Re: what is nagios 'SECURITY information'?

Tue, 30 Nov 2010 06:52:37 -0800 

On Nov 29, 2010, at 3:04 PM, Jason Holtzapple wrote:

> On 11/29/2010 12:45 PM, Alex Dean wrote:
>> I have Nagios running on a local server, and I occasionally get some emails 
>> from it with the subject "*** SECURITY information for <hostname>***".  The 
>> body of the message is just a few characters.  I've done some searching in 
>> my Nagios logs and online, and I have no idea what these emails are or what 
>> they mean.
>> 
>> The latest instance was last night.  I had my local network torn apart for a 
>> few hours, and when I reconnected everything, I had about 40 of these emails 
>> waiting for me.
>> 
>> The Nagios I'm using is from Ubuntu 9.10.  I'm using only a very few HTTP, 
>> ssh, & ping monitors.  Nothing complex at all.
> 
> sudo creates emails with subjects like that if there are security
> issues, but the body of your mail is not typical of sudo. Do any of your
> nagios checks use sudo as part of the check?

Nice fine.  My checks using check_ide_smart do use sudo.

define command{
        command_name    check_smartd
        command_line    /usr/bin/sudo /usr/lib/nagios/plugins/check_ide_smart 
-d $ARG1$ -n 
}
define service{
        use                             generic-service
        host_name                       localhost
        service_description             SMART status 2
        check_command                   
check_smartd!/dev/disk/by-id/scsi-SATA_WDC_WD6401AALS-_WD-WCASY7715793
}


/etc/sudoers
  nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ide_smart


For the example SECURITY email I sent (dated Nov 28, 21:29:59), 
/var/log/auth.log has a record:
Nov 28 21:29:59 artichoke sudo:   nagios : TTY=unknown ; PWD=/ ; USER=root ; 
COMMAND=/usr/lib/nagios/plugins/check_ide_smart -d 
/dev/disk/by-id/scsi-SATA_WDC_WD6401AALS-_WD-WCASY7715793 -n

As far as I can tell, that looks normal.  The smartd checks were never in error 
while my network was down.  I'm only using local passwd/group/shadow files for 
authentication, no LDAP or yp or other external authentication service.

alex
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Reply via email to