Probem with nrpe and sudo on rhel5 servers

Jonathan Mills jonmills at email.unc.edu
Fri Mar 7 17:52:57 CET 2008

Previous message: Probem with nrpe and sudo on rhel5 servers
Next message: Monitoring Router Errors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Huh, just as a side note, it's probably a bad idea to give the nagios  
user so many powers in sudo.  I've limited it by doing this:

nagios      ALL=NOPASSWD: /sbin/service nagios restart, \
                         /sbin/service nagios reload, \
                         /sbin/service nagios checkconfig

In my case, the nagios use only needs to be able to manipulate the  
nagios daemon, in these pre-defined ways.  You can add your own  
commands.  I'm using this on RHEL5 and it's working.

In another case, I'm using the hpacucli tool to test the raid status  
of an HP SmartArray.  In my sudoers file on the HP server with the  
array, I have this:

nagios      ALL=NOPASSWD: /usr/sbin/hpacucli

and in the nrpe.cfg file, I've got this:

command[check_hparray]=/usr/local/nagios/check_hparray -s 0

Again, this is RHEL5, and it works great.

On Mar 7, 2008, at 5:41 AM, Nicole Hähnel wrote:

> Hi,
>
> I wrote a plugin to check running ipsec tunnels on our gateways.
> The plugin needs to have access to /proc/net/ipsec_eroute, so I have  
> to
> run nrpe command with sudo.
>
> sudoers (for testing):
> nagios          ALL=(ALL)       NOPASSWD: ALL
>
> nrpe.conf:
> command[check_tunnel]=sudo /usr/lib/nagios/plugins/check_tunnel
> --tunnels $ARG1$
>
> I tested the plugin on the gateway, it works fine,
> but with nagios I get "NRPE: Unable to read output".
> Running the plugin without sudo, nagios has an output,
> but 0 running tunnels.
>
> Looks like a problem with sudo command on rhel5 servers.
> Any ideas?
>
>
> Thanks!
>
> Nicole
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when  
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Probem with nrpe and sudo on rhel5 servers
Next message: Monitoring Router Errors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list