Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

RHEL 8 Nagios XI 5.8.7 Fresh install

https://support.nagios.com/forum/viewtopic.php?t=64340

Page 2 of 3

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Tue Jan 18, 2022 2:49 pm
by hbouma
PM sent with the latest profile.

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Tue Jan 18, 2022 4:21 pm
by pbroste
Hello @hbouma

Let's optimize the php-fpm service, edit this file:

Code: Select all

/etc/httpd/conf.d/php.conf
Change this specific part (around line 46):

Code: Select all

<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>
Add this:

Code: Select all

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>
So it looks like this:

Code: Select all

<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>
Then edit this file:

Code: Select all

/etc/php-fpm.d/www.conf
Set:

Code: Select all

pm.max_requests = 50
Then restart apache/php-fpm:

Code: Select all

systemctl restart httpd php-fpm
Let us know how things look,
Perry

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Wed Jan 19, 2022 8:53 am
by hbouma
I made the changes requested, but I found a few more things that don't seem to be setup properly.

The following commands have no command lines:
check_xi_check_postgres
check_xi_check_postgres_query
check_xi_service_rrdtraf

The host group "windows-servers" didn't seem to get created properly.

I am not sure what else may not have been installed properly, but I am wondering how I can go through and verify that everything installed properly? Or is there a way to force a full reinstall of Nagios XI?

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Wed Jan 19, 2022 3:16 pm
by pbroste
Hello @hbouma

I see that this was a fresh install, were the checks keyed in or did you bring those over? If you brought it over please let us know what method used.

Let's have you reindex
  • Reindex the Core Configuration Manager (CCM) configs
    • [list]
  • rm -rf /usr/local/nagios/etc/import/*
  • 1: Head over to the Nagios XI web console
    ==> Core Configuration Manager (CCM)
    ==> Config File Management
    ==> [Delete Files]
    ==> [Write Files]
    ==> [Verify Files]
  • 2: Core Configuration Manager (CCM)
    ==> Under Quick Tools
    ==> "Apply Configuration"
  • 3: Restart nagios.service by terminal command: systemctl restart nagios
    • [list]

  • Code: Select all

    systemctl restart nagios
[/list]

Verify that the host and services look good and verify that there are no errors in core by:

  • Code: Select all

    /usr/local/nagios/bin/nagios -vvv /usr/local/nagios/etc/nagios.cfg
A list of warnings:

  • Code: Select all

    less /usr/local/nagios/var/nagios.log | grep -Ei 'warning: service|warning return' | awk -F "] " '{print $2}' | sort -u
[/list]
Let us know how things are looking,
Perry

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Wed Jan 19, 2022 4:08 pm
by hbouma
We have not yet brought anything over. We had performed the following work:

Install Nagios XI
Offload the DB to a separate server: https://assets.nagios.com/downloads/nag ... Server.pdf
Change default passwords: https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Setup SSL communication: https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Then we started working through some of the checks recommended in the Best Practices guide https://library.nagios.com/library/prod ... practices/

When we tried applying some of the checks from the best practices, we noticed that some commands had no command line defined and opened the post.

We deleted the files in the import folder, deleted the config files, wrote the config files, verified the config files and restarted nagios.

Code: Select all

/usr/local/nagios/bin/nagios -vvv /usr/local/nagios/etc/nagios.cfg
The only errors I see in the logs are that some checks do not have a default contact, which we are aware of and will fix after we verify everything is working.

Code: Select all

less /usr/local/nagios/var/nagios.log | grep -Ei 'warning: service|warning return' | awk -F "] " '{print $2}' | sort -u
The only errors I see in the logs are that some checks do not have a default contact, which we are aware of and will fix after we verify everything is working.

We do still see issues were some of the checks do not have any defined command lines after making these changes, which makes us worry about what else may be broken that we just don't see.
2022-01-19 16_14_22-CCM · Nagios XI - Work - Microsoft​ Edge.png

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Thu Jan 20, 2022 2:46 pm
by ssax
Make sure that you do this on the offloaded DB:

Code: Select all

https://support.nagios.com/kb/article/nagios-xi-strict_trans_tables-780.html
It may be related.

Do you have the full install.log so we can see everything that occurred?

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Thu Jan 20, 2022 3:02 pm
by hbouma
ssax wrote:Make sure that you do this on the offloaded DB:

Code: Select all

https://support.nagios.com/kb/article/nagios-xi-strict_trans_tables-780.html
It may be related.
Interesting, I have never seen that before. I have implemented the changes.

I will PM you the install.log and upgrade.log files from where I did the install, and tried forcing an upgrade to make the settings populate (didn't work).

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Thu Jan 20, 2022 3:22 pm
by ssax
Those commands don't have any command_line on mine either (fresh install), but they are also disabled so they shouldn't impact anything.

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Thu Jan 20, 2022 3:27 pm
by ssax
At the top of the offloaded DB doc on page 2 that STRICT_TRANS_TABLES change is linked:
Nagios XI requires the STRICT_TRANS_TABLES to be disabled. Please see the Nagios XI -
STRICT_TRANS_TABLES article for more information.
https://assets.nagios.com/downloads/nag ... Server.pdf

Re: RHEL 8 Nagios XI 5.8.7 Fresh install

Posted: Thu Jan 20, 2022 3:43 pm
by pbroste
Hello @hbouma

Talking with @ssax we were looking at the nagios log errors with code 4 and see that that represents; "EXIT_NOPERMISSION The user has insufficient privileges".

Want to have you take a look at your '/etc/sudoers' and make sure that these lines are appended:

Code: Select all

User_Alias      NAGIOSXI=nagios
User_Alias      NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/send_to_nls.php *
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/migrate/migrate.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/scripts/components/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/components/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
If we continue to see permissions issues then we suspect that there is some "security-related hardening" going on.

Thanks,
Perry
All times are UTC-05:00
Page 2 of 3

Powered by phpBB® Forum Software © phpBB Limited