Cacti - 1.2.19 - Not able to create graph - whitelist validation failed, check data input methods
Moderators: Developers, Moderators
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: Cacti - 1.2.19 - Not able to create graph - whitelist validation failed, check data input methods
Well, since 1.2.16 we've been having quality issues. With 1.2.21 we have them all just about knocked out. PHP7.3+ is essential now though.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: Cacti - 1.2.19 - Not able to create graph - whitelist validation failed, check data input methods
Got it working again!
But I'm not too sure how to explain why it was fixed...
I've noticed 8 scripts validated in the whitelist (likely provided by default):
And those are exactly matching the ones shown in the webUI (Console > Data Input Methods).
However, logs were still complaining about a script not being validated whenever I create a new graph:
That reminded me I've build a template referring to a jolokia_mem.xml file in script_queries which itself points to a bash script:
The validation script does not talk about that one.
And therefore, it is not in the whitelist indeed!
First, I've tried to add an explicit new Data Input Methods so the validation script will see it: bash <path_cacti>/scripts/query_jolokia.sh.
But as it turns out, I could not create this entry! The 'create button' becomes grey after clicking, but nothing else is happening (no debug log either)...
Then, I've just decided to try to re-import the related template.
Which apparently does not update much else than a typo:
Unexpectedly, I could create any graph after that step!
Despite the WARNING still present in the logs:
I'm not sure where is this typo from (I've made those template long ago), and I still has to figure how this impact the whitelist...
But, hopefully, it seems like my problem could be very localized and unlikely to happen to other users.
REM: I've never took time to share this Jolokia template on the forum because it requires an heavy setup on the JVM sides.
But I might reconsider because it turns out to be really useful for us.
But I'm not too sure how to explain why it was fixed...
I've noticed 8 scripts validated in the whitelist (likely provided by default):
Code: Select all
{
"274f4685461170b9eb1b98d22567ab5e": "<path_cacti>/scripts/diskfree.sh <partition>"
"95ed0993eb3095f9920d431ac80f4231": "perl <path_cacti>/scripts/loadavg_multi.pl",
"79a284e136bb6b061c6f96ec219ac448": "perl <path_cacti>/scripts/unix_users.pl <username>",
"362e6d4768937c4f899dd21b91ef0ff8": "perl <path_cacti>/scripts/linux_memory.pl <grepstr>",
"a637359e0a4287ba43048a5fdf202066": "perl <path_cacti>/scripts/unix_processes.pl",
"47d6bfe8be57a45171afd678920bd399": "perl <path_cacti>/scripts/unix_tcp_connections.pl <grepstr>",
"cc948e4de13f32b6aea45abaadd287a3": "perl <path_cacti>/scripts/webhits.pl <log_path>",
"8bd153aeb06e3ff89efc73f35849a7a0": "perl <path_cacti>/scripts/ping.pl <ip>"
}
However, logs were still complaining about a script not being validated whenever I create a new graph:
Code: Select all
CMDPHP WARNING: Data input script not found in input whitelist file: /etc/cacti/input_whitelist.json
Code: Select all
<interface>
<name>Jolokia Memory Pools</name>
<description>Query monitorable JVM</description>
<script_path>bash |path_cacti|/scripts/query_jolokia.sh</script_path>
<arg_prepend>|host_hostname|</arg_prepend>
...
And therefore, it is not in the whitelist indeed!
First, I've tried to add an explicit new Data Input Methods so the validation script will see it: bash <path_cacti>/scripts/query_jolokia.sh.
But as it turns out, I could not create this entry! The 'create button' becomes grey after clicking, but nothing else is happening (no debug log either)...
Then, I've just decided to try to re-import the related template.
Which apparently does not update much else than a typo:
Code: Select all
...
Data Input Method
[preview] Get SNMP Data [updated]
Table: data_input_fields, Column: name, New Value: SNMP Authentication Protocol (v3), Old Value: SNMP Authenticaion Protocol (v3)
[preview] Unix - Get System Processes [unchanged]
[preview] Get SNMP Data (Indexed) [updated]
Table: data_input_fields, Column: name, New Value: SNMP Authentication Protocol (v3), Old Value: SNMP Authenticaion Protocol (v3)
[preview] Get Script Data (Indexed) [unchanged]
...
Despite the WARNING still present in the logs:
Code: Select all
CMDPHP WARNING: Data input script not found in input whitelist file: /etc/cacti/input_whitelist.json
But, hopefully, it seems like my problem could be very localized and unlikely to happen to other users.
REM: I've never took time to share this Jolokia template on the forum because it requires an heavy setup on the JVM sides.
But I might reconsider because it turns out to be really useful for us.
Re: Cacti - 1.2.19 - Not able to create graph - whitelist validation failed, check data input methods
A bit more findings:
- I've rolled back my data (before re-importing the template);
- I can not create a graph (whitelist validation error);
- Manually updated the DB data_input_fields to replace Authenticaion by Authentication;
- Import the template (only 'unchanged' items in the logs now);
- I can create graphs again: the problem is fixed anyway.
Thus, it might has nothing to do with the typo after all.
I guess it's said somewhere that templates needs to be re-imported after a certain upgrade...
- I've rolled back my data (before re-importing the template);
- I can not create a graph (whitelist validation error);
- Manually updated the DB data_input_fields to replace Authenticaion by Authentication;
- Import the template (only 'unchanged' items in the logs now);
- I can create graphs again: the problem is fixed anyway.
Thus, it might has nothing to do with the typo after all.
I guess it's said somewhere that templates needs to be re-imported after a certain upgrade...
Re: Cacti - 1.2.19 - Not able to create graph - whitelist validation failed, check data input methods
This submit issue was related to our WAF: RCE detected :-ptsy wrote: ↑Fri Jun 10, 2022 4:42 am ...
First, I've tried to add an explicit new Data Input Methods so the validation script will see it: bash <path_cacti>/scripts/query_jolokia.sh.
But as it turns out, I could not create this entry! The 'create button' becomes grey after clicking, but nothing else is happening (no debug log either)...
...
Nothing wrong with Cacti.
Who is online
Users browsing this forum: No registered users and 1 guest