Unable to restart, change sources, or delete sources

[cdcrawford]

I did what was asked:

Code: Select all

[g018r@nagiosna ~]$ sudo bash
[sudo] password for g018r:
[root@nagiosna g018r]# sudo su - nna
Last login: Fri Apr 30 08:49:20 ADT 2021 on pts/0
[nna@nagiosna ~]$ /usr/local/nagiosna/bin/rc.py stop "DC - HH06 - DMZ Switch"
nna is not in the sudoers file.  This incident will be reported.
DC - HH06 - DMZ Switch process stopped.

And then in /var/log/secure, I see the following:

Code: Select all

Apr 30 15:39:33 nagiosna sudo:     nna : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/nna ; USER=nna ; COMMAND=/bin/kill 4893

Doing a ps -ef | grep 4893:

Code: Select all

nna       4893     1  0 Apr29 ?        00:00:00 /usr/local/bin/nfcapd -I 143 -l /usr/local/nagiosna/var/DCHH06DMZSwitch/flows -p 9921 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/DCHH06DMZSwitch/9921.pid -D -e -w -z -T all
nna       4894  4893  0 Apr29 ?        00:00:01 /usr/local/bin/nfcapd -I 143 -l /usr/local/nagiosna/var/DCHH06DMZSwitch/flows -p 9921 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/DCHH06DMZSwitch/9921.pid -D -e -w -z -T all

The /etc/sudoers file has the following at the bottom:

Code: Select all

#include /etc/customer/sudoers.host
#include.dir /etc/sudoers.d/

In /etc/sudoers.d/ we have nagiosna, which has:

Code: Select all

Defaults:%nnacmd !requiretty
Defaults:nna !requiretty

nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/change_timezone.sh
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/upgrade_to_latest.sh

%nnacmd ALL=(ALL) NOPASSWD:/bin/kill *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/bin/rc.py *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/scripts/manage_firewall.sh *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/scripts/remove_source.sh *
%nnacmd ALL=(ALL) NOPASSWD:/usr/bin/systemctl restart httpd

So, it should have the ability to issue a kill command without password.

[cdcrawford]

Changed my /etc/sudoers file from this:

Code: Select all

#include.dir /etc/sudoers.d/
#include /etc/customer/sudoers.host

to this:

Code: Select all

#includedir /etc/sudoers.d/
#include /etc/customer/sudoers.host

This command is able to be executed now:

Code: Select all

[nna@nagiosna ~]$ /usr/local/nagiosna/bin/rc.py stop "DC - HH06 - DMZ Switch"
DC - HH06 - DMZ Switch process stopped.

I am now able to start and stop processes from the web interface.

Code: Select all

Apr 30 16:12:42 nagiosna sudo:  apache : TTY=unknown ; PWD=/var/www/html/nagiosna/www ; USER=nna ; COMMAND=/usr/local/nagiosna/bin/rc.py start DC - HH06 - DMZ Switch
Apr 30 16:12:42 nagiosna sudo: pam_unix(sudo:session): session opened for user nna by (uid=0)
Apr 30 16:12:42 nagiosna sudo:     nna : TTY=unknown ; PWD=/var/www/html/nagiosna/www ; USER=root ; COMMAND=/usr/local/nagiosna/scripts/manage_firewall.sh -t udp -p 9921 --add
Apr 30 16:12:42 nagiosna sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

No errors in the /var/log/secure file as well.

I blame the sysadmin that did the install. He blames a lack of coffee. But, not sure when that was changed. Oh well. Stuff happens.

All appears to be good on our end. Thanks for your help!

[ssax]

Nice catch! I'm glad you were able to get that figured out. Let us know if we're okay to lock this up and mark it as resolved.

[cdcrawford]

All good! You can mark it resolved.

Cheers!

[vtrac]

Locking thread!! ...