Hoping someone here can help with this problem:
I get this error when I try to create a new MySQL Query in Nagios XI:
You don't have permission to access /nagiosxi/config/monitoringwizard.php on this server.
Apache/2.2.15 (CentOS) Server at ibnm001.xxxxxxx.com Port 443
Have tried the following:
1. CCM Write config files (completed ok)
2. CCM Verify config files (completed ok)
3. Admin -> reset security credentials (sub system credentials)
4. Cleared browser cache (same problem exists)
5. I normally use chrome browser so tried IE (same problem exists)
6. Reset nagiosadmin pass from command: sudo /usr/local/nagiosxi/scripts/reset_nagiosadmin_password.php --password=xxxxxxxx
7. Reset permissions from command: sudo /usr/local/nagiosxi/scripts/reset_config_perms
Result:
SETUID ROOT OK
RESETTING PERMS
Environment: Nagios XI 2014R1.4 on 64 bit Centos 6.5 (running on Citrix XenServer).
What else can I do? Where else to look for more details? Nothing significant in nagios.log or /var/log/messages.
thanks in anticipation
Forbidden You don't have permission to access /nagiosxi/conf
Re: Forbidden You don't have permission to access /nagiosxi/
What are the permissions on the following file and dir?
Code: Select all
ls -la /usr/local/nagiosxi/html/config/monitoringwizard.php
ls -lad /usr/local/nagiosxi/html/configFormer Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: Forbidden You don't have permission to access /nagiosxi/
I found the problem - it was the configuration of mod_security. NagiosXI trips up on lots of the SQL Injection attack rules and causes this problem. Had to run tail -f /var/log/httpd/error_log to show the errors as they occurred (when I was editing services in nagios) and then disable the rules that popped up in the log, restart apache try again until I got it all working again.
Here is a sample of what I was getting in the logs:
[Sat Aug 16 03:17:46 2014] [error] [client xxx.xxx.188.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:query. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: select count(*) from found within ARGS:query: select count(*) from ACCOUNT_LOG"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "xxx.xxx.com"] [uri "/nagiosxi/config/monitoringwizard.php"] [unique_id "U@7NWndRTRUAAFLshz0AAAAL"]
To exclude the rules you just edit: /etc/httpd/conf.d/mod_security_excluded_rules.conf
and add the rule numbers eg on line 4 - [id "950001"] is the rule number so add to the list as follows:
<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 950001
save and restart apache.
Here is a sample of what I was getting in the logs:
[Sat Aug 16 03:17:46 2014] [error] [client xxx.xxx.188.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:query. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: select count(*) from found within ARGS:query: select count(*) from ACCOUNT_LOG"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "xxx.xxx.com"] [uri "/nagiosxi/config/monitoringwizard.php"] [unique_id "U@7NWndRTRUAAFLshz0AAAAL"]
To exclude the rules you just edit: /etc/httpd/conf.d/mod_security_excluded_rules.conf
and add the rule numbers eg on line 4 - [id "950001"] is the rule number so add to the list as follows:
<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 950001
save and restart apache.