Re: [Nagios-users] check_yum issue
On Sat, Jun 5, 2010 at 9:02 AM, Kevin Keane subscript...@kkeane.com wrote: You would probably want to use sudo. Instead of having NRPE call check_yum directly, have it call sudo check_yum, and add check_yum for the Nagios user to your sudoers (make sure to not require a password, of course!) Be sure to keep the sudoers entry as restrictive as possible, or you may open a security hole. -Original Message- From: Terry [mailto:td3...@gmail.com] Sent: Thursday, June 03, 2010 11:40 AM To: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] check_yum issue On Thu, Jun 3, 2010 at 1:28 PM, Terry td3...@gmail.com wrote: Hello, I am trying to use check_yum: http://exchange.nagios.org/directory/Plugins/Uncategorized/Operating-S ystems/Linux/Check_Yum/details It works great from the command line: [r...@foo ~]# yum --security check-update Loaded plugins: dellsysid, rhnplugin, security Limiting package lists to security relevant ones Needed 4 of 11 packages, for security rhn-check.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-client-tools.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup-gnome.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 [r...@foo ~]# /usr/lib64/nagios/plugins/check_yum YUM CRITICAL: 4 Security Updates Available. 7 Non-Security Updates Available [r...@foo ~]# echo $? 2 It returns this from nagios: [r...@foo ~]# /usr/lib64/nagios/plugins/check_nrpe -H 10.0.0.2 -t 50 -c check_yum YUM OK: 0 Security Updates Available Here's my NRPE configuration: [r...@bar ~]# cat /etc/nagios/nrpe.cfg | grep check_yum command[check_yum]=/usr/lib64/nagios/plugins/check_yum What am I missing here? I think I fail here. This is a permissions issue as noted in the description of the plugin. Anyone doing something similar? If so, how is your solution architected? Thanks! -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null I think I did one better, maybe. I am having nagios call check_by_ssh which uses a key that is specific for this command. On the remote side, I am configuring the authorized_hosts such as this: command=/usr/lib/nagios/plugins/check_yum ssh-rsa AA. The only thing this key can do is call check_yum on the remote end. -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_yum issue
You would probably want to use sudo. Instead of having NRPE call check_yum directly, have it call sudo check_yum, and add check_yum for the Nagios user to your sudoers (make sure to not require a password, of course!) Be sure to keep the sudoers entry as restrictive as possible, or you may open a security hole. -Original Message- From: Terry [mailto:td3...@gmail.com] Sent: Thursday, June 03, 2010 11:40 AM To: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] check_yum issue On Thu, Jun 3, 2010 at 1:28 PM, Terry td3...@gmail.com wrote: Hello, I am trying to use check_yum: http://exchange.nagios.org/directory/Plugins/Uncategorized/Operating-S ystems/Linux/Check_Yum/details It works great from the command line: [r...@foo ~]# yum --security check-update Loaded plugins: dellsysid, rhnplugin, security Limiting package lists to security relevant ones Needed 4 of 11 packages, for security rhn-check.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-client-tools.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup-gnome.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 [r...@foo ~]# /usr/lib64/nagios/plugins/check_yum YUM CRITICAL: 4 Security Updates Available. 7 Non-Security Updates Available [r...@foo ~]# echo $? 2 It returns this from nagios: [r...@foo ~]# /usr/lib64/nagios/plugins/check_nrpe -H 10.0.0.2 -t 50 -c check_yum YUM OK: 0 Security Updates Available Here's my NRPE configuration: [r...@bar ~]# cat /etc/nagios/nrpe.cfg | grep check_yum command[check_yum]=/usr/lib64/nagios/plugins/check_yum What am I missing here? I think I fail here. This is a permissions issue as noted in the description of the plugin.Anyone doing something similar? If so, how is your solution architected? Thanks! -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_yum issue
It appears that root has permissions but whatever user the nagios instance is running doesn't. Start there g.; On Thu, Jun 3, 2010 at 11:28 AM, Terry td3...@gmail.com wrote: Hello, I am trying to use check_yum: http://exchange.nagios.org/directory/Plugins/Uncategorized/Operating-Systems/Linux/Check_Yum/details It works great from the command line: [r...@foo ~]# yum --security check-update Loaded plugins: dellsysid, rhnplugin, security Limiting package lists to security relevant ones Needed 4 of 11 packages, for security rhn-check.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-client-tools.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup-gnome.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 [r...@foo ~]# /usr/lib64/nagios/plugins/check_yum YUM CRITICAL: 4 Security Updates Available. 7 Non-Security Updates Available [r...@foo ~]# echo $? 2 It returns this from nagios: [r...@foo ~]# /usr/lib64/nagios/plugins/check_nrpe -H 10.0.0.2 -t 50 -c check_yum YUM OK: 0 Security Updates Available Here's my NRPE configuration: [r...@bar ~]# cat /etc/nagios/nrpe.cfg | grep check_yum command[check_yum]=/usr/lib64/nagios/plugins/check_yum What am I missing here? -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Gary Every Pay it Forward! -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_yum issue
On Thu, Jun 3, 2010 at 1:28 PM, Terry td3...@gmail.com wrote: Hello, I am trying to use check_yum: http://exchange.nagios.org/directory/Plugins/Uncategorized/Operating-Systems/Linux/Check_Yum/details It works great from the command line: [r...@foo ~]# yum --security check-update Loaded plugins: dellsysid, rhnplugin, security Limiting package lists to security relevant ones Needed 4 of 11 packages, for security rhn-check.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-client-tools.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 rhn-setup-gnome.noarch 0.4.20-33.el5_5.2 rhel-x86_64-server-5 [r...@foo ~]# /usr/lib64/nagios/plugins/check_yum YUM CRITICAL: 4 Security Updates Available. 7 Non-Security Updates Available [r...@foo ~]# echo $? 2 It returns this from nagios: [r...@foo ~]# /usr/lib64/nagios/plugins/check_nrpe -H 10.0.0.2 -t 50 -c check_yum YUM OK: 0 Security Updates Available Here's my NRPE configuration: [r...@bar ~]# cat /etc/nagios/nrpe.cfg | grep check_yum command[check_yum]=/usr/lib64/nagios/plugins/check_yum What am I missing here? I think I fail here. This is a permissions issue as noted in the description of the plugin.Anyone doing something similar? If so, how is your solution architected? Thanks! -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
