External Commands not working
Marc Powell
marc at ena.com
Thu Mar 17 22:28:47 CET 2005
> -----Original Message-----
> From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
> admin at lists.sourceforge.net] On Behalf Of Scott Gwartney
> Sent: Thursday, March 17, 2005 3:09 PM
> To: noyler at khimetrics.com
> Cc: nagios-users at lists.sourceforge.net
> Subject: RE: [Nagios-users] External Commands not working
>
[snip]
> > > >From: "Marc Powell" <marc at ena.com>
> > > >
> > > > > -----Original Message-----
> > > > > From: nagios-users-admin at lists.sourceforge.net
> >[mailto:nagios-users-
> > > > > admin at lists.sourceforge.net] On Behalf Of Scott Gwartney
> > > > > Sent: Thursday, March 17, 2005 11:49 AM
> > > > > To: nagios-users at lists.sourceforge.net
> > > > > Subject: [Nagios-users] External Commands not working
> > > > >
> > > > > I'm running Nagios v.2.0b1 on Fedora 3.0 Apache 2.0.52. When
> >trying to
> > > > > execute external commands from the web interface I get this
error:
> > > > >
> > > > > Error: Could not stat() command file
> > > > > '/usr/local/nagios/var/rw/nagios.cmd'!
> > > > >
> > > > > The external command file may be missing, Nagios may not be
> >running,
> > > > > and/or
> > > > > Nagios may not be checking external commands.
> > > > >
[snip]
> > > > > Nothing shows up in the httpd logs. The system message log
shows
> >this:
> > > > >
> > > > > avc: denied { getattr } for pid=5446
> > > >exe=/usr/local/nagios/sbin/cmd.cgi
> > > > > path=/usr/local/nagios/var/rw/nagios.cmd dev=dm-0 ino=3591465
> > > > > scontext=root:system_r:httpd_sys_script_t
> >tcontext=root:object_r:usr_t
> > > > > tclass=fifo_file
> > > >
> > > >This is an SELinux restriction, above and beyond normal file
systems
> > > >permissions. I have no personal experience with SELinux but I
believe
> > > >the following command will provide you with the SELinux policy
change
> > > >you need to make --
> > > >
> > > >audit2allow -l -i /var/log/messages
> > > >
> > > >If anyone can come up with a valid, secure SELinux policy change
to
> > > >allow access to cmd.cgi it should probably go in the FAQ at the
> >least. I
> > > >think there was one other email in the past week that is likely
an
> > > >SELinux issue as well.
> > > >
> I turned selinux off completley, rebooted and continue to get the
error
> messages.
Which one? The Nagios error message or the avc: error message above?
If it's the nagios error message then it's back to basics and we'll need
further information --
- verify /usr/local/nagios/var/rw/nagios.cmd exists. Post an ls
-l of the file here. If it doesn't exist then you have not configured
external commands properly.
- verify that the user or group that your web server runs as has
access to the file and all directories above it, from / on down. ls -l
of each would be useful if you need our help. Directory group
permissions should be at least rx. nagios.cmd group permissions should
be at least rw.
- show us the values of the User and Group directives in
httpd.conf
- show us the groups in /etc/groups that the above user is a
member. It should be in the same group that nagios.cmd is.
- show us the groups that the nagios user is a member. This is
not so important IFF nagios.cmd is owned by the same user nagios runs
as.
If it's the avc: error message then SELinux is not disabled. That would
trump everything above.
--
Marc
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id�396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list