- I kickstarted a fresh CentOS7 VM, in KVM Dev environment
- removed our standard EPEL7 repo, installed from the kickstart
- wget smooge repo
- xmlstarlet
- fping
- qstat
I just temporarily loaded standard epel7, installed those 3 pkgs, then removed it again, and re-played my playbook. Some of those pre-req's are because of my local customizations, xmlstarlet certainly...
*Disclaimer* our playbook is soup-to-nuts with a lot of customizations, and we're even towing some legacy config from Nagios v3. This results in a few bumps.
Playbook *almost* went to completion, indicated Nagios server wouldn't start at the end, with errors.
- error says,
/etc/nagios/nagios.cfg -- Line 457 (Check result path '/var/log/nagios/spool/checkresults' is not a valid directory ...) - OK, comparing that with the canonical config, which suggests the correct path might be: /var/spool/nagios/checkresults. Oh hey, that exists. Update my copy of nagios.cfg to use the canonical path, restart nagios service.
- Nope, still won't start. SELinux?
- my system was enforcing; I set it to permissive
- yup, now the nagios service starts. SELinux confirmed as problem.
- What's set?
[root@jupiter nagios]# ls -ldZ /var/spool/nagios/checkresults
drwxr-x---. nagios nagios system_u:object_r:nagios_spool_t:s0 /var/spool/nagios/checkresults - Compare with another system where I have it working - a Nagios server installed from EPEL7 @ v4.0.8:
[root@ayr nagios]# ls -dZ /var/log/nagios/spool/checkresults # but, note customized path
drwxr-x---. nagios nagios system_u:object_r:nagios_log_t:s0 /var/log/nagios/spool/checkresults - (but, that system is also set selinux-permissive)
- Back on my updated system, try the basics:
ausearch -c 'nagios' --raw | audit2allow -M my-nagios
semodule -i my-nagios.pp - What did that do?
[root@jupiter ~]# ls -ldZ /var/spool/nagios/checkresults
drwxr-x---. nagios nagios system_u:object_r:nagios_log_t:s0 /var/spool/nagios/checkresults - Hey, nagios starts now!
So, I was able to slot this new version into my playbook with a minimum of fuss. It's currently monitoring 21 local Dev servers, 261 services. I haven't see any issues.
[root@jupiter ~]# rpm -q nagios
nagios-4.2.4-1.el7.centos.x86_64
[root@jupiter ~]# rpm -qa | grep nagios-plugins | grep -v ualib | grep -v percona
nagios-plugins-sensors-2.1.4-1.el7.centos.x86_64
nagios-plugins-mailq-2.1.4-1.el7.centos.x86_64
nagios-plugins-dhcp-2.1.4-1.el7.centos.x86_64
nagios-plugins-nagios-2.1.4-1.el7.centos.x86_64
nagios-plugins-fping-2.1.4-1.el7.centos.x86_64
nagios-plugins-oracle-2.1.4-1.el7.centos.x86_64
nagios-plugins-users-2.1.4-1.el7.centos.x86_64
nagios-plugins-swap-2.1.4-1.el7.centos.x86_64
nagios-plugins-time-2.1.4-1.el7.centos.x86_64
nagios-plugins-mrtg-2.1.4-1.el7.centos.x86_64
nagios-plugins-dummy-2.1.4-1.el7.centos.x86_64
nagios-plugins-all-2.1.4-1.el7.centos.x86_64
nagios-plugins-uptime-2.1.4-1.el7.centos.x86_64
nagios-plugins-2.1.4-1.el7.centos.x86_64
nagios-plugins-breeze-2.1.4-1.el7.centos.x86_64
nagios-plugins-real-2.1.4-1.el7.centos.x86_64
nagios-plugins-tcp-2.1.4-1.el7.centos.x86_64
nagios-plugins-mysql-2.1.4-1.el7.centos.x86_64
nagios-plugins-smtp-2.1.4-1.el7.centos.x86_64
nagios-plugins-hpjd-2.1.4-1.el7.centos.x86_64
nagios-plugins-ntp-perl-2.1.4-1.el7.centos.x86_64
nagios-plugins-ssh-2.1.4-1.el7.centos.x86_64
nagios-plugins-ups-2.1.4-1.el7.centos.x86_64
nagios-plugins-game-2.1.4-1.el7.centos.x86_64
nagios-plugins-nrpe-3.0.1-1.el7.centos.x86_64
nagios-plugins-perl-2.1.4-1.el7.centos.x86_64
nagios-plugins-wave-2.1.4-1.el7.centos.x86_64
nagios-plugins-file_age-2.1.4-1.el7.centos.x86_64
nagios-plugins-http-2.1.4-1.el7.centos.x86_64
nagios-plugins-overcr-2.1.4-1.el7.centos.x86_64
nagios-plugins-ldap-2.1.4-1.el7.centos.x86_64
nagios-plugins-nwstat-2.1.4-1.el7.centos.x86_64
nagios-plugins-nt-2.1.4-1.el7.centos.x86_64
nagios-plugins-procs-2.1.4-1.el7.centos.x86_64
nagios-plugins-icmp-2.1.4-1.el7.centos.x86_64
nagios-plugins-by_ssh-2.1.4-1.el7.centos.x86_64
nagios-plugins-pgsql-2.1.4-1.el7.centos.x86_64
nagios-plugins-snmp-2.1.4-1.el7.centos.x86_64
nagios-plugins-dns-2.1.4-1.el7.centos.x86_64
nagios-plugins-disk_smb-2.1.4-1.el7.centos.x86_64
nagios-plugins-ircd-2.1.4-1.el7.centos.x86_64
nagios-plugins-flexlm-2.1.4-1.el7.centos.x86_64
nagios-plugins-mrtgtraf-2.1.4-1.el7.centos.x86_64
nagios-plugins-log-2.1.4-1.el7.centos.x86_64
nagios-plugins-load-2.1.4-1.el7.centos.x86_64
nagios-plugins-cluster-2.1.4-1.el7.centos.x86_64
nagios-plugins-disk-2.1.4-1.el7.centos.x86_64
nagios-plugins-ping-2.1.4-1.el7.centos.x86_64
nagios-plugins-ntp-2.1.4-1.el7.centos.x86_64
nagios-plugins-ide_smart-2.1.4-1.el7.centos.x86_64
nagios-plugins-rpc-2.1.4-1.el7.centos.x86_64
nagios-plugins-dig-2.1.4-1.el7.centos.x86_64
eg:
Can you look at
https://copr.fedorainfracloud.org/coprs/smooge/Nagios_ and tryUpdate/
it on a test system?
This changes various items and I need feedback before I push it into
EPEL or try to fix it to work in Fedora.
> ______________________________
On 14 December 2016 at 13:03, Neil MacGregor <neil.macgregor@xxxxxxxxxxx> wrote:
> Hi folks,
>
> Do you have any plans to update the Nagios server package, RE:
> https://legalhackers.com/advisories/Nagios-Exploit- Command-Injection-CVE-2016- 9565-2008-4796.html
> ?
> (Or, would it be faster to roll my own RPM?)
>
> Love your work on EPEL; we've been fans for many years.
> --
> -Neil
> 780-492-3155
> University of Alberta Libraries
> 4-30 Cameron Library
>
_________________
> epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org
>
--
Stephen J Smoogen.
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org
--
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
