Added fix for selinux from Patrick Uiterwijk
Update to latest in git
Updated from 4.3.1 maint to 4.3.2
We find out that RHEL-6 does not like non-UTF so removed German translation
Major update to Nagios to address outstanding Security needs.
nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23
Please login to add feedback.
This update has been submitted for testing by smooge.
This update has obsoleted nagios-4.3.2-3.el6, and has inherited its bugs and notes.
I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.
Do you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?
Thanks for doing these updates!!
Cheers
What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.
This update has been pushed to testing.
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by smooge.
This update has been pushed to stable.
So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?
Thanks for this update!!!!!
Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a "Gateway Time-out" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.
Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.
@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?
@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with
service nagios start
failed with 2 selinux errors:Sep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459 Sep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f
So I ran:
grep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown semodule -i nagios-chown.pp
Which solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:
Sep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'
And SELinux audit logs look like this:
type=AVC msg=audit(1506622404.225:6960996): avc: denied { execute_no_trans } for pid=16769 comm="nagios" path="/usr/sbin/nagios" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file
Any ideas? Strange that now I'm having SELinux errors when I was getting them before.
Thanks
@smooge If I stop nagios and start it manually with the command
/usr/sbin/nagios -d /etc/nagios/nagios.cfg
rather than starting it withservice nagios start
, then I don't get the SELinux errors and everything seems to work fine.OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.