Re: [Solved] Re: Nagios/OpenBSD 5.8: success anyone?
Olivier Debré free.fr> writes: [...] > I still have some minor 404 difficulties with icons and stylesheets, but > managed to correct them with some dirty directory duplication. With the help of jiri and others, I finally have a working config, compatible with nagios-4.0.8p1-chroot and nagios-web-4.0.8p1-chroot packages installed as-is, and a minor modification to /var/www/nagios/main.php. httpd.conf excerpt: lan_if= "em0" loop_if = "lo0" chroot "/var/www" default type application/octet-stream. server "nagios.siderlog-ra.fr" { listen on $lan_if port 80 listen on $loop_if port 80 root "/" directory index index.php location "/cgi-bin/nagios/*.cgi" { root { "/" } fastcgi socket "/run/slowcgi.sock" } # Fin du : location "/cgi-bin/nagios/*.cgi" { location "*.php" { root { "/nagios" } fastcgi socket "/run/php-fpm.sock" } # Fin du : location "*.php" { } diff /var/www/nagios/main.php.2016_03_01-11_00_12 /var/www/nagios/main.php 98c98 < $.get('cgi-bin/statusjson.cgi?query=programstatus', function(d) { --- > $.get('cgi-bin/nagios/statusjson.cgi?query=programstatus', function(d) { Thanks a lot everyone. Olivier Debré
[Solved] Re: Nagios/OpenBSD 5.8: success anyone?
Jiri B devio.us> writes: [...] > >location "/cgi-bin/nagios/*.cgi" { > > root "/cgi-bin/nagios/*.cgi" > ^^ seems wrong > > man httpd.conf says it should be path, so i assume wildcard > is wrong. Hello and thanks a lot, Jiri. Actually, right after posting my message, I corrected this mistake, which was transient (temporary copy/paste error). Anyway, you sent me another message, pointing at my misunderstanding of the path interpretations for the 'root' directive by slowcgi/httpd. You've got the right answer! Here are the two versions which work : Version 1 : location "/cgi-bin/nagios/*.cgi" { root "/" fastcgi socket "/run/slowcgi.sock" } Version 2 : location "/cgi-bin/nagios/*.cgi" { root { "/cgi-bin/nagios", strip 2 } fastcgi socket "/run/slowcgi.sock" } I still have some minor 404 difficulties with icons and stylesheets, but managed to correct them with some dirty directory duplication. Once again, thanks a lot for your help, Jiri. Olivier Debré
Nagios/OpenBSD 5.8: success anyone?
Hello. I've been using Nagios/OpenBSD/Apache for years, but can't make it work now on 5.8/httpd. I think this must be related with my (very) poor understanding of httpd/slowcgi/fastcgi. Symptoms: trying to access any cgi yields error 500 and lines as follows in /var/log/messages slowcgi[32405]: execve /cgi-bin/nagios/: Is a directory Setup: - OpenBSD 5.8 - packages: nagios-4.0.8p1-chroot, nagios-web-4.0.8p1-chroot, php-fpm-5.6.11p0 - /var/www/cgi-bin/nagios/ and all files inside : owner and group www, mod 555 - slowcgi daemon run without any option - excerpt from /etc/httpd.conf : lan_ip="em0" server "nagios.siderlog-ra.fr" { listen on $lan_ip port 80 root "/nagios" directory index index.php location "*.php" { root "/nagios" fastcgi socket "/run/php-fpm.sock" } location "/cgi-bin/nagios/*.cgi" { root "/cgi-bin/nagios/*.cgi" fastcgi socket "/run/slowcgi.sock" } } Any idea to what I did wrong? Thanks. Olivier Debré
sshd failure following errata 007 for 5.8
Hello everyone. Following Ted's advice regarding the use of cd-src.tar.gz (http://article.gmane.org/gmane.os.openbsd.misc/226175), for all 5.8 patches, I did so. I first had an error during 004 smtpd security fix. Never mind, I use Postfix. I then applied 007 libcrypto reliability fix. No error visible during the process, but now sshd barks: /usr/sbin/sshd:/usr/lib/libcrypto.so.35.0: undefined symbol 'EVP_mdc2' lazy binding failed! Segmentation fault (core dumped) Libcrypto-linked applications are quite numerous, to say the least. I found 45 in /usr/sbin, 15 in /usr/local/sbin/. Any idea as to what went wrong? I consider putting back the libcrypto-linked applications from base58 file set, but I'm sure there's someting better to do! Thanks. Olivier Debré
Re: sshd failure following errata 007 for 5.8
Jared Hamilton fastmail.com> writes: > > Hi Olivier, > > I ran into this same issue. I simply rebuilt ssh after applying > libcrypto patch with: > cd /usr/src/usr.bin/ssh > make obj > make depend > make > make install > > Hope that helps > > -- > Jared Thank you Jared. I did as you suggest, however : /usr/src/usr.bin/ssh # make ===> lib ===> ssh ===> sshd cc -o sshd sshd.o auth-rhosts.o auth-passwd.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o sftp-server.o sftp-common.o roaming_common.o roaming_serv.o sandbox-systrace.o -L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lutil -L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lutil -lcrypto -lutil -lz sshd.o: In function `main': sshd.c:(.text+0x414e): undefined reference to `do_authentication' monitor.o: In function `mm_answer_rsa_response': monitor.c:(.text+0x9e0): undefined reference to `auth_rsa_verify_response' monitor.o: In function `mm_answer_rsa_challenge': monitor.c:(.text+0xbd7): undefined reference to `auth_rsa_generate_challenge' monitor.o: In function `mm_answer_rsa_keyallowed': monitor.c:(.text+0xe41): undefined reference to `auth_rsa_key_allowed' monitor.o: In function `mm_answer_keyallowed': monitor.c:(.text+0x1faf): undefined reference to `auth_rhosts_rsa_key_allowed' /usr/lib/libcrypto.so.35.0: undefined reference to `ENGINE_load_rsax' /usr/lib/libcrypto.so.35.0: undefined reference to `EVP_mdc2' collect2: ld returned 1 exit status *** Error 1 in sshd (:87 'sshd') *** Error 1 in /usr/src/usr.bin/ssh (:48 'all') I'm not a developer. Maybe I should have rebuilt /usr/src with cd-src.tar.gz before? Plus, as I wrote, there are 50+ apps linked with libcrypto, and I prefer putting back all base58.tgz in place instead of rebuilding all of them. Anyway, it seems that now we are two having experienced that. Olivier
Re: Source tree
Ted Unangst tedunangst.com> writes: [...] > Use cd-src.tar.gz for all paches. > > Thanks a lot, Ted. Olivier Debré
Source tree
Hello. I'm in the process of upgrading our firewal from 5.7 to 5.8. I'm about to apply the erratas (even started to do so with 001 and 002, but now I'm doubting, given some weird error messages in the 'make' step for errata 001. I'll take care of that when I'll have a clear understanding of what's hereunder). I read errata 006 : 'The "src.tar.gz" file on the source tree was created on the wrong day, and does not match the 5.8 release builds. A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz' So, to apply all patches, including those BEFORE 006, am I supposed to: - use src.tar.gz for all patches 001-007? - use cd-src.tar.gz for all patches 001-007? - use src.tar.gz for all patches 001-005, then cd-src.tar.gz for 007? Thanks. Olivier Debré
Re: Source tree
Olivier Debré free.fr> writes: > > Hello. > > I'm in the process of upgrading our firewal from 5.7 to 5.8. > I'm about to apply the erratas (even started to do so with 001 and 002, but > now I'm > doubting, given some weird error messages in the 'make' step for errata > 001. I'll take care of that when I'll have a clear understanding of > what's hereunder). > > I read errata 006 : > 'The "src.tar.gz" file on the source tree was created on the wrong day, > and does not match the 5.8 release builds. A replacement file is > available in the 5.8 release directory with the name cd-src.tar.gz' > > So, to apply all patches, including those BEFORE 006, am I supposed to: > - use src.tar.gz for all patches 001-007? > - use cd-src.tar.gz for all patches 001-007? > - use src.tar.gz for all patches 001-005, then cd-src.tar.gz for 007? > > Thanks. > > Olivier Debré > > Okay, I think I can answer my own question (but still would appreciate external second thought). I carefully read the errata58.html Revision 1.7 commit dated Wed Oct 14 18:59:37: 'Unfortunately, and sadly, the src.tar.gz file on the offical release CD was created on the WRONG DAY, so it is from about 9 days after the release tree was tagged (and, thus after post-5.8 tree unlock, when eager developers swarm to do commits...) A replacement tgz file is being made available in the 5.8 release directory, as described in this errata...' I understand that I need to use cd-src.tar.gz for all patches 001-007. Correct? Olivier Debré