[ale] Need help with Nagios

Richard Bronosky Richard at Bronosky.com
Tue Jan 26 06:24:18 EST 2010


I can't give you a link because I'm on my BB, but goto
http://httpd.apache.org/ and search for DocumentRoot. Your problem is
likely due to the use of a symlink. The default behavior is to be
strict about requiring that the real path be within the DocumentRoot.
I find that I must always link from my project directory into my
docroot (real, fake) not from my docroot to my project (fake, real).
Even though the later is how I'd prefer to organize things. It's a
security issue. If someone were to find a way to create a symlink via
an exploit, they wouldn't be able to use it.

On 1/25/10, Chuck Payne <terrorpup at gmail.com> wrote:
> Guys,
>
> I am helping a friend with Nagios 2.6, on Debian 4.0. The install
> appears to be ok, but the problem is that when we access the pages, we
> are seeing this error.
>
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>500 Internal Server Error</title>
> </head><body>
> <h1>Internal Server Error</h1>
> <p>The server encountered an internal error or
> misconfiguration and was unable to complete
> your request.</p>
> <p>Please contact the server administrator,
>  webmaster at localhost and inform them of the time the error occurred,
> and anything you might have done that may have
> caused the error.</p>
> <p>More information about this error may be available
> in the server error log.</p>
> <hr>
> <address>Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_jk/1.2.18
> mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8+etch16 mod_ssl/2.2.3
> OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8 Server at localhost Port
> 80</address>
> </body></html>
>
>
> When I look in the error log, I am seeing this...
>
> Mon Jan 25 23:35:53 2010] [error] [client 216.47.87.22] suexec policy
> violation: see suexec log for more details, referer:
> http://inferno.magidesign.com/nagios2/side.html
> [Mon Jan 25 23:35:53 2010] [error] [client 216.47.87.22] Premature end
> of script headers: history.cgi, referer:
> http://inferno.magidesign.com/nagios2/side.html
> [Mon Jan 25 23:35:55 2010] [error] [client 216.47.87.22] suexec policy
> violation: see suexec log for more details, referer:
> http://inferno.magidesign.com/nagios2/side.html
> [Mon Jan 25 23:35:55 2010] [error] [client 216.47.87.22] Premature end
> of script headers: tac.cgi, referer:
> http://inferno.magidesign.com/nagios2/side.html
>
> When I look at suexec.log I am seeing this
>
> 2010-01-25 23:35:53]: uid: (117/dspam) gid: (120/120) cmd: history.cgi
> [2010-01-25 23:35:53]: command not in docroot
> (/usr/lib/cgi-bin/nagios2/history.cgi)
> [2010-01-25 23:35:55]: uid: (117/dspam) gid: (120/120) cmd: tac.cgi
> [2010-01-25 23:35:55]: command not in docroot
> (/usr/lib/cgi-bin/nagios2/tac.cgi)
>
>
> I have checked it looks like all are owned by nagios  with the group
> www-data, but the uid appears to be dspam? Do I need make that nagios
> is uid 117 and gid 120 to work? What is the docroot? What do I need to
> check there.
>
> --
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- en.opensuse.org/User:Terrorpup
> openSUSE Ambassador
> openSUSE Member
> skype -- terrorpup
> twitter -- terrorpup
> Identica -- terrorpup
> freenode(irc) -- terrorpup/lupinstein.
> friendfeed -- friendfeed.com/terrorpup
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want
> to package and distribute , or create your own linux distro. Give SUSE
> Studio a try.
> www.susestudio.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

-- 
Sent from my mobile device

.!# RichardBronosky #!.


More information about the Ale mailing list