Thank you!!!!! That was so simple, and yet, no matter where I tried searching, I could not come up with it!!! It worked like a champ! Tom And, thanks again for the previous help ;-) <div class="gmail_quote"> On Wed, May 13, 2009 at 10:44 AM, Marc Powell <<a href="mailto:marc@ena.com">marc@ena.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="im"> On May 13, 2009, at 7:17 AM, Thomas Stearn wrote: > I have a Nagios server 3.0.6 running on Ubuntu 8.04 Server. It is > monitoring all things fine on multiple targets except the one below. > > On a certain target, I am trying to monitor my /var/log/auth.log > file for bad activity, such as failed password attempts, or attempts > to login as invalid users, etc. > > I am trying to do this via the check_log plugin via nrpe, but, I get > a "Log check error: Log file /var/log/auth.log is not readable!" > when the server checks on it. > > The easiest way I have to reproduce the error is the following > manually executed command from the host server: > /usr/local/nagios/libexec/check_nrpe -H target -c check_badpw > > I know that it means that the file cannot be opened during the > check, but, I don't understand why. > > ls -l of /var/log/auth.log: > -rw-r----- 1 syslog adm 1590863 2009-05-12 10:47 /var/log/auth.log > > In /etc/groups, I have added the "nagios" user to the adm group, so > I would think it should work. </div>[chop] <div class="im"> > So, I know it will work if I loosen the permissions on /var/log/ > auth.log, but, I'd prefer to keep them as tight as possible. > > When I am logged into the target as nagios and execute "id", I get, > uid=5308(nagios) gid=5309(nagios) groups=4(adm),5309(nagios) > > When I embed "id" into the check_log script, I get: > uid=5308(nagios) gid=5309(nagios) > > so, it would seem that it does not inherit the groups as I would > assume it would. </div>I'm certain this was recently discussed but my search-fu is weak this morning. It might have been on -devel or nagios-plugins though... I didn't follow closely but the gist of it (I believe) is that xinetd drops/ignores any secondary groups the user is a member of before starting the server. No secondary groups, no access in your case. Looking at my xinetd.conf man page, I see the following which may help. You may also have better search-fu than me and can find the original thread... groups Takes either "yes" or "no". If the groups attribute is set to "yes", then the server is executed with access to the groups that the server's effective UID has access to. If the groups attribute is set to "no", then the server runs with no supplementary groups. This attribute must be set to "yes" for many BSD systems. This attribute can be set in the defaults section as well. -- Marc ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. <a href="http://p.sf.net/sfu/kodak-com" target="_blank">http://p.sf.net/sfu/kodak-com</a> _______________________________________________ Nagios-users mailing list <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </blockquote></div>