Nagios: Enable external commands
Here we are again, back witho ur old friend Nagios. If you've been following you know I have covered quite a bit of ground with this outstanding network monitoring tool (check all Ghacks Nagios articles). There is a reason for this, Nagios is an incredible tool. But for many of you, you might have come across an error when attempting to run a few of the more powerful features. This error  happens when you attempt to use any of Nagios' external commands. But what are these external commands? Nagios is capable of running commands from external applications. This allows Nagios to expand farther than it could otherwise.
But when you see this error you know that your Nagios installation isn't able to use any external commands. Fear not, this error is simple to over come, and in this article I am going to walk you through the fix.
Assumptions
This how to will assume that you have a working Nagios installation as well as root or sudo access to your server. This article also assumes you have tried to use features that require external commands. If not, let's take a look at how.
If you point your browser to your Nagios server, click on the Service Detail link and then click on one of the services (such as HTTP or SSH). On this page you will see the Service Commands box. If you click on one of those links and you get the error - you need the fix!
The fix
Saved by zero right? Sort of. The first thing to check is in the /etc/nagios3/nagios.cfg file. Look for a line like:
check_external_commands=1
If that line is either commented out or set to "0", change it to look like the entry above. Once you have done that, save and close the file. Now restart Nagios with the command sudo /etc/init.d/nagios3 restart. You're not done yet.
The next step is to open up the /etc/nagios3/cgi.cfg file. You will most likely find these two lines:
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
After these two lines, you need to add the following:
authorized_for_all_host_commands=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
Save and close this file. Now restart Apache with the command sudo /etc/init.d/apache2 restart.
Still not done. Now you have to make a slight change to /etc/groups. Open up this file, with your favorite text editor, and look for a line that looks like:
nagios:x:127:
Change this line to look like:
nagios:x:127:www-data
Now save and close this file. Almost done. But the next step is a bit more challenging the previous.
In the directory /var/lib/nagios3/rw is a file nagios.cmd. This file most likely doesn't have the correct permissions set. By default only the user nagios has access to these files. Since we can't change this to the www-data user (it would break other features of Nagios), we need to just add the executable group bit to the file like so:
sudo chmod g+x /var/lib/nagios/rw
That's it. Now go back to that Service Commands section and click on one of the links. You should no longer get that error.
Final thoughts
You may have thought your Nagios installation was pretty useful. Now that you can execute external commands, you will find your Nagios install to be far more useful.
Advertisement
It can also be selinux.
You can make a file called nagios.te and paste the below in it.
[code]
module nagios 1.0;
require {
type httpd_t;
type usr_t;
class fifo_file { write getattr open };
}
#============= httpd_t ==============
allow httpd_t usr_t:fifo_file open;
#!!!! This avc is allowed in the current policy
allow httpd_t usr_t:fifo_file { write getattr };
[/code]
then run:
checkmodule -M -m -o nagios.mod nagios.te
semodule_package -o nagios.pp -m nagios.mod
sudo semodule -i nagios.pp
Respect for this notice!
Thanks for your tutorial.
On debian 7.0, in the current version of nagios, /etc/nagios3/cgi.cfg is already correctly configured for external commands. So you can skip this step.
For me a restart of apache was needed after editing nagios.cfg and the groups.
Cheers.
I’ve had the same issues with Ubuntu 12.04 LTS
Restarting apache2 also did the trick
Has any one tried this yet.
sudo /etc/init.d/nagios3 stop
sudo dpkg-statoverride –update –add nagios www-data 2710 /var/lib/nagios3/rw sudo dpkg-statoverride –update –add nagios nagios 751 /var/lib/nagios3
sudo /etc/init.d/nagios3 start
This worked for me on Ubuntu 11.04.
-Makarand.
Aha, a Debianism. I ran the following to fix the issue above:
dpkg-statoverride –update –add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride –update –add nagios nagios 751 /var/lib/nagios3
Almost there… this article was more helpful than the Nagios docs. However, after the last step, I’m a little stuck: Error: Could not stat() command file ‘/var/lib/nagios3/rw/nagios.cmd’!
Which is awfully funny since:
root@host:/var/lib/nagios3/rw# ls -alh /var/lib/nagios3/rw/nagios.cmd
prwxrwx–x 1 nagios nagios 0 2011-07-06 21:07 /var/lib/nagios3/rw/nagios.cmd
very helpful for me! just in the last listed command there is missing the “3”:
sudo chmod g+x /var/lib/nagios3/rw
thanx and best regards
marcus