Nagios Support Forum

Unfortunately I did not make note of nagiosadmin's API key prior to when the web UI stopped working, so I am not able to do the 2 curl commands you specified.

How / where can I get an API key in the CLI?

I note that when I try to login but get a blank page I am getting a 500 internal server error and a 400 page not found (see below, plus screencap attached).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(menu) > Settings > Privacy & Security > Cookies and Site Data >
Clear Data >
[ ] Cookies and Site Data
[/] Cached Web Content
Clear >
(menu) > More tools > Web Developer Tools > Network >
https://campusmon2v4.techservices.illinois.edu/
This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. campusmon2v4.techservices.illinois.edu
jQuery.Deferred exception: $(...).tooltip is not a function @https://campusmon2v4.techservices.illin ... e.js:2:589
e@https://campusmon2v4.techservices.illin ... js:2:30038
l/</t<@https://campusmon2v4.techservices.illin ... js:2:30340
undefined jquery-3.6.0.min.js:2:31593
Uncaught TypeError: $(...).tooltip is not a function
<anonymous> https://campusmon2v4.techservices.illin ... /core.js:2
jQuery 2

Access Nagios XI >
This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”.
Username: nagiosadmin
Password: **********
Login >
POSThttps://campusmon2v4.techservices.illinois.edu/nagiosxi/login.php
[HTTP/1.0 500 Internal Server Error 698ms]
GEThttps://campusmon2v4.techservices.illinois.edu/favicon.ico
[HTTP/1.1 404 Not Found 240ms]
# Screenshot from 2021-09-21 11-04-58.png
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hello @murdock

Typically when we see 500 messages it is one of the following; Permission error, PHP memory/timeout, .htaccess issue.

Let's look at resetting the .htaccess by doing the following:
Thanks,
Perry

Hi Perry,

As I am able to login to Core, I am skeptical that this is a .htaccess issue; regardless...

I assume you meant...
/usr/local/nagiosxi/etc/htpasswd.users # with "xi"
...not...
/usr/local/nagios/etc/htpasswd.users # without "xi"
...as the former exists with copious references but the latter doesn't.

I changed the password for nagiosadmin and verified I could login to
Nagios Core with the new password. I also note that I still get a
blank page when trying to logging in to XI.

Ruling out a possible .htaccess rule, that leaves us with
PHP memory/timeout or a permission issue per your last email.

I'll note again that this XI instance was working fine before I
installed AD integration. Is there a way we can disable or remove
this component to verify this is what broke XI?

Oh! I do not think this is important nor relevant, but I do have in my
notes that when one installs AD integration one also has to install
LDAP integration as well (which I did).

I'll note further that I referred to our working XI instance (version
5.5.10) to make sure I was using similar/comparable settings when
setting up this new (5.8.4) instance.

Is there a way to review AD integration settings from the CLI?

Rob

PS, in my earlier email, I asked for a way to acquire an API key so I could do the 2 curl commands you suggested; I don't think you've addressed this point yet?

Hello @murdock

Sorry about that; missed it. You can pull the API key from your NagiosXI database from the following:
The results look similar to this in /tmp/list.txt:

[/quote]
-------+
| 1 | nagiosadmin | $2a$10$aeabcab4829b300525dd5ucFUgRjtY8OcaXU6tkVZ9WXBVjZdeL4y | Nagios Administrator | root@localhost | tWTZakmnmCosGihlMnETh7sfgTZLgpPF | 1 | FmoIveAdtYWB9T0PuHbaXXXXE89LOPSIAnJqYkXbn3HWnG3psWFrs8kUAYPr | 1 | 0 | 0 | 0 | 1632319548 | 0 | 0 | 0 | 0 |
[/quote]

The APIkey in this example is: FmoIveAdtYWB9T0PuHbaXXXXE89LOPSIAnJqYkXbn3HWnG3psWFrs8kUAYPr

Here you will be able to list the current configs and make changes via api's from previous post.

Thanks,
Perry

Hi Perry,

Thank you for the instructions for retrieving the API key, that worked great!

Here are the results from the 2 curl commands you gave me previously:

curl -XGET "https://{MyFQDN}/nagiosxi/api/v1/system/authserver?apikey={nagiosadmin api_key}&pretty=1" -k
{
"records": 1,
"authservers": [
{
"id": "6142698e33729",
"enabled": 1,
"conn_method": "ad",
"ad_account_suffix": "{ad_account_suffix}",
"ad_domain_controllers": "{ad_domain_controllers}",
"base_dn": "{base_dn}",
"security_level": "ssl",
"ldap_port": "",
"ldap_host": ""
}
]
}

curl -XGET "https://{MyFQDN}/nagiosxi/api/v1/system/user?apikey={nagiosadmin api_key}&pretty=1" -k
{
"records": 4,
"users": [
{
"user_id": "4",
"username": "{username_4}",
"name": "{name_4}",
"email": "{email_4}",
"enabled": "1"
},
{
"user_id": "3",
"username": "{username_3}",
"name": "{name_3}",
"email": "{email_3}",
"enabled": "1"
},
{
"user_id": "2",
"username": "{username_2}",
"name": "{name_2}",
"email": "{email_2}",
"enabled": "1"
},
{
"user_id": "1",
"username": "nagiosadmin",
"name": "Nagios Administrator",
"email": "root@localhost",
"enabled": "1"
}
]
}

The results of these queries contain confidential information I cannot disclose publicly. If you have another way to share (we use box.com) or if I can encrypt and send via direct email I can pass additional information along. Or some other method, I'm open to trying another way, please let me know how you want to proceed.

Of the 4 accounts: 1, 2, and 3 are "Local"; only #4 is is AD. All of the accounts produce a blank screen after trying to login.

Rob

PS, I'm sure you're already aware of https://thehackernews.com/2021/09/new-n ... d-let.html

Hello @murdock

Thanks for following up with the details, appears that the Active Directory config is incomplete and would like to go ahead and remove that auth server so that only local auth is in place.
The "6142698e33729" is the "server_id"

Confirm:
Try to login with nagiosadmin local account and let me know if the results (from Dev Tool > Network).

Thanks,
Perry

Hi Perry,

Here are the results (with the appropriate {variable} substitutions of course)...

curl -XDELETE "https://{MYFQDN}/nagiosxi/api/v1/system/authserver/6142698e33729?apikey={nagiosadmin api_key}&pretty=1" -k
{
"success": "Removed auth server successfully."
}

curl -XGET "https://{MyFQDN}/nagiosxi/api/v1/system/authserver?apikey={nagiosadmin api_key}&pretty=1" -k
{
"records": 0,
"authservers": [

]
}

Trying to login still yields a blank page and the following in the debugger...

POSThttps://campusmon2v4.techservices.illinois.edu/nagiosxi/login.php
[HTTP/1.0 500 Internal Server Error 683ms]

GEThttps://campusmon2v4.techservices.illinois.edu/favicon.ico
[HTTP/1.1 404 Not Found 264ms]

Rob

Hello @murdock

Thanks for following up, we will continue to go down the list on solutions for 500 errors. Next on the list; permissions and PHP memory limit.

Pretty much everything within '/usr/local/nagios/'... and '/usr/local/nagiosxi/...' are own by nagios group and nagios is the user. Please refer to the attached 'listnag.txt' for an example on permissions and ownership found on my test VM Nagios XI server. Exception, '/usr/local/nagios/libexec' is "drwxrwsr-x. apache nagios"


In a review of your System Profile, I do not see anything that indicates PHP memory limit has been reached.

Let me know how things compare,
Perry

Hi Perry,

Spot checking, mine looks a lot like yours; please see "uofi_list.txt" (attached).

I'll note again that XI was running fine before I enabled AD integration; thus making permission, owner, and group issues unlikely; plus...

...mine is a clean, fresh install. If there are permission, owner, or group issues then that suggest there may be a bug in the Nagios install script or something in the AD integration install that really messed things up. Regardless...

I note that I have ~8999 files & directories, where you have ~13970.

May I ask you let me compare my list with your list in a different format...

cat basedirs.txt
/usr/local/nagios
/usr/local/nagiosxi
/usr/local/nagvis

for d in `cat basedirs.txt` ; do echo "DIRECTORY $d" ; find $d -ls ; done > nag_list.txt

...and send it to me?

In this way I could compare apples to apples: I'll have a script check for any permissions, owner, group, or size differences between
the two lists.

Alternatively, can you send me the command you used to generate your original list?

Rob

PS, in case you're interested, this is how I came up with basedirs.txt:
grep ^/ listnag.txt | cut -d: -f1 | sort > nagdirs.txt # all directories in your list
cut -d/ -f1-4 nagdirs.txt | sort -u > basedirs.txt # just the "top-level" directories