Page 1 of 1
Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Fri Jan 13, 2017 12:18 pm
by vuduops
Hi;
Our security team informed us that the current version of nagios core version 4.1.1 in the nagiosxi version has a cross site scripting vulnerability. Is there a way to upgrade the nagios core or even disable if not being used ?
-Krishna
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Fri Jan 13, 2017 12:25 pm
by dwhitfield
The supported way is to upgrade XI to 5.4.
https://assets.nagios.com/downloads/nag ... 4.0.tar.gz or
http://repo.nagios.com/
If you aren't on 5.3.4, I'd suggest upgrading to that first:
https://assets.nagios.com/downloads/nag ... 3.4.tar.gz. An incredibly small subset of users (5?) have had better luck with upgrading to 5.3.4 first.
XI uses Core, so no, Core cannot be disabled.
Please let us know if you have additional questions.
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Fri Jan 13, 2017 1:21 pm
by vuduops
I upgraded to 5.3.4, When I did that I lost both my host and service configuration files. I went ahead and tried upgrade 5.4 but the upgrade failed. I have attached the upgrade.log for your reference.
Thanks
Krishna
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Fri Jan 13, 2017 2:47 pm
by dwhitfield
Thanks for sending the upgradelog!
The error you got is because our installer can't figure out your init system. Have you modified your init system in any way?
What's the output of stat /proc/1/exe?
It looks as though you are running Cent/RHEL 6, but let's check ll /usr/lib/systemd.
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Fri Jan 13, 2017 3:01 pm
by vuduops
No we didnot modify the init system.here is the info you requested for ....
Code: Select all
[[email protected] ~]# stat /proc/1/exe
File: `/proc/1/exe' -> `/sbin/init'
Size: 0 Blocks: 0 IO Block: 1024 symbolic link
Device: 3h/3d Inode: 14096895 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-01-13 03:34:29.786477195 +0000
Modify: 2016-12-17 03:12:22.195477194 +0000
Change: 2016-12-17 03:12:22.195477194 +0000
[[email protected] ~]# ll /usr/lib/systemd
ls: cannot access /usr/lib/systemd: No such file or directory
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Mon Jan 16, 2017 12:12 pm
by dwhitfield
I went into
/tmp/nagiosxi/subcomponents/ndoutils/upgrade and commented out the
make install-init line and my upgrade went through "fine".
You should also comment out the
rm -rf "$pkgname" line because you will need to go back and install and make the init stuff. I will need to do a bit more digging on the init stuff, but you don't need it to get up and running.
I did need to repair the db after the upgrade...whether waiting for everything to catch up would have been enough, I don't know.
Code: Select all
service mysqld stop
/usr/local/nagiosxi/scripts/repairmysql.sh nagios
service mysqld start
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Tue Jan 17, 2017 6:27 pm
by vuduops
I was able to upgrade directly to 5.4.0 and had no issues doing that ...
-Krishna
Re: Nagios core Version 4.1.1 in nagios xi 5.3
Posted: Wed Jan 18, 2017 9:50 am
by dwhitfield
It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!