Where's your sudoers definition that allows the nagios user to run any commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios user trying to run sudo? > I have tested with nagios user as well.. still no luck with that. Could > you some one update if you have any solution on this case. > > Kind Regards, > Thilak > > From: Deborah Martin [mailto:deborah.mar...@kognitio.com] > Sent: Tuesday, 14 May 2013 7:30 PM > To: Nagios Users List > Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring > > Ok - if I look at your output, manually, when the plugin is run as the > "root" user it produces the correct result. > > But, you haven't said what the nrpe user is that is running on the remote > node and whether the same manual run of the check produces the same > output. > For example, I run remote plugins through nrpe as the "nagios" user so if > I want to manually test a plugin on the remote node, I would first login > as the nagios user to ensure I've got the same environment that would be > used when running via nrpe. It might be that the variables you have set in > the script only work as the root user. It's never a good idea to test as > the root user but only as the same user as that used by nagios or nrpe. > > Regards, > Deborah > > From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au] > Sent: 14 May 2013 09:58 > To: Nagios Users List > Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring > > Hi Deborah, Thanks for the response.. please find the details below. > > > [root@abc libexec]# pwd > /usr/local/nagios/libexec > [root@abc libexec]# ./check_iptables.sh > <----- Executing manually script > + IPT=/sbin/iptables > + GREP=/bin/grep > + AWK=/bin/awk > + EXPR=/usr/bin/expr > + WC=/usr/bin/wc > + A=/usr/bin/sudo > + E_SUCCESS=0 > + E_CRITICAL=2 > + E_UNKNOWN=3 > ++ /usr/bin/sudo /sbin/iptables -nvL > ++ /bin/grep Chain > ++ /bin/awk '{ print $2 }' > ++ /bin/grep Cid > ++ /usr/bin/wc -l > + CHAINS=5 > + '[' 5 -ne 0 ']' > + echo 'Firewall is running!' > Firewall is running! > + exit 0 > <------ it shows firewall > running ( correct output ) > [root@abc libexec]# > > > Client - NRPE config file > > [root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable > command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh > [root@abc libexec]# > > > [root@abc libexec]# ./check_nrpe -H localhost -c check_iptables > Firewall is not running > <----- executing via > check_nrpe ( wrong output ) > [root@abc libexec]# > > > NRPE Logs > ------------- > > May 14 18:52:28 abc nrpe[31158]: Added > command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c > 5% -p /db > May 14 18:52:28 abc nrpe[31158]: Added > command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c > 5% -p /app > May 14 18:52:28 abc nrpe[31158]: Added > command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh > May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network > traffic will be encrypted. > May 14 18:52:28 abc nrpe[31158]: Handling the connection... > May 14 18:52:28 abc nrpe[31158]: Host is asking for command > 'check_iptables' to be run... > May 14 18:52:28 abc nrpe[31158]: Running command: > /usr/local/nagios/libexec/check_iptables.sh > May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and > output: Firewall is not running > May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not > running > > > Kind Regards, > Thilak > > > From: Deborah Martin [mailto:deborah.mar...@kognitio.com] > Sent: Tuesday, 14 May 2013 6:44 PM > To: Nagios Users List > Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring > > Hi, > What is the wrong output being returned ? This might give us all a clue as > to the cause of the problem. > When you run the check manually, are you doing this as the same user that > check_nrpe will use ? > > Regards, > Deborah > > > > From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au] > Sent: 14 May 2013 08:43 > To: > nagios-users@lists.sourceforge.net<mailto:nagios-users@lists.sourceforge.net> > Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring > > Greetings! > > Could someone send me nagios plugin which is tested and works well for > monitoring IPTABLES in Linux. > > I have tested below script but it is not returning correct output to > nagios server. > > If I execute script manually, it shows correct output... > > But if I execute via ./check_nrpe - H localhost -c check_iptables, it > shows wrong output. > > > > Below is my plugin > ------------------------------ > > #!/bin/bash > set -x > > IPT='/sbin/iptables' > GREP='/bin/grep' > AWK='/bin/awk' > EXPR='/usr/bin/expr' > WC='/usr/bin/wc' > A='/usr/bin/sudo' > > E_SUCCESS="0" > E_CRITICAL="2" > E_UNKNOWN="3" > > CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | > $WC -l` > > if [ $CHAINS -ne 0 ] ; then > echo "Firewall is running!" > exit ${E_SUCCESS} > > elif [ $CHAINS -eq 0 ] ; then > echo "Firewall is not running" > exit ${E_CRITICAL} > fi > > > > This e-mail and any files transmitted with it are strictly confidential > and intended solely for the use of the individual or entity to whom they > are addressed. If you are not the intended recipient, please delete this > e-mail immediately. Any unauthorised distribution or copying is strictly > prohibited. > > Whilst Kognitio endeavours to prevent the transmission of viruses via > e-mail, we cannot guarantee that any e-mail or attachment is free from > computer viruses and you are strongly advised to undertake your own > anti-virus precautions. Kognitio grants no warranties regarding > performance, use or quality of any e-mail or attachment and undertakes no > liability for loss or damage, howsoever caused. > > > This e-mail and any files transmitted with it are strictly confidential > and intended solely for the use of the individual or entity to whom they > are addressed. If you are not the intended recipient, please delete this > e-mail immediately. Any unauthorised distribution or copying is strictly > prohibited. > > Whilst Kognitio endeavours to prevent the transmission of viruses via > e-mail, we cannot guarantee that any e-mail or attachment is free from > computer viruses and you are strongly advised to undertake your own > anti-virus precautions. Kognitio grants no warranties regarding > performance, use or quality of any e-mail or attachment and undertakes no > liability for loss or damage, howsoever caused. > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null -- "The very existence of flamethrowers proves that sometime, somewhere, someone said to themselves, 'You know, I want to set those people over there on fire, but I'm just not close enough to get the job done.'" -- George Carlin ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null