unpushed

nagios-4.4.6-2.el7

FEDORA-EPEL-2021-0d9a06b878 created by tartina 3 years ago for Fedora EPEL 7

Fix for CVE-2020-13977 BZ1849087 Fix systemd unit file permissions BZ1676334 Update to 4.4.6

This update has been submitted for testing by tartina.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago
User Icon kenyon provided feedback 3 years ago
BZ#1676334 /usr/lib/systemd/system/nagios.service marked executable; please remove executable permission bits
User Icon tjyang commented & provided feedback 3 years ago
karma

I see the fix here. chmod -x /builddir/build/BUILDROOT/nagios-4.4.6-2.el7.x86_64/usr/lib/systemd/system/nagios.service

BZ#1676334 /usr/lib/systemd/system/nagios.service marked executable; please remove executable permission bits
BZ#1829114 nagios-4.4.6 is available
BZ#1849087 CVE-2020-13977 nagios: URL injection (post-authentication) vulnerability [epel-all]

This update has been pushed to testing.

3 years ago
User Icon tjyang commented & provided feedback 3 years ago

Here is my fresh install test notes

  • on CentOS Linux release 7.9.2009 (Core)
  • yum install nagios --enablerepo=epel-testing
  • yum install -y nagios-plugins-load nagios-plugins-users nagios-plugins-http nagios-plugins-disk nagios-plugins-ssh nagios-plugins-swap nagios-plugins-procs --enablerepo=epel-testing
  • testing existing default config files come with pkg.

[root@centos7t01 ~]# nagios -v /etc/nagios/nagios.cfg

Nagios Core 4.4.6 Copyright (c) 2009-present Nagios Core Development Team and Community Contributors Copyright (c) 1999-2009 Ethan Galstad Last Modified: 2020-04-28 License: GPL

Website: https://www.nagios.org Reading configuration data... Read main config file okay... Error: Could not open config directory '/etc/nagios/conf.d' for reading. Error: Invalid max_check_attempts value for host 'localhost' Error: Could not register host (config file '/etc/nagios/objects/localhost.cfg', starting on line 21) Error processing object config files!

One or more problems was encountered while processing the config files...

Check your configuration file(s) to ensure that they contain valid
directives and data definitions.  If you are upgrading from a previous
version of Nagios, you should be aware that some variables/definitions
may have been removed or modified in this version.  Make sure to read

the HTML documentation regarding the config files, as well as the 'Whats New' section to find out what has changed.

[root@centos7t01 ~]#

User Icon tjyang commented & provided feedback 3 years ago

Following 3 steps to have a localhost entry to see localhost got monitor from http://localhost/nagios/ * yum install nagios-plugins-ping * mkdir /etc/nagios/conf.d && chgrp nagios /etc/nagios/conf.d * systemctl start nagios httpd

User Icon tjyang commented & provided feedback 3 years ago

nagios-4.4.6 on fedora-34 is OK using my extra post-install notes above.

User Icon tjyang commented & provided feedback 3 years ago

sorry, I tested on fedora-33, not 34.

User Icon tartina commented & provided feedback 3 years ago

/etc/nagios/conf.d was a mistake, see #1504306. I accidentally pulled it in again using autosetup, as it was not commented out in patch list. That directory shouldn't be used. I'm making a new release of nagios to fix all these problems

This update has been unpushed.

User Icon tjyang commented & provided feedback 3 years ago

Thanks @tartina


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
3 years ago
in testing
3 years ago
BZ#1676334 /usr/lib/systemd/system/nagios.service marked executable; please remove executable permission bits
0
1
BZ#1829114 nagios-4.4.6 is available
0
0
BZ#1849087 CVE-2020-13977 nagios: URL injection (post-authentication) vulnerability [epel-all]
0
0

Automated Test Results