Comments (4)
tmcnag
commented on August 15, 2024
Possible duplicate of #5
from nrdp.
lepmeh
commented on August 15, 2024
I had a look at the other issue before I submitted this one, and it is not the same as far as I can see.
The problem with tempnam() is that if e.g.
$cfg["check_results_dir"] = "/usr/local/nagios/var/spool/checkresults" you'd expect the file it creates to end up in that directory. However if the directory isn't writable, the system tmp dir is used instead, often "/tmp". (See http://php.net/manual/en/function.tempnam.php ).
As NRDP doesn't remove the file itself, and expects another service to remove the files it is important to check that the file that tempnam returns is in the directory that is specified.
We saw the problem in a setup with a RAM-disk for check results. Some of the nagios services stopped unexpectedly, and the incoming NRDP checks quickly filled the RAM-disk, and then continued to fill "/tmp".
from nrdp.
caronc
commented on August 15, 2024
You need to add the following into your http.conf (VirtualHost) configuration:
php_admin_value open_basedir "/etc/nrdp/:/usr/share/nrdp/http/:/var/nagios/nrdp/:/var/nagios/spool/checkresults/:/tmp/"The above was taken from my blog entry on NRDP. Yours might just need something more like this (if using Ubuntu):
php_admin_value open_basedir "/usr/local/nagios/var/spool/checkresults/:/tmp/"Here is what my Apache Config entry looks like; I used higher ports for NRDP so it would fit more in with NRPE (5667) and NSCA (NRDP's replacement at 5666). NRDP insecure set to 5668, and secure 5669:
# Source URL: http://nuxref.com
# Specifically: http://nuxref.com/2016/11/24/nrdp-nagios-core-centos-7-x/
Listen 5668
Listen 5669 https
<VirtualHost *:5668>
ServerAdmin webmaster@localhost
ErrorLog /var/log/httpd/nrdp_error_log
CustomLog /var/log/httpd/nrdp_access_log common
LogLevel warn
# PHP configuration to make it possible to write
# into /var/nagios/spool/checkresults/
php_admin_value open_basedir "/etc/nrdp/:/usr/share/nrdp/http/:/var/nagios/nrdp/:/var/nagios/spool/checkresults/:/tmp/"
DocumentRoot /usr/share/nrdp/http
<IfModule mod_rewrite.c>
RewriteEngine On
# Disable all requests that are not POST or GET
RewriteCond %{REQUEST_METHOD} !^(POST|GET) [NC]
# # Consider using the below entry instead of the above ^ if you wish
# # to disable the manual website that accepts entries
# RewriteCond %{REQUEST_METHOD} !^(POST) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
<Location />
# SSLRequireSSL
Options ExecCGI
Options FollowSymLinks
<IfVersion >= 2.3>
<RequireAll>
Require all granted
#AuthName "NRDP Access"
#AuthType Basic
#AuthUserFile /etc/nagios/htpasswd.users
#Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
#AuthName "NRDP Access"
#AuthType Basic
#AuthUserFile /etc/nagios/htpasswd.users
#Require valid-user
</IfVersion>
</Location>
</VirtualHost>
<VirtualHost *:5669>
ServerAdmin webmaster@localhost
ErrorLog /var/log/httpd/nrdp_error_log
CustomLog /var/log/httpd/nrdp_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
TransferLog /var/log/nrdp_ssl_access_log
LogLevel warn
# PHP configuration to make it possible to write
# into /var/nagios/spool/checkresults/
php_admin_value open_basedir "/etc/nrdp/:/usr/share/nrdp/http/:/var/nagios/nrdp/:/var/nagios/spool/checkresults/:/tmp/"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Prevent CRIME attack
SSLCompression off
DocumentRoot /usr/share/nrdp/http
<IfModule mod_rewrite.c>
RewriteEngine On
# Disable all requests that are not POST or GET
RewriteCond %{REQUEST_METHOD} !^(POST|GET) [NC]
# # Consider using the below entry instead of the above ^ if you wish
# # to disable the manual website that accepts entries
# RewriteCond %{REQUEST_METHOD} !^(POST) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
<Location />
SSLRequireSSL
Options ExecCGI
Options FollowSymLinks
<IfVersion >= 2.3>
<RequireAll>
Require all granted
#AuthName "NRDP Access"
#AuthType Basic
#AuthUserFile /etc/nrdp/htpasswd.users
#Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
#AuthName "NRDP Access"
#AuthType Basic
#AuthUserFile /etc/nrdp/htpasswd.users
#Require valid-user
</IfVersion>
</Location>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>from nrdp.
jomann09
commented on August 15, 2024
Should be fixed in dfca357 but will test it before closing this...
from nrdp.
Related Issues (20)
- Package has been moved. HOT 1
- Wrong var name for debug file HOT 5
- send_nrdp.py client is not python 3 HOT 26
- NRDP JSONDATA check doesn't works and get message as "NO DATA" HOT 8
- NRDP on XI: semicolon changes to colon HOT 1
- how to use JSONDATA check in Webhook body HOT 6
- Debugging doesnt work HOT 1
- NRPD 2.0.1 does not work with SSL HOT 16
- Data not proccessing HOT 8
- (No output on stdout) stderr: HOT 4
- Add ps_nrdp.ps1 to clients?
- send_nrdp.php doesnt work in case plugin output contains $delim char HOT 1
- send_nrdp.php produces handle_api_error(msg=BAD XML) HOT 2
- send_nrdp.php is always returning 0
- Using send_nrdp.sh with wget fails to submit over HTTPS
- send_ndrp.sh behaves abnormally when using paths with spaces in them
- name 'html' is not defined send_nrdp.py
- Service check timed out after 0.00 seconds on Naemon installations
- less then or greater then sign in output returns BAD XML when trying to send via send_nrdp.sh
- UNKNOWN: The node requested does not exist. You may be trying to access the '/' node. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nrdp.