Nagios Support Forum

Hi, I am using check_expiry on Linux (RHEL 6) but while running it with check_nrpe, I always get "NRPE: Unable to read output"

I can see nagios is not able to execute this script to check user's password expiry information. any idea on how this can be achieved?

Edit line 15 to look like:
Test again and let us know the results. If it still fails, try running the script directly on the host and not using check_nrpe:

@hardik185, On top of what Craig recommended, I suggest adding the following entries to the /etc/sudoers file on the nrpe server.

Hi,

Thanks for your response.
I have tried both but I still get the same error.

strace does not really help. If I run the script as nagios user I get the right output. It is just check_nrpe does not give.

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output

Any idea?

@hardik185, Can you show us the check_appuser command in the nrpe.cfg file? Please upload the whole npre.cfg file so I could examine your settings.

Also, if your plugin is in the /usr/local/nagios/etc/libexec/ folder, then you need to adjust entries in the sudoers file to reflect that:

Hi @npolovenko,
Sure. I have added the entries as suggested in /etc/sudoers but still same output. Please find attached nrpe.cfg and suggest if there is any way to enable this check.

@hardik185, Open the /etc/sudoers file and add the following entries instead of just two entries that I recommended earlier.

Defaults: nrpe !requiretty
Defaults: nagios !requiretty

nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service

Open the /usr/local/nagios/libexec/check_expiry.sh script on the line 14, and change it to look like this: I added "sudo".

Let me know if this fixes the issue.

hi @npolovenko ,
I have added entries in sudoer file as suggested but did not help. not sure what is still missing.

@hardik185, Please switch to the nagios user, run the plugin and show us the output: Please upload the /etc/sudoers file and upload the plugin with the modifications we suggested here as well.

sorry for replying late @npolovenko

I am able to run it successfully with "su - nagios"

-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser1
OK - Password never expires
-bash-4.1$ vim /usr/local/nagios/etc/nrpe.cfg
-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser2
OK - Password is 61 days from expiry
-bash-4.1$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output
-bash-4.1$

Below are the entries added in /etc/sudoers,
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh *
nagios ALL = NOPASSWD:/usr/sbin/lchage -l *
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service

Below is the line updated in plugin,
function calculate_days_till_expiry {
get_expiry_date=$(sudo /usr/sbin/lchage -l $1 | grep 'Password Expires' | awk '{print $3}')

Can you review and suggest?