NRPE my_system() seteuid(0): Operation not permitted

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Edu
Posts: 2
Joined: Tue Oct 23, 2018 9:14 am

NRPE my_system() seteuid(0): Operation not permitted

Post by Edu »

See below, trying to run a restart service and keep getting seteuid errors. For testing purposes have the nagios user set to run anything. Thought maybe it was running as a different user than nagios but that isn't it..

Code: Select all

nagios    ALL=(ALL)       NOPASSWD: ALL

Code: Select all

[root@server etc]# su nagios
bash-4.2$ /usr/bin/sudo /bin/systemctl restart squid.service
bash-4.2$
bash-4.2$

Code: Select all

[1540302908] is_an_allowed_host (AF_INET): is host >10.5.0.25< an allowed host >10.5.0.25<
[1540302908] is_an_allowed_host (AF_INET): is host >10.5.0.25< an allowed host >10.5.0.25<
[1540302908] is_an_allowed_host (AF_INET): host is in allowed host list!
[1540302908] Host address is in allowed_hosts
[1540302908] Host 10.5.0.25 is asking for command 'squid_restart' to be run...
[1540302908] Running command: /usr/bin/sudo /bin/systemctl restart  squid.service
[1540302908] WARNING: my_system() seteuid(0): Operation not permitted
[1540302908] Command completed with return code 1 and output:
[1540302908] Return Code: 3, Output: NRPE: Unable to read output
[1540302908] Connection from 10.5.0.25 closed.

Code: Select all

# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nagios



# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nagios


Code: Select all

nagios     1390  0.0  0.0  44836  2740 ?        Ss   08:54   0:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f

Code: Select all

[Service]
Type=simple
Restart=on-abort
PIDFile=/usr/local/nagios/var/nrpe.pid
RuntimeDirectory=nrpe
RuntimeDirectoryMode=0755
ExecStart=/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f
ExecReload=/bin/kill -HUP $MAINPID
ExecStopPost=/bin/rm -f /usr/local/nagios/var/nrpe.pid
TimeoutStopSec=60
User=nagios
Group=nagios
PrivateTmp=true
OOMScoreAdjust=-500
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: NRPE my_system() seteuid(0): Operation not permitted

Post by npolovenko »

@Edu, On the nrpe server please run:
sudo chmod u+s /bin/systemctl
What version of the NRPE are you running?

Please run the following commands and show me the output:
chage -l nagios
grep nag /etc/passwd
grep nag /etc/group
Let's add the following line to the /etc/sudoers file:
nagios ALL=NOPASSWD: /bin/systemctl restart *
Please show me the command definition + how the command is defined on the remote server.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Edu
Posts: 2
Joined: Tue Oct 23, 2018 9:14 am

Re: NRPE my_system() seteuid(0): Operation not permitted

Post by Edu »

version 3.2.1

[root@server ~]# sudo chmod u+s /bin/systemctl
[root@server ~]# chage -l nagios
Last password change : Oct 22, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : -1
Maximum number of days between password change : -1
Number of days of warning before password expires : -1
[root@jcsd-server ~]# grep nag /etc/passwd
systemd-network:x:996:994:systemd Network Management:/:/sbin/nologin
nagios:x:995:993::/home/nagios:/bin/bash
[root@jcsd-server ~]# grep nag /etc/group
nagios:x:993:


no command definitions yet, just manually running check_nrpe

Code: Select all

[root@server etc]# /usr/local/nagios/libexec/check_nrpe -H 10.5.0.16 -p 1025 -c squid_restart
NRPE: Unable to read output
However, when I look at the service now it is at least restarting it as it should. So either your chmod or sysctl change fixed something. Just need to get some output now since systemctl doesn't output anything
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: NRPE my_system() seteuid(0): Operation not permitted

Post by npolovenko »

@Edu, You could create another command in the nrpe.cfg file to check if the process is running:
command[check_squid]=/usr/local/nagios/libexec/check_procs -a squid -c 1:1
/usr/local/nagios/libexec/check_nrpe -H 10.5.0.16 -c check_squid
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked