Backup before an upgrade

[jsalsbury]

Well all that seemed to have really helped though apparently my Nagios does not want to upgrade.

I got this now

Sorry, user root is not allowed to execute '/usr/local/nagiosxi/scripts/reset_config_perms.sh' as root on peplap02192.

Resetting configuration permissions failed!


Makes no sense to me I have done 2 or 3 other installs. Odd right?

[pbroste]

Hello @jsalsbury

Yeah, typically we don't see to many permission issues running 'reset_config_perms' script.

Want to have you run the script with the 'nagios' user account:

Code: Select all

su -l nagios

Let us know how that goes, if you receive error while executing the 'reset_config_perms.sh' script, please run with this option and let us know where it fails:

Code: Select all

bash -x /usr/local/nagiosxi/scripts/reset_config_perms.sh

Thanks,
Perry

[jsalsbury]

This script needs to be run as root/superuser.

it would not let me run it as Nagios

[jsalsbury]

As well, it would not let me run the bash script logged in as Nagios

[pbroste]

Hello @jaslsbury

Want to take a look at the sudoers, the Nagios XI install script that we are updating '/etc/sudoers'

Appending to the end of the sudoers found in the install script:

Code: Select all

cat /directorywheretheinstalleris/nagiosxi/nagiosxi.sudoers >> /etc/sudoers

To verify:

[cat]/etc/sudoers[/user]

Apended results:

>cat /yournagiosinstallerdirectory/nagiosxi/nagiosxi.sudoers
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/migrate/migrate.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *

Also, verify that the root ALL=(ALL) ALL line is also included in your '/etc/sudoers'

Verify root account:

Code: Select all

whoami

The script of interest inside the installer that we are referring to is 'install-sudoers'.

Now let's take a look at the '/usr/local/nagiosxi/scripts/reset_config_perms.sh' and take one line and run the command manually:

Code: Select all

find /usr/local/nagios/etc -type f -exec /bin/chmod --verbose 664 -- {} +

Please let us know the results,
Perry

[jsalsbury]

root@peplap02192:/# find /usr/local/nagios/etc -type f -exec /bin/chmod --verbose 664 -- {} +
mode of ‘/usr/local/nagios/etc/pnp/rra.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/npcd.cfg-sample’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/rra.cfg-sample’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/check_commands/check_nwstat.cfg-sample’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/process_perfdata.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/process_perfdata.cfg-sample’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/pnp4nagios_release’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/background.pdf’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/npcd.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/pages/web_traffic.cfg-sample’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/pnp/config.php’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/nagios.cfg.xi’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/import/xi_timeperiod_24x7.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/import/configwizard-hyperv.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/ndo.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/serviceextinfo.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/servicedependencies.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/serviceescalations.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/nsca.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/servicegroups.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/contacts.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/ndo2db.cfg’ retained as 0664 (rw-rw-r--)
mode of ‘/usr/local/nagios/etc/servicetemplates.cfg’ retained as 0664 (rw-rw-r--)
Moderator note: removed extra lines.....

[jsalsbury]

Currently I am Root

[jsalsbury]

I have tried to grep for nagiosxi.sudeors and I cannot seem to find it

[pbroste]

Hello @jsalsbury

Thanks for the details, the command that we pulled and ran looks good, otherwise we would have seen 'operation not permitted'.

Attached is the 'nagiosxi.sudoers' pulled from the installer, please make sure that is appended to your '/etc/sudoers'.

Then please run through the script to verify:

Code: Select all

bash -x /usr/local/nagiosxi/scripts/reset_config_perms.sh

Thanks,
Perry

[jsalsbury]

add it to the end of this file ?

s, /sbin/getcap /bin/netstat, /sbin/getcap /usr/bin/netstat, /sbin/getcap /bin/ps, /sbin/getcap /usr/bin/ps
#
#dmidecode PGT
r4padm ALL=(root) NOPASSWD: /usr/sbin/dmidecode
r5padm ALL=(root) NOPASSWD: /usr/sbin/dmidecode
gsmadm ALL=(root) NOPASSWD: /usr/sbin/dmidecode
################################################################################

################################################################################
#
# End of File
#
################################################################################