Nagios Support Forum

Nagios XI 5.4.2

From Nagios config file permissions check:

Config File Permissions Check
One or more config files have problems.
Config Scripts

The permissions on the Nagios XI configuration scripts appear to be okay.

Config Files
The following configuration files have incorrect permissions:
/usr/local/nagios/etc/commands.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/contactgroups.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/contacts.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/contacttemplates.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/hostdependencies.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/hostescalations.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/hostextinfo.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/hostgroups.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/hosttemplates.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/servicedependencies.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/serviceescalations.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/serviceextinfo.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/servicegroups.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/servicetemplates.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
/usr/local/nagios/etc/timeperiods.cfg (OWNER=root, GROUP=root, PERMS=-rw-rw-r--)
Each of these config files needs to be writable by the apache and nagios users. To fix this problem, follow these steps:
Login to your Nagios XI server via SSH as the root user
Execute the following commands:
/usr/local/nagiosxi/scripts/reset_config_perms.sh

WHY IS IT STILL SEEING AN ISSUE IF MY FILES WERE CORRECTED AS SHOWN BELOW???
[root@aus200lmon02 etc]# ll
total 188
-rwxrwxr-x. 1 apache nagios 744 Mar 7 15:54 cgi.cfg
-rw-rw-r--. 1 apache nagios 25764 Mar 8 10:22 commands.cfg
-rw-rw-r--. 1 apache nagios 1106 Mar 8 10:22 contactgroups.cfg
-rw-rw-r--. 1 apache nagios 1437 Mar 8 10:22 contacts.cfg
-rw-rw-r--. 1 apache nagios 1675 Mar 8 10:22 contacttemplates.cfg
-rw-rw-r--. 1 apache nagios 817 Mar 8 10:22 hostdependencies.cfg
-rw-rw-r--. 1 apache nagios 819 Mar 8 10:22 hostescalations.cfg
-rw-rw-r--. 1 apache nagios 837 Mar 8 10:22 hostextinfo.cfg
-rw-rw-r--. 1 apache nagios 967 Mar 8 10:22 hostgroups.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 8 10:22 hosts
-rw-rw-r--. 1 apache nagios 16082 Mar 8 10:22 hosttemplates.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 8 10:22 import
-rwxrwxr-x. 1 apache nagios 5670 Mar 7 15:54 nagios.cfg
-rw-rw-r--. 1 apache nagios 2229 Mar 7 15:55 ndo2db.cfg
-rw-rw-r--. 1 apache nagios 4827 Mar 7 15:55 ndomod.cfg
-rw-rw-r--. 1 apache nagios 7988 Mar 7 15:55 nrpe.cfg
-rw-rw-r--. 1 apache nagios 5345 Mar 7 15:55 nsca.cfg
drwxrwsr-x. 4 apache nagios 4096 Mar 7 15:55 pnp
-rwxrwxr-x. 1 apache nagios 210 Mar 7 15:54 resource.cfg
-rw-rw-r--. 1 apache nagios 1627 Mar 7 15:55 send_nsca.cfg
-rw-rw-r--. 1 apache nagios 823 Mar 8 10:22 servicedependencies.cfg
-rw-rw-r--. 1 apache nagios 825 Mar 8 10:22 serviceescalations.cfg
-rw-rw-r--. 1 apache nagios 843 Mar 8 10:22 serviceextinfo.cfg
-rw-rw-r--. 1 apache nagios 813 Mar 8 10:22 servicegroups.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 8 10:22 services
-rw-rw-r--. 1 apache nagios 24852 Mar 8 10:22 servicetemplates.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 7 15:54 static
-rw-rw-r--. 1 apache nagios 3541 Mar 8 10:22 timeperiods.cfg

Did you follow a particular guide/documentation when you set this machine up?

Is SELinux enabled on this machine? What is the output of:
Can you also share the output of these commands:

[root@aus200lmon02 etc]# getenforce
Enforcing

=============================================================================
[root@aus200lmon02 etc]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Nagios Core 4.2.4
Copyright (c) 2009-present Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 12-07-2016
License: GPL

Website: https://www.nagios.org
Reading configuration data...
Read main config file okay...
Read object config files okay...

Running pre-flight check on configuration data...

Checking objects...
Checked 12 services.
Checked 1 hosts.
Checked 1 host groups.
Checked 0 service groups.
Checked 2 contacts.
Checked 2 contact groups.
Checked 124 commands.
Checked 8 time periods.
Checked 0 host escalations.
Checked 0 service escalations.
Checking for circular paths...
Checked 1 hosts
Checked 0 service dependencies
Checked 0 host dependencies
Checked 8 timeperiods
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...

Total Warnings: 0
Total Errors: 0

Things look okay - No serious problems were detected during the pre-flight check

=============================================================================
[root@aus200lmon02 etc]# ls -al /usr/local/nagios/etc
total 196
drwsrwsr-x. 7 apache nagios 4096 Mar 8 10:22 .
drwxr-xr-x. 9 root root 4096 Mar 7 15:54 ..
-rwxrwxr-x. 1 apache nagios 744 Mar 7 15:54 cgi.cfg
-rw-rw-r--. 1 apache nagios 25764 Mar 8 10:22 commands.cfg
-rw-rw-r--. 1 apache nagios 1106 Mar 8 10:22 contactgroups.cfg
-rw-rw-r--. 1 apache nagios 1437 Mar 8 10:22 contacts.cfg
-rw-rw-r--. 1 apache nagios 1675 Mar 8 10:22 contacttemplates.cfg
-rw-rw-r--. 1 apache nagios 817 Mar 8 10:22 hostdependencies.cfg
-rw-rw-r--. 1 apache nagios 819 Mar 8 10:22 hostescalations.cfg
-rw-rw-r--. 1 apache nagios 837 Mar 8 10:22 hostextinfo.cfg
-rw-rw-r--. 1 apache nagios 967 Mar 8 10:22 hostgroups.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 8 10:22 hosts
-rw-rw-r--. 1 apache nagios 16082 Mar 8 10:22 hosttemplates.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 8 10:22 import
-rwxrwxr-x. 1 apache nagios 5670 Mar 7 15:54 nagios.cfg
-rw-rw-r--. 1 apache nagios 2229 Mar 7 15:55 ndo2db.cfg
-rw-rw-r--. 1 apache nagios 4827 Mar 7 15:55 ndomod.cfg
-rw-rw-r--. 1 apache nagios 7988 Mar 7 15:55 nrpe.cfg
-rw-rw-r--. 1 apache nagios 5345 Mar 7 15:55 nsca.cfg
drwxrwsr-x. 4 apache nagios 4096 Mar 7 15:55 pnp
-rwxrwxr-x. 1 apache nagios 210 Mar 7 15:54 resource.cfg
-rw-rw-r--. 1 apache nagios 1627 Mar 7 15:55 send_nsca.cfg
-rw-rw-r--. 1 apache nagios 823 Mar 8 10:22 servicedependencies.cfg
-rw-rw-r--. 1 apache nagios 825 Mar 8 10:22 serviceescalations.cfg
-rw-rw-r--. 1 apache nagios 843 Mar 8 10:22 serviceextinfo.cfg
-rw-rw-r--. 1 apache nagios 813 Mar 8 10:22 servicegroups.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 8 10:22 services
-rw-rw-r--. 1 apache nagios 24852 Mar 8 10:22 servicetemplates.cfg
drwsrwsr-x. 2 apache nagios 4096 Mar 7 15:54 static
-rw-rw-r--. 1 apache nagios 3541 Mar 8 10:22 timeperiods.cfg

=============================================================================
[root@aus200lmon02 etc]# cat /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Refuse to run if unable to disable echo on the tty.
#
Defaults !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home

Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *

Based on this output:
It looks like SELinux is enabled on this system. Can you disable SELinux and see if it fixes your problems? SELinux is known to cause several issues within Nagios XI.