Page 1 of 2
Unable to restart, change sources, or delete sources
Posted: Mon Apr 26, 2021 12:24 pm
by cdcrawford
Good morning,
I'm unable to start/stop/restart or remove sources from Nagios Network Analyser.
The error that I'm getting is below:
from /var/log/secure:
Apr 26 12:17:08 nagiosna sudo: pam_unix(sudo:auth): conversation failed
Apr 26 12:17:08 nagiosna sudo: pam_unix(sudo:auth): auth could not identify password for [apache]
Apr 26 12:17:08 nagiosna sudo: apache : user NOT in sudoers ; TTY=unknown ; PWD=/var/www/html/nagiosna/www ; USER=nna ; COMMAND=/usr/local/nagiosna/bin/rc.py stop DC - HH06 - DMZ Switch
This apparently started after the nna account's password expired. We removed the password, and deleted the expiry. But, this issue persists.
Cheers,
Chris
Re: Unable to restart, change sources, or delete sources
Posted: Mon Apr 26, 2021 5:12 pm
by gsmith
Hi,
From the log entries you show it looks like the user "apache" is trying to execute some commands
but he is not in the sudoers list.
Can you "sudo su - nna" ?
If so can you run "passwd" ?
Then you can change/update his password.
Please let me know what you find out.
Thanks
Re: Unable to restart, change sources, or delete sources
Posted: Tue Apr 27, 2021 6:24 am
by cdcrawford
Issued the commands as given, and changed the password for NNA.
Code: Select all
[chris@nagiosna ~]$ sudo su - nna
[sudo] password for chris:
[nna@nagiosna ~]$
[nna@nagiosna ~]$
[nna@nagiosna ~]$ passwd
Changing password for user nna.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
And then I rebooted the VM.
Following the reboot, I am still unable to stop, delete, or restart sources from the web interface. It appears that Apache is still attempting to use NNA to call the command, but, they are not in the Sudoers file.
Should they be?
Looking at the /etc/sudoers.d/nagiosna file I see that it's different than the one posted in another thread. Mine is below:
Code: Select all
[chris@nagiosna ~]$ sudo cat /etc/sudoers.d/nagiosna
[sudo] password for chris:
Defaults:%nnacmd !requiretty
Defaults:nna !requiretty
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/change_timezone.sh
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/upgrade_to_latest.sh
%nnacmd ALL=(ALL) NOPASSWD:/bin/kill *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/bin/rc.py *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/scripts/manage_firewall.sh *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/scripts/remove_source.sh *
%nnacmd ALL=(ALL) NOPASSWD:/usr/bin/systemctl restart httpd
Another version of the file is posted here:
https://support.nagios.com/forum/viewto ... 0&p=154634
Re: Unable to restart, change sources, or delete sources
Posted: Tue Apr 27, 2021 6:28 pm
by ssax
What is the output of these commands?
Code: Select all
chage -l nna
chage -l apache
grep nna /etc/group
That's what I have too:
Code: Select all
Defaults:%nnacmd !requiretty
Defaults:nna !requiretty
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/change_timezone.sh
nna ALL = NOPASSWD:/usr/local/nagiosna/scripts/upgrade_to_latest.sh
%nnacmd ALL=(ALL) NOPASSWD:/bin/kill *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/bin/rc.py *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/scripts/manage_firewall.sh *
%nnacmd ALL=(ALL) NOPASSWD:/usr/local/nagiosna/scripts/remove_source.sh *
%nnacmd ALL=(ALL) NOPASSWD:/usr/bin/systemctl restart httpd
Re: Unable to restart, change sources, or delete sources
Posted: Wed Apr 28, 2021 6:38 am
by cdcrawford
chage -l nna
Code: Select all
[root@nagiosna chris]# chage -l nna
Last password change : Apr 27, 2021
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : -1
Number of days of warning before password expires : 7
chage -l apache
Code: Select all
[root@nagiosna chris]# chage -l apache
Last password change : Nov 05, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : -1
Maximum number of days between password change : -1
Number of days of warning before password expires : -1
group listing for nna
Code: Select all
[root@nagiosna chris]# grep nna /etc/group
apache:x:48:nna
nnacmd:x:1000:nna,apache
Re: Unable to restart, change sources, or delete sources
Posted: Wed Apr 28, 2021 4:36 pm
by gsmith
Hi,
On the NNA server, with Network Analyzer running, could you please run from the command line:
ps -ef | grep nagios
and post here. If you have security concerns about exposing this information you can send it to me in a PM.
Additionally, did you restart httpd service? If not, please do.
Thanks
Re: Unable to restart, change sources, or delete sources
Posted: Thu Apr 29, 2021 7:25 am
by cdcrawford
I sent you the requested output for this command, in a PM.
ps -ef | grep nagios
A small annomized snippit of it is here:
Code: Select all
nrpe 1228 1 0 Apr27 ? 00:00:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
nna 2020 1 0 Apr27 ? 00:02:32 /usr/local/bin/nfcapd -I 41 -l /usr/local/nagiosna/var/CORE1/flows -p 9901 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/CORE1/9901.pid -D -e -w -z -T all
nna 2021 2020 0 Apr27 ? 00:00:14 /usr/local/bin/nfcapd -I 41 -l /usr/local/nagiosna/var/CORE1/flows -p 9901 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/CORE1/9901.pid -D -e -w -z -T all
[...missing section of the same nfcapd commands, but for different sources and ports...]
nna 28410 28409 0 09:12 ? 00:00:00 /bin/sh -c /usr/bin/php -q /var/www/html/nagiosna/www/index.php cmdsubsys > /usr/local/nagiosna/var/cmdsubsys.log 2>&1
nna 28411 28410 0 09:12 ? 00:00:00 /usr/bin/php -q /var/www/html/nagiosna/www/index.php cmdsubsys
root 28425 28396 0 09:12 pts/0 00:00:00 grep --color=auto nagios
I also restarted httpd, to not affect.
Re: Unable to restart, change sources, or delete sources
Posted: Thu Apr 29, 2021 9:59 am
by gsmith
Hi,
Let's emulate what's supposed to happen.
1. as root user in a shell
2. sudo su - nna
3. /usr/local/nagiosna/bin/rc.py stop DC - HH06 - DMZ Switch
Did that work? If it did go ahead and start the DC - HH06 - DMZ Switch source again
If not reply to us with any output/error messages.
1. as root user in a shell
2. sudo su - apache
3. cd /var/www/html/nagiosna/www
4. sudo /usr/local/nagiosna/bin/rc.py stop DC - HH06 - DMZ Switch
Did this work? If it did go ahead and start the DC - HH06 - DMZ Switch source again
If not reply to us with any output/error messages.
Thanks
Re: Unable to restart, change sources, or delete sources
Posted: Fri Apr 30, 2021 6:58 am
by cdcrawford
I don't think that it worked.
Code: Select all
[root@nagiosna g018r]# sudo su - nna
Last login: Tue Apr 27 08:07:04 ADT 2021 on pts/0
[nna@nagiosna ~]$ /usr/local/nagiosna/bin/rc.py stop DC - HH06 - DMZ Switch
tuple index out of range
Traceback (most recent call last):
File "/usr/local/nagiosna/bin/rc.py", line 145, in <module>
main()
File "/usr/local/nagiosna/bin/rc.py", line 129, in main
stop(servicename)
File "/usr/local/nagiosna/bin/rc.py", line 65, in stop
raise Exception('Unable to find %s in the database, cannot stop it.' % sourcename)
Exception: Unable to find DC in the database, cannot stop it.
None
Unable to find DC in the database, cannot stop it.
### Figured that it didn't like the spaced in the name. So, I'll quote it.
[nna@nagiosna ~]$ /usr/local/nagiosna/bin/rc.py stop "DC - HH06 - DMZ Switch"
nna is not in the sudoers file. This incident will be reported.
DC - HH06 - DMZ Switch process stopped.
And when I tried to do it as Apache:
Code: Select all
[root@nagiosna g018r]# sudo su - apache
This account is currently not available.
So, I called and audible, and did the following:
Here is the output:
Code: Select all
[root@nagiosna g018r]# sudo -u apache bash
bash-4.2$ whoami
apache
bash-4.2$ /usr/local/nagiosna/bin/rc.py stop "DC - HH06 - DMZ Switch"
Traceback (most recent call last):
File "/usr/local/nagiosna/bin/rc.py", line 30, in <module>
handler = logging.handlers.RotatingFileHandler('/usr/local/nagiosna/var/backend.log', 'a', 1048576, 10)
File "/usr/lib64/python2.7/logging/handlers.py", line 117, in __init__
BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
File "/usr/lib64/python2.7/logging/handlers.py", line 64, in __init__
logging.FileHandler.__init__(self, filename, mode, encoding, delay)
File "/usr/lib64/python2.7/logging/__init__.py", line 902, in __init__
StreamHandler.__init__(self, self._open())
File "/usr/lib64/python2.7/logging/__init__.py", line 925, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: '/usr/local/nagiosna/var/backend.log'
bash-4.2$
Re: Unable to restart, change sources, or delete sources
Posted: Fri Apr 30, 2021 9:35 am
by gsmith
Hi, On the first bit of running the command as the nna user we need quotes around the
device name:
1. as root user in a shell
2. sudo su - nna
3. /usr/local/nagiosna/bin/rc.py stop "DC - HH06 - DMZ Switch"
So please give that another shot.
Nice audible!
The issue with:
Code: Select all
1. as root user in a shell
2. sudo su - apache
3. cd /var/www/html/nagiosna/www
4. sudo /usr/local/nagiosna/bin/rc.py stop DC - HH06 - DMZ Switch
is that the user apache can't write to /usr/local/nagiosna/var/backend.log, and that's OK as user nna
should be doing that.
So for now, try the first part (with using the quotes on the device) and let me know what happens.
In the meantime I am going to look at how the "apache" user is configured.
Thanks