CHECK_NRPE: No output returned with check_iptables.sh script

Assaf Flatto nagios at flatto.net
Tue Jan 18 19:44:12 CET 2011

Previous message: CHECK_NRPE: No output returned with check_iptables.sh script
Next message: Weird failure-to-count error
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kaplan, Andrew H. wrote:
> Hi there --
>
>   
>>> When you run it manually - how do you do it ? check_nrpe -H <host> -c 
>>> check_iptables from the nagios server ? or local on the client ?
>>>       
>
> I have run the script on the Nagios server, and on the client system. When I ran
> the script
> on the server, the syntax I used was the following:
>
> /usr/local/nagios/libexec/check_nrpe -H hadron -c check_iptables
>
> The output of that command was: CHECK_NRPE: No output returned from daemon.
>
> I ran the script on the client using the following syntax:
>
> /usr/local/nrpe/libexec/check_iptables.sh
>
> The output of that command was: OK INPUT 20 rules<br>OK BLACKIN 497 rules<br>OK
> BLACKOUT 497 rules<br>
>
> When I ran the command on the client, I did so as the root user. The nagios user
> account exists on the
> client, but as a means of security it is set up with the /sbin/nologin shell. I
> confirmed with other
> administrators, as well as in practice, this should not intefere with
> operations.
>
>   
>>> If you have not put in return codes how do you expect nagios to know 
>>> what was the exit status of the script ? how will it know if it finished 
>>> running or failed - those are not covered from NRPE but determined in 
>>> the plugin.
>>>       
>
> I looked at the plugin, and I am not sure what the syntax is for entering the
> return codes.
>
>   
you'll need to read this page about the return codes for nagios .

http://nagios.sourceforge.net/docs/3_0/pluginapi.html


As for the execution - running scripts as root is no indication that the 
plugin is working as you need it since the NRPE daemon is not executing 
the plugins on the remote machine as root but as either user nrpe or the 
user nagios .
If the nagios user has no shell to execute a shell script - it will fail 
and not run. now if the action you check need root privileges - grant 
the nagios user sudo permissions on that script so it can access the 
iptables properly.


Assaf

------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: CHECK_NRPE: No output returned with check_iptables.sh script
Next message: Weird failure-to-count error
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list