I've been trying to .. empower .. the Nagios 3 web interface in Ubuntu/Debian to allow me to turn off service checking at will. I do this when I am checking logs etc. to debug some issue and all the spam from Nagios' polling is getting in the way. Nagios comes with an option to "disable active checks of this service" which when click should, well, disable active checks of the service. Clicking it, however, resulted in the following message:
Nagios is currently not checking for external commands.
A little googling revealed that I had to enable the external commands option. This can be done by editing
/etc/nagios3/nagios.cfg and toggling the following option from 0 to 1:
Once this is done, Nagios has to be restarted. I tried disabling the service again and did not get the message again. But I did run into a different one :|
Could not stat() command file
When trying to read the file, I found that access to it was restricted. I had to get my nets out once again to try my luck in the aquamarine pool of omniscience that is Google. It turned out that this restriction has been added intentionally for reasons of security. As Alexander Wirt expains, this can be disabled via the following commands:
dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
In other words, we are granting access to the command file and Nagios itself to Apache's httpd (which is where the security risk lay), thereby allowing the Nagios web interface to interact with the service.
I trust that this post will help somebody out there!
- Log in to post comments