When trying to open any graph on Nagios throws below error:
Nagiosgraph has detected an error in the configuration file: /etc/nagios/nagiosgraph/nagiosgraph.conf
Log: /var/log/nagios/nagiosgraph.log failed to open!
make sure that permissions are set properly on /var/log/nagios
the www (or www-data or apache) user must have write permission.
one approach is to make a group called nagcmd and put the www user into this group.
then set permissions:
chown nagios.nagcmd /var/log/nagios
chown nagios.www /var/log/nagios/nagiosgraph.log
chmod 775 /var/log/nagios
chmod 664 /var/log/nagios/nagiosgraph.log
another approach is to keep separate log files, one for data collection (nagiosgraph.log) and another for graphing (nagiosgraph-cgi.log). see nagiosgraph.conf for details.
Related
please, I have a react js application that I want to deploy on my server (Centos 7), I have already generated the build and I have installed nginx on my server and I have created the folder www under /var/ where I have put the content of my build following the path : /var/www/merchant-dashboard/html.
and I have already allocated the 777 permissions for the www folder and all its subdirectories and files
I created my configuration file under /etc/nginx/conf.d and named it merchantDashboard.conf here is its content :
.
I have also set the permissions for the nginx user with the command
sudo chown -R nginx:nginx *.
(my user is called nginx) but I still get the 403 forbidden error.
Here is my error logs :
if someone can help me please
I followed this answer:
Why does Nginx return a 403 even though all permissions are set properly?
When I disabled SELinux it worked.
Following command from the above mentioned link solved the problem:
chcon -Rt httpd_sys_content_t /path/to/www
i installed vsftpd and got it running with user ftpuser. owner group of /var/www is set to ftpuser:ftpuser. I can upload view, edit and delete files, which is nice.
but a website can't do anything: e.g. can't upload files via php, can't run installer and stuff.
so i changed owner to www-data:www-data. Now i can upload files via http or update my wordpress.
but i can not change files via ftp anymore (550 Create directory operation failed).
i have added ftpuser to group www-data but still can't do anything on the server.
my vsftpd.conf
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
allow_writeable_chroot=YES
2 different processes (apache and vsftp) have/run with different users and groups: files and directories have user ownership and group ownership so you need to configure proper permissions to let apache read/write in/on-to files and directories owned by vsftp (or vice versa according to how you configure permissions and groups).
A solution could be:
create a common group called, for example, 'web-manager'
change the group of the folder '/var/www' to web-manager (chgrp web-manager /var/www)
allow those who are in 'web-manager' group write into the '/var/www' folder (chmod 775 /var/www)
put apache and vsftp in the group 'web-manager' (usermod -a -G web-manager www-data; usermod -a -G web-manager ftpuser)
restart apache and vsftp daemons
I'm getting an error when trying to upload any type of file via Content>Files>Add File. The error reads "The file filename could not be saved. An unknown error has occurred. The file in the Upload a new file field was unable to be uploaded."
I've read through many threads and most seem to indicate a permissions problem. I've checked that all directories are configured properly. Public files are set as sites/default/files; private files are set as sites/default/files/private; and temporary is set as sites/default/files/tmp.
Then I found this error in the server logs:
[Tue Mar 27 10:49:26.932464 2018] [proxy_fcgi:error] [pid 20750:tid 140070898026240] [client nn.nnn.nn.nn:63784] AH01071: Got error 'PHP message: PHP Warning: File upload error - unable to create a temporary file in Unknown on line 0\n', referer: http://ipaddress.com/file/add
Any ideas what might be wrong here?
Thanks,
CJ
This is definitely a permissions issue.
You mention the path of the different folders (public, private, and tmp), but that is a completely different thing.
What you need to check is that user running the webserver has permissions to write on those aforementioned folders.
Now, you don't mention what server are you using, so I'll assume you're running Apache, and the Apache user and group is called apache in CentOS and www-data in Ubuntu.
You should navigate to those folders (actually to the folder where this folders are placed) and type a ls -la sentence in the terminal, to get a list of permissions for them, as well as the name of the user that owns the folders.
The Apache user needs to access and write in those folders.
I have come across the similar problem once. Solution to this problem is to give the 'write' permission to 'others' as well on tmp directory. You might wonder that this is /tmp directory I am talking about, as while uploading a file it must pass through /tmp directory to the desired location.
So give the write (other) permission to /tmp and sites/default/files/tmp directory. Hope this will help.
I got a Mesosphere-EE, and install on fedora 23 server (kernel 4.4)with:
$bash dcos_generate_config.ee.sh --web –v
then output:
Running mesosphere/dcos-genconf docker with BUILD_DIR set to/home/mesos-ee/genconf
Usage of loopback devices is strongly discouraged for production use.Either use `--storage-opt dm.thinpooldev` or use `--storage-opt
dm.no_warn_on_loop_devices=true` to suppress this warning.
07:53:46:: Logger set to DEBUG
07:53:46:: ====> Starting DCOS installer in web mode
07:53:46:: DCOS Installer v1
07:53:46:: Starting server ('0.0.0.0', 9000)
Then I start firefox though vnc, the vnc is on root. then:
07:53:57:: Root page requested. 07:53:57:: Serving/usr/local/lib/python3.4/site-packages/dcos_installer/templates/index.html
07:53:58:: Request for configuration type made.
07:53:58::Configuration file not found, /genconf/config.yaml. Writing new onewith all defaults.
07:53:58:: Error handling request
PermissionError: [Errno 13] Permission denied: '/genconf/config.yaml'
But I already have a genconf/config.yaml, it look like:
bootstrap_url: http://<bootstrap_public_ip>:<your_port>
cluster_name: '<cluster-name>'
exhibitor_storage_backend: zookeeper
exhibitor_zk_hosts: <host1>:2181,<host2>:2181,<host3>:2181
exhibitor_zk_path: /dcos
master_discovery: static
master_list:
- <master-private-ip-1>
- <master-private-ip-2>
- <master-private-ip-3>
superuser_username: <username>
superuser_password_hash: <hashed-password>
resolvers:
- 8.8.8.8
- 8.8.4.4
I do not know what’s going on. If you have any idear, please let me know, thank you very much!
Disable Selinux!
Configure SELINUX=disabled in the /etc/selinux/config file and then reboot!
Be ensure the selinux is disabled by the command getenforce.
$ getenforce
Disabled
zhe.
Correctly installing the enterprise edition depends on the correct system prerequisites. Anyway I suppose you're still on the bootstrap node so I will give you some path to succed in your current task.
Run the script as root or as a user issuing sudo dcos_generate_config.ee.sh
The script will also generate the config file automatically; if you want to use your own configuration file then create a folder named genconf and put it inside before running the script. You should changes the values inside <> with your specific configuration. If you need more help for your specific case send me an email to infofs2 at gmail.com
I'm running nagios 4 under centos 7. And everything works fine with SELinux disabled. But when I enable it, I am getting this error in the interface:
Whoops!
Error: Could not open CGI config file '/etc/nagios/cgi.cfg' for reading!
Here are some things you should check in order to resolve this error:
Make sure you've installed a CGI config file in its proper location. See the error message about for details on where the CGI is expecting to find the configuration file. A sample CGI configuration file (named cgi.cfg) can be found in the sample-config/ subdirectory of the Nagios source code distribution.
Make sure the user your web server is running as has permission to read the CGI config file.
Make sure you read the documentation on installing and configuring Nagios thoroughly before continuing. If all else fails, try sending a message to one of the mailing lists. More information can be found at https://www.nagios.org.
I tried checking audit2why to see if I can get a clue on how to handle this:
And I'm seeing this output:
type=AVC msg=audit(1444272414.200:15955): avc: denied { read } for pid=9090 comm="status.cgi" name="cgi.cfg" dev="xvda1" ino=19230613 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:nagios_etc_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
type=AVC msg=audit(1444272474.545:15956): avc: denied { read } for pid=9116 comm="status.cgi" name="cgi.cfg" dev="xvda1" ino=19230613 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:nagios_etc_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
And if I check audit2allow, this is what I'm seeing:
[root#monitor1:~] #grep nagios /var/log/audit/audit.log | audit2allow
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t nagios_etc_t:file { read getattr open };
#============= httpd_t ==============
allow httpd_t admin_home_t:file { write getattr open };
allow httpd_t etc_t:dir write;
allow httpd_t etc_t:file write;
allow httpd_t httpd_sys_rw_content_t:fifo_file getattr;
allow httpd_t usr_t:fifo_file { write getattr open };
But I'm not real knowledgable on SELinux. So I'm hoping I can get some advice on how to solve this problem.
Thanks
grep the audit.log for the word nagios and pipe it into audit2allow with the -M flag
grep nagios /var/log/audit/audit.log | audit2allow -M nagios
This should create 2 files: a type enforcement file nagios.te and a policy package file nagios.pp
Use the semodule command to load the policy package:
semodule -i nagios.pp
And you're done.
Sources:
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-sel-building-policy-module.html
https://mgrepl.fedorapeople.org/Blog/nagios.html