Nagios Macro Tokens accessible in NRPE check s cripts?

Andreas Ericsson ae at op5.se
Sat Aug 13 11:45:12 CEST 2005
Previous message: Nagios Macro Tokens accessible in NRPE check s cripts?
Next message: Checking disk space and graphing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ralph.Grothe at itdz-berlin.de wrote:
> On nrpe host I defined these two for testing:
> 
> command[display_env]=env|sort
> command[display_hostname]=printf '$HOSTNAME$:\t%s' $HOSTNAME
> 
> 
> 
> What I get, running these via check_nrpe from Nagios server,
> is not what I would have expected.
> 
> $ /opt/sw/nagios/libexec/check_nrpe -H evo01 -c display_env
> BASH_ENV=/root/.bashrc
> 
> 
> Wonder where BASH_ENV came from since I set up nrpe to be run
> under someone else's uid.
> Can only imagine it's been inheritted from inetd.
> 
> 
> Whereas here it seems $HOSTNAME is taken from (root's?)
> environment
> but $HOSTNAME$ in particular seems to be ignored
> (it otherwise should hold evo01, the relocatable package's
> hostname)
> 
> 
> $ /opt/sw/nagios/libexec/check_nrpe -H evo01 -c display_hostname
> $HOSTNAME$:     nemesis$
> 
> 
> I know that a processe's environment can also easily be tainted
> (that's why there's taint check mode in Perl for instance).
> So I would gather that env is deliberately redefined by nrpe
> to prevent exploits (e.g. relocationg a shared lib path etc.).
> 
> 
> So what I want isn't supported, right?
> 

NRPE has no idea of Nagios' environment variables, as it's
a) A different process
b) Run on a different host

NRPE also maintains the environment it had when it started. If you want 
the environment of another user to be inherited by NRPE, you *MUST* 
start it as that user (via 'su -' or some other mechanism).

> 
> 
> 
> 
>>-----Original Message-----
>>From: nagios-users-admin at lists.sourceforge.net
>>[mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of
>>Ralph.Grothe at itdz-berlin.de
>>Sent: Friday, August 12, 2005 3:37 PM
>>To: nagios-users at lists.sourceforge.net
>>Subject: [Nagios-users] Nagios Macro Tokens accessible in NRPE
> 
> check
> 
>>scripts?
>>
>>
>>Hello,
>>
>>it says somewhere in the docs that as of Nagios V2 check
> 
> scripts
> 
>>(plug-ins) can access the Nagios macro tokens
>>(such as $HOSTNAME$) through their environment as env vars.
>>
>>You may be wondering why I would want to get something as
>>redundant as the hostname 
>>(where the script on the remote nrpe host could simply run a
>>"uname -n" or similar, couldn't it)?
>>
>>Well, it's a bit more convoluted because what is supposed to
>>stand in $HOSTNAME$
>>is an alias for a relocatable IP address that each packet (or
>>service group,
>>depending on your cluster software's terminology) of a cluster
> 
> is
> 
>>provided with
>>(think of separate webservers or databases with their own
>>hostname and IP).
>>
>>On the other hand I want to avoid opening up for exploits by
>>allowing nrpe arguments
>>(viz. dont_blame_nrpe=1)
>>
>>I could circumvent the necessity of passed in arguments, by
>>keeping some flexibility,
>>if I had access to the macros like $HOSTNAME$.
>>
>>So is that given?
>>
>>Regards
>>
>>Ralph
>>
>>
>>-------------------------------------------------------
>>SF.Net email is Sponsored by the Better Software Conference &
> 
> EXPO
> 
>>September 19-22, 2005 * San Francisco, CA * Development 
>>Lifecycle Practices
>>Agile & Plan-Driven Development * Managing Projects & Teams * 
>>Testing & QA
>>Security * Process Improvement & Measurement * 
>>http://www.sqe.com/bsce5sf
>>_______________________________________________
>>Nagios-users mailing list
>>Nagios-users at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>::: Please include Nagios version, plugin version (-v) and OS 
>>when reporting any issue. 
>>::: Messages without supporting info will risk being sent to
> 
> /dev/null
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Nagios Macro Tokens accessible in NRPE check s cripts?
Next message: Checking disk space and graphing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list