Nagios Support Forum

Hello,

I'm trying to set a configuration and I'm running into a stuck configuration verification.

I did a tail on the log file and I seem to be running into a permission issue. Any help would be much appreciated.

Here is the log print:

PHP Warning: PHP Startup: Unable to load dynamic library 'ixed.7.2.lin' (tried: /usr/lib64/php/modules/ixed.7.2.lin (/usr/lib64/php/modules/ixed.7.2.lin: cannot open shared object file: Operation not permitted), /usr/lib64/php/modules/ixed.7.2.lin.so (/usr/lib64/php/modules/ixed.7.2.lin.so: cannot open shared object file: No such file or directory)) in Unknown on line 0

PHP Warning: require_once(/usr/local/nagiosxi/html/config.inc.php): failed to open stream: Operation not permitted in /usr/local/nagiosxi/cron/cmdsubsys.php on line 10

PHP Fatal error: require_once(): Failed opening required '/usr/local/nagiosxi/cron/../html/config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/cron/cmdsubsys.php on line 10

Moderator's Note: The profile has been shared with the support team but has been removed from the public forum.

Please follow this KB article and let me know if that resolves the issue:

https://support.nagios.com/kb/article/n ... s-816.html

What is the output of these commands as root?

[Wed Jan 26 15:43:00.958533 2022] [proxy_fcgi:error] [pid 1313459:tid 140535952041728] (70007)The timeout specified has expired: [clientXXXXXXXX:49344] AH01075: Error dispatching request to : (polling), referer: https://XXXXXXXX/nagiosxi/includes/comp ... rofile.php

Please follow the attached guide for that:

I reviewed the KB article. I was able wget the latest and SCP the tar to the server. I unpacked the tar and navigated to the directory. When I do a ./init.sh as root, there is no file or directory. I attached a screenshot. How should I proceed?

Here is the print from the commands you requested:

[root@hernn-nagi-001 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33

[root@hernn-nagi-001 ~]# umask
0077

The KB article lists this one as the one to use:

https://assets.nagios.com/downloads/nag ... est.tar.gz

The one you're using is the offline installer RPM package, please use the one above and it should work for you (you're not doing an install/upgrade, it's just installing the loaders from that package).

ssax wrote:The KB article lists this one as the one to use:

https://assets.nagios.com/downloads/nag ... est.tar.gz

The one you're using is the offline installer RPM package, please use the one above and it should work for you (you're not doing an install/upgrade, it's just installing the loaders from that package).

It was the one I used, however, I seem to be running into a new issue. How can I not have permission as root?

The source install doesn't have all of the nagiosxi-*.rpm files in it, that's how I was able to tell.

You likely have noexec set on /tmp:
You can do this:

https://unix.stackexchange.com/q/347229

OR you can just do it outside of /tmp.

OK, so I was able to complete the tasks you recommended. However, I don't think there was a change. I tried to submit the configuration and it continues to get stuck at validating configuration. I did a tail on the cmdsubsys.log and I seem to be getting the same errors. Is there a way to set a timestamp on this log so I can validate they are new and not stale?

PHP Warning: PHP Startup: Unable to load dynamic library 'ixed.7.2.lin' (tried: /usr/lib64/php/modules/ixed.7.2.lin (/usr/lib64/php/modules/ixed.7.2.lin: cannot open shared object file: Operation not permitted), /usr/lib64/php/modules/ixed.7.2.lin.so (/usr/lib64/php/modules/ixed.7.2.lin.so: cannot open shared object file: No such file or directory)) in Unknown on line 0

PHP Warning: require_once(/usr/local/nagiosxi/html/config.inc.php): failed to open stream: Operation not permitted in /usr/local/nagiosxi/cron/cmdsubsys.php on line 10

PHP Fatal error: require_once(): Failed opening required '/usr/local/nagiosxi/cron/../html/config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/cron/cmdsubsys.php on line 10

Please create a ticket for this and include a link back to this forum thread so we can get a remote session scheduled:

https://support.nagios.com/tickets/

In that new ticket, attach your /etc/php.ini and your /etc/php.d/sourceguardian.ini file and the output of these commands:
Thank you!

Jonathon and I are working together on this issue. I was working this in a different thread. So the two are duplicates.

The "unable" to load and "failed to open" errors comes from fapolicyd not having all the PHP files in the /etc/fapolicyd/fapolicyd.trusted (see attached for file list, YOU CANNOT just add them to the files, but need to add them via the "fapolicy-cli --file add filename" command

see this link: https://access.redhat.com/documentation ... -hardening

I'm still working through the problem, this may not be a complete list.