2020-05-19 15:54:51 |
Gábor Mészáros |
bug |
|
|
added bug |
2020-05-19 16:02:05 |
Gábor Mészáros |
description |
/var/lib/rabbitmq/ rabbitmq:rabbitmq
/var/lib/rabbitmq/data root:root 027 umask: rwxr-x---
so the
/usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat
check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg)
1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq?
2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others.
The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group. |
/var/lib/rabbitmq/ rabbitmq:rabbitmq
/var/lib/rabbitmq/data root:root 027 umask: rwxr-x---
so the
/usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat
check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg)
1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq?
2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others.
The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group.
3.) also cron.d/rabbitmq-stats is owned by root:root, which updates the stats file. It probably should be run as rabbitmq, not as root. |
|
2020-05-19 16:03:21 |
Ian Johnson |
bug |
|
|
added subscriber Ian Johnson |
2020-05-20 10:05:21 |
Gábor Mészáros |
description |
/var/lib/rabbitmq/ rabbitmq:rabbitmq
/var/lib/rabbitmq/data root:root 027 umask: rwxr-x---
so the
/usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat
check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg)
1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq?
2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others.
The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group.
3.) also cron.d/rabbitmq-stats is owned by root:root, which updates the stats file. It probably should be run as rabbitmq, not as root. |
/var/lib/rabbitmq/ rabbitmq:rabbitmq
/var/lib/rabbitmq/data root:root 027 umask: rwxr-x---
so the
/usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat
check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg)
1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq?
2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others.
The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group.
update: this is not required: 3.) also cron.d/rabbitmq-stats is owned by root:root, which updates the stats file. It probably should be run as rabbitmq, not as root.
workaround: chown -R rabbitmq:rabbitmq /var/lib/rabbitmq; usermod -aG rabbitmq nagios; vim /etc/cron.d/rabbitmq-stats and replace root with rabbitmq. systemctl restart nagios-nrpe-server.service |
|
2020-06-11 10:14:12 |
Arif Ali |
bug |
|
|
added subscriber Arif Ali |
2020-07-23 06:53:53 |
James Page |
charm-rabbitmq-server: status |
New |
Triaged |
|
2020-07-23 06:53:55 |
James Page |
charm-rabbitmq-server: importance |
Undecided |
Medium |
|
2022-10-04 11:07:51 |
Przemyslaw Hausman |
tags |
|
cis-hardening |
|
2022-10-04 15:04:35 |
DUFOUR Olivier |
charm-rabbitmq-server: assignee |
|
DUFOUR Olivier (odufourc) |
|
2022-10-05 01:20:41 |
OpenStack Infra |
charm-rabbitmq-server: status |
Triaged |
In Progress |
|
2022-10-05 01:39:02 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
2022-10-05 01:39:15 |
Nobuto Murata |
bug |
|
|
added subscriber Canonical Field Medium |
2023-05-05 11:48:06 |
OpenStack Infra |
charm-rabbitmq-server: status |
In Progress |
Fix Committed |
|
2023-09-06 14:52:02 |
Felipe Reyes |
nominated for series |
|
charm-rabbitmq-server/jammy |
|
2023-09-06 14:52:02 |
Felipe Reyes |
bug task added |
|
charm-rabbitmq-server/jammy |
|
2023-09-06 14:52:10 |
Felipe Reyes |
charm-rabbitmq-server/jammy: status |
New |
In Progress |
|