Nagios 3.0.6 Internal Server Error when accessing options on


#1

Problem statement:

Hello, I recently installed Nagios 3.0.6 with no complications at all under my server and I can access the web interface just fine, I configured Nagios to only run over the https and it works just fine, I can log in and I see the welcome page without any issues but when I click any of the left side options I get the “Internal Server Error” message.

Server Settings
The server is a:
[list]
]Red Hat Enterprise Linux ES release 4 (Nahant Update 7)/:m]
]Using Kernel 2.6.9-34.0.1.ELsmp/:m]
]2GB RAM/:m]
]Plenty Hard Drive space available (more than 100GB)/:m]
]The server hosts multiple domains through Plesk Virtual Host technology and configurations/:m]
]The Plesk version is 8.6.0/:m]
]Nagios Version 3.0.6 as stated before/:m]
]We use Mod Security/:m]
]We use APF with IPtables/:m][/list:u]

Nagios Installation journey
I installed Nagios as I said without any real errors, everything configured and compiled just fine and I followed the instructions from the quick start guide for Fedora contained here :
http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html

I followed every step very carefully and I ended up with what looks a like a working Nagios, I changed the e-mail address to mine in the appropriate configuration file as mentioned by such guide and as part of the process too, I wanted to implement some security measures for which I went ahead and choose the Enhanced CGI Security and Authentication option based on SSL followig the instructions from this webpage:

http://nagios.sourceforge.net/docs/3_0/cgisecurity.html

and I guess I’ll be adding extra security using the IP Subnet Lockdown technique too but after this has been solved, Ok, sorry about that little comment detour, continuing with the guide steps after having implemented that security measure I proceeded to Install the plugins and everything went well there too and finally I tested the Nagios configuration files to see if there were any errors before I started the process and this is the result of the following command (mentioned in that guide too):

Command–> /usr/local/nagios/bin/nagios -v /usr/local/nagios etc/nagios.cfg

Results

[code]Nagios 3.0.6
Copyright © 1999-2008 Ethan Galstad (http://www.nagios.org)
Last Modified: 12-01-2008
License: GPL

Reading configuration data…

Running pre-flight check on configuration data…

Checking services…
Checked 8 services.
Checking hosts…
Checked 1 hosts.
Checking host groups…
Checked 1 host groups.
Checking service groups…
Checked 0 service groups.
Checking contacts…
Checked 1 contacts.
Checking contact groups…
Checked 1 contact groups.
Checking service escalations…
Checked 0 service escalations.
Checking service dependencies…
Checked 0 service dependencies.
Checking host escalations…
Checked 0 host escalations.
Checking host dependencies…
Checked 0 host dependencies.
Checking commands…
Checked 24 commands.
Checking time periods…
Checked 5 time periods.
Checking for circular paths between hosts…
Checking for circular host and service dependencies…
Checking global event handlers…
Checking obsessive compulsive processor commands…
Checking misc settings…

Total Warnings: 0
Total Errors: 0

Things look okay - No serious problems were detected during the pre-flight check
[/code]

Now, after looking at that and thinking that everything was correct I checked the SElinux configuration to avoid the so feared Internal Server Error from the guide and based on the command they suggest you to use which is:

I got the following result:

So SElinux is disabled, I knew that already but wanted to double check anyway, now, since SElinux is disabled I omitted the rest of the steps in that section regarding the SELinux and continued to the next step which pretty much involved login and enjoying of Nagios so I went to my https://mydomain.com/nagios and I got prompted with a user/pass window, I typed the ones I defined and they worked just fine and I could log, then I tried the options on the left side and none worked, instead I keep getting the so feared “Internal Server Error”

The Debugging process
When I got to this part my first instinct was to check the Nagios Log at:

…and there I could only see nothing but actual messages from nagios working as it is expected about alerts and warnings and services being Ok etc…

After that I went to check my httpd error log at:

…and there I found this AHA!!!:

[error] [client 127.0.0.1] Directory index forbidden by rule: /var/www/html/

So based on that I checked the ownership permissions on the Nagios directory and they are like this (the installation procedure left them like that)

After checking that I tried changing the group to nagcmd by issuing a:

but nothing changed (I must add that I know that I have to restart the httpd server every time a configuration file is changed ok and I did it, although for this change it was not necessary) but still same error, so I reverted the permissions change by restoring a previously created tgz file and then I tried checking the Nagios configuration file at:

and I have this:

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
   SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
   SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

So I thought, probably if I change the Options None to Options Indexes on the share area of that file it could work, but no, same error, then I thought probably this rule prevents the execution of any application (I must say I’m not an expert on the apache server ok) outside the /var/www directory so I placed all the application inside the that path having a new nagios set of directories at:

with a Symlink on the original location and the application kept working as before but still the same error so I reverted those changes.

Then after reading and reading in forums, mailing lists and stuff I found that for one person this was solved by simply creating an empty index.html file inside:

so I did and tried again(remember that every time I attempted something new was based on the original settings so I didn’t add more possible factors to the problem), I created index.html inside the /html dir and then I checked the options and nothing, still same error.

Conclusion and request for help
Guys, Ive been trying to make this work and I’ve been reading a lot through the Internet and nothing, I know it could be related to the permissions, Mod Security or Something else, but I haven’t gotten to that level of debugging capacity and knowledge so I need a hand.

Any help, comment or hint is really appreciated.

Sorry about the thread being this long but I always tend to think that the more specific and the more info you provide, the easier and faster you can get a solution or help from someone else.

I guess the only left to say is Thanks in Advance for having taken the time to read this long thread and the time to reply to it.


#2

Hello, after researching a little bit more about this issue I found that this is related to the suEXEC mod and I found some suggestions on the Nagios forum to solve issues related to this:

[quote]Title: Problems installing the Nagios CGIs with Apache 2.0’s suexec module
FAQ ID: F0118
Submitted By: David Torrey Jr.
Last Updated: 12/01/2002

Description:

Attempting to install the Nagios CGIs on an Apache 2.0 webserver with the suexec module may cause problems.

Solution:

The Nagios install defaults to creating files that are group writable, while suexec refuses to run things that are group writable. Fixing the CGI permissions manually (by removing group write permissions) post-install made the problem go away.

Apache’s suexec also defaults to ignoring UIDs below 100, so you may have to create a “nagios” users with a UID above 100.

Keywords: apache suexec [/quote]

Unfortunately that didn’t solve the Internal Server Error issue, I still need help so any inputs are greatly appreciated.

Thanks


#3

Have you added user to nagios htpasswd?
nagios.sourceforge.net/docs/3_0/cgiauth.html

And after that in /etc/nagios3/cgi.cfg put that username configured with the htpasswd in every section you want to allow access to?