I just recently upgraded NagiosXI from version 2012R1.6 to 2012R2.2 running on RHEL 6.4 x64. The upgrade went with out any errors. However, we notice if we try to sudo, we get the following error:
When I looked into this I saw that there are the following entries in /etc/sudoers:sudo: >>> /etc/sudoers: Alias `NAGIOSXI' already defined near line 125 <<<
sudo: parse error in /etc/sudoers near line 125
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
There is also nagiosxi entries in /etc/sudoers.d/nagiosxi. It contains the following:nagios ALL=NOPASSWD:/etc/init.d/nagios start,/etc/init.d/nagios stop,/etc/init.d/nagios restart,/etc/init.d/nagios reload,/etc/init.d/nagios status,/etc/init.d/nagios checkconfig,/etc/init.d/ndo2db start,/etc/init.d/ndo2db stop,/etc/init.d/ndo2db restart,/etc/init.d/ndo2db reload,/etc/init.d/ndo2db status,/etc/init.d/npcd start,/etc/init.d/npcd stop,/etc/init.d/npcd restart,/etc/init.d/npcd reload,/etc/init.d/npcd status,/usr/bin/nmap *
apache ALL=NOPASSWD:/usr/bin/nmap *,/etc/init.d/snmptt restart
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/nmap *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/nmap *
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
[quoteUser_Alias NAGIOSXI=nagios
# Nagios Core
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
# NDO2DB
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
# PNP
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
][/quote]
It looks like we have duplicates of entries. If I comment out the NAGIOSXI user_alias in sudoers, the problem for sudo is solved. My question is which entries are valid? What is recommended to cleanup?
Thanks,
David