Comments

66 Comments

Updated to this package to satisfy requirements of the latest clementine package. This seems to work. When I run Clementine it messes with my keyboard. Text field focus is weird and I can't type in any apps besides Clementine. I suspect that issue isn't related to this package though ...

Was hoping this would fix the bug I've run into after upgrading to f29 but its still there.

https://bugzilla.redhat.com/show_bug.cgi?id=1645370

I have a question:

Does this microcode update negate the need for a firmware update? And if so, why do Windows machines require firmware updates if a microcode update would suffice?

Thank you.

karma

WFM

What does the "Logout Required" message on this update mean? Is it referring to Firefox sync, the websites you're logged into, or something else?

Thanks

karma

Oh my gosh, I'm legitimately an idiot. Guess what the problem was? I didn't have the nagios-selinux package installed. :( I guess it wasn't required with the old version 3 EPEL nagios packages? I don't know. But now, with nagios-selinux installed and updated to 4.3.4-4, everything is working perfectly without any SELinux tweaks required. Awesome!!!

Thanks @smooge!!

BZ#1490860 CVE-2017-14312 nagios: Incorrect file permissions leading to possible privilege escalation [epel-all]
BZ#1475447 SELinux Policy module won't install.

Hmm, this is all that audit2allow -v gives me. Is there anything else I can run to get you more info? Thanks

#============= nagios_t ==============
# src="nagios_t" tgt="nagios_exec_t" class="file", perms="execute_no_trans"
# comm="nagios" exe="" path=""
#!!!! This avc is allowed in the current policy
allow nagios_t nagios_exec_t:file execute_no_trans;

Shoot my formatting got all messed up. Here it is again:

module jobmatch_nagios 1.0;

require {
    type nagios_t;
    type nagios_exec_t;
    class file execute_no_trans;
}

#============= nagios_t ==============
allow nagios_t nagios_exec_t:file execute_no_trans;

BTW, the following type enforcement module fixes the problem:

` module jobmatch_nagios 1.0;

require { type nagios_t; type nagios_exec_t; class file execute_no_trans; }

============= nagios_t ==============

allow nagios_t nagios_exec_t:file execute_no_trans; `

Unfortunately I'm still getting "Unable to run check for service" on all service checks because they're blocked by SELinux with errors like this one:

type=AVC msg=audit(1507311527.812:31135): avc: denied { execute_no_trans } for pid=16333 comm="nagios" path="/usr/sbin/nagios" dev=cciss!c0d0p3 ino=1317059 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file

It only happens if I run nagios with service nagios start. If I run it with /usr/sbin/nagios -d /etc/nagios/nagios.cfg it works so it would seem that the issue is based on whether nagios is running as the nagios user or as root.

My other SELinux problem with writing to /tmp is fixed.

@smooge If I stop nagios and start it manually with the command /usr/sbin/nagios -d /etc/nagios/nagios.cfg rather than starting it with service nagios start, then I don't get the SELinux errors and everything seems to work fine.

@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with service nagios start failed with 2 selinux errors:

Sep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459 Sep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f

So I ran:

grep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown semodule -i nagios-chown.pp

Which solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:

Sep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'

And SELinux audit logs look like this:

type=AVC msg=audit(1506622404.225:6960996): avc: denied { execute_no_trans } for pid=16769 comm="nagios" path="/usr/sbin/nagios" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file

Any ideas? Strange that now I'm having SELinux errors when I was getting them before.

Thanks

Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.

Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a "Gateway Time-out" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.

karma

So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?

Thanks for this update!!!!!

BZ#1005974 nagios-4.3.2 is available
BZ#1201462 Update Nagios package to at least -5
BZ#1075867 Upgrade to Nagios 4.x

I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.

Do you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?

Thanks for doing these updates!!

Cheers

User Icon devhen commented & provided feedback on pydf-12-1.fc26 7 years ago
karma

WFM. Thanks!!

BZ#1338050 Update pydf to version 12
User Icon devhen commented & provided feedback on pydf-12-1.el6 7 years ago
karma

WFM. Thank you for packaging this for EPEL!!!

BZ#1338050 Update pydf to version 12
karma

WFM on x86_64

BZ#1448977 gimp-2.8.22 is available
karma

WFM as well. Looks like this fixes BZ#1432699

Thank you!

I looked in mutter-3.22.4-1.fc25 and it does appear to contain the patch mentioned in bug #1432699 so I think this update will fix that bug. I will install it now and test it out and then provide karma.

Thanks!