NRPE permissions problem

Thomas Stearn tom at edispatches.com
Wed May 13 14:17:15 CEST 2009

Previous message: hostgroup view problem - PROBLEM SOLVED
Next message: NRPE permissions problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a Nagios server 3.0.6 running on Ubuntu 8.04 Server.  It is
monitoring all things fine on multiple targets except the one below.

On a certain target, I am trying to monitor my /var/log/auth.log file for
bad activity, such as failed password attempts, or attempts to login as
invalid users, etc.

I am trying to do this via the check_log plugin via nrpe, but, I get a "Log
check error: Log file /var/log/auth.log is not readable!" when the server
checks on it.

The easiest way I have to reproduce the error is the following manually
executed command from the host server:
/usr/local/nagios/libexec/check_nrpe -H target -c check_badpw

I know that it means that the file cannot be opened during the check, but, I
don't understand why.

ls -l of /var/log/auth.log:
-rw-r----- 1 syslog adm 1590863 2009-05-12 10:47 /var/log/auth.log

In /etc/groups, I have added the "nagios" user to the adm group, so I would
think it should work.

Further, if I am logged in as root on the target, and do "su - nagios", I
can read /var/log/auth.log

Further, if I "chmod o+r /var/log/auth.log", the command executes properly.

Additionally, when I am logged into the target as root, and su to nagios and
execute the command as defined in nrpe.cfg:
/usr/local/nagios/libexec/check_log -F /var/log/auth.log -O
/usr/local/nagios/auth.badpasswords.log -q ": Failed password for"
it works fine.

So, I know it will work if I loosen the permissions on /var/log/auth.log,
but, I'd prefer to keep them as tight as possible.

When I am logged into the target as nagios and execute "id", I get,
uid=5308(nagios) gid=5309(nagios) groups=4(adm),5309(nagios)

When I embed "id" into the check_log script, I get:
uid=5308(nagios) gid=5309(nagios)

so, it would seem that it does not inherit the groups as I would assume it
would.

More configuration information:
nrpe runs under xinetd on the target:
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1 x.x.x.226
}

How can I determine why the check_nrpe command does not allow for reading of
the /var/log/auth.log file on the target machine?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090513/25a0a384/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: hostgroup view problem - PROBLEM SOLVED
Next message: NRPE permissions problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list