Bug: default agent group becomes set to invalid value causing ACL violations

Advanced troubleshooting

Bug: default agent group becomes set to invalid value causing ACL violations

Posted by Cursorkeys on December 9, 2016 at 17:13

This was an interesting one and I can replicate it.

1. Perform recon task with preset ‘basic monitoring’.
2. Chose newly added agent and attempt to click-to-edit the ‘host alive’ or ‘host latency’ module. Observe agent group is shown as a blank space on agent overview screen.
3. URL is diplayed similar to ‘http://192.168.100.10/pandora_console/index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente=68&tab=module&edit_module=1&id_agent_module=173’ but a blank grey screen is shown.
4. Close browser tab and reopen portal. Observe event display shows:

ACL Violation Attempt to access agent manager

5. Edit the agent and change the group to a value (e.g. ‘servers’).
6. Observe you can now edit the modules without errors.

This looks like the default group that the ‘basic monitoring’ scheme adds is some sort of invalid value that causes a spurious ACL violation?

I hope this report is of help.

Cursorkeys replied 8 years, 1 month ago 2 Members · 6 Replies
6 Replies

antonio

Member
December 12, 2016 at 15:49

0 Karma points

Community rank: Tentacle noob

Like it
Up
0
Down
Drop it
::
Hello Cursorkeys,

It looks like the problem is the recon task allows to create agents on the “All” group. I think if you check the database, you would see an ID 0 on the group parameter, but you can’t actually assign an agent to the “all” group.
I’ll raise an internal ticket to resolve this little issue, the solution will be to NOT allow the recon task to assign ID 0 to the new created agents.

Thanks for the report!

Kind regards,
Antonio.
Cursorkeys

Member
December 13, 2016 at 13:03

0 Karma points

Community rank: Tentacle noob

Like it
Up
0
Down
Drop it
::
Hi Antonio,

Thank you very much for the quick response.

You are correct, ‘id_grupo’ in table ‘tagente’ is 0 on the problem agents. A quick UPDATE to 10 (unknown) has resolved the remaining problem agents without any more clicking 🙂

Is it possible to put in a feature request that ACL violations cause an error message rather than just a grey screen too?

Many thanks,

Jon
antonio

Member
December 13, 2016 at 13:54

0 Karma points

Community rank: Tentacle noob

Like it
Up
0
Down
Drop it
::
Hello Jon,

Thanks for your contribution.
The ACL violation should actually show a warning message like this:

Regards,
Antonio.
Cursorkeys

Member
December 13, 2016 at 15:05

0 Karma points

Community rank: Tentacle noob

Like it
Up
0
Down
Drop it
::
Hi Antonio,

That’s interesting. What I see is:

I’ll try to debug further!
antonio

Member
December 13, 2016 at 15:44

0 Karma points

Community rank: Tentacle noob

Like it
Up
0
Down
Drop it
::
It should be displayed right over that grey screen. Maybe something is preventing it to appear, could it be ADblock? Not sure tho, since I use it too and can’t see the same problem.

Let us know if you find something!

Kind regards,
Antonio.
Cursorkeys

Member
January 11, 2017 at 18:03

0 Karma points

Community rank: Tentacle noob

Like it
Up
0
Down
Drop it
::
Hi Antonio,

Just to let you know I tried to work through this issue. I could see the AJAX call return successfully with the popup data in the network traffic but for some reason the popup wasn’t then being displayed.

I’ve just updated Chrome and now I have popups. So it looks like this was Chome misbehaving somehow.

Best regards,

Jon

Welcome to Pandora FMS Community!

Bug: default agent group becomes set to invalid value causing ACL violations

antonio

Cursorkeys

antonio

Cursorkeys

antonio

Cursorkeys