{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "nagios-4.0.8-1.fc21\nnagios-4.0.8-1.fc22\nnagios-4.0.8-1.el6\nnagios-4.0.8-1.el7\nnagios-4.0.8-1.fc23\n\n- update to 4.0.8\n", "type": "security", "status": "stable", "request": null, "severity": "urgent", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2015-09-20 14:37:52", "date_modified": "2015-09-21 12:53:21", "date_approved": null, "date_testing": "2015-09-21 02:26:12", "date_stable": "2015-12-05 20:05:46", "alias": "FEDORA-EPEL-2015-8155", "test_gating_status": null, "from_tag": null, "date_pushed": "2015-12-05 20:05:46", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8155", "title": "nagios-4.0.8-1.el7", "version_hash": "bc983c7c872f436cdb3bb956780bae5a5984ae15", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by swilkerson. ", "timestamp": "2015-09-20 14:38:03", "update_id": 40088, "user_id": 91, "id": 326102, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2015-09-21 02:51:29", "update_id": 40088, "user_id": 91, "id": 326495, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "swilkerson edited this update. ", "timestamp": "2015-09-21 12:52:57", "update_id": 40088, "user_id": 91, "id": 326695, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 17 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2015-10-08 20:59:12", "update_id": 40088, "user_id": 91, "id": 335810, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by pbrobinson. ", "timestamp": "2015-12-04 03:35:50", "update_id": 40088, "user_id": 91, "id": 361221, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2015-12-05 20:33:38", "update_id": 40088, "user_id": 91, "id": 361816, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "bug_feedback": [{"karma": 0, "comment_id": 362821, "bug_id": 469320, "bug": {"bug_id": 469320, "title": "CVE-2008-4796 snoopy: command execution via shell metacharacters", "security": true, "parent": true}}, {"karma": 0, "comment_id": 362821, "bug_id": 958305, "bug": {"bug_id": 958305, "title": "CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 958002, "bug": {"bug_id": 958002, "title": "CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage", "security": true, "parent": true}}, {"karma": 0, "comment_id": 362821, "bug_id": 994780, "bug": {"bug_id": 994780, "title": "CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1036331, "bug": {"bug_id": 1036331, "title": "[cosmetic] Double slash in Nagios' web interface URL", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1046335, "bug": {"bug_id": 1046335, "title": "CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1046113, "bug": {"bug_id": 1046113, "title": "CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()", "security": true, "parent": true}}, {"karma": 0, "comment_id": 362821, "bug_id": 1066582, "bug": {"bug_id": 1066582, "title": "CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1111720, "bug": {"bug_id": 1111720, "title": "use_embedded_perl_implicitly=1 by default is user-hostile", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1083003, "bug": {"bug_id": 1083003, "title": "Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1201462, "bug": {"bug_id": 1201462, "title": "Update Nagios package to at least -5", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1074611, "bug": {"bug_id": 1074611, "title": "Consider using Nagios 4.x branch for EPEL7", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1201849, "bug": {"bug_id": 1201849, "title": "Support an environment file in the systemd unit file", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1121499, "bug": {"bug_id": 1121499, "title": "CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1075867, "bug": {"bug_id": 1075867, "title": "Upgrade to Nagios 4.x", "security": false, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1066580, "bug": {"bug_id": 1066580, "title": "CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 362821, "bug_id": 1046333, "bug": {"bug_id": 1046333, "title": "CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}], "builds": [{"nvr": "nagios-4.0.8-1.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 469320, "title": "CVE-2008-4796 snoopy: command execution via shell metacharacters", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 469320, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 469320, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 469320, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 469320, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 469320, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 958002, "title": "CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 958002, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 958002, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 958002, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 958002, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 958002, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 958305, "title": "CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 958305, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 958305, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 958305, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 958305, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 958305, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 994780, "title": "CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 994780, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 994780, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 994780, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 994780, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 994780, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1036331, "title": "[cosmetic] Double slash in Nagios' web interface URL", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1036331, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1036331, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1036331, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1036331, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1036331, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1046113, "title": "CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1046113, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1046113, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1046113, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1046113, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1046113, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1046333, "title": "CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1046333, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1046333, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1046333, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1046333, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1046333, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1046335, "title": "CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1046335, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1046335, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1046335, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1046335, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1046335, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1066580, "title": "CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1066580, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1066580, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1066580, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1066580, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1066580, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1066582, "title": "CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1066582, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1066582, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1066582, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1066582, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1066582, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1074611, "title": "Consider using Nagios 4.x branch for EPEL7", "security": false, "parent": false, "feedback": [{"karma": -1, "comment_id": 327914, "bug_id": 1074611, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1074611, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1074611, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1074611, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1074611, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1075867, "title": "Upgrade to Nagios 4.x", "security": false, "parent": false, "feedback": [{"karma": -1, "comment_id": 327914, "bug_id": 1075867, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1075867, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 1, "comment_id": 380727, "bug_id": 1075867, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 1, "comment_id": 648177, "bug_id": 1075867, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1075867, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1083003, "title": "Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1083003, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1083003, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1083003, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1083003, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1083003, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1111720, "title": "use_embedded_perl_implicitly=1 by default is user-hostile", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1111720, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1111720, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1111720, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1111720, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1111720, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1121499, "title": "CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1121499, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1121499, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1121499, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1121499, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1121499, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1201462, "title": "Update Nagios package to at least -5", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1201462, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1201462, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1201462, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 1, "comment_id": 648177, "bug_id": 1201462, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1201462, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}]}, {"bug_id": 1201849, "title": "Support an environment file in the systemd unit file", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 327914, "bug_id": 1201849, "comment": {"karma": -1, "karma_critpath": 0, "text": "This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.\n\nDirectories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).\n\n    allow nagios_t initrc_tmp_t:file write;\n    allow nagios_t self:capability chown;\n    allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;\n    allow nagios_system_plugin_t ssh_exec_t:file getattr;\n    allow nagios_t nagios_exec_t:file execute_no_trans;\n    allow nagios_t nagios_log_t:sock_file { write create unlink };", "timestamp": "2015-09-23 17:52:58", "update_id": 40091, "user_id": 172, "id": 327914, "testcase_feedback": [], "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}]}}}, {"karma": 0, "comment_id": 362821, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "Looks like nagios-4.0.8 is not compatible with nagios-3.5.1\nI saw this in OpenStack Packstack CI job, using puppet module\nmod 'nagios',\n  :commit => '56a1eee350c4600bb12e017d64238fb3f876abd4',\n  :git => 'https://github.com/gildub/puppet-nagios-openstack.git'\n\nnagios: Error: Service has no hosts and/or service_description (config file '/etc/nagios/nagios_service.cfg', starting on line 49)\nnagios: Error processing object config files!", "timestamp": "2015-12-08 00:07:38", "update_id": 40088, "user_id": 226, "id": 362821, "testcase_feedback": [], "user": {"name": "apevec", "email": "apevec@gmail.com", "id": 226, "avatar": "https://seccdn.libravatar.org/avatar/840dba492326c6665eb65be0c6efcae21b6e9859c79c258de5ce19e62621749c?s=24&d=retro", "openid": "apevec.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 371268, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "Also fixes #1282197 for me.", "timestamp": "2015-12-29 16:27:56", "update_id": 40090, "user_id": 1292, "id": 371268, "testcase_feedback": [], "user": {"name": "rocketraman", "email": "rocketraman@gmail.com", "id": 1292, "avatar": "https://seccdn.libravatar.org/avatar/545828475c2f36e2659652e0f7e57db74d2966edc62b1b476bd59d4b846a09b7?s=24&d=retro", "openid": "rocketraman.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 377257, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "This cannot be pushed, there are missing directories, still working on final fix", "timestamp": "2016-01-14 14:15:21", "update_id": 40090, "user_id": 2187, "id": 377257, "testcase_feedback": [], "user": {"name": "swilkerson", "email": "swilkerson@nagios.com", "id": 2187, "avatar": "https://seccdn.libravatar.org/avatar/c4556123d8e0ea48ba04dcbb3eb54b46f24b17bf0c09d69994274fa19c69bd1c?s=24&d=retro", "openid": "swilkerson.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 380727, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "It works OK for me as is", "timestamp": "2016-01-23 16:58:16", "update_id": 40090, "user_id": 2526, "id": 380727, "testcase_feedback": [], "user": {"name": "mhjacks", "email": "mhjacks@swbell.net", "id": 2526, "avatar": "https://seccdn.libravatar.org/avatar/d3b1c86a73c351f5da6428ba1b20bbe5c49c5ebffb485fa33e47dc5854b683ac?s=24&d=retro", "openid": "mhjacks.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 517538, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.", "timestamp": "2016-11-06 02:51:15", "update_id": 40091, "user_id": 698, "id": 517538, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 628765, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'd love to test this out and provide karma but I'm a little weary because I don't currently have a nagios install running on a development or test server where I would feel comfortable doing a major-version upgrade.\n\nDo you know if any changes to an existing nagios config will be necessary for moving from the current EL6 version (3.5.1) to this version?\n\nThanks for doing these updates!!\n\nCheers", "timestamp": "2017-06-29 00:21:46", "update_id": 91196, "user_id": 729, "id": 628765, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 628810, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "works", "timestamp": "2017-06-29 06:20:40", "update_id": 91199, "user_id": 307, "id": 628810, "testcase_feedback": [], "user": {"name": "lnie", "email": "lnie@redhat.com", "id": 307, "avatar": "https://seccdn.libravatar.org/avatar/acbe3c6c54b2d720727e6819b615121b75b25d6bfc69f245d4dcf4921bf32ec7?s=24&d=retro", "openid": "lnie.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 628915, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "What I did to test in the end was to create a small virtual machine and install the packages from the existing setup. I then copied over /etc/nagios. I updated to the newest nagios and ran a nagios -v /etc/nagios/nagios.cfg to see what broke. For our setup we had customized things in a way which 'worked' in previous versions but didn't in the new version. I fixed those up and then edited my nagios.cfg differences into the nagios.cfg.rpmnew so I got the additional configs that the new version wanted.  \n", "timestamp": "2017-06-29 14:49:02", "update_id": 91196, "user_id": 398, "id": 628915, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 629284, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "Update fails to restart service using /sbin/systemctl, but looks like this is an post cleanup script for previous version.", "timestamp": "2017-06-30 07:58:55", "update_id": 91205, "user_id": 338, "id": 629284, "testcase_feedback": [], "user": {"name": "ondrejj", "email": "ondrejj@salstar.sk", "id": 338, "avatar": "https://seccdn.libravatar.org/avatar/aa266cec33de99ea573df7f573be6a670f0f19895cfe010fd9ee085a344195d1?s=24&d=retro", "openid": "ondrejj.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}]}}}, {"karma": 0, "comment_id": 629821, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "Live environment replica under in test server update: Worked fine. \nupdate from a fresh install: Worked fine\nFresh install of 4.3.2: worked fine. \n", "timestamp": "2017-07-01 12:01:25", "update_id": 91198, "user_id": 3607, "id": 629821, "testcase_feedback": [], "user": {"name": "f14w3d", "email": "cfcolaco@gmail.com", "id": 3607, "avatar": "https://seccdn.libravatar.org/avatar/5c1d79b37e98630d182be1112ff9923c566ed51f9a2c3d20381da79d21f78109?s=24&d=retro", "openid": "f14w3d.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 648177, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "So this seems to be working perfectly for me and I haven't had to change any of my configs. I didn't get any errors on service nagios restart and things seem to be working as before. Are there any particular configuration settings I should look at?\n\nThanks for this update!!!!!", "timestamp": "2017-08-18 01:57:05", "update_id": 91196, "user_id": 729, "id": 648177, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664898, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "Hey smooge. Weird one here. I have 2 virtually identical machines running this version of nagios on Cent 6 and one of them has a strange problem where I cannot commit any changes through the nagios web admin. For exmple, disabling notifications or disabling checks of a service. When I click the commit button it spins and spins for a long time and then eventually gives a \"Gateway Time-out\" error. I've tried deleting retention.dat and rebooting. Any ideas? Very strange that my other nagios box does not have this problem.", "timestamp": "2017-09-24 03:58:48", "update_id": 91196, "user_id": 729, "id": 664898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 664899, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "Turns out its not just committing changes, nothing is working. No checks have been performed in the last 2 days. The only thing that I can see that happened that day are CentOS 6 samba updates. Downgrading those updates doesn't seem to help.", "timestamp": "2017-09-24 04:04:55", "update_id": 91196, "user_id": 729, "id": 664899, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 665047, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "@devhen OK time to see what is different between the systems. Does one have selinux running and the other one does not? Does one have the nagios_epel6 selinux policy and the other one does not?", "timestamp": "2017-09-24 17:53:47", "update_id": 91196, "user_id": 398, "id": 665047, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 666898, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge So I found two different problems. For one, my /etc/nagios/nagios.cfg had the pid file set to /var/run/nagios.pid but it should now be /var/run/nagios/nagios.pid. Secondly, starting nagios with `service nagios start` failed with 2 selinux errors:\n\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from write access on the file /tmp/.configtest.LZ74T8iY. For complete SELinux messages. run sealert -l 57464946-0362-40f3-a585-5d79d4b17459\nSep 28 12:09:06 localhost setroubleshoot: SELinux is preventing /usr/sbin/nagios from using the chown capability. For complete SELinux messages. run sealert -l 585086e4-e53d-4a8a-85f8-4af5bf7a852f\n\nSo I ran:\n\ngrep nagios /var/log/audit/audit.log | audit2allow -M nagios-chown\nsemodule -i nagios-chown.pp\n\nWhich solved that problem. But now SELinux is blocking all attempts to query my monitored servers. Log messages look like this:\n\nSep 28 12:18:21 localhost nagios: Unable to run check for service 'Memory' on host 'xxxxx'\n\nAnd SELinux audit logs look like this:\n\ntype=AVC msg=audit(1506622404.225:6960996): avc:  denied  { execute_no_trans } for  pid=16769 comm=\"nagios\" path=\"/usr/sbin/nagios\" dev=cciss!c0d0p3 ino=1057038 scontext=unconfined_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_exec_t:s0 tclass=file\n\nAny ideas? Strange that now I'm having SELinux errors when I was getting them before.\n\nThanks\n", "timestamp": "2017-09-28 18:24:34", "update_id": 91196, "user_id": 729, "id": 666898, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 666901, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "@smooge If I stop nagios and start it manually with the command `/usr/sbin/nagios -d /etc/nagios/nagios.cfg` rather than starting it with `service nagios start`, then I don't get the SELinux errors and everything seems to work fine.", "timestamp": "2017-09-28 18:28:02", "update_id": 91196, "user_id": 729, "id": 666901, "testcase_feedback": [], "user": {"name": "devhen", "email": "devin@six19.com", "id": 729, "avatar": "https://seccdn.libravatar.org/avatar/852dfa07e93e9c4ff41cfd21ddbf5ccb2e5ca3e23926a5e4ba247852c4e9946a?s=24&d=retro", "openid": "devhen.id.fedoraproject.org", "groups": [{"name": ""}]}}}, {"karma": 0, "comment_id": 670471, "bug_id": 1201849, "comment": {"karma": 0, "karma_critpath": 0, "text": "OK I found a bug in various things but 4.3.4-4 works on service nagios start/stop without selinux problems.", "timestamp": "2017-10-04 22:09:54", "update_id": 91196, "user_id": 398, "id": 670471, "testcase_feedback": [], "user": {"name": "smooge", "email": "smooge@redhat.com", "id": 398, "avatar": "https://seccdn.libravatar.org/avatar/7307344b121111b0fbfe3858b100a8e005c8757a552ec5e813ac4320b18c6162?s=24&d=retro", "openid": "smooge.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "epel-cabal"}, {"name": "epelproject"}, {"name": "fedorabugs"}, {"name": "sysadmin-noc"}, {"name": "epel-wranglers"}, {"name": "signed_fpca"}, {"name": "wikiadmin"}, {"name": "sysadmin-veteran"}, {"name": "fedora-contributor"}, {"name": "centosproject-email-aliases"}, {"name": "qa_users"}, {"name": "ipausers"}, {"name": "communishift"}, {"name": "sysadmin-centos"}, {"name": "sysadmin-analysis"}, {"name": "sysadmin-securit"}, {"name": "sysadmin-devel"}, {"name": "sysadmin-teleirc"}, {"name": "gitfedora-zikula"}, {"name": "admins"}, {"name": "sysadmin-accounts"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-calendar"}, {"name": "atomic"}, {"name": "gitsecstate"}, {"name": "sysadmin-survey"}, {"name": "accounts"}, {"name": "epel-packagers-sig"}, {"name": "sysadmin-ppc"}, {"name": "vendor-support"}, {"name": "sysadmin"}, {"name": "aws-infra"}, {"name": "sysadmin-web"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-dns"}, {"name": "sysadmin-backup"}, {"name": "fi-apprentice"}, {"name": "sig-infra"}, {"name": "sysadmin-main"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-hosted"}]}}}, {"karma": 0, "comment_id": 870451, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "Been running since 3 days, seems to be working fine (didn't see mem leak), got alert, no upgrade issue", "timestamp": "2018-12-04 16:20:16", "update_id": 127705, "user_id": 643, "id": 870451, "testcase_feedback": [], "user": {"name": "misc", "email": "misc@zarb.org", "id": 643, "avatar": "https://seccdn.libravatar.org/avatar/97ccdb2e3138bb4c626016e65403d1ef4f292215d1f482eae038a3fb84fa37aa?s=24&d=retro", "openid": "misc.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}]}}}, {"karma": 1, "comment_id": 885928, "bug_id": 1201849, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-01-18 17:45:34", "update_id": 130059, "user_id": 3948, "id": 885928, "testcase_feedback": [], "user": {"name": "petaris", "email": "petaris@gmail.com", "id": 3948, "avatar": "https://seccdn.libravatar.org/avatar/1c2d6e7ae93e7c057398f82cd75c0efcf94d5a3be26ab855116016b1390b6541?s=24&d=retro", "openid": "petaris.id.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-EPEL-2015-8155", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}