[Xymon] xymon server "could not load hostdata" issue

J.C. Cleaver cleaver at terabithia.org
Fri Jun 27 17:26:01 CEST 2014


Hmm. Can you run /usr/sbin/setsebool -P httpd_can_network_connect on?
and report the output of: ls -lZ /usr/libexec/xymon/svcstatus.cgi

-jc


On Fri, June 27, 2014 7:56 am, Iain M. Conochie wrote:
> Looks like selinux is denying the request.
>
> On June 27, 2014 2:22:35 PM GMT+01:00, mania bogdan <bogymel at yahoo.com>
> wrote:
>>Hi,
>>
>>Thank you for the quick response. 
>>
>>@Paul: nothing seems to be wrong with Apache, I played with the
>>configuration to no avail. I'm attaching it for reference.
>>
>>@JC: It seems xymon daemon is running ok, no errors in xymond.log. I
>>can connect to the server on port 1984 both locally and remote. xymon
>>10.106.50.129 ping command returns the server version.
>>
>>In audit.log I have this:
>>
>>type=SYSCALL msg=audit(1403874936.111:817): arch=c000003e syscall=42
>>success=no exit=-13 a0=3 a1=7fff0a176f60 a2=10 a3=1999999999999999
>>items=0 ppid=18345 pid=18518 auid=500 uid=48 gid=48 euid=48 suid=48
>>fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="svcstatus.cgi"
>>exe="/usr/libexec/xymon/svcstatus.cgi"
>>subj=unconfined_u:system_r:httpd_sys_script_t:s0 key=(null)
>>type=AVC msg=audit(1403874966.329:820): avc:  denied  { name_connect }
>>for  pid=18645 comm="svcstatus.cgi" dest=1984
>>scontext=unconfined_u:system_r:httpd_sys_script_t:s0
>>tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>>
>>I need to mention however that I installed xymon from a custom repo
>>found online because, well, I was lazy to build from source :) 
>>
>>Thanks.
>>
>> 
>>
>>
>>On Friday, June 27, 2014 1:09 PM, J.C. Cleaver <cleaver at terabithia.org>
>>wrote:
>>
>>
>>
>>It seems like both xymonnet and the svcstatus.sh CGI are having
>>problems
>>communicating back with xymond.
>>
>>First step, can you verify that xymond is in fact up and running OK? Is
>>there any error output in xymond.log?
>>
>>Based on the logs below, it seems 10.106.50.129 the server's own
>>XYMONSERVER IP address? If so, can you connect locally on port 1984 to
>>it?
>>Or run 'xymon 10.106.50.129 ping' from the command line?
>>
>>For svcstatus.sh, do you see any possible SELinux errors in
>>/var/log/audit/audit.log indicated blocks?
>>
>>
>>HTH,
>>
>>-jc
>>
>>
>>
>>On Fri, June 27, 2014 2:06 am, mania bogdan wrote:
>>> Hi,
>>>
>>> I'm facing an issue with the xymon server. 
>>>
>>> I have setup a fresh installation of xymon 4.3.17 on a RHEL 6 box. I
>>have
>>> only the server defined in hosts.cfg. The main page displays ok, but
>>when
>>> I click on a "smiley" it just shows "Cannot load host configuration".
>>In
>>> the xymonnet.log I get the following:
>>>
>>> 2014-06-27 04:24:51 ->  Could not connect to Xymon
>>> daemon at 10.106.50.129:1984 (Connection refused)
>>> 2014-06-27 04:24:51 ->  Recipient '10.106.50.129', timeout 15
>>> 2014-06-27 04:24:51 ->  1st line: 'extcombo 2000 2291 2617'
>>>
>>> I also get this in the Apache error_log:
>>>
>>> [Fri Jun 27 05:01:01 2014] [error] [client 10.106.0.214] 2014-06-27
>>> 05:01:01 , referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>> [Fri Jun 27 05:01:01 2014] [error] [client 10.106.0.214] ->  connect
>>to
>>> Xymon daemon at 10.106.50.129:1984 failed (Permission denied), referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>>
>>> [Fri Jun 27 05:03:31 2014] [error] [client 10.106.0.214] 2014-06-27
>>> 05:03:31 , referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>> [Fri Jun 27 05:03:31 2014] [error] [client 10.106.0.214] ->
>> Recipient
>>> '10.106.50.129', timeout 15, referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>> [Fri Jun 27 05:03:31 2014] [error] [client 10.106.0.214] 2014-06-27
>>> 05:03:31 , referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>> [Fri Jun 27 05:03:31 2014] [error] [client 10.106.0.214] ->  1st
>>line:
>>> 'hostinfo clone=watchdog.stage.ppaws.net', referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>> [Fri Jun 27 05:03:31 2014] [error] [client 10.106.0.214] 2014-06-27
>>> 05:03:31 , referer:
>>>
>>http://watchdog.stage.ppaws.net/xymon-cgi/svcstatus.sh?HOST=watchdog.stage.ppaws.net&SERVICE=conn
>>>
>>>
>>> I have setup the host in /etc/hosts file, the name is resolvable, the
>>1984
>>> port is opened and accepting connections. The only solution I could
>>find
>>> online was to restart the server but that didn't help.
>>>
>>> I'm fairly new to xymon, so if I missed something and if any
>>additional
>>> info is required I'll be happy to provide.
>>>
>>> Thanks._______________________________________________
>>> Xymon mailing list
>>> Xymon at xymon.com
>>> http://lists.xymon.com/mailman/listinfo/xymon
>>
>>>
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Xymon mailing list
>>Xymon at xymon.com
>>http://lists.xymon.com/mailman/listinfo/xymon
>
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.





More information about the Xymon mailing list