check_mailq, nrpe, and root perms on client

Kevin Freels kfreels at sendmail.com
Mon Jun 15 19:59:10 CEST 2009


Greetings!!!

Errata: Nagios 3.0

I have nrpe running quite well on several clients, but I am having some
problems with running root-perm'd commands on the client via nrpe. The
critical one I need is check_mailq, which calls the standard UNIX
"mailq" command, but there are also others (check_mem, check_log)

The problem is that mailq requires root priv's to do this. Since I run
nrpe in daemon mode under the nagios user, it fails with: 

 CRITICAL: Error code 78 returned from /usr/bin/mailq

Just for sanity check, I su'd into the nagios user and tried to run it,
and it fails. I was able to get it working with sudo by adding the user
nagios to the client's sudoers with only that command, and then adding
the appropriate "sudo" in front of the check_mailq command in nrpe.cfg:

 command[check_mailq]=sudo /usr/local/nagios/libexec/check_mailq -w 50
-c 75

It also works on the client as the nagios user.

However, as sudo is designed to do, it logs every command run under it,
so I wind up getting an email for every instance the check is made.
Multiply that times several servers and services, and I am now getting
flooded with emails that are essentially unnecessary.

I also thought of:

-- running nrpe as "root" (not comfortable with that)
-- SUID on check_mailq
-- chown'ing check_mailq root:root

I'm stumped....

Any ideas are greatly appreciated! Thanks in advance!!


....k 
-=-=-=- 
Kevin Freels
Director of Information Technology
Sendmail, Inc.
kfreels at sendmail.com  510/594.5572

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list