API: Could not open command file

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
sib
Posts: 111
Joined: Thu Dec 11, 2014 8:06 am

API: Could not open command file

Post by sib »

Hi

When I try to execute a system command through the API I get
# curl -XPOST "https://nagios/nagiosxi/api/v1/system/c ... ikey=mykey" -d "cmd=ADD_HOST_COMMENT;localhost;1;%user%;This is a test comment"
{"error":"ERROR: Could not open command file"}
Nagios 5.5.2

Code: Select all

# ls -al /usr/local/nagios/var/rw
total 8
drwsr-xr-x. 2 nagios nagios   64 Aug  8 14:53 .
drwxrwxr-x. 6 nagios nagios 4096 Aug  8 15:35 ..
prw-rw----. 1 nagios nagios    0 Aug  8 14:53 nagios.cmd
-rw-r-----. 1 nagios nagios 4096 Dec  8  2015 .nagios.cmd.swp
srw-rw----. 1 nagios nagios    0 Aug  8 14:53 nagios.qh

Code: Select all

apache     416 20078  0 15:34 ?        00:00:01 /usr/sbin/httpd -DFOREGROUND
apache    2149 20078  0 15:35 ?        00:00:01 /usr/sbin/httpd -DFOREGROUND
apache    3067 20078  1 15:35 ?        00:00:04 /usr/sbin/httpd -DFOREGROUND
apache    4771 20078  0 15:02 ?        00:00:09 /usr/sbin/httpd -DFOREGROUND
apache    5033 20078  0 15:36 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    6759 20078  0 15:37 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    8549 20078  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root     10356 13104  0 15:39 pts/0    00:00:00 grep --color=auto http
root     20078     1  0 14:53 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache   27396 20078  0 15:31 ?        00:00:02 /usr/sbin/httpd -DFOREGROUND
apache   28987 20078  0 15:32 ?        00:00:01 /usr/sbin/httpd -DFOREGROUND
apache   29871 20078  0 15:33 ?        00:00:02 /usr/sbin/httpd -DFOREGROUND

Code: Select all

# grep nagios /etc/group
nagios:x:994:apache,nagios,snmptt
nagcmd:x:2002:apache,nagios,snmptt
Last edited by sib on Wed Aug 08, 2018 8:40 am, edited 1 time in total.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: API: Could not open command file

Post by scottwilkerson »

Can you show

Code: Select all

getenforce
grep nag /etc/group
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
sib
Posts: 111
Joined: Thu Dec 11, 2014 8:06 am

Re: API: Could not open command file

Post by sib »

Looks like to be an selinux issue

Code: Select all

# ausearch -m avc
----
time->Wed Aug  8 15:30:44 2018
type=PROCTITLE msg=audit(1533735044.017:320768): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=SYSCALL msg=audit(1533735044.017:320768): arch=c000003e syscall=6 success=no exit=-13 a0=7ffc0638bd40 a1=7ffc0638bc30 a2=7ffc0638bc30 a3=23 items=1 ppid=20078 pid=3263 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1533735044.017:320768): avc:  denied  { getattr } for  pid=3263 comm="httpd" path="/usr/local/nagios/var/rw/nagios.cmd" dev="dm-2" ino=1936683 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=fifo_file
----
time->Wed Aug  8 15:30:44 2018
type=PROCTITLE msg=audit(1533735044.017:320769): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=SYSCALL msg=audit(1533735044.017:320769): arch=c000003e syscall=2 success=no exit=-13 a0=5566a8914ce8 a1=241 a2=1b6 a3=6f6967616e2f6c61 items=2 ppid=20078 pid=3263 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1533735044.017:320769): avc:  denied  { write } for  pid=3263 comm="httpd" name="nagios.cmd" dev="dm-2" ino=1936683 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=fifo_file
----
time->Wed Aug  8 15:34:59 2018
type=PROCTITLE msg=audit(1533735299.652:322278): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=SYSCALL msg=audit(1533735299.652:322278): arch=c000003e syscall=2 success=no exit=-13 a0=5566a88f4f10 a1=241 a2=1b6 a3=6f6967616e2f6c61 items=2 ppid=20078 pid=3263 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1533735299.652:322278): avc:  denied  { write } for  pid=3263 comm="httpd" name="nagios.cmd" dev="dm-2" ino=1936683 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=fifo_file
----
time->Wed Aug  8 15:34:59 2018
type=PROCTITLE msg=audit(1533735299.652:322277): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=SYSCALL msg=audit(1533735299.652:322277): arch=c000003e syscall=6 success=no exit=-13 a0=7ffc0638bd40 a1=7ffc0638bc30 a2=7ffc0638bc30 a3=23 items=1 ppid=20078 pid=3263 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1533735299.652:322277): avc:  denied  { getattr } for  pid=3263 comm="httpd" path="/usr/local/nagios/var/rw/nagios.cmd" dev="dm-2" ino=1936683 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=fifo_file
----
time->Wed Aug  8 15:36:12 2018
type=PROCTITLE msg=audit(1533735372.133:323067): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=SYSCALL msg=audit(1533735372.133:323067): arch=c000003e syscall=6 success=no exit=-13 a0=7ffc0638bd40 a1=7ffc0638bc30 a2=7ffc0638bc30 a3=23 items=1 ppid=20078 pid=416 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1533735372.133:323067): avc:  denied  { getattr } for  pid=416 comm="httpd" path="/usr/local/nagios/var/rw/nagios.cmd" dev="dm-2" ino=1936683 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=fifo_file
----
time->Wed Aug  8 15:36:12 2018
type=PROCTITLE msg=audit(1533735372.133:323068): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=SYSCALL msg=audit(1533735372.133:323068): arch=c000003e syscall=2 success=no exit=-13 a0=5566a8c2c018 a1=241 a2=1b6 a3=6f6967616e2f6c61 items=2 ppid=20078 pid=416 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1533735372.133:323068): avc:  denied  { write } for  pid=416 comm="httpd" name="nagios.cmd" dev="dm-2" ino=1936683 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=fifo_file
Top
sib
Posts: 111
Joined: Thu Dec 11, 2014 8:06 am

Re: API: Could not open command file

Post by sib »

I fixed it. You can close this one.

best
Chris
Top
Locked

Return to “Nagios XI”