On Sat, Jun 5, 2010 at 9:02 AM, Kevin Keane <subscript...@kkeane.com> wrote: > You would probably want to use sudo. Instead of having NRPE call check_yum > directly, have it call sudo check_yum, and add check_yum for the Nagios user > to your sudoers (make sure to not require a password, of course!) > > Be sure to keep the sudoers entry as restrictive as possible, or you may open > a security hole. > > -----Original Message----- > From: Terry [mailto:td3...@gmail.com] > Sent: Thursday, June 03, 2010 11:40 AM > To: nagios-users@lists.sourceforge.net > Subject: Re: [Nagios-users] check_yum issue > > On Thu, Jun 3, 2010 at 1:28 PM, Terry <td3...@gmail.com> wrote: >> Hello, >> >> I am trying to use check_yum: >> http://exchange.nagios.org/directory/Plugins/Uncategorized/Operating-S >> ystems/Linux/Check_Yum/details >> >> It works great from the command line: >> [r...@foo ~]# yum --security check-update Loaded plugins: dellsysid, >> rhnplugin, security Limiting package lists to security relevant ones >> Needed 4 of 11 packages, for security >> >> rhn-check.noarch >> 0.4.20-33.el5_5.2 >> rhel-x86_64-server-5 >> rhn-client-tools.noarch >> 0.4.20-33.el5_5.2 >> rhel-x86_64-server-5 >> rhn-setup.noarch >> 0.4.20-33.el5_5.2 >> rhel-x86_64-server-5 >> rhn-setup-gnome.noarch >> 0.4.20-33.el5_5.2 >> rhel-x86_64-server-5 >> [r...@foo ~]# /usr/lib64/nagios/plugins/check_yum >> YUM CRITICAL: 4 Security Updates Available. 7 Non-Security Updates >> Available [r...@foo ~]# echo $? >> 2 >> >> It returns this from nagios: >> [r...@foo ~]# /usr/lib64/nagios/plugins/check_nrpe -H 10.0.0.2 -t 50 >> -c check_yum YUM OK: 0 Security Updates Available >> >> Here's my NRPE configuration: >> [r...@bar ~]# cat /etc/nagios/nrpe.cfg | grep check_yum >> command[check_yum]=/usr/lib64/nagios/plugins/check_yum >> >> What am I missing here? >> > > I think I fail here. This is a permissions issue as noted in the > description of the plugin. Anyone doing something similar? If so, > how is your solution architected? > > Thanks! > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day > Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list > and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null >
I think I did one better, maybe. I am having nagios call check_by_ssh which uses a key that is specific for this command. On the remote side, I am configuring the authorized_hosts such as this: command="/usr/lib/nagios/plugins/check_yum" ssh-rsa AA..... The only thing this key can do is call check_yum on the remote end. ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null