1

I am trying to be as clear as possible: my brain is going to explode, like those explodding kittens.

Both machines Centos 7:

[root@192.168.10.2]# cat /proc/version
Linux version 3.10.0-693.11.6.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Thu Jan 4 01:06:37 UTC 2018

And latest NRPE from EPEL:

[root@192.168.10.1]# ./check_nrpe -H 192.168.10.2
NRPE v3.2.0

I am trying to restart a service from nagios server, so I can set an event handler. All started with a lots of scripts, but now I shrink the problem to this:

[root@192.168.10.1]# ./check_nrpe -H 192.168.10.2 -c restart
NRPE: Unable to read output

[root@192.168.10.1]# ./check_nrpe -H 192.168.10.2 -c status
(... correct service status output ...)
Loaded: loaded (/usr/lib/systemd/system/cachefilesd.service
(... correct service status output ...)

So, I can status services, but cannot start or restart.

[root@192.168.10.2]# cat /etc/nagios/nrpe.conf:

[...]
nrpe_user=nrpe
nrpe_group=nrpe
allowed_hosts=127.0.0.1,192.168.10.1
command[status]=/lib64/nagios/plugins/status.sh
command[restart]=/lib64/nagios/plugins/restart.sh
[...]


[root@192.168.10.2]# cat /lib64/nagios/plugins/status.sh

#!/bin/bash
sudo systemctl status cachefilesd
exit 0

and

[root@192.168.10.2]# cat /lib64/nagios/plugins/restart.sh

#!/bin/bash
sudo systemctl restart cachefilesd
exit 0

sudoers:

[root@192.168.10.2]# cat /etc/sudoers

# Defaults specification
Defaults: nrpe !requiretty
Defaults: nagios !requiretty

nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service

If I type:

[root@192.168.10.2]# sudo -u nrpe -H ./restart-cachefilesd.sh

All is fine.

I enabled debug in NRPE, and I get:

nrpe[5431]: Host address is in allowed_hosts
nrpe[5431]: Host 192.168.10.1 is asking for command 'restart' to be run...
nrpe[5431]: Running command: /lib64/nagios/plugins/restart.sh
nrpe[5432]: WARNING: my_system() seteuid(0): Operation not permitted
nrpe[5431]: Command completed with return code 0 and output:
nrpe[5431]: Return Code: 3, Output: NRPE: Unable to read output
nrpe[5431]: Connection from 192.168.10.1 closed.

I tried to strace the output, but is too much for me...

Tango_gr
  • 11
  • 1
  • 3
  • does `sudo systemctl restart cachefilesd` produce any output, when run as the nrpe user? – Keith Jan 30 '18 at 04:49

1 Answers1

0

Rather than putting sudo inside the script, you should include the sudo in the nrpe.cfg file:

command[status]=sudo /lib64/nagios/plugins/status.sh

instead of

command[status]=/lib64/nagios/plugins/status.sh
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42