Re: [Nagios-users] Probem with nrpe and sudo on rhel5 servers
Hi, yes, commenting out Defaults requiretty works. Big thanks! Nicole Andrew Norris schrieb: Have you tried commenting out the following line in sudoers? Defaultsrequiretty I got hit by that one moving ssh checks from centos4 to centos5. Nicole Hähnel wrote: Hi, I wrote a plugin to check running ipsec tunnels on our gateways. The plugin needs to have access to /proc/net/ipsec_eroute, so I have to run nrpe command with sudo. sudoers (for testing): nagios ALL=(ALL) NOPASSWD: ALL nrpe.conf: command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels $ARG1$ I tested the plugin on the gateway, it works fine, but with nagios I get NRPE: Unable to read output. Running the plugin without sudo, nagios has an output, but 0 running tunnels. Looks like a problem with sudo command on rhel5 servers. Any ideas? Thanks! Nicole - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Probem with nrpe and sudo on rhel5 servers
Hi, I wrote a plugin to check running ipsec tunnels on our gateways. The plugin needs to have access to /proc/net/ipsec_eroute, so I have to run nrpe command with sudo. sudoers (for testing): nagios ALL=(ALL) NOPASSWD: ALL nrpe.conf: command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels $ARG1$ I tested the plugin on the gateway, it works fine, but with nagios I get NRPE: Unable to read output. Running the plugin without sudo, nagios has an output, but 0 running tunnels. Looks like a problem with sudo command on rhel5 servers. Any ideas? Thanks! Nicole - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Probem with nrpe and sudo on rhel5 servers
Nicole Hähnel wrote: Hi, I wrote a plugin to check running ipsec tunnels on our gateways. The plugin needs to have access to /proc/net/ipsec_eroute, so I have to run nrpe command with sudo. sudoers (for testing): nagios ALL=(ALL) NOPASSWD: ALL nrpe.conf: command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels $ARG1$ I tested the plugin on the gateway, it works fine, but with nagios I get NRPE: Unable to read output. Running the plugin without sudo, nagios has an output, but 0 running tunnels. Looks like a problem with sudo command on rhel5 servers. Any ideas 2 Things: 1. You cannot embed Nagios macros like $ARG1$ in nrpe unless you're doing something like dont_blame_nrpe which is a bad idea according to those that make it. 2. Have you confirmed that the nrpe user is in fact nagios and that the path to the plugin is correct? -h -- Hari Sekhon - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Probem with nrpe and sudo on rhel5 servers
Hari Sekhon schrieb: Nicole Hähnel wrote: Hi, I wrote a plugin to check running ipsec tunnels on our gateways. The plugin needs to have access to /proc/net/ipsec_eroute, so I have to run nrpe command with sudo. sudoers (for testing): nagios ALL=(ALL) NOPASSWD: ALL nrpe.conf: command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels $ARG1$ I tested the plugin on the gateway, it works fine, but with nagios I get NRPE: Unable to read output. Running the plugin without sudo, nagios has an output, but 0 running tunnels. Looks like a problem with sudo command on rhel5 servers. Any ideas 2 Things: 1. You cannot embed Nagios macros like $ARG1$ in nrpe unless you're doing something like dont_blame_nrpe which is a bad idea according to those that make it. 2. Have you confirmed that the nrpe user is in fact nagios and that the path to the plugin is correct? -h Yes, I have enabled dont_blame_nrpe, but my problem is not a security question. Even if disable dont_blame_nrpe and add the count of the tunnels to nrpe.conf, nagios shows NRPE: Unable to read output. The only way to get an output is to remove sudo command, but nagios user has no rights to read files in /proc. So it's a wrong check result. command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels 15 [EMAIL PROTECTED] objects]# /usr/lib/nagios/plugins/check_nrpe -H xxx -c check_tunnel NRPE: Unable to read output command[check_tunnel]=/usr/lib/nagios/plugins/check_tunnel --tunnels 15 [EMAIL PROTECTED] objects]# /usr/lib/nagios/plugins/check_nrpe -H xxx -c check_tunnel CRITICAL - Only 0 tunnels from 15 are up an running Nicole - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Probem with nrpe and sudo on rhel5 servers
Nicole Hähnel wrote: The only way to get an output is to remove sudo command, but nagios user has no rights to read files in /proc. So it's a wrong check result. try logging in as the nrpe user, the running sudo ... by hand to see if it works or if it is actually still prompting for a passwd. What happens? -h -- Hari Sekhon - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Probem with nrpe and sudo on rhel5 servers
Huh, just as a side note, it's probably a bad idea to give the nagios user so many powers in sudo. I've limited it by doing this: nagios ALL=NOPASSWD: /sbin/service nagios restart, \ /sbin/service nagios reload, \ /sbin/service nagios checkconfig In my case, the nagios use only needs to be able to manipulate the nagios daemon, in these pre-defined ways. You can add your own commands. I'm using this on RHEL5 and it's working. In another case, I'm using the hpacucli tool to test the raid status of an HP SmartArray. In my sudoers file on the HP server with the array, I have this: nagios ALL=NOPASSWD: /usr/sbin/hpacucli and in the nrpe.cfg file, I've got this: command[check_hparray]=/usr/local/nagios/check_hparray -s 0 Again, this is RHEL5, and it works great. On Mar 7, 2008, at 5:41 AM, Nicole Hähnel wrote: Hi, I wrote a plugin to check running ipsec tunnels on our gateways. The plugin needs to have access to /proc/net/ipsec_eroute, so I have to run nrpe command with sudo. sudoers (for testing): nagios ALL=(ALL) NOPASSWD: ALL nrpe.conf: command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel --tunnels $ARG1$ I tested the plugin on the gateway, it works fine, but with nagios I get NRPE: Unable to read output. Running the plugin without sudo, nagios has an output, but 0 running tunnels. Looks like a problem with sudo command on rhel5 servers. Any ideas? Thanks! Nicole - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null