Nagios: Enable external commands - gHacks Tech News

Nagios: Enable external commands

Here we are again, back witho ur old friend Nagios. If you've been following you know I have covered quite a bit of ground with this outstanding network monitoring tool (check all Ghacks Nagios articles). There is a reason for this, Nagios is an incredible tool. But for many of you, you might have come across an error when attempting to run a few of the more powerful features. This error  happens when you attempt to use any of Nagios' external commands. But what are these external commands? Nagios is capable of running commands from external applications. This allows Nagios to expand farther than it could otherwise.

But when you see this error you know that your Nagios installation isn't able to use any external commands. Fear not, this error is simple to over come, and in this article I am going to walk you through the fix.

Assumptions

Figure 1

This how to will assume that you have a working Nagios installation as well as root or sudo access to your server. This article also assumes you have tried to use features that require external commands. If not, let's take a look at how.

If you point your browser to your Nagios server, click on the Service Detail link and then click on one of the services (such as HTTP or SSH). On this page you will see the Service Commands box. If you click on one of those links and you get the error - you need the fix!

The fix

Saved by zero right? Sort of. The first thing to check is in the /etc/nagios3/nagios.cfg file. Look for a line like:

check_external_commands=1

If that line is either commented out or set to "0", change it to look like the entry above. Once you have done that, save and close the file. Now restart Nagios with the command sudo /etc/init.d/nagios3 restart. You're not done yet.

The next step is to open up the /etc/nagios3/cgi.cfg file. You will most likely find these two lines:

authorized_for_all_services=nagiosadmin

authorized_for_all_hosts=nagiosadmin

After these two lines, you need to add the following:

authorized_for_all_host_commands=nagiosadmin

authorized_for_all_service_commands=nagiosadmin

Save and close this file. Now restart Apache with the command sudo /etc/init.d/apache2 restart.

Still not done. Now you have to make a slight change to /etc/groups. Open up this file, with your favorite text editor, and look for a line that looks like:

nagios:x:127:

Change this line to look like:

nagios:x:127:www-data

Now save and close this file. Almost done. But the next step is a bit more challenging the previous.

In the directory /var/lib/nagios3/rw is a file nagios.cmd. This file most likely doesn't have the correct permissions set. By default only the user nagios has access to these files. Since we can't change this to the www-data user (it would break other features of Nagios), we need to just add the executable group bit to the file like so:

sudo chmod g+x /var/lib/nagios/rw

That's it. Now go back to that Service Commands section and click on one of the links. You should no longer get that error.

Final thoughts

You may have thought your Nagios installation was pretty useful. Now that you can execute external commands, you will find your Nagios install to be far more useful.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. marcus said on March 14, 2011 at 4:18 pm
    Reply

    very helpful for me! just in the last listed command there is missing the “3”:
    sudo chmod g+x /var/lib/nagios3/rw

    thanx and best regards
    marcus

  2. K said on July 6, 2011 at 11:16 pm
    Reply

    Almost there… this article was more helpful than the Nagios docs. However, after the last step, I’m a little stuck: Error: Could not stat() command file ‘/var/lib/nagios3/rw/nagios.cmd’!

    Which is awfully funny since:

    root@host:/var/lib/nagios3/rw# ls -alh /var/lib/nagios3/rw/nagios.cmd
    prwxrwx–x 1 nagios nagios 0 2011-07-06 21:07 /var/lib/nagios3/rw/nagios.cmd

  3. K said on July 6, 2011 at 11:47 pm
    Reply

    Aha, a Debianism. I ran the following to fix the issue above:

    dpkg-statoverride –update –add nagios www-data 2710 /var/lib/nagios3/rw
    dpkg-statoverride –update –add nagios nagios 751 /var/lib/nagios3

  4. Makarand said on February 16, 2012 at 12:18 pm
    Reply

    Has any one tried this yet.

    sudo /etc/init.d/nagios3 stop
    sudo dpkg-statoverride –update –add nagios www-data 2710 /var/lib/nagios3/rw sudo dpkg-statoverride –update –add nagios nagios 751 /var/lib/nagios3
    sudo /etc/init.d/nagios3 start

    This worked for me on Ubuntu 11.04.

    -Makarand.

  5. fan said on May 31, 2013 at 4:26 am
    Reply

    Thanks for your tutorial.

    On debian 7.0, in the current version of nagios, /etc/nagios3/cgi.cfg is already correctly configured for external commands. So you can skip this step.
    For me a restart of apache was needed after editing nagios.cfg and the groups.

    Cheers.

    1. Andre R. Ferreira said on November 12, 2013 at 5:27 pm
      Reply

      I’ve had the same issues with Ubuntu 12.04 LTS
      Restarting apache2 also did the trick

  6. Alexandr said on January 8, 2014 at 8:56 am
    Reply

    Respect for this notice!

  7. Shane said on July 11, 2014 at 1:12 am
    Reply

    It can also be selinux.

    You can make a file called nagios.te and paste the below in it.

    [code]
    module nagios 1.0;

    require {
    type httpd_t;
    type usr_t;
    class fifo_file { write getattr open };
    }

    #============= httpd_t ==============
    allow httpd_t usr_t:fifo_file open;

    #!!!! This avc is allowed in the current policy
    allow httpd_t usr_t:fifo_file { write getattr };
    [/code]

    then run:
    checkmodule -M -m -o nagios.mod nagios.te
    semodule_package -o nagios.pp -m nagios.mod
    sudo semodule -i nagios.pp

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.