Probem with nrpe and sudo on rhel5 servers

Nicole Hähnel ml at nicole-haehnel.de
Fri Mar 7 13:41:17 CET 2008

Previous message: Probem with nrpe and sudo on rhel5 servers
Next message: Probem with nrpe and sudo on rhel5 servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hari Sekhon schrieb:
> Nicole Hähnel wrote:
>> Hi,
>>
>> I wrote a plugin to check running ipsec tunnels on our gateways.
>> The plugin needs to have access to /proc/net/ipsec_eroute, so I have to
>> run nrpe command with sudo.
>>
>> sudoers (for testing):
>> nagios          ALL=(ALL)       NOPASSWD: ALL
>>
>> nrpe.conf:
>> command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel
>> --tunnels $ARG1$
>>
>> I tested the plugin on the gateway, it works fine,
>> but with nagios I get "NRPE: Unable to read output".
>> Running the plugin without sudo, nagios has an output,
>> but 0 running tunnels.
>>
>> Looks like a problem with sudo command on rhel5 servers.
>> Any ideas
> 2 Things:
>
> 1. You cannot embed Nagios macros like $ARG1$ in nrpe unless you're 
> doing something like dont_blame_nrpe which is a bad idea according to 
> those that make it.
> 2. Have you confirmed that the nrpe user is in fact nagios and that 
> the path to the plugin is correct?
>
> -h
>
Yes, I have enabled dont_blame_nrpe, but my problem is not a security 
question.
Even if disable dont_blame_nrpe and add the count of the tunnels to 
nrpe.conf,
nagios shows "NRPE: Unable to read output".

The only way to get an output is to remove sudo command, but nagios user 
has no rights to read files in /proc.
So it's a wrong check result.

command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels 15
    [root at nagios01 objects]# /usr/lib/nagios/plugins/check_nrpe  -H xxx 
-c check_tunnel
    NRPE: Unable to read output

command[check_tunnel]=/usr/lib/nagios/plugins/check_tunnel --tunnels 15
    [root at nagios01 objects]# /usr/lib/nagios/plugins/check_nrpe  -H xxx 
-c check_tunnel
    CRITICAL - Only 0 tunnels from 15 are up an running


Nicole

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Probem with nrpe and sudo on rhel5 servers
Next message: Probem with nrpe and sudo on rhel5 servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list