check_yum issue

Terry td3201 at gmail.com
Fri Jun 11 00:10:21 CEST 2010
Previous message: check_yum issue
Next message: upgrade from 3.0.6 to 3.2.1 using rpmforge (yum)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, Jun 5, 2010 at 9:02 AM, Kevin Keane <subscription at kkeane.com> wrote:
> You would probably want to use sudo. Instead of having NRPE call check_yum directly, have it call sudo check_yum, and add check_yum for the Nagios user to your sudoers (make sure to not require a password, of course!)
>
> Be sure to keep the sudoers entry as restrictive as possible, or you may open a security hole.
>
> -----Original Message-----
> From: Terry [mailto:td3201 at gmail.com]
> Sent: Thursday, June 03, 2010 11:40 AM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] check_yum issue
>
> On Thu, Jun 3, 2010 at 1:28 PM, Terry <td3201 at gmail.com> wrote:
>> Hello,
>>
>> I am trying to use check_yum:
>> http://exchange.nagios.org/directory/Plugins/Uncategorized/Operating-S
>> ystems/Linux/Check_Yum/details
>>
>> It works great from the command line:
>> [root at foo ~]# yum --security check-update Loaded plugins: dellsysid,
>> rhnplugin, security Limiting package lists to security relevant ones
>> Needed 4 of 11 packages, for security
>>
>> rhn-check.noarch
>>                         0.4.20-33.el5_5.2
>>                                             rhel-x86_64-server-5
>> rhn-client-tools.noarch
>>                         0.4.20-33.el5_5.2
>>                                             rhel-x86_64-server-5
>> rhn-setup.noarch
>>                         0.4.20-33.el5_5.2
>>                                             rhel-x86_64-server-5
>> rhn-setup-gnome.noarch
>>                         0.4.20-33.el5_5.2
>>                                             rhel-x86_64-server-5
>> [root at foo ~]# /usr/lib64/nagios/plugins/check_yum
>> YUM CRITICAL: 4 Security Updates Available. 7 Non-Security Updates
>> Available [root at foo ~]# echo $?
>> 2
>>
>> It returns this from nagios:
>> [root at foo ~]# /usr/lib64/nagios/plugins/check_nrpe -H 10.0.0.2 -t 50
>> -c check_yum YUM OK: 0 Security Updates Available
>>
>> Here's my NRPE configuration:
>> [root at bar ~]# cat /etc/nagios/nrpe.cfg | grep check_yum
>>        command[check_yum]=/usr/lib64/nagios/plugins/check_yum
>>
>> What am I missing here?
>>
>
> I think I fail here.  This is a permissions issue as noted in the
> description of the plugin.    Anyone doing something similar?  If so,
> how is your solution architected?
>
> Thanks!
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>

I think I did one better, maybe.  I am having nagios call check_by_ssh
which uses a key that is specific for this command.  On the remote
side, I am configuring the authorized_hosts such as this:
command="/usr/lib/nagios/plugins/check_yum" ssh-rsa AA.....

The only thing this key can do is call check_yum on the remote end.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: check_yum issue
Next message: upgrade from 3.0.6 to 3.2.1 using rpmforge (yum)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list