Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Clean Install

https://support.nagios.com/forum/viewtopic.php?t=50642

Page 1 of 1

Clean Install

Posted: Sun Oct 14, 2018 11:24 am
by habuhejleh
Dear ,

I have Nagios XI which was compromised and I managed to restrict the access to it.
Now I need to clear up the available Nagios on my server then do clean new installation.
Please advise asap.

Best regards,
Haitha

Re: Clean Install

Posted: Mon Oct 15, 2018 4:33 am
by habuhejleh
Dear All,

Please note that I inserted the script "./uninstall_xi.sh" into the nagios xi via WinSCP then I ran the command "./uninstall_xi.sh" it started the process but it failed as below:
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... 64&repo=os error was
14: PYCURL ERROR 7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.


Note that I opened in the firewall from external only

72.14.181.71 (assets.nagios.com) and 50.116.21.73 (api.nagios.com).
So why it is failing as above?
Should I open extra external IP's?
Is there away I can uninstall then install it manually through WinSCP?
Please advise asap.

Re: Clean Install

Posted: Mon Oct 15, 2018 10:38 am
by cdienger
If a system has been compromised I would definitely go the route of at least reimaging the OS as well and then doing the clean install of XI.

Re: Clean Install

Posted: Mon Oct 15, 2018 12:43 pm
by habuhejleh
Well, I opened external connection limited to:
72.14.181.71 (assets.nagios.com) and 50.116.21.73 (api.nagios.com) but the uninstall did not workout and gave error
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... 64&repo=os error was
14: PYCURL ERROR 7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.



What else I should open for external?
Please advise.

Re: Clean Install

Posted: Mon Oct 15, 2018 12:59 pm
by lmiltchev
This scripts uses "yum remove", e.g.

Code: Select all

yum remove mysql postgresql -y
so you would need to have access to yum repos... Can you add/remove packages via yum or run "yum update" successfully?

Re: Clean Install

Posted: Mon Oct 15, 2018 2:42 pm
by habuhejleh
No I cannot, I get this error:

[root@um-isp-nagios-redline ~]# yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metal ... =epel-6&ar ch=x86_64 error was
14: PYCURL ERROR 7 - "Failed to connect to 2610:28:3090:3001:dead:beef:cafe:fed3 : Network is unreachable"
* base: centos.mirror.iweb.ca
* epel: epel.besthosting.ua
* extras: centos.mirror.iweb.ca
* updates: centos.mirror.iweb.ca
http://centos.mirror.iweb.ca/6/os/x86_6 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2607:f748:10:12:0:ce17:705:1: Network is unreachable"
Trying other mirror.
http://ftp.hosteurope.de/mirror/centos. ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2a01:488:10:1::50ed:888a: Network is unreachable"
Trying other mirror.
http://ftp.jaist.ac.jp/pub/Linux/CentOS ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2001:df0:2ed:feed::feed: Network is unreachable"
Trying other mirror.
http://mirror.as24220.net/pub/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2402:d800:0:51::dead:beef: Network is unreachable"
Trying other mirror.
http://mirror.centos.org/centos/6/os/x8 ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2c0f:f738:2201:e::: Network is unreachable"
Trying other mirror.
http://mirror.us.leaseweb.net/centos/6/ ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2604:9a00:2010:a0b8::5: Network is unreachable"
Trying other mirror.
http://mirrors.coreix.net/centos/6/os/x ... repomd.xml: [Errno 14] PYCURL ERROR 7 - "Failed to connect to 2a01:c0:2:3d::2: Network is unreachable"
Trying other mirror.


Once again please advise what are the IP addresses I should open further??
And also can I update manually?

Re: Clean Install

Posted: Mon Oct 15, 2018 3:09 pm
by lmiltchev
Let step back for a moment. You are not able to run yum commands because you closed the Internet connection to your Nagios XI server. Opening a few IP addresses won't work as you re going to have some random IPs when accessing these mirrors... The best route to go would be what cdienger suggested:
If a system has been compromised I would definitely go the route of at least reimaging the OS as well and then doing the clean install of XI.
Uninstalling Nagios XI won't guarantee that you are not going to have some malicious code left by the hackers somewhere else...
Once you start "fresh" with a clean system, you could do an "offline" install (if you wish).

https://repo.nagios.com/?repo=offline#install
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited