*From:* Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of *Asif Iqbal
*Sent:* Thursday, May 21, 2015 9:47 AM
*To:* J.C. Cleaver
*Cc:* Xymon Mailing List; Cortes, Manny
*Subject:* Re: [Xymon] Need help with upgrade from 4.3.17 to 4.3.20
On Wed, May 20, 2015 at 10:36 PM, J.C. Cleaver <user-87556346d4af@xymon.invalid>
wrote:
On Wed, May 20, 2015 8:10 am, Asif Iqbal wrote:
On Tue, May 19, 2015 at 6:39 PM, J.C. Cleaver <user-87556346d4af@xymon.invalid>
wrote:
On Tue, May 19, 2015 12:04 pm, Asif Iqbal wrote:
On Tue, May 19, 2015 at 2:06 PM, J.C. Cleaver <user-87556346d4af@xymon.invalid
wrote:
Hmm. So far, the only way I've been able to reproduce this is by
replacing
the ScriptAlias directives with mere Alias's in the xymon.conf apache
config.
I am using the config, as is, that came as xymon-apache.conf with the
source 4.3.20
Has there been any change in the path you've used for the CGI
directory
since the previous version, or is there any chance that another Alias
line
xymon and xymon-client debian version 4.3.17 has been removed, so no
more xymon in /usr/lib/xymon
On Tue, May 19, 2015 10:37 am, Cortes, Manny wrote:
Having the same problem after installing 4.3.20 on both Ubuntu
server
14.04 and 15.04.
Thanks,
Can you send a copy of the previous and current xymon.conf configs?
Here is the current config
/etc/apache2/sites-enabled$ egrep -v "^$|^#" xymon-apache.conf
Alias /xymon/ "/var/lib/xymon/server/www/"
<Directory "/var/lib/xymon/server/www">
Options Indexes FollowSymLinks Includes MultiViews
<IfModule mod_authz_core.c>
# Apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
</Directory>
ScriptAlias /xymon-cgi/ "/var/lib/xymon/cgi-bin/"
<Directory "/var/lib/xymon/cgi-bin">
AllowOverride None
Options ExecCGI FollowSymLinks Includes
<IfModule mod_authz_core.c>
# Apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
</Directory>
ScriptAlias /xymon-seccgi/ "/var/lib/xymon/cgi-secure/"
<Directory "/var/lib/xymon/cgi-secure">
AllowOverride None
Options ExecCGI FollowSymLinks Includes
<IfModule mod_authz_core.c>
# Apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
# Password file where users with access to these scripts are kept.
# Create it with "htpasswd -c /var/lib/xymon/server/etc/xymonpasswd
USERNAME"
# Add more users / change passwords with "htpasswd
/var/lib/xymon/server/etc/xymonpasswd USERNAME"
#
# You can also use a group file to restrict admin access to members
of
a
# group, instead of anyone who is logged in. In that case you must
setup
# the "xymongroups" file, and change the "Require" settings to
require
# a specific group membership. See the Apache docs for more details.
AuthUserFile /var/lib/xymon/server/etc/xymonpasswd
AuthGroupFile /var/lib/xymon/server/etc/xymongroups
AuthType Basic
AuthName "Xymon Administration"
# "valid-user" restricts access to anyone who is logged in.
Require valid-user
# "group admins" restricts access to users who have logged in, AND
# are members of the "admins" group in xymongroups.
# Require group admins
</Directory>
RewriteEngine On
RewriteRule ^/xymon/bb.html /xymon/xymon.html [R=permanent,L]
RewriteRule ^/xymon/bb2.html /xymon/nongreen.html [R=permanent,L]
RewriteRule ^/xymon/bbnk.html /xymon/critical.html [R=permanent,L]
RewriteRule ^/xymon-cgi/bb-hist.sh /xymon-cgi/history.sh [R=permanent,L]
RewriteRule ^/xymon-cgi/bb-eventlog.sh /xymon-cgi/eventlog.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-rep.sh /xymon-cgi/report.sh [R=permanent,L]
RewriteRule ^/xymon-cgi/bb-replog.sh /xymon-cgi/reportlog.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-snapshot.sh /xymon-cgi/snapshot.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-findhost.sh /xymon-cgi/findhost.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-csvinfo.sh /xymon-cgi/csvinfo.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbitcolumn.sh /xymon-cgi/columndoc.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-datepage.sh /xymon-cgi/datepage.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbitgraph.sh /xymon-cgi/showgraph.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-hostsvc.sh /xymon-cgi/svcstatus.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/bb-histlog.sh /xymon-cgi/historylog.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-confreport.sh /xymon-cgi/confreport.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-confreport-critical.sh
/xymon-cgi/confreport-critical.sh [R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-nkview.sh /xymon-cgi/criticalview.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-certreport.sh /xymon-cgi/certreport.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-nongreen.sh /xymon-cgi/nongreen.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-hostgraphs.sh /xymon-cgi/hostgraphs.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-ghosts.sh /xymon-cgi/ghostlist.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-notifylog.sh /xymon-cgi/notifications.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-hostlist.sh /xymon-cgi/hostlist.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-perfdata.sh /xymon-cgi/perfdata.sh
[R=permanent,L]
RewriteRule ^/xymon-cgi/hobbit-topchanges.sh /xymon-cgi/topchanges.sh
[R=permanent,L]
RewriteRule ^/xymon-seccgi/bb-ack.sh /xymon-seccgi/acknowledge.sh
[R=permanent,L]
RewriteRule ^/xymon-seccgi/hobbit-enadis.sh /xymon-seccgi/enadis.sh
[R=permanent,L]
RewriteRule ^/xymon-seccgi/hobbit-nkedit.sh
/xymon-seccgi/criticaleditor.sh
[R=permanent,L]
RewriteRule ^/xymon-seccgi/hobbit-ackinfo.sh /xymon-seccgi/ackinfo.sh
[R=permanent,L]
RewriteRule ^/xymon-seccgi/hobbit-useradm.sh /xymon-seccgi/useradm.sh
[R=permanent,L]
I do not have any old config as I removed the old install
I'm really not sure what to make of this. Everything in the apache
config
looks to be correct; I can't see at all why apache would fail to execute
the CGI vs simply sending you the file.
Can you try two experiments?
First, replace one of the .sh files with a symlink (instead of a hard
link) to the cgiwrap binary. I'd like to see if we can rule out the
hardlink itself being the problem.
I did that and still seeing the same garbage when click a column
/var/lib/xymon/cgi-bin$ ls -al svcstatus.sh
lrwxrwxrwx 1 root root 21 May 21 10:29 svcstatus.sh ->
../server/bin/cgiwrap
So that did not make any difference
Second, can you compare to the xymon-apache.conf with the
xymon-apache-secure.conf.DIST file in the build directory to see if there
were any unexpected changes?
I see the two files look identical. The conf file was not under build dir.
$ diff -u /etc/apache2/sites-enabled/xymon-apache.conf
xymon-4.3.20/xymond/etcfiles/xymon-apache-secure.DIST
--- /etc/apache2/sites-enabled/xymon-apache.conf 2015-05-21
10:25:08.174803811 -0400
+++ xymon-4.3.20/xymond/etcfiles/xymon-apache-secure.DIST
2015-03-13 02:15:38.000000000 -0400
@@ -2,17 +2,17 @@
#
# Add this to your Apache configuration, it makes
# the Xymon webpages and cgi-scripts available in the
-# "/xymon" and "/xymon-cgi" URLs.
+# "@XYMONHOSTURL@" and "@XYMONCGIURL@" URLs.
# NB: The "Alias" line below must NOT be used if you have
# the Xymon webfiles as the root URL. In that case,
# you should instead set this:
#
-# DocumentRoot /var/lib/xymon/server/www
+# DocumentRoot @INSTALLWWWDIR@
-Alias /xymon/ "/var/lib/xymon/server/www/"
-<Directory "/var/lib/xymon/server/www">
+Alias @XYMONHOSTURL@/ "@INSTALLWWWDIR@/"
+<Directory "@INSTALLWWWDIR@">
Options Indexes FollowSymLinks Includes MultiViews
<IfModule mod_authz_core.c>
# Apache 2.4+
@@ -24,9 +24,8 @@
</IfModule>
</Directory>
-ScriptAlias /xymon-cgi/ "/var/lib/xymon/cgi-bin/"
-<Directory "/var/lib/xymon/cgi-bin">
-SetHandler cgi-script
+ScriptAlias @XYMONCGIURL@/ "@CGIDIR@/"
+<Directory "@CGIDIR@">
AllowOverride None
Options ExecCGI FollowSymLinks Includes
<IfModule mod_authz_core.c>
@@ -39,9 +38,8 @@
</IfModule>
</Directory>
-ScriptAlias /xymon-seccgi/ "/var/lib/xymon/cgi-secure/"
-<Directory "/var/lib/xymon/cgi-secure">
-SetHandler cgi-script
+ScriptAlias @SECUREXYMONCGIURL@/ "@SECURECGIDIR@/"
+<Directory "@SECURECGIDIR@">
AllowOverride None
Options ExecCGI FollowSymLinks Includes
<IfModule mod_authz_core.c>
@@ -54,16 +52,16 @@
</IfModule>
# Password file where users with access to these scripts are kept.
- # Create it with "htpasswd -c /var/lib/xymon/server/etc/xymonpasswd
USERNAME"
- # Add more users / change passwords with "htpasswd
/var/lib/xymon/server/etc/xymonpasswd USERNAME"
+ # Create it with "htpasswd -c @INSTALLETCDIR@/xymonpasswd USERNAME"
+ # Add more users / change passwords with "htpasswd @INSTALLETCDIR@/xymonpasswd
USERNAME"
#
# You can also use a group file to restrict admin access to members
of a
# group, instead of anyone who is logged in. In that case you must
setup
# the "xymongroups" file, and change the "Require" settings to require
# a specific group membership. See the Apache docs for more details.
- AuthUserFile /var/lib/xymon/server/etc/xymonpasswd
- AuthGroupFile /var/lib/xymon/server/etc/xymongroups
+ AuthUserFile @INSTALLETCDIR@/xymonpasswd
+ AuthGroupFile @INSTALLETCDIR@/xymongroups
AuthType Basic
AuthName "Xymon Administration"
@@ -79,37 +77,37 @@
# Rewrite-rules for migrating from the URL's used in Hobbit
RewriteEngine On
-RewriteRule ^/xymon/bb.html /xymon/xymon.html [R=permanent,L]
-RewriteRule ^/xymon/bb2.html /xymon/nongreen.html [R=permanent,L]
-RewriteRule ^/xymon/bbnk.html /xymon/critical.html [R=permanent,L]
• -RewriteRule ^/xymon-cgi/bb-hist.sh /xymon-cgi/history.sh [R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-eventlog.sh /xymon-cgi/eventlog.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-rep.sh /xymon-cgi/report.sh [R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-replog.sh /xymon-cgi/reportlog.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-snapshot.sh /xymon-cgi/snapshot.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-findhost.sh /xymon-cgi/findhost.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-csvinfo.sh /xymon-cgi/csvinfo.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbitcolumn.sh /xymon-cgi/columndoc.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-datepage.sh /xymon-cgi/datepage.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbitgraph.sh /xymon-cgi/showgraph.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-hostsvc.sh /xymon-cgi/svcstatus.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/bb-histlog.sh /xymon-cgi/historylog.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-confreport.sh /xymon-cgi/confreport.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-confreport-critical.sh
/xymon-cgi/confreport-critical.sh [R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-nkview.sh /xymon-cgi/criticalview.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-certreport.sh /xymon-cgi/certreport.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-nongreen.sh /xymon-cgi/nongreen.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-hostgraphs.sh /xymon-cgi/hostgraphs.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-ghosts.sh /xymon-cgi/ghostlist.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-notifylog.sh /xymon-cgi/notifications.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-hostlist.sh /xymon-cgi/hostlist.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-perfdata.sh /xymon-cgi/perfdata.sh
[R=permanent,L]
-RewriteRule ^/xymon-cgi/hobbit-topchanges.sh /xymon-cgi/topchanges.sh
[R=permanent,L]
• -RewriteRule ^/xymon-seccgi/bb-ack.sh /xymon-seccgi/acknowledge.sh
[R=permanent,L]
-RewriteRule ^/xymon-seccgi/hobbit-enadis.sh /xymon-seccgi/enadis.sh
[R=permanent,L]
-RewriteRule ^/xymon-seccgi/hobbit-nkedit.sh
/xymon-seccgi/criticaleditor.sh [R=permanent,L]
-RewriteRule ^/xymon-seccgi/hobbit-ackinfo.sh /xymon-seccgi/ackinfo.sh
[R=permanent,L]
-RewriteRule ^/xymon-seccgi/hobbit-useradm.sh /xymon-seccgi/useradm.sh
[R=permanent,L]
+RewriteRule ^@XYMONHOSTURL@/bb.html @XYMONHOSTURL@/xymon.html
[R=permanent,L]
+RewriteRule ^@XYMONHOSTURL@/bb2.html @XYMONHOSTURL@/nongreen.html
[R=permanent,L]
+RewriteRule ^@XYMONHOSTURL@/bbnk.html @XYMONHOSTURL@/critical.html
[R=permanent,L]
• +RewriteRule ^@XYMONCGIURL@/bb-hist.sh @XYMONCGIURL@/history.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-eventlog.sh @XYMONCGIURL@/eventlog.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-rep.sh @XYMONCGIURL@/report.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-replog.sh @XYMONCGIURL@/reportlog.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-snapshot.sh @XYMONCGIURL@/snapshot.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-findhost.sh @XYMONCGIURL@/findhost.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-csvinfo.sh @XYMONCGIURL@/csvinfo.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbitcolumn.sh @XYMONCGIURL@/columndoc.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-datepage.sh @XYMONCGIURL@/datepage.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbitgraph.sh @XYMONCGIURL@/showgraph.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-hostsvc.sh @XYMONCGIURL@/svcstatus.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/bb-histlog.sh @XYMONCGIURL@/historylog.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-confreport.sh @XYMONCGIURL@/confreport.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-confreport-critical.sh @XYMONCGIURL@/confreport-critical.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-nkview.sh @XYMONCGIURL@/criticalview.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-certreport.sh @XYMONCGIURL@/certreport.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-nongreen.sh @XYMONCGIURL@/nongreen.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-hostgraphs.sh @XYMONCGIURL@/hostgraphs.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-ghosts.sh @XYMONCGIURL@/ghostlist.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-notifylog.sh @XYMONCGIURL@/notifications.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-hostlist.sh @XYMONCGIURL@/hostlist.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-perfdata.sh @XYMONCGIURL@/perfdata.sh
[R=permanent,L]
+RewriteRule ^@XYMONCGIURL@/hobbit-topchanges.sh @XYMONCGIURL@/topchanges.sh
[R=permanent,L]
• +RewriteRule ^@SECUREXYMONCGIURL@/bb-ack.sh @SECUREXYMONCGIURL@/acknowledge.sh
[R=permanent,L]
+RewriteRule ^@SECUREXYMONCGIURL@/hobbit-enadis.sh @SECUREXYMONCGIURL@/enadis.sh
[R=permanent,L]
+RewriteRule ^@SECUREXYMONCGIURL@/hobbit-nkedit.sh @SECUREXYMONCGIURL@/criticaleditor.sh
[R=permanent,L]
+RewriteRule ^@SECUREXYMONCGIURL@/hobbit-ackinfo.sh @SECUREXYMONCGIURL@/ackinfo.sh
[R=permanent,L]
+RewriteRule ^@SECUREXYMONCGIURL@/hobbit-useradm.sh @SECUREXYMONCGIURL@/useradm.sh
[R=permanent,L]
Are there any other files in apache's /conf.d/ directory that might be
taking precedence here?
Here are the conf files that are active
/etc/apache2/conf-enabled$ ls -al
total 8
drwxr-xr-x 2 root root 4096 May 19 10:27 .
drwxr-xr-x 8 root root 4096 May 19 10:12 ..
lrwxrwxrwx 1 root root 34 May 19 10:14 apache2-doc.conf ->
../conf-available/apache2-doc.conf
lrwxrwxrwx 1 root root 30 May 19 10:12 charset.conf ->
../conf-available/charset.conf
lrwxrwxrwx 1 root root 44 May 19 10:12 localized-error-pages.conf ->
../conf-available/localized-error-pages.conf
lrwxrwxrwx 1 root root 46 May 19 10:12 other-vhosts-access-log.conf ->
../conf-available/other-vhosts-access-log.conf
lrwxrwxrwx 1 root root 31 May 19 10:12 security.conf ->
../conf-available/security.conf
lrwxrwxrwx 1 root root 36 May 19 10:12 serve-cgi-bin.conf ->
../conf-available/serve-cgi-bin.conf
/etc/apache2/conf-enabled$ egrep -v "^$|^#|^ *#" apache2-doc.conf
Alias /manual /usr/share/doc/apache2-doc/manual/
<Directory "/usr/share/doc/apache2-doc/manual/">
Options Indexes FollowSymlinks
AllowOverride None
Require all granted
AddDefaultCharset off
</Directory>
/etc/apache2/conf-enabled$ egrep -v "^$|^#|^ *#" charset.conf
/etc/apache2/conf-enabled$ egrep -v "^$|^#|^ *#"
localized-error-pages.conf
/etc/apache2/conf-enabled$ egrep -v "^$|^#|^ *#"
other-vhosts-access-log.conf
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
/etc/apache2/conf-enabled$ egrep -v "^$|^#|^ *#" security.conf
ServerTokens OS
ServerSignature On
TraceEnable Off
/etc/apache2/conf-enabled$ egrep -v "^$|^#|^ *#" serve-cgi-bin.conf
<IfModule mod_alias.c>
<IfModule mod_cgi.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>
<IfModule mod_cgid.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>
<IfDefine ENABLE_USR_LIB_CGI_BIN>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews
+SymLinksIfOwnerMatch
Require all granted
</Directory>
</IfDefine>
</IfModule>
/etc/apache2/conf-enabled$
-jc
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
This communication is the property of CenturyLink and may contain
confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have
received this communication in error, please immediately notify the sender
by reply e-mail and destroy all copies of the communication and any
attachments.