nagiosxi and nagios core update

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
Olin
Posts: 50
Joined: Tue Dec 26, 2017 1:46 am

nagiosxi and nagios core update

Post by Olin »

hello ,
I has updated nagiosxi to latest version (5.4.13),and found the nagios core is 4.2.4
but we found Nagios Core creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. (CVE-2017-12847)
and the latest nagios core version was fixed.
my question is :
1、how to update nagios core to latest version(4.3.4), and what effects might have ?
2、if can not separately upgrade nagios core , how to avoid this vulnerability ?
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: nagiosxi and nagios core update

Post by lmiltchev »

You should be able to upgrade the Nagios Core engine in Nagios XI by following the steps below:

1. Go to the nagioscore directory, remove the old nagios core tarball, and download the latest (4.3.4):

Code: Select all

cd /tmp/nagiosxi/subcomponents/nagioscore
rm -f nagios-4.2.4.tar.gz
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.3.4.tar.gz
2. open the upgrade script in a text editor, e.g. vi, and change this line:

Code: Select all

pkgname="nagios-4.2.4"
to this:

Code: Select all

pkgname="nagios-4.3.4"
3. Comment out line 18, so it is going to look like this:

Code: Select all

# ./apply-patches "$pkgname"
save, and exit the file.

4. Run the upgrade script:

Code: Select all

./upgrade
Important: Prior to upgrading Nagios Core in XI, do all of the necessary backups, snapshots, etc.! Each Nagios XI license is approved for up to three installations: one primary monitoring/production, one backup/failover, and one test environment. Try this on your test server prior to doing it in production!

Let us know if this helped. Thank you!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Olin
Posts: 50
Joined: Tue Dec 26, 2017 1:46 am

Re: nagiosxi and nagios core update

Post by Olin »

lmiltchev wrote:You should be able to upgrade the Nagios Core engine in Nagios XI by following the steps below:

1. Go to the nagioscore directory, remove the old nagios core tarball, and download the latest (4.3.4):

Code: Select all

cd /tmp/nagiosxi/subcomponents/nagioscore
rm -f nagios-4.2.4.tar.gz
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.3.4.tar.gz
2. open the upgrade script in a text editor, e.g. vi, and change this line:

Code: Select all

pkgname="nagios-4.2.4"
to this:

Code: Select all

pkgname="nagios-4.3.4"
3. Comment out line 18, so it is going to look like this:

Code: Select all

# ./apply-patches "$pkgname"
save, and exit the file.

4. Run the upgrade script:

Code: Select all

./upgrade
Important: Prior to upgrading Nagios Core in XI, do all of the necessary backups, snapshots, etc.! Each Nagios XI license is approved for up to three installations: one primary monitoring/production, one backup/failover, and one test environment. Try this on your test server prior to doing it in production!

Let us know if this helped. Thank you!
yes , it's work , thanks
Top
Locked

Return to “Nagios XI”