Apache 1.3 + Nagios CGI = failure

[Lukasz Szmit]

On Fri, 2005-11-04 at 15:13 +0000, Lukasz Szmit wrote:
> On Fri, 2005-11-04 at 15:32 +0100, Andreas Ericsson wrote:
> > Oh. And here I was thinking you'd checked that the webuser has
> > regular 
> > unix access to execute the cgi-files. Apparently you didn't, although 
> > the log shouts it out loud and clear.
> > 
> > Hint; The permission denied can be from any of the directories above 
> > where the files are stored. The apache user needs +x on every
> > directory 
> > along the way.
> 
> Well, all relevant directories under /usr have a+x, and that is enough
> for Apache to get to /usr/nagios/sbin and execute the files.
> 
> I may have found the source of my problem.
> The GRSecurity kernel patch option "Trusted Path Execution" seems to be
> blocking Apache from executing the CGIs. I'm just recompiling the kernel
> with TPE disabled and will check if that helps. I'll share with the
> group once I have some results.

OK, GRSecurity was the root cause.
While using that patch make sure that either of these is done:

- make sure that CONFIG_GRKERNSEC_TPE is not set in kernel .config file
- enable CONFIG_GRKERNSEC_TPE AND make sure you have a respective policy
setup and enabled (see gradm documentation).

regards,
-- 
Lukasz Szmit | University College Dublin
Computing Services | +353-1-716-2651
http://www.ucd.ie/computing/aboutus.html



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null