** » Wed Jul 11, 2018 2:34 pm

this should not be in there...

Code: Select all

su nagios nagios

Nagios Support Forum

FAILED SU (to nagios)

FAILED SU (to nagios)

Re: FAILED SU (to nagios)

Re: FAILED SU (to nagios)

Re: FAILED SU (to nagios)

Re: FAILED SU (to nagios)

Re: FAILED SU (to nagios)

Re: FAILED SU (to nagios)

Re: FAILED SU (to nagios)