Matt Bostock wrote:
> *** I tried sending this to nagios-users but didn't get a response, I
> figured maybe it's more suitable in the dev mailing list, hope that's ok.***
>
> Hi,
>
> I'm trying to run Nagios inside a FreeBSD jail, but am getting this in
> nagios.log:
>
> [1116603291] Nagios 2.0b3 starting... (PID=88484)
> [1116603291] LOG VERSION: 2.0
> [1116603336] Warning: Could not get group entry for 'nagios'
> [1116603336] Warning: Could not set effective GID=-1
> [1116603336] Failed to drop privileges. Aborting.
>
> After that, Nagios exits. The nagios user and group are definetly set
> up. Any suggestions would be very gratefully appreciated.
>
Nagios has similar requirements to apache (or any daemon dropping
privileges) inside a chroot jail. You'll need /etc/group and /etc/passwd
inside the jail, in the default locations, as well as a number of other
files (/etc/nsswitch.conf and friends). Even so, I'm not sure it will
work as the plugins will inherit the jail from Nagios. The plugins
requires /etc/hosts, /etc/resolv.conf, /etc/services and a whole host of
other things (like perl, shared libraries etc. etc.).
It's most likely more of a headache than it's worth, and considering
Nagios isn't a networking daemon per se, you'd probably be better off
just putting the webserver in jail anyways, since it's the CGI's (if
anything) that's susceptible to attack.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Lead Developer
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]