Unable to login with nagiosadmin

[dfsocha]

Recently I had an issue where the Nagios server ran out of disk space. I've since resolved this issue but now I'm having an issue where I cannot login as the nagiosadmin account.

I've run the script "reset_nagiosadmin_password.sh" and have tried multiple passwords but I'm still unable to login. I've searched on the forum and tried a few things such as clearing the transaction logs and some other items but still have not had any success with it.

Anyone have any ideas if there's a different curl command I can try or something else I should be doing? LDAP seems to be broken too so I can't login with LDAP like I used to.

[pbroste]

Hello @dfsocha

Thanks for reaching out, want to run some 'api' commands to help figure things out.

Let's read the config info on the 'nagiosadmin' which is typically user '1':

Code: Select all

curl -XGET http://localhost:9200/nagioslogserver/user/1

• *change the user number to list other user info

Example results:

{"_index":"nagioslogserver","_type":"user","_id":"1","_version":5,"found":true,"_source":{"username":"nagiosadmin","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"280d44ab1e9f79b5cce2dd4f58f5fe91xxxxxx9f7447dffc318ceb79f2d02","auth_type":"admin","email":"root@localhost.com","language":"default","apiaccess":"1","apikey":"2590634e60fxxxxxb9e111990e16b83da22b1bcf","created":"2021-06-14 12:10:14","created_by":0,"default_dashboard":"/dashboard/elasticsearch/AXoLSc8Q5hxpyzbmI-kt"}}

Make sure that the 'nagiosadmin' "auth_type" is admin and that 'apiaccess' of "1" (which means enabled) and that there is a apikey listed.

Now that you have an 'apikey' that is associated with 'nagiosadmin'; let's list all users:

Code: Select all

curl -k http://192.168.23.207/nagioslogserver/index.php/api/system/get_users?token=yourtokenhere

Run through the password reset via the commands directly from the script for confirmation:

New password:

Code: Select all

passhash=$(printf "yournewpasswordhere" | openssl sha256)

Verify:

Code: Select all

echo $passhash

conversion:

Code: Select all

passhash=${passhash:9}

Update:

Code: Select all

update="{\"doc\":{\"password\":\"$passhash\"}}"

Verify:

Code: Select all

echo $update

API to change/update password:

Code: Select all

curl -XPOST http://localhost:9200/nagioslogserver/user/1/_update -d "$update"

Results:

{"_index":"nagioslogserver","_type":"user","_id":"1","_version":6}

Refresh:

Code: Select all

curl -XPOST http://localhost:9200/nagioslogserver/_refresh

Success:

{"_shards":{"total":2,"successful":2,"failed":0}}

Let us know if you are able to get into the web console to update Active Directory configuration.

Thanks,
Perry

[dfsocha]

When I do curl -XGET http://localhost:9200/nagioslogserver/user/1, this is the result I get:

Code: Select all

[root@NagiosLogServer ~]# curl -XGET http://localhost:9200/nagioslogserver/user/1
{"_index":"nagioslogserver","_type":"user","_id":"1","found":false}[root@NagiosLogServer ~]#

[benhank]

I don't work for nagios, but I had this issue too.

did you move the contents of /usr/local/nagioslogserver/elasticseach/data ?

If you did make sure you move everything in that directory. hope it helps

[pbroste]

Hello @benhank

Here is the api command to setup nagiosadmin account:

Code: Select all

curl -k -XPOST http://localhost:9200/nagioslogserver/user/1 -d '{"_index":"nagioslogserver","_type":"user","_id":"1","_version":6,"found":true,"_source":{"username":"nagiosadmin","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"ecef7b1e64c70decb9786df778d470f7288c02eeb6b95c97dade5b46d768ab50","auth_type":"admin","email":"root@nagios.com","language":"default","apiaccess":"1","apikey":"2590634e60f5b041b9e111990e16b83da22b1bcd","created":"2021-06-14 12:10:14","created_by":0,"default_dashboard":"/dashboard/elasticsearch/AXoLSc8Q5hxpyzbmI-kt"}}'

The temp password is: temppassword

To verify:

Code: Select all

curl -XGET http://localhost:9200/nagioslogserver/user/1[/user]

Thanks,
Perry

[pbroste]

Looks like I may have had some extra configs that it may not like and here is the update:

Code: Select all

curl -k -XPOST http://localhost:9200/nagioslogserver/user/3 -d '{"_index":"nagioslogserver","_type":"user","_id":"3","_version":6,"_source":{"username":"nagiosadmin3","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"ecef7b1e64c70decb9786df778d470f7288c02eeb6b95c97dade5b46d768ab50","auth_type":"admin","email":"root@nagios.com","language":"default","apiaccess":"1","apikey":"2590634e60f5b041b9e111990e16b83da22b1bcd"}}'

This one creates an account: nagiosadmin3
with password: temppassword

Result example:

{"_index":"nagioslogserver","_type":"user","_id":"3","_version":1,"created":true}

Thanks,
Perry

[dfsocha]

Okay I ran that and it says "created:true" but when I try to login with nagiosadmin3 and password of temppassword, it doesn't work and says invalid username/password.

Here's the command I ran and it's output:

Code: Select all

[root@NagiosLogServer ~]# curl -k -XPOST http://localhost:9200/nagioslogserver/user/3 -d '{"_index":"nagioslogserver","_type":"user","_id":"3","_version":6,"_source":{"username":"nagiosadmin3","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"ecef7b1e64c70decb9786df778d470f7288c02eeb6b95c97dade5b46d768ab50","auth_type":"admin","email":"root@nagios.com","language":"default","apiaccess":"1","apikey":"2590634e60f5b041b9e111990e16b83da22b1bcd"}}'
{"_index":"nagioslogserver","_type":"user","_id":"3","_version":1,"created":true}[root@NagiosLogServer ~]#

[pbroste]

Hello @dfsocha

Thanks for the details, next step is to delete the user account and then rebuild.

Code: Select all

curl -XDELETE http://localhost:9200/nagioslogserver/user/1

To rebuild:

Code: Select all

curl -XPUT 'http://localhost:9200/nagioslogserver/user/2' -d '{"username":"nagiosadmin","password":"c678bcf3b5138b9263a95c44d28097f22c2e02877193d2c25313478821d45c19","auth_type":"admin","email":"user@example.com","language":"default","apiaccess":"1","apikey":"1396e08757545557073844695e5b64caa0bd3ad3","created":"2015-01-23 10:00:00","created_by":0,"default_dashboard":"/dashboard/elasticsearch/default"}'

Verify:

Code: Select all

curl -XGET http://localhost:9200/nagioslogserver/user/2

Verify api works:

Code: Select all

curl -k http://yourhostaddresshere/nagioslogserver/index.php/api/system/get_users?token=theapitokenfoundinpreviouscommand

This will create a user named "nagiosadmin" with the password "nagiosls".

Let me know how things look,
Perry

[dfsocha]

I ran all those and it said the user was created and the API verified the user was there but using the username nagiosadmin and password of nagiosls still doesn't let me login.

[pbroste]

Hello @dfsocha

Thanks for following up, and want to gather more info and a System Profile from you so we can see what is going on.

Code: Select all

tar -czvf /tmp/logs.tar.gz /usr/local/nagioslogserver/var/auditlog.log /var/log/httpd/ /var/log/apache2/

This will create /tmp/logs.tar.gz.

And the System Profile by:

Code: Select all

/usr/local/nagioslogserver/scripts/profile.sh

This will create /tmp/system-profile.tar.gz.

Note that this file can be very large and may not be able to be uploaded through the ticketing system. You can split the file into smaller files with the split command on the NLS(or other Linux machine) command line:

Code: Select all

split -b 45000000 /tmp/system-profile.tar.gz system-profile- -d

The above command will split the system-profile.tar.gz into 45MB segments and save them to files with the naming convention system-profile-nn. Please send each split in a separate [PM] 'Private Message'.

I'd also like to get a copy of the current settings index. This can be gathered by running:

Code: Select all

curl -XPOST http://localhost:9200/nagioslogserver/_export?path=/tmp/nagioslogserver.tar.gz

The file it creates and that we'd like to see is /tmp/nagioslogserver.tar.gz.

Please send the following:

• /tmp/logs.tar.gz
• /tmp/nagioslogserver.tar.gz
• /tmp/system-profile.tar.gz or the splits depending on size

Thanks,
Perry