Activity log for bug #1879524

Date Who What changed Old value New value Message
2020-05-19 15:54:51 Gábor Mészáros bug added bug
2020-05-19 16:02:05 Gábor Mészáros description /var/lib/rabbitmq/ rabbitmq:rabbitmq /var/lib/rabbitmq/data root:root 027 umask: rwxr-x--- so the /usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg) 1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq? 2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others. The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group. /var/lib/rabbitmq/ rabbitmq:rabbitmq /var/lib/rabbitmq/data root:root 027 umask: rwxr-x--- so the /usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg) 1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq? 2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others. The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group. 3.) also cron.d/rabbitmq-stats is owned by root:root, which updates the stats file. It probably should be run as rabbitmq, not as root.
2020-05-19 16:03:21 Ian Johnson bug added subscriber Ian Johnson
2020-05-20 10:05:21 Gábor Mészáros description /var/lib/rabbitmq/ rabbitmq:rabbitmq /var/lib/rabbitmq/data root:root 027 umask: rwxr-x--- so the /usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg) 1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq? 2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others. The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group. 3.) also cron.d/rabbitmq-stats is owned by root:root, which updates the stats file. It probably should be run as rabbitmq, not as root. /var/lib/rabbitmq/ rabbitmq:rabbitmq /var/lib/rabbitmq/data root:root 027 umask: rwxr-x--- so the /usr/local/lib/nagios/plugins/check_rabbitmq_queues.py -c \* \* 100 200 /var/lib/rabbitmq/data/juju*_queue_stats.dat check fails (/etc/nagios/nrpe.d/check_rabbitmq_queue.cfg) 1.) why data is owned by root:root, when rabbitmq's home folder (/var/lib/rabbitmq) is owned by rabbitmq:rabbitmq? 2.) when running CIS, that sets the umask to 027. This breaks the ability to read the stats by others. The /var/lib/rabbitmq/data folder + stats should not be owned by root (along with possibly the /var/lib/rabbitmq/logs folder), but by the rabbitmq user. But that still would not allow nagios to read the stats file, maybe by adding nagios to the rabbitmq group. update: this is not required: 3.) also cron.d/rabbitmq-stats is owned by root:root, which updates the stats file. It probably should be run as rabbitmq, not as root. workaround: chown -R rabbitmq:rabbitmq /var/lib/rabbitmq; usermod -aG rabbitmq nagios; vim /etc/cron.d/rabbitmq-stats and replace root with rabbitmq. systemctl restart nagios-nrpe-server.service
2020-06-11 10:14:12 Arif Ali bug added subscriber Arif Ali
2020-07-23 06:53:53 James Page charm-rabbitmq-server: status New Triaged
2020-07-23 06:53:55 James Page charm-rabbitmq-server: importance Undecided Medium
2022-10-04 11:07:51 Przemyslaw Hausman tags cis-hardening
2022-10-04 15:04:35 DUFOUR Olivier charm-rabbitmq-server: assignee DUFOUR Olivier (odufourc)
2022-10-05 01:20:41 OpenStack Infra charm-rabbitmq-server: status Triaged In Progress
2022-10-05 01:39:02 Nobuto Murata bug added subscriber Nobuto Murata
2022-10-05 01:39:15 Nobuto Murata bug added subscriber Canonical Field Medium
2023-05-05 11:48:06 OpenStack Infra charm-rabbitmq-server: status In Progress Fix Committed
2023-09-06 14:52:02 Felipe Reyes nominated for series charm-rabbitmq-server/jammy
2023-09-06 14:52:02 Felipe Reyes bug task added charm-rabbitmq-server/jammy
2023-09-06 14:52:10 Felipe Reyes charm-rabbitmq-server/jammy: status New In Progress