Nagios Support Forum

bheden wrote:The script you're looking for is in /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php.

Unfortunately, this script itself is source protected. <snip>

I hope this is enough information for you!

This doesn't help much, unfortunately.

I propose a code change: if autodiscover_new.php changes ownership of its output .xml file to the account that the webservers runs under (apache, usually), this problem should be solved.

mvndnburg wrote: Nagios returns an error XML was not valid and no scan results.

Let's take a step back to your first post. Is this error in the WebUI? If so, could you post a screenshot? It sounds a lot like the SSL errors we see from time to time. Maybe we've been barking up the wrong tree the whole time.

What can happen in the SSL situation is that if things were created with SSL and then SSL is used (or visa versa) Apache (or PHP, I'm not sure off the top of my head) doesn't know what to do with it.

If it's not a GUI error, can you post the full error?

Lastly, 5.4.0 is out with important security improvements, although they should be less important with an offline install. Look for an off-line installer in the coming weeks!

I filed a bug report to have the developers consider the permission changes, ID #10644.

dwhitfield wrote:Is this error in the WebUI? If so, could you post a screenshot? It sounds a lot like the SSL errors we see from time to time. Maybe we've been barking up the wrong tree the whole time.

Yes, the error is in the WebUI.
I attached three snapshots:
- the files as they are generated when the job finishes, when SElinux is Permissive
- another one with the finished job and the XML error, when SElinux is Permissive
- one displaying the never-ending spinner when SElinux is Enforcing

[...]

dwhitfield wrote:Lastly, 5.4.0 is out with important security improvements, although they should be less important with an offline install. Look for an off-line installer in the coming weeks!

We will, already asked when it would be there

Thanks for the addition! As it's been filed, it is now up to the developers to modify the code. I've proposed the ownership changes to them which should counteract this in the future.

Hello,

We've upgraded to 5.4.0 in the meantime, and the issue persists there (which was sort of to be expected, I understood from the planned release contents). The spinner keeps on spinning and no output is created.

Do you have an ETA for an (offline) release where autodiscovery will work with SELinux enabled?

There was a big FR culling recently and that one appears to have made the cut, at least this round. As to when it might be included, or if it will ever be included, I cannot say for certain.

dwhitfield wrote:There was a big FR culling recently and that one appears to have made the cut, at least this round. As to when it might be included, or if it will ever be included, I cannot say for certain.

Thank you for the update. There is still hope

Unfortunately, they went through another batch yesterday, and this feature request has been cancelled.

I'm not sure there is really any recourse. The CTO, Dev, QA, and Support managers were the ones that went through the feature requests.

Did you want me to lock this up or leave it open for one of the managers to comment?

dwhitfield wrote:Did you want me to lock this up or leave it open for one of the managers to comment?

I would like one of the managers to comment on this and explain the rationale for not fixing it.

The way I see it this is a bug, not a feature request or enhancement. I know Nagios XI is not officially supported running under SELinux, but even in permissive mode, the .xml file is created with the ownersjip of root:root and permissions 640, which is too restrictive for the system to work with. It would be interesting to know how this can work at all for other parties?

Simplisticaly put: bugs need to be solved when paid-for functionality does not work. Changing the relevant script to change the ownership to being the same to that of the other two files seems really trivial to me.


Best regards,