Re: [Nagios-users] Command File error
Thanks, that did it. I had thought I had disabled SELinux earlier for another issue, but apparently I hadn't done it correctly. At any rate, it's working now. Thanks. Israel On Jul 12, 2006, at 9:02 AM, Marc Powell wrote: > > >> -Original Message- >> From: Israel Brewster [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, July 12, 2006 11:12 AM >> To: Tom Brown; Marc Powell >> Cc: nagios-users@lists.sourceforge.net >> Subject: Re: [Nagios-users] Command File error >> > > [chop] > >> >> On Jul 11, 2006 at 8:39 PM, Marc Powell wrote: >> >>> And restarted the web server presumably. That leaves 2 likely >>> possibilities: >>> - one or more of the directories above rw/ are not accessible by >>> your web server user or >>> - you have SELinux enabled and have not allowed http permissions >>> by policy. You can use 'audit2allow -l -i /var/log/messages' to see > if >>> that's the case. >>> >>> I don't use SELinux so I can't provide you with a specific policy. >> >> All directories in the path have read and execute permissions set for >> everybody. Most don't have write permissions, but I wouldn't think >> that would be an issue. Issuing the command you give returns the >> following result: >> >> allow httpd_sys_script_t usr_t:fifo_file getattr; >> allow httpd_sys_script_t usr_t:file write; >> allow unlabeled_t netif_eth0_t:netif rawip_recv; >> >> I don't know anything about SELinux though, so I have no clue if this >> is good, bad, or indifferent. Any thoughts? > > Bad. The first two lines indicate that SELinux is preventing httpd > from > accessing a fifo file (nagios.cmd almost certainly). Grep for > nagios.cmd > in /var/log/messages. You'll certainly see 'avc: denied' messages. > audit2allow presents policy rules that would allow access to things > that > were blocked. Note that they are overly permissive though. You can > either disable SELinux or modify your policy/permissions for > nagios.cmd > to allow access for httpd. There are numerous messages in the archive > about SELinux. > >> >> I also tried changing the permissions on the command file and >> enclosing folder so that anyone could read and write to them, just to >> see if that would fix the issue, but no change. So apparently it >> isn't a permissions issue, at least not directly with the file and >> enclosed folder. > > SELinux permissions are above and beyond normal file system > permissions. > > > -- > Marc > > > -- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > ___ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
> -Original Message- > From: Israel Brewster [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 12, 2006 11:12 AM > To: Tom Brown; Marc Powell > Cc: nagios-users@lists.sourceforge.net > Subject: Re: [Nagios-users] Command File error > [chop] > > On Jul 11, 2006 at 8:39 PM, Marc Powell wrote: > > > And restarted the web server presumably. That leaves 2 likely > > possibilities: > > - one or more of the directories above rw/ are not accessible by > > your web server user or > > - you have SELinux enabled and have not allowed http permissions > > by policy. You can use 'audit2allow -l -i /var/log/messages' to see if > > that's the case. > > > > I don't use SELinux so I can't provide you with a specific policy. > > All directories in the path have read and execute permissions set for > everybody. Most don't have write permissions, but I wouldn't think > that would be an issue. Issuing the command you give returns the > following result: > > allow httpd_sys_script_t usr_t:fifo_file getattr; > allow httpd_sys_script_t usr_t:file write; > allow unlabeled_t netif_eth0_t:netif rawip_recv; > > I don't know anything about SELinux though, so I have no clue if this > is good, bad, or indifferent. Any thoughts? Bad. The first two lines indicate that SELinux is preventing httpd from accessing a fifo file (nagios.cmd almost certainly). Grep for nagios.cmd in /var/log/messages. You'll certainly see 'avc: denied' messages. audit2allow presents policy rules that would allow access to things that were blocked. Note that they are overly permissive though. You can either disable SELinux or modify your policy/permissions for nagios.cmd to allow access for httpd. There are numerous messages in the archive about SELinux. > > I also tried changing the permissions on the command file and > enclosing folder so that anyone could read and write to them, just to > see if that would fix the issue, but no change. So apparently it > isn't a permissions issue, at least not directly with the file and > enclosed folder. SELinux permissions are above and beyond normal file system permissions. -- Marc - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
On Jul 12, 2006, at 12:20 AM, Tom Brown wrote: > >> Yes, the nagios.cmd file is automatically created when I start >> nagios. The file does have read and write permissions for the >> nagcmd group, and I have added the webserver to said group. > > have you restarted the webserver? Also note the // in the path Restarted the webserver several times. the // in the path came with the default config files, but I went ahead and changed it anyway. Didn't make any difference. Actually, having a double slash in a file path doesn't seem to make a difference anywhere- I have accidentally typed paths like that more than once, with no effect :) On Jul 11, 2006 at 8:39 PM, Marc Powell wrote: > And restarted the web server presumably. That leaves 2 likely > possibilities: > - one or more of the directories above rw/ are not accessible by > your web server user or > - you have SELinux enabled and have not allowed http permissions > by policy. You can use 'audit2allow -l -i /var/log/messages' to see if > that's the case. > > I don't use SELinux so I can't provide you with a specific policy. All directories in the path have read and execute permissions set for everybody. Most don't have write permissions, but I wouldn't think that would be an issue. Issuing the command you give returns the following result: allow httpd_sys_script_t usr_t:fifo_file getattr; allow httpd_sys_script_t usr_t:file write; allow unlabeled_t netif_eth0_t:netif rawip_recv; I don't know anything about SELinux though, so I have no clue if this is good, bad, or indifferent. Any thoughts? I also tried changing the permissions on the command file and enclosing folder so that anyone could read and write to them, just to see if that would fix the issue, but no change. So apparently it isn't a permissions issue, at least not directly with the file and enclosed folder. I just had a thought - in order to get the cgi's to work, I had to put them in the root level /var/www/cgi-bin folder, rather than the / usr/local/nagios/sbin folder. I modified the directory entry for this directory in the apache config file to match what the documentation said I needed for the sbin directory, but might this have something to do with the issue? Perhaps something somewhere else in the configs that specifically gives the cgis in the sbin directory permission to write to the command file? Dunno. Thanks everyone for the suggestions! Your help is much appreciated - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
> Yes, the nagios.cmd file is automatically created when I start > nagios. The file does have read and write permissions for the nagcmd > group, and I have added the webserver to said group. have you restarted the webserver? Also note the // in the path - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
Hey, Have you checked your nagios.cfg file? It seems to me like your command_file definition is incorrect and should be 'command_file=/usr/local/nagios/var/rw/nagios.cmd' instead of 'command_file=/usr/local/nagios//var/rw/nagios.cmd'. - Jeffrey Lensen hyves: http://skyler.hyves.nl mail/msn: [EMAIL PROTECTED] Israel Brewster wrote: >Yes, the nagios.cmd file is automatically created when I start >nagios. The file does have read and write permissions for the nagcmd >group, and I have added the webserver to said group. > >Israel > >On Jul 11, 2006, at 2:52 PM, Patrick Morris wrote: > > > >>On Tue, 11 Jul 2006, Israel Brewster wrote: >> >> >> >>>Whenever I try to run a command from the nagios CGI's, I get an error >>>saying: >>> >>>Error: Could not stat() command file '/usr/local/nagios//var/rw/ >>>nagios.cmd'! >>> >>>The external command file may be missing, Nagios may not be running, >>>and/or Nagios may not be checking external commands. >>> >>>An error occurred while attempting to commit your command for >>>processing. >>> >>>I have read through the documentation, and checked the permissions on >>>the command directory both manually and by sing the make install- >>>commandmode command. I have also verified that both my webserver and >>>the nagios process user are in the group that owns the command >>>directory. I still get the error though. Can anyone shed some light >>>on this for me? Thanks. >>> >>> >>How about the nagios.cmd file? Is it there? >> >>Are the permissions set so that the webserver user can get to it? >> >> > > > >- >Using Tomcat but need to do more? Need to support web services, security? >Get stuff done quickly with pre-integrated technology to make your job easier >Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >___ >Nagios-users mailing list >Nagios-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/nagios-users >::: Please include Nagios version, plugin version (-v) and OS when reporting >any issue. >::: Messages without supporting info will risk being sent to /dev/null > > > - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
And restarted the web server presumably. That leaves 2 likely possibilities: - one or more of the directories above rw/ are not accessible by your web server user or - you have SELinux enabled and have not allowed http permissions by policy. You can use 'audit2allow -l -i /var/log/messages' to see if that's the case. I don't use SELinux so I can't provide you with a specific policy. -- Marc > -Original Message- > From: [EMAIL PROTECTED] [mailto:nagios-users- > [EMAIL PROTECTED] On Behalf Of Israel Brewster > Sent: Tuesday, July 11, 2006 6:43 PM > To: nagios-users@lists.sourceforge.net > Subject: Re: [Nagios-users] Command File error > > Yes, the nagios.cmd file is automatically created when I start > nagios. The file does have read and write permissions for the nagcmd > group, and I have added the webserver to said group. > > Israel > > On Jul 11, 2006, at 2:52 PM, Patrick Morris wrote: > > > On Tue, 11 Jul 2006, Israel Brewster wrote: > > > >> Whenever I try to run a command from the nagios CGI's, I get an error > >> saying: > >> > >> Error: Could not stat() command file '/usr/local/nagios//var/rw/ > >> nagios.cmd'! > >> > >> The external command file may be missing, Nagios may not be running, > >> and/or Nagios may not be checking external commands. > >> > >> An error occurred while attempting to commit your command for > >> processing. > >> > >> I have read through the documentation, and checked the permissions on > >> the command directory both manually and by sing the make install- > >> commandmode command. I have also verified that both my webserver and > >> the nagios process user are in the group that owns the command > >> directory. I still get the error though. Can anyone shed some light > >> on this for me? Thanks. > > > > How about the nagios.cmd file? Is it there? > > > > Are the permissions set so that the webserver user can get to it? > > > > - > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > ___ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
Yes, the nagios.cmd file is automatically created when I start nagios. The file does have read and write permissions for the nagcmd group, and I have added the webserver to said group. Israel On Jul 11, 2006, at 2:52 PM, Patrick Morris wrote: > On Tue, 11 Jul 2006, Israel Brewster wrote: > >> Whenever I try to run a command from the nagios CGI's, I get an error >> saying: >> >> Error: Could not stat() command file '/usr/local/nagios//var/rw/ >> nagios.cmd'! >> >> The external command file may be missing, Nagios may not be running, >> and/or Nagios may not be checking external commands. >> >> An error occurred while attempting to commit your command for >> processing. >> >> I have read through the documentation, and checked the permissions on >> the command directory both manually and by sing the make install- >> commandmode command. I have also verified that both my webserver and >> the nagios process user are in the group that owns the command >> directory. I still get the error though. Can anyone shed some light >> on this for me? Thanks. > > How about the nagios.cmd file? Is it there? > > Are the permissions set so that the webserver user can get to it? - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Command File error
On Tue, 11 Jul 2006, Israel Brewster wrote: > Whenever I try to run a command from the nagios CGI's, I get an error > saying: > > Error: Could not stat() command file '/usr/local/nagios//var/rw/ > nagios.cmd'! > > The external command file may be missing, Nagios may not be running, > and/or Nagios may not be checking external commands. > > An error occurred while attempting to commit your command for > processing. > > I have read through the documentation, and checked the permissions on > the command directory both manually and by sing the make install- > commandmode command. I have also verified that both my webserver and > the nagios process user are in the group that owns the command > directory. I still get the error though. Can anyone shed some light > on this for me? Thanks. How about the nagios.cmd file? Is it there? Are the permissions set so that the webserver user can get to it? - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Command File error
Whenever I try to run a command from the nagios CGI's, I get an error saying: Error: Could not stat() command file '/usr/local/nagios//var/rw/ nagios.cmd'! The external command file may be missing, Nagios may not be running, and/or Nagios may not be checking external commands. An error occurred while attempting to commit your command for processing. I have read through the documentation, and checked the permissions on the command directory both manually and by sing the make install- commandmode command. I have also verified that both my webserver and the nagios process user are in the group that owns the command directory. I still get the error though. Can anyone shed some light on this for me? Thanks. Israel - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null