Question

centreon-engine debian package with incorrect postinst

  • 16 September 2023
  • 1 reply
  • 55 views

Userlevel 1
Badge +6

Hello there,

 

Your postinst configuration (centreon-engine.postinst)  for the package centreon-engine have a issue that make the configuration of ssh stop to works because it change the privileges of the .ssh private keys and  config files. Theses files need to be 0600, but your script change it to 0640, which make ssh complain and generate a UNKNOW erro:

 

/usr/lib/nagios/plugins//check_by_ssh -E -H nnn.nnn.nnn.nn -p 22 -C "uptime" -vv
Command: /usr/bin/ssh
Argument 1: -p
Argument 2: 22
Argument 3: nnn.nnn.nnn.nnn
Argument 4: uptime
stderr: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
stderr: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
stderr: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
stderr: Permissions 0640 for '/var/lib/centreon-engine/.ssh/id_rsa' are too open.
stderr: It is required that your private key files are NOT accessible by others.
stderr: This private key will be ignored.
stderr: Load key "/var/lib/centreon-engine/.ssh/id_rsa": bad permissions
stderr: centreon-engine@nnn.nnn.nnn.nnn: Permission denied (publickey,password).
UNKNOWN - check_by_ssh: Remote command 'uptime' returned status 255

 

Changing the files back to the correct permisons (0600) fix the issue.

here the lines that generate the error on the postinstall file (from the actual debian package):

 

And an additional question is from where your systems get theses settings/files to include on the packages ?? I have spend several hours looking in the repository and the most “similar” file that I have found was here:

23.04 (3 months ago)

https://github.com/centreon/centreon/blob/23.04.x/centreon/packaging/debian/centreon-poller-centreon-engine.postinst

 

develop (4 months ago)

https://github.com/centreon/centreon/blob/develop/centreon/packaging/debian/centreon-poller-centreon-engine.postinst

 

but none of it has the same content that the actual debian package has. :-(


1 reply

Userlevel 6
Badge +19

Hi @supervhs we will manage this during this sprint (it starts today).

Thank you for your feedback.

Regards,

Reply