Can you add a line to your /etc/xinetd.d/nrpe to run as a different user. Something like like:
user = nagios-nrpe Next create that user in /etc/passwd, /etc/shadow, and /etc/group The user doesn't need a passwd set or a login shell. Next add the user to the groups needed to see the logs, or set-up sudo for that user to see the logs? I think giving 'nobody' sudo rights isn't the best route. On Thu, 2009-04-02 at 15:52 +0800, Lei Chen wrote: > use visudo command, comment the following line: > Defaults requiretty > > and try again. > > > 2009/4/2 Andrew Davis <[email protected]>: > > Its running under xinetd, so 'ps aux|grep nrpe' isn't showing the true user. > > However, the nrpe.cfg is set to use the nobody user. I've added the nobody > > user to sudo, and even tried it as the nagios user. What I see now from the > > server is: > > > > /usr/local/nagios/libexec/check_nrpe -H atum -c check_logs > > CHECK_NRPE: Socket timeout after 10 seconds. > > > > And in the messages file on the client: > > > > Apr 1 22:54:25 atum nrpe[25661]: Running command: /usr/bin/sudo > > /usr/local/nagios/libexec/check_logs.pl -c /etc/nagios/check_logs_linux.cfg > > Apr 1 22:54:25 atum /usr/bin/sudo: nobody : TTY=unknown ; PWD=/ ; > > USER=root ; COMMAND=/usr/local/nagios/libexec/check_logs.pl -c > > /etc/nagios/check_logs_linux.cfg > > > > A. Davis > > Email: [email protected] > > > > "There is no limit to what a man can accomplish > > if he doesn't care who gets the credit." - Ronald Reagan > > > > > > John Stile wrote: > > > > On the client, if you look at 'ps aux |grep nrpe' > > what user does nrpe run as? > > > > You might have to configure sudo to allow that user to run the plugin. > > > > > > On Wed, 2009-04-01 at 18:27 -0400, Andrew Davis wrote: > > > > > > I setup the > > "check_logs.pl" > > (http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F1752.html;d=1) > > test and its config file on some local Linux servers tested via NRPE. All > > other NRPE tests work fine (including some custom ones). The check_logs.pl > > works fine locally, but fails over NRPE. I've enabled debugging in NRPE, but > > its not telling me much more... > > > > Client local test: > > > > atum:/etc/init.d # /usr/local/nagios/libexec/check_logs.pl > > -c /etc/nagios/check_logs_linux.cfg > > faillog => OK; lastlog => OK; messages => OK; wtmp => OK; > > > > Server test to client via NRPE: > > > > /usr/local/nagios/libexec/check_nrpe -H atum -c check_logs > > CHECK_NRPE: No output returned from daemon. > > > > Local log (/var/log/messages) on client when test is run from server: > > > > Apr 1 18:05:52 atum nrpe[1412]: Added > > command[check_logs]=/usr/local/nagios/libexec/check_logs.pl > > -c /etc/nagios/check_logs_linux.cfg > > Apr 1 18:05:52 atum nrpe[1412]: INFO: SSL/TLS initialized. > > All network traffic will be encrypted. > > Apr 1 18:05:52 atum nrpe[1412]: Handling the connection... > > Apr 1 18:05:52 atum nrpe[1412]: Host is asking for command > > 'check_logs' to be run... > > Apr 1 18:05:52 atum nrpe[1412]: Running > > command: /usr/local/nagios/libexec/check_logs.pl > > -c /etc/nagios/check_logs_linux.cfg > > Apr 1 18:05:52 atum nrpe[1412]: Command completed with return > > code 0 and output: > > Apr 1 18:05:52 atum nrpe[1412]: Return Code: 0, Output: > > > > The response is immediate, so its not a timeout issue. Other NRPE > > tests work fine: > > > > /usr/local/nagios/libexec/check_nrpe -H atum -c check_load > > OK - load average: 0.00, 0.00, 0.00| > > load1=0.000;5.000;10.000;0; load5=0.000;5.000;10.000;0; > > load15=0.000;5.000;10.000;0; > > /usr/local/nagios/libexec/check_nrpe -H atum -c check_memory > > CHECK_MEMORY OK - 1702M free | > > free=1785552896b;210236620.8:;105118310.4: > > > > And on the client: > > > > Apr 1 18:09:25 atum nrpe[1799]: INFO: SSL/TLS initialized. > > All network traffic will be encrypted. > > Apr 1 18:09:25 atum nrpe[1799]: Handling the connection... > > Apr 1 18:09:25 atum nrpe[1799]: Host is asking for command > > 'check_load' to be run... > > Apr 1 18:09:25 atum nrpe[1799]: Running > > command: /usr/local/nagios/libexec/check_load -r -w 5.0 -c > > 10.0 > > Apr 1 18:09:25 atum nrpe[1799]: Command completed with return > > code 0 and output: OK - load average: 0.00, 0.00, 0.00| > > load1=0.000;5.000;10.000;0; load5=0.000;5.000;10.000;0; > > load15=0.000;5.000;10.000;0; > > Apr 1 18:09:25 atum nrpe[1799]: Return Code: 0, Output: OK - > > load average: 0.00, 0.00, 0.00|load1=0.000;5.000;10.000;0; > > load5=0.000;5.000;10.000;0; load15=0.000;5.000;10.000;0; > > Apr 1 18:09:26 atum nrpe[1802]: INFO: SSL/TLS initialized. > > All network traffic will be encrypted. > > Apr 1 18:09:26 atum nrpe[1802]: Handling the connection... > > Apr 1 18:09:26 atum nrpe[1802]: Host is asking for command > > 'check_memory' to be run... > > Apr 1 18:09:26 atum nrpe[1802]: Running > > command: /usr/local/nagios/libexec/check_memory.pl -w 10% -c > > 5% > > Apr 1 18:09:26 atum nrpe[1802]: Command completed with return > > code 0 and output: CHECK_MEMORY OK - 1703M free | > > free=1786134528b;210236620.8:;105118310.4: > > Apr 1 18:09:26 atum nrpe[1802]: Return Code: 0, Output: > > CHECK_MEMORY OK - 1703M free | > > free=1786134528b;210236620.8:;105118310.4: > > > > Here's the local command in my /etc/nagios/nrpe.cfg: > > > > command[check_logs]=/usr/local/nagios/libexec/check_logs.pl > > -c /etc/nagios/check_logs_linux.cfg > > > > And on the server (when done in services.cfg, though its failing with > > manual tests too): > > > > define service { > > hostgroup_name linux-servers > > service_description LOGS > > check_command check_nrpe!check_logs > > max_check_attempts 3 > > normal_check_interval 15 > > retry_check_interval 5 > > check_period 24x7 > > notification_interval 120 > > notification_period 24x7 > > notification_options w, u, c, r, f, s > > contact_groups unixadmins > > } > > > > > > Considering it fails with a manual test (command line), I doubt its my > > services.cfg entry. It runs fine when called locally, so I'm thinking > > it could be an issue on the client in the nrpe.cfg, but if so I can't > > find it... > > > > I *do* see the obvious... namely, the other two tests that run over > > NRPE have something after "Output:" and the check_logs.pl does not. > > However, called at the command line it does... which is what stumps > > me. > > > > What would cause the test to run fine locally, but return nothing when > > called via NRPE??? (BTW: I'm running 3.x with the latest set of > > plugins and NRPE). > > > > One more thing: I know *someone* is going to ask why I don't just use > > the built-in check_log test. The answer is that check_logs.pl allows > > for multiple files and pattern matches and a "seek" file to speed > > things up. > > -- > > > > > > A. Davis > > Email: [email protected] > > > > "There is no limit to what a man can accomplish > > if he doesn't care who gets the credit." - Ronald Reagan > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Nagios-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/nagios-users > > ::: Please include Nagios version, plugin version (-v) and OS when reporting > > any issue. > > ::: Messages without supporting info will risk being sent to /dev/null > > > > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > Nagios-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/nagios-users > > ::: Please include Nagios version, plugin version (-v) and OS when reporting > > any issue. > > ::: Messages without supporting info will risk being sent to /dev/null > > > > > > -- > Thanks, > Chenlei & 石头++ > MSN Messenger: [email protected] > > ------------------------------------------------------------------------------ > _______________________________________________ > Nagios-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------------ _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
