Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Log rotate errors after upgrading to 5.6.1

https://support.nagios.com/forum/viewtopic.php?t=53737

Page 1 of 1

Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 7:53 am
by hbouma
I have Red Hat 7 64bit VM's that were recently upgraded from Nagios 5.5.9 to 5.6.1. Since the upgrade, I am seeing errors every morning for log rotate:

Code: Select all

/etc/cron.daily/logrotate:

error: skipping "/usr/local/nagiosxi/var/cleaner.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/cmdsubsys.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/dbmaint.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/deadpool.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/event_handler.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/eventman.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/feedproc.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/nom.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/perfdataproc.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/recurringdowntime.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/reportengine.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/sysstat.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/wkhtmltox.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/xidebug.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/usr/local/nagiosxi/var/xidebug.log.backtrace" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
File ownerships seem different that I see on the servers running 5.5.9 (5.5.9 shows nagios:nagios, 5.6.1 as listed below)

Code: Select all

drwxr-xr-x  11 root nagios 4.0K Mar 25 10:32 .
drwxr-xr-x. 21 root root   4.0K May  2 08:18 ..
drwxr-xr-x.  2 root nagios 4.0K Mar 25 10:32 cron
drwxr-xr-x.  4 root nagios 4.0K May  2 08:18 etc
drwxr-xr-x. 17 root nagios 4.0K May  2 08:20 html
drwx------   2 root nagios  16K Mar 18 13:54 lost+found
drwxr-xr-x.  3 root nagios 4.0K Mar 25 10:32 nom
drwxr-xr-x.  4 root nagios 4.0K May  6 08:38 scripts
drwsrwsr-x.  2 root nagios 4.0K May  2 08:19 tmp
drwxr-xr-x.  2 root nagios 4.0K Mar 25 10:32 tools
drwxrwxr-x.  7 root nagios 4.0K May  6 08:43 var
If I try updating /usr/local/nagiosxi/var to root:root, then I get errors from crond telling me the writing to the log files is denied:

Code: Select all

/bin/sh: /usr/local/nagiosxi/var/feedproc.log: Permission denied
Any suggestions?

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 11:21 am
by cdienger
What do the permissions look like on the log files and files in the other directories? Are you seeing any other problems besides this error message?

Reset some of the permissions with:

Code: Select all

/usr/local/nagiosxi/scripts/reset_config_perms.sh
chown nagios:nagios /usr/local/nagiosxi/*
chown nagios:nagios /usr/local/nagiosxi/

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 11:40 am
by hbouma
Files inside /usr/local/nagiosxi/var/ are all owned by nagios:nagios. Folders in /usr/local/nagiosxi are all root:nagios.

This has happened on all 3 servers we where we have upgraded from 5.5.9 to 5.6.1.

Symptoms are failure of the logrotate script only.

Everything seems good so far by just changing the permissions as you listed. I just wanted to make sure there wasn't a reason for the change in the upgrade.

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 1:04 pm
by cdienger
It's certainly odd and I'll be looking into reproducing it. Was this an online of offline install/upgrade?

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 1:07 pm
by hbouma
This was an online install and online upgrade using the manual upgrade steps as listed in https://assets.nagios.com/downloads/nag ... ctions.pdf

It appears I am not the only one having the issue. I see @Bitflogger is also having the issue in https://support.nagios.com/forum/viewto ... 16&t=53740

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 1:43 pm
by cdienger
Checked with dev and the change to root ownership was put in place to take care of potential vulnerabilities. Except for the var directory, you can switch them all back to root ownership.

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 1:48 pm
by hbouma
Thank you. I have updated to have all folders, except var, in /usr/local/nagiosxi/ owned by root:nagios

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 1:50 pm
by cdienger
Sounds good and thanks for bringing it to our attention! This will be fixed in in 5.6.2.

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 1:58 pm
by hbouma
Thank you.

You may close this thread then.

Re: Log rotate errors after upgrading to 5.6.1

Posted: Mon May 06, 2019 2:01 pm
by cdienger
Closing.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited