Page 1 of 2
XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 10:23 am
by blariv
trying to test the API on the Inbound Check Transfer Settings but getting "forbidden". I am also unable to receive passive check results. not sure if these are related. I have also tried turning off the firewall on my rhel7 XI box.
thanks!
Re: XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 11:10 am
by dwhitfield
Did you use
https://assets.nagios.com/downloads/nag ... ith_XI.pdf to set things up?
Do you have anything in your Unconfigured Objects?
https://assets.nagios.com/downloads/nag ... ith_XI.pdf
What's the output of the following?
Code: Select all
getenforce
cat /etc/httpd/conf.d/nrdp.conf
ll /etc/httpd/conf.d/nrdp.conf
Can you PM me your Profile? You can download it by going to Admin > System Config > System Profile and click the Download Profile button towards the top. If for whatever reason you *cannot* download the profile, please put the output of View System Info (5.3.4+, Show Profile if older) in the thread (that will at least get us some info). This will give us access to many of the logs we would otherwise ask for individually. If security is a concern, you can unzip the profile take out what you like, and then zip it up again. We may end up needing something you remove, but we can ask for that specifically.
After you PM the profile, please update this thread. Updating this thread is the only way for it to show back up on our dashboard.
UPDATE: profile received and shared with techs
Re: XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 12:07 pm
by blariv
i did use that guide and nothing shows up in unconfigured objs.
profile should be in your inbox.
Code: Select all
[root@nagiosxi libexec]# getenforce
Disabled
Code: Select all
[root@nagiosxi libexec]# cat /etc/httpd/conf.d/nrdp.conf
<Directory "/usr/local/nrdp">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "NRDP"
# AuthType Basic
# AuthUserFile /usr/local/nrdp/htpasswd.users
# Require valid-user
</Directory>
Alias /nrdp "/usr/local/nrdp/server"
Code: Select all
[root@nagiosxi libexec]# ll /etc/httpd/conf.d/nrdp.conf
-rwxr-xr-x. 1 root root 344 Apr 21 09:33 /etc/httpd/conf.d/nrdp.conf
Re: XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 1:46 pm
by ssax
Are you receiving the error when you got to
https://YOURXISERVER/nrdp initially or when you click the submit button on that page?
Re: XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 4:09 pm
by blariv
initially
Re: XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 4:17 pm
by ssax
Please post the output of these commands:
Code: Select all
ls -ld /usr/local/nrdp
ls -l /usr/local/nrdp
ls -l /usr/local/nrdp/server
ls -l /usr/local/nrdp/server/includes
grep nag /etc/group
grep "User \|Group " /etc/httpd/conf/httpd.conf
Then run this command and post the resulting
/tmp/httpd_configs.zip file:
Code: Select all
zip -r /tmp/httpd_configs.zip /etc/httpd/conf/httpd.conf /etc/httpd/conf.d
Thank you
Re: XI 5.4.3 NRDP Forbidden
Posted: Mon May 01, 2017 5:35 pm
by blariv
added
Re: XI 5.4.3 NRDP Forbidden
Posted: Tue May 02, 2017 10:16 am
by tgriep
Was the system configured to be accessed using SSL?
If so, there are some missing configurations that were missed. Take a look at the following document and verify that all of the settings were done.
https://assets.nagios.com/downloads/nag ... s%20XI.pdf
This section was missed
Edit the file /etc/httpd/conf/httpd.conf and add the following lines to the end of the file.
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
After saving the file, restart the Apache process by running the following as root.
Also, make sure the following was done as well
Edit the file /usr/local/nagiosxi/html/config.inc.php and find the following line:
Change it to:
Let us know is this fixes the issue.
Re: XI 5.4.3 NRDP Forbidden
Posted: Tue May 02, 2017 11:53 am
by blariv
hi, the system is not set to use SSL.
Re: XI 5.4.3 NRDP Forbidden
Posted: Tue May 02, 2017 1:49 pm
by tgriep
Can you edit the /etc/httpd/conf.d/ssl.conf file and remove the following section.
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
</IfModule>
Restart apache by running
Then try and access the system.
If it fails, take a look in the /var/log/httpd/error_log file for any errors and post them so we can view them.