Re: [Nagios-users] check_procs returning wrong data
I finally got it working but it was not that easy. As I am using CentOS 5, by default the requiretty value in the /etc/sudoers file is activated, so I had to edit it like this: #Defaultsrequiretty nagios ALL=(ALL) NOPASSWD:/usr/local/nagios/libexec/check_procs And the command in the .cfg file would be like this: command[check_total_procs]=sudo /usr/local/nagios/libexec/check_procs -w 150 -c 200 Hope it helps!! 2012/6/18 Andreas Ericsson a...@op5.se On 06/18/2012 11:51 AM, Axel Amigo Arnold wrote: Hi Andreas, thank you for the response. I already have the suid bit activated in the check_procs binary as you can see here (I just copied the values of check_icmp) -r-sr-sr-x The user for this binary is root, and the group is nagios (just as check_icmp), but I still can't access the total process list. In the command definition, should I make something like this? command[check_total_procs]=/usr/local/nagios/libexec/sudo check_procs -w 150 -c 200 That might help. Try and find out. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- Un saludo, Axel Amigo Arnold -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_procs returning wrong data
I finally got it working but it was not that easy. As I am using CentOS 5, by default the requiretty value in the /etc/sudoers file is activated, so I had to edit it like this: #Defaultsrequiretty nagios ALL=(ALL) NOPASSWD:/usr/local/nagios/libexec/check_procs And the command in the .cfg file would be like this: command[check_total_procs]=sudo /usr/local/nagios/libexec/check_procs -w 150 -c 200 It's a bit safer to use this right before the user and command definition: Defaults:nagios !requiretty That way, you're leaving the restriction in place for *other* users, you're just overriding it for the nagios user. Benny -- Death rays, advanced technology or not, no creature wants to be stabbed in their hoo-hoo.-- Seen on zombiehunters.org -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_procs returning wrong data
On 06/17/2012 03:47 PM, Axel Amigo Arnold wrote: Hello, I am using nagios plugins 1.4.15 and I have a question about the check_procs plugin. If I execute it as *root*: root@localhost[/usr/local/nagios/libexec]# ./check_procs -w 50 -c 100 PROCS CRITICAL: 126 processes Now if I do it as *nagios user*: nagios@localhost[/usr/local/nagios/libexec]# ./check_procs -w 50 -c 100 PROCS OK: 2 processes Obviously it gives me the result of doing *ps *as the selected user, and I don't want this to happen like this. From the remote Nagios Server using NRPE, I also have the wrong result of 2 processes. Is there a fix for this? May I have to write a script for myself? The only fix is to run check_procs as root, or make the plugins suid root. Writing your own script won't work either, since it's the kernel blocking access to other users' processes. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_procs returning wrong data
Hi Andreas, thank you for the response. I already have the suid bit activated in the check_procs binary as you can see here (I just copied the values of check_icmp) -r-sr-sr-x The user for this binary is root, and the group is nagios (just as check_icmp), but I still can't access the total process list. In the command definition, should I make something like this? command[check_total_procs]=/usr/local/nagios/libexec/sudo check_procs -w 150 -c 200 Thanks! 2012/6/18 Andreas Ericsson a...@op5.se On 06/17/2012 03:47 PM, Axel Amigo Arnold wrote: Hello, I am using nagios plugins 1.4.15 and I have a question about the check_procs plugin. If I execute it as *root*: root@localhost[/usr/local/nagios/libexec]# ./check_procs -w 50 -c 100 PROCS CRITICAL: 126 processes Now if I do it as *nagios user*: nagios@localhost[/usr/local/nagios/libexec]# ./check_procs -w 50 -c 100 PROCS OK: 2 processes Obviously it gives me the result of doing *ps *as the selected user, and I don't want this to happen like this. From the remote Nagios Server using NRPE, I also have the wrong result of 2 processes. Is there a fix for this? May I have to write a script for myself? The only fix is to run check_procs as root, or make the plugins suid root. Writing your own script won't work either, since it's the kernel blocking access to other users' processes. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- Un saludo, Axel Amigo Arnold -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_procs returning wrong data
On 06/18/2012 11:51 AM, Axel Amigo Arnold wrote: Hi Andreas, thank you for the response. I already have the suid bit activated in the check_procs binary as you can see here (I just copied the values of check_icmp) -r-sr-sr-x The user for this binary is root, and the group is nagios (just as check_icmp), but I still can't access the total process list. In the command definition, should I make something like this? command[check_total_procs]=/usr/local/nagios/libexec/sudo check_procs -w 150 -c 200 That might help. Try and find out. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_procs returning wrong data
On 06/18/2012 06:30 AM, Andreas Ericsson wrote: The user for this binary is root, and the group is nagios (just as check_icmp), but I still can't access the total process list. In the command definition, should I make something like this? command[check_total_procs]=/usr/local/nagios/libexec/sudo check_procs -w 150 -c 200 That might help. Try and find out. Shouldn't the command be: command[check_total_procs]=sudo /usr/local/nagios/libexec/check_procs -w 150 -c 200 Cheers, Steve Glasser | System Administrator | visp.net -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null