Solaris 10 SMF, Getting NRPE to run as user nagios
Alloo, Vincent
v-alloo at ti.com
Wed Mar 12 12:28:03 CET 2008
Robert,
Finally, I was able to enable NRPE through service management on Solaris
10 (not using SMF) without SUID:
echo "nrpe stream tcp nowait nagios /apps/nagios/nrpe/nrpe
/apps/nagios/nrpe/nrpe -c /db/sysadmin/nagios/nrpe.cfg --inetd " >!
/etc/nrpe.inetd
inetconv -i /etc/nrpe.inetd
inetadm -m svc:/network/nrpe/tcp tcp_wrappers=TRUE
echo nrpe: ALL >> /etc/hosts.deny
echo nrpe: your_nagios_server >> /etc/hosts.allow
--SSH-- > inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name="nrpe"
endpoint_type="stream"
proto="tcp"
isrpc=FALSE
wait=FALSE
exec="/apps/nagios/nrpe/nrpe -c /db/sysadmin/nagios/nrpe.cfg
--inetd"
arg0="/apps/nagios/nrpe/nrpe"
user="nagios"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
tcp_wrappers=TRUE
--SSH-- > ls -l /apps/nagios/nrpe/nrpe
-rwxrwxr-x 1 nagios nagios 71608 Oct 4 2006
/apps/nagios/nrpe/nrpe
Let me know if it works for you.
Regards,
Vincent Alloo
TI France Design Systems Operations Manager
Europe, Middle East and Africa IT Services
Texas Instruments France
E-Mail: v-alloo at ti.com
Phone: +33 4 93 22 26 97
Mobile: +33 6 82 13 00 80
________________________________
From: nagios-users-bounces at lists.sourceforge.net
[mailto:nagios-users-bounces at lists.sourceforge.net] On Behalf Of
Cipriani, Robert C
Sent: Tuesday, January 15, 2008 4:43 PM
To: 'nagios-users at lists.sourceforge.net'
Subject: [Nagios-users] Solaris 10 SMF, Getting NRPE to run as user
nagios
I have NRPE running on Solaris 10 SPARC under SMF, but the only way I
could get it to run as user nagios is if I set SUID on the nrpe
executable.
This is the output inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name="nrpe"
endpoint_type="stream"
proto="tcp"
isrpc=FALSE
wait=FALSE
exec="/usr/local/nagios/bin/nrpe -c
/usr/local/nagios/etc/nrpe.cfg -i"
arg0="/usr/local/nagios/bin/nrpe"
user="nagios"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
user="nagios" , but if I don't do the SUID I get in the system log:
nrpe[10222]: [ID 306117 auth.error] Error: NRPE daemon cannot be run as
user/group root!
I've searched the web and the archives to no avail. Does anyone have
experience running NRPE under SMF? Any concerns about running it SUID?
Thanks so much.
Robert C. Cipriani
Senior Network Administrator
Tampa Bay Division IT
Bright House Networks
W: (727) 329-2000 x74264
M: (727) 365-1231
________________________________
CONFIDENTIALITY NOTICE: This e-mail may contain information that is
privileged, confidential or otherwise protected from disclosure. If you
are not the intended recipient of this e-mail, please notify the sender
immediately by return e-mail, purge it and do not disseminate or copy
it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080312/b6b5c7f3/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list