[Xymon] Xymon application is not working

Siddesha Dodderi Hanumantharayappa Siddesha.Hanumantharayappa at ness.com
Mon Jun 3 16:06:58 CEST 2013


Hi Jeremy,

The information which you provided was so good, I have done the instruction provided by  the out is as follow:

[xymon at uspvldmzlx29 shanuma]$ grep -c ^ /home/xymon/server/etc/tasks.d/*
grep: /home/xymon/server/etc/tasks.d/*: No such file or directory
[xymon at uspvldmzlx29 shanuma]$ ls -l /bin/ping
-rwsr-xr-x. 1 root root 40760 Mar 22  2011 /bin/ping

Please let me know what should I do next.

Thanks,
Siddesh

From: Jeremy Laidman [mailto:jlaidman at rebel-it.com.au]
Sent: Monday, June 03, 2013 5:52 AM
To: Siddesha Dodderi Hanumantharayappa
Cc: xymon at xymon.com
Subject: Re: [Xymon] Xymon application is not working

On 1 June 2013 05:04, Siddesha Dodderi Hanumantharayappa <Siddesha.Hanumantharayappa at ness.com<mailto:Siddesha.Hanumantharayappa at ness.com>> wrote:
2013-05-31 11:59:01 Loading tasklist configuration from /home/xymon/server/etc/tasks.cfg
2013-05-31 11:59:01 Cannot open directory /home/xymon/server/etc/tasks.d

This might be important.  Make sure that the user ID under which xymond process is running has permission to access the tasks.d directory.  For example, login as or switch to the xymon user and run 'grep -c ^ /home/xymon/server/etc/tasks.d/*'.

Although I don't think it would cause the problems you're seeing.  It seems like xymond is not running, and is causing the statusboard request to time-out.  Perhaps you can check that the IP address of 161.230.144.78 is your Xymon server.

The fping error relates to the fact that accessing a socket to send a low-level packet type (ICMP=ping) requires root privileges, and the xymon user is not permitted to do so.  It's the same for regular ping and regular users.  But most UNIX systems work around this by giving the ping binary a special permission flag called "set-UID" or "set user-ID".  Sometimes "set-GID" (set-group-ID) is set instead or as well as.  This flag tells the kernel to switch to the user and/or group that owns the file being executed, and as it is owned by the root user, it switches to root's user ID for the life of the process, so that it can do low-level packet stuff.

So if you run "ls -l /bin/ping" you should find that the set-UID bit is set, indicated by an "s" in place of the "x" in the "user" permissions.  Here's mine:

-rwsr-xr-x 1 root root 38112 2011-02-18 06:48 /bin/ping*

So this "s" means it's executable AND set-UID for the "root" user.

If you do the same thing for fping, you'll find it has an "x" instead of an "s", meaning it's executable, but without any special switch-user magic capability.  You can add the setuid flag with this command (run as root or under sudo):

chmod u+s /usr/local/sbin/fping

Before you do this, you should make sure that the fping binary is not writeable by non-root users.  If it is, then a non-root user can replace the contents of the file with their own, and they get to run it as root and then take over your machine.  Perhaps you could do something like (as root/sudo): "chmod ugo-w /usr/local/sbin/fping".  This will ensure that nobody has "write" permissions on the file.  Then check with "ls -l" and then, set the setuid flag.

If you're not sure about these permissions, check with your local security-aware sysadmin.

J

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by forwarding this email to MailAdmin at ness.com and then delete it from your system. Ness technologies is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130603/b888e996/attachment.html>


More information about the Xymon mailing list