Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

FAILED SU (to nagios)

https://support.nagios.com/forum/viewtopic.php?t=49264

Page 1 of 1

FAILED SU (to nagios)

Posted: Wed Jul 04, 2018 4:13 pm
by fraguillen
Good Morning

When I consult the /var/log/messages this line appears:

Jul 4 09:31:04 nagios01 su: FAILED SU (to nagios) nagios on none

I searched everywhere without finding an answer to this message.

Thanks for the help you could give me.

Nagios XI 5.5.0
Red Hat 7.5 x64, Esx Virtual Machine
No Gnome installed, no using proxy, Yes, we are using SSL

Best regards...

Re: FAILED SU (to nagios)

Posted: Thu Jul 05, 2018 10:49 am
by scottwilkerson
I've not seen this before, but my guess would be that you have configured a command in nagios that either in the command or within a script that the command executes that us trying to run the su command.

I would start by seeing if there are any non-OK services that you might be able to attribute this to.

Re: FAILED SU (to nagios)

Posted: Wed Jul 11, 2018 5:50 am
by khr0nos
Also had the same "issue" after upgrading, although those messages have stopped, I managed to find this:

Code: Select all

Jul  6 17:36:04 sitomnagxi01 su: FAILED SU (to nagios) nagios on none

Code: Select all

time->Fri Jul  6 17:36:04 2018
type=PROCTITLE msg=audit(1530894964.014:2334759): proctitle=7375006E6167696F73002D6300746F756368202F7573722F6C6F63616C2F6E6167696F732F7661722F6E6167696F732E636F6E66696774657374
type=PATH msg=audit(1530894964.014:2334759): item=0 name="/var/log/btmp" inode=895853 dev=fd:04 mode=0100600 ouid=0 ogid=22 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1530894964.014:2334759):  cwd="/home/nagios"
type=SYSCALL msg=audit(1530894964.014:2334759): arch=c000003e syscall=2 success=yes exit=3 a0=55fff0d170d0 a1=1 a2=60f1 a3=5b3f9a74 items=1 ppid=24815 pid=24817 auid=1001 uid=1001 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=124289 comm="su" exe="/usr/bin/su" key="session"

Re: FAILED SU (to nagios)

Posted: Wed Jul 11, 2018 8:36 am
by scottwilkerson
Are you experiencing any problems? Does it log just when starting the nagios service or something?

Re: FAILED SU (to nagios)

Posted: Wed Jul 11, 2018 9:16 am
by fraguillen
Hi:

In my case it does not present problems but it bothers me to see that line.

I do not know if you will have to see the fact that I added "su nagios nagios" to the logrotate so that I could execute the process.

Best regards....

Re: FAILED SU (to nagios)

Posted: Wed Jul 11, 2018 11:22 am
by scottwilkerson
fraguillen wrote: I do not know if you will have to see the fact that I added "su nagios nagios" to the logrotate so that I could execute the process.
What did you do?

Re: FAILED SU (to nagios)

Posted: Wed Jul 11, 2018 1:02 pm
by fraguillen
Yes, for example, in my log configuration file in the folder /etc/logrotate.d there is a file where I configured the logrotation for the .log files of nagios:

/usr/local/nagiosxi/var/*log {
missingok
notifempty
size 5M
rotate 1
compress
su nagios nagios
}

I do not know if the warning is there

Re: FAILED SU (to nagios)

Posted: Wed Jul 11, 2018 2:34 pm
by scottwilkerson
this should not be in there...

Code: Select all

su nagios nagios
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited