All,
I installed Nagios XI 5.7.4 using the offline version of the install (on a Red Hat 7 server). It completed without error, with the exception that my current /etc/sudoers file gets corrupted. The way my UNIX team has implemented /etc/sudoers is that each server has a copy of the same /etc/sudoers file. When I use the http://<server name>/nagiosxi I get a ->
Forbidden
You don't have permission to access /nagiosxi on this server
error. I need to install offline, as my UNIX group has pulled red hat repositories online, and when I execute it interactively I get that it tries going out to pull down more rpms near the end of the install (it tries 20 times before quitting).
First is there any way to avoid corrupting the /etc/sudoers file via the offline install. Next, can you tell if the offline install is complete. It looks like most of the Nagios services are not installed (nagios, no2db, nrpe, etc.)
Nagios XI 5.7.4 offline install doesn't work.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Nagios XI 5.7.4 offline install doesn't work.
Hi,
If you can retrieve the "/tmp/xi-install.log" and post it to the thread that would be very helpful. If the Unix team is overwriting the sudoers file on the system, then the Nagios XI is not going to be able to function properly. Can you get a variance from them on this issue?
Also, the error message looks like an issue with the Apache settings? Are there any other applications running on this server?
Here are the default Nagios XI entries for the sudoers file.
If you can retrieve the "/tmp/xi-install.log" and post it to the thread that would be very helpful. If the Unix team is overwriting the sudoers file on the system, then the Nagios XI is not going to be able to function properly. Can you get a variance from them on this issue?
Also, the error message looks like an issue with the Apache settings? Are there any other applications running on this server?
Here are the default Nagios XI entries for the sudoers file.
Code: Select all
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/auto discover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/migrate/migrate .php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/a utodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Nagios XI 5.7.4 offline install doesn't work.
Benjamin,
At this time one of my team members decided it would be best to try to do the interactive install. This caused a lot of complications as various RPMs and CPAN files were attempted to be downloaded. The biggest complication is that the log file is for the interactive install, not the offline install. I will discuss with the individual when he returns on Monday how we should proceed (my choice is the offline install). In the mean time I get 3 errors showing up when /etc/sudoers is modified. Could these from the list you provided be causing my /etc/sudoers problem?
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/auto discover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/auto discover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/a utodiscover_new.php *
At this time one of my team members decided it would be best to try to do the interactive install. This caused a lot of complications as various RPMs and CPAN files were attempted to be downloaded. The biggest complication is that the log file is for the interactive install, not the offline install. I will discuss with the individual when he returns on Monday how we should proceed (my choice is the offline install). In the mean time I get 3 errors showing up when /etc/sudoers is modified. Could these from the list you provided be causing my /etc/sudoers problem?
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/auto discover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/auto discover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/a utodiscover_new.php *
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Nagios XI 5.7.4 offline install doesn't work.
HI,
Regards,
Benjamin
Reference:
Nagios XI Offline Installation
Nagios XI Manual Install
Can you post a screenshot of the actual error messages for us to troubleshoot? Those entries are for the auto-discover feature in the CCM, and I don't think they would be causing the problem. You can easily remove them, but that feature will not work then.. In the meantime I get 3 errors showing up when /etc/sudoers is modified. Could these from the list you provided be causing my /etc/sudoers problem?
Regards,
Benjamin
Reference:
Nagios XI Offline Installation
Nagios XI Manual Install
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Nagios XI 5.7.4 offline install doesn't work.
All,
I have uninstalled the Nagios XI 5.7.4 offline install, and have installed the Nagios XI 5.7.5 offline install. The install seemed to go fine, but I have 2 errors that it creates.
1. It produces a -> LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lib/mrtg/mrtg.lock --confcache-file /var/lib/mrtg/mrtg.ok --user=nagios --group=nagios --user=nagios --group=nagios
2020-11-24 13:25:01: ERROR: Creating templock /var/lib/mrtg/mrtg.lock_11646: Permission denied at /usr/bin/mrtg line 1962
2. The install also produces a corrupt /etc/sudoers file. I believe this is because the autodiscover_new.php and getprofile.sh scripts are contained in different directories in prior versions of Nagios, and my installation of Nagios /et/sudoers commands contain the older version of the sudoers file, being they maintain 1 version of /etc/sudoers for all applications across all servers. Below is a list of commands I am in the process of adding to /etc/sudoers.
/etc/init.d/nagios checkconfig
/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
/usr/bin/php /usr/local/nagiosxi/scripts/migrate/migrate.php *
/usr/local/nagiosxi/scripts/components/getprofile.sh
/usr/local/nagiosxi/scripts/reset_config_perms.sh
/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
/usr/local/nagiosxi/scripts/backup_xi.sh *
/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
Currently, when I try to bring up Nagios, I still get the
"Forbidden You don't have permission to access /nagiosxi on this server." ERROR
Will updating the /etc/sudoers file help.
I've kind of fixed the 1st problem by adding a "MAILTO=" command to the top of the /etc/cron.d/mrtg file. This stops sending the error message to our UNIX admins (they really complain its stuffing their mail boxes), but really doesn't fix the problem. Anything you can suggest will be greatly appreciated.
I have uninstalled the Nagios XI 5.7.4 offline install, and have installed the Nagios XI 5.7.5 offline install. The install seemed to go fine, but I have 2 errors that it creates.
1. It produces a -> LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lib/mrtg/mrtg.lock --confcache-file /var/lib/mrtg/mrtg.ok --user=nagios --group=nagios --user=nagios --group=nagios
2020-11-24 13:25:01: ERROR: Creating templock /var/lib/mrtg/mrtg.lock_11646: Permission denied at /usr/bin/mrtg line 1962
2. The install also produces a corrupt /etc/sudoers file. I believe this is because the autodiscover_new.php and getprofile.sh scripts are contained in different directories in prior versions of Nagios, and my installation of Nagios /et/sudoers commands contain the older version of the sudoers file, being they maintain 1 version of /etc/sudoers for all applications across all servers. Below is a list of commands I am in the process of adding to /etc/sudoers.
/etc/init.d/nagios checkconfig
/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
/usr/bin/php /usr/local/nagiosxi/scripts/migrate/migrate.php *
/usr/local/nagiosxi/scripts/components/getprofile.sh
/usr/local/nagiosxi/scripts/reset_config_perms.sh
/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
/usr/local/nagiosxi/scripts/backup_xi.sh *
/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
Currently, when I try to bring up Nagios, I still get the
"Forbidden You don't have permission to access /nagiosxi on this server." ERROR
Will updating the /etc/sudoers file help.
I've kind of fixed the 1st problem by adding a "MAILTO=" command to the top of the /etc/cron.d/mrtg file. This stops sending the error message to our UNIX admins (they really complain its stuffing their mail boxes), but really doesn't fix the problem. Anything you can suggest will be greatly appreciated.
Re: Nagios XI 5.7.4 offline install doesn't work.
1. Run these commands to fix that problem:
If that doesn't resolve it, send the output of this command:
2. That was a copy/paste error, here are the defaults:
Code: Select all
chown -R apache.nagios /var/lib/mrtg
chmod -R 775 /var/lib/mrtg
chmod g+s /var/lib/mrtgCode: Select all
grep nag /etc/groupCode: Select all
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *That means you have apache config issues. Please run this command and send us the resulting /tmp/HTTPDFILES.zip file:Forbidden You don't have permission to access /nagiosxi on this server.
Code: Select all
zip -r /tmp/HTTPDFILES.zip /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/Re: Nagios XI 5.7.4 offline install doesn't work.
All, after moving missing files into their proper directories, we arrived at the screen to finalize the installation. I received the following error message-> Product installation error (NEC000NPID) please contact Nagios Support. We searched the /var/log files but didn't find anything to point us to resolving this error. Please help. Thank you.
Re: Nagios XI 5.7.4 offline install doesn't work.
Got the following error message from our latest attempt to make this work.
Dec 3 11:34:43 <Nagios Server> audispd: node=<Nagios Server> type=CRED_DISP msg=audit(1607013283.690:2019): pid=13497 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_env,pam_fprintd acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Dec 3 11:34:46 <Nagios Server> ndo2db: Error: mysql_query() failed for 'UPDATE nagios_conninfo SET last_checkin_time=NOW(), bytes_processed='845725', lines_processed='79408', entries_processed='3752' WHERE conninfo_id='0''
Dec 3 11:34:46 <Nagios Server> ndo2db: mysql_error: 'Table 'nagios.nagios_conninfo' doesn't exist'
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming timedevents.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming systemcommands.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming servicechecks.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming hostchecks.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming eventhandlers.
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=SYSCALL msg=audit(1607013290.606:2020): arch=c000003e syscall=2 success=yes exit=5 a0=5587843a70c0 a1=2 a2=180 a3=3 items=1 ppid=6187 pid=13515 auid=4294967295 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" key="logins"
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=CWD msg=audit(1607013290.606:2020): cwd="/tmp"
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=PATH msg=audit(1607013290.606:2020): item=0 name="/var/run/faillock/nagios" inode=47593 dev=00:13 mode=0100600 ouid=1000 ogid=1001 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=PROCTITLE msg=audit(1607013290.606:2020): proctitle=7375646F002F7573722F6C6F63616C2F6E6167696F7378692F736372697074732F6D616E6167655F73657276696365732E7368007374617475730063726F6E64
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=USER_ACCT msg=audit(1607013290.609:2021): pid=13515 uid=1000 auid=4294967295 ses=4294967295 msg='op=PAM:account
Had to sanitize the server name with <Nagios Server>.
Dec 3 11:34:43 <Nagios Server> audispd: node=<Nagios Server> type=CRED_DISP msg=audit(1607013283.690:2019): pid=13497 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_env,pam_fprintd acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Dec 3 11:34:46 <Nagios Server> ndo2db: Error: mysql_query() failed for 'UPDATE nagios_conninfo SET last_checkin_time=NOW(), bytes_processed='845725', lines_processed='79408', entries_processed='3752' WHERE conninfo_id='0''
Dec 3 11:34:46 <Nagios Server> ndo2db: mysql_error: 'Table 'nagios.nagios_conninfo' doesn't exist'
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming timedevents.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming systemcommands.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming servicechecks.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming hostchecks.
Dec 3 11:34:46 <Nagios Server> ndo2db: Trimming eventhandlers.
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=SYSCALL msg=audit(1607013290.606:2020): arch=c000003e syscall=2 success=yes exit=5 a0=5587843a70c0 a1=2 a2=180 a3=3 items=1 ppid=6187 pid=13515 auid=4294967295 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" key="logins"
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=CWD msg=audit(1607013290.606:2020): cwd="/tmp"
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=PATH msg=audit(1607013290.606:2020): item=0 name="/var/run/faillock/nagios" inode=47593 dev=00:13 mode=0100600 ouid=1000 ogid=1001 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=PROCTITLE msg=audit(1607013290.606:2020): proctitle=7375646F002F7573722F6C6F63616C2F6E6167696F7378692F736372697074732F6D616E6167655F73657276696365732E7368007374617475730063726F6E64
Dec 3 11:34:50 <Nagios Server> audispd: node=<Nagios Server> type=USER_ACCT msg=audit(1607013290.609:2021): pid=13515 uid=1000 auid=4294967295 ses=4294967295 msg='op=PAM:account
Had to sanitize the server name with <Nagios Server>.
Re: Nagios XI 5.7.4 offline install doesn't work.
Please run this command to fix that error:
Code: Select all
mysql -h 127.0.0.1 -uroot -pnagiosxi nagios -e 'CREATE TABLE nagios_conninfo (conninfo_id int(11) NOT NULL AUTO_INCREMENT, instance_id smallint(6) NOT NULL DEFAULT "0", agent_name varchar(32) CHARACTER SET latin1 NOT NULL DEFAULT "", agent_version varchar(8) CHARACTER SET latin1 NOT NULL DEFAULT "", disposition varchar(16) CHARACTER SET latin1 NOT NULL DEFAULT "", connect_source varchar(16) CHARACTER SET latin1 NOT NULL DEFAULT "", connect_type varchar(16) CHARACTER SET latin1 NOT NULL DEFAULT "", connect_time datetime NOT NULL DEFAULT "1970-01-01 00:00:01", disconnect_time datetime NOT NULL DEFAULT "1970-01-01 00:00:01", last_checkin_time datetime NOT NULL DEFAULT "1970-01-01 00:00:01", data_start_time datetime NOT NULL DEFAULT "1970-01-01 00:00:01", data_end_time datetime NOT NULL DEFAULT "1970-01-01 00:00:01", bytes_processed int(11) NOT NULL DEFAULT "0", lines_processed int(11) NOT NULL DEFAULT "0", entries_processed int(11) NOT NULL DEFAULT "0", PRIMARY KEY (conninfo_id) ) ENGINE=INNODB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 COMMENT="NDO2DB daemon connection information";'Re: Nagios XI 5.7.4 offline install doesn't work.
Got it working by doing a re-install. Please close this case.