;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
Problem Description
This KB article is about the nagios.lock file changes that were introduced in Nagios Core 4.3.3. These changes require an update to your nagios.cfg file, otherwise you will most likely experience the following issues.
When you start or restart the nagios service you may see this message:
Running configuration check... Stopping nagios: No lock file found in /var/run/nagios
Starting nagios: Running configuration check... done.
If you check the status of the service:
service nagios status
It will report it is not running:
nagios is not running
However when you check the processes:
ps aux | grep nagios.cfg
You can see that it is running:
nagios 1735 0.0 0.0 7788 1592 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Explanation
Before Nagios Core 4.3.3 the nagios.lock file location was defined in nagios.cfg as follows:
lock_file=/usr/local/nagios/var/nagios.lock
This was identified as a vulnerability described as follows:
CVE-2017-12847
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
Changes were introduced in Nagios Core 4.3.3 to remove this vulnerability, the lock file should now be located in /var/run/nagios.lock and hence the nagios.cfg file needs updating to:
lock_file=/var/run/nagios.lock
The Solution section explains how to make this change.
As per the Explanation section the fix is to update the nagios.cfg file to point to /var/run/nagios.lock. The following command will make the required change for you.
Then you will need to install the latest service from the source code (if not already done so).
After making the change you will also need to kill the existing nagios processes and start the nagios service.
Please follow the steps that are specific to your Operating System (OS).
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
===== CentOS 5.x / 6.x | RHEL 5.x / 6.x | Oracle Linux 5.x / 6.x =====
make install-init
===== CentOS 7.x | RHEL 7.x | Oracle Linux 7.x =====
make install-init
systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
===== CentOS 5.x / 6.x | RHEL 5.x / 6.x | Oracle Linux 5.x / 6.x =====
service nagios start
===== CentOS 7.x | RHEL 7.x | Oracle Linux 7.x =====
A stop is required first, even though the processes are not running. This appears to be a systemd feature.
systemctl stop nagios.service
systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
===== CentOS 5.x / 6.x | RHEL 5.x / 6.x | Oracle Linux 5.x / 6.x =====
service nagios status
===== CentOS 7.x | RHEL 7.x | Oracle Linux 7.x =====
systemctl status nagios.service
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sudo sh -c "sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg"
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
===== Ubuntu 14.x =====
sudo make install-init
===== Ubuntu 15.x / 16.x / 17.x =====
sudo make install-init
sudo systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
sudo kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
===== Ubuntu 14.x =====
sudo service nagios start
===== Ubuntu 15.x / 16.x / 17.x =====
A stop is required first, even though the processes are not running. This appears to be a systemd feature.
sudo systemctl stop nagios.service
sudo systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
===== Ubuntu 14.x =====
sudo service nagios status
===== Ubuntu 15.x / 16.x / 17.x =====
sudo systemctl status nagios.service
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sudo sh -c "sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg"
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
===== SUSE SLES 11.x =====
sudo make install-init
===== SUSE SLES 12.x | openSUSE Leap 42.x =====
sudo make install-init
sudo systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
sudo kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
===== SUSE SLES 11.x =====
sudo /sbin/service nagios start
===== SUSE SLES 12.x | openSUSE Leap 42.x =====
A stop is required first, even though the processes are not running. This appears to be a systemd feature.
sudo systemctl stop nagios.service
sudo systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
===== SUSE SLES 11.x =====
sudo /sbin/service nagios status
===== SUSE SLES 12.x | openSUSE Leap 42.x =====
sudo systemctl status nagios.service
All steps on Debian require to run as root. To become root simply run:
Debian:
su
Raspbian:
sudo -i
All commands from this point onwards will be as root.
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
===== 7.x =====
make install-init
===== 8.x / 9.x =====
make install-init
systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
===== 7.x =====
service nagios start
===== 8.x / 9.x =====
A stop is required first, even though the processes are not running. This appears to be a systemd feature.
systemctl stop nagios.service
systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
===== 7.x =====
service nagios status
===== 8.x / 9.x =====
systemctl status nagios.service
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
make install-init
systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
A stop is required first, even though the processes are not running. This appears to be a systemd feature.
systemctl stop nagios.service
systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
systemctl status nagios.service
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
make install-init
systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core. A stop is required first, even though the processes are not running. This appears to be a systemd feature.
systemctl stop nagios.service
systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
systemctl status nagios.service
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
===== openrc =====
make install-init
===== systemd =====
make install-init
systemctl daemon-reload
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
===== openrc =====
rc-service nagios start
===== systemd =====
A stop is required first, even though the processes are not running. This appears to be a systemd feature.
systemctl stop nagios.service
systemctl start nagios.service
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
===== openrc =====
rc-service nagios status
===== systemd =====
systemctl status nagios.service
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sed -i '' 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
gmake install-init
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps auxww | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
nagios 571 0.0 0.3 19408 3344 - Ss 2:12PM 0:00.06 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 646 0.0 0.3 19408 3356 - S 2:12PM 0:00.01 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps auxww command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
service nagios start
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
service nagios status
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
perl -p -i -e 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
gmake install-init
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps auxww | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Clear Service Maintenance Status
This is required, it resumes the service back into a running state.
svcadm clear nagios
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
svcs -xv nagios
The following KB article has important information on Solaris and services:
How To Clear Solaris Service Maintenance Status
Update nagios.cfg
This step updates the nagios.cfg file to point to /var/run/nagios.lock:
sudo sed -i '' 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg
Install Service / Daemon
To install the updated service / daemon file you will need to follow the Downloading the Source and Compile steps in the following documentation first:
Documentation - Installing Nagios Core From Source
Once you have performed those steps please execute the following commands:
sudo make install-init
Kill Existing Nagios Processes
To kill the existing nagios service you will need to know the PID of the root process. Execute the following command:
ps aux | egrep "PID|nagios.cfg"
The output will be something like:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nagios 1735 0.0 0.0 7788 1596 ? Ss 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 1767 0.0 0.0 7272 628 ? S 13:39 0:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Now kill the two Nagios processes, usually the first one (1735) will automatically kill the child process (1767):
sudo kill 1735
Then run the ps aux command again to confirm the processes are no longer running.
Start Service / Daemon
This command starts Nagios Core.
sudo /etc/rc.d/init.d/nagios start
Confirm Nagios Is Running
You can confirm that the nagios service is now running with the following command:
sudo /etc/rc.d/init.d/nagios status
Final Thoughts
For any support related questions please visit the Nagios Support Forums at:
Subscribe to Article
Print Article
Email Article to Friend
Export to PDF
Export to MS Word
