check_mailq, nrpe, and root perms on client

[Marc Powell]

On Jun 15, 2009, at 12:59 PM, Kevin Freels wrote:

> However, as sudo is designed to do, it logs every command run under  
> it,
> so I wind up getting an email for every instance the check is made.
> Multiply that times several servers and services, and I am now getting
> flooded with emails that are essentially unnecessary.

Where are the e-mails coming from? sudo logs normally but only sends  
an e-mail if you've specifically configured it to do so (mail_always).  
That's off by default in all the distributions I have experience with  
(and that I can recall)... If that's something you don't really need  
then turn it off. If you're concerned about security then perhaps some  
of the other mail_* settings in sudoers might be more useful.

> I also thought of:
>
> -- running nrpe as "root" (not comfortable with that)
> -- SUID on check_mailq
> -- chown'ing check_mailq root:root

I personally don't like any of those options. I don't use check_mailq  
and wrote my own that fits our environment better but at the heart of  
it, I use 'sudo /usr/lib/sendmail...' so there's my vote ;)

--
Marc


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null