Solved due to a permission issue on a directory.
Hi,
We have the below script on one of our servers (executed via NRPE) which is used to check for root logins; however, we are getting different results when the script is being executed locally on the Nagios XI server vs the remote host the check needs to run on.
On the remote server, it gives the correct result, executing the first code block in the 'if' statement to state there is a root login with an exit 2.
However, when executed via NRPE on the Nagios XI server, it is not giving the same result, and we're informed there have been no logins with an exit 0.
Other checks from the XI server to this host work fine, and we have tried setting up the same root login check on our old Nagios 3.2.3 environment and it works as expected, so it looks as if the Nagios XI is not seeing the exit code.
The remote server (expected behaviour):
nagios@xxxxx:~/libexec/custom> ./FailRoot.sh
WARNING - failed root login attempt on xxxxx please investigate
Nagios XI Server (unexpected behaviour):
[ /usr/local/nagios/libexec ]: ./check_nrpe -H xxxxx.xxxx.xxx-c check_root_login
No attempted root logins recorded
Sample log file being parsed:
Login Failures Latest failure From
root 3
Command to execute:
command[check_root_login]=/usr/local/nagios/libexec/custom/FailRoot.sh
Script being executed:
Code: Select all
TALLY_LOG=/tmp/tallylog.out
FAIL_COUNT=`grep root $TALLY_LOG|awk '{ print $2 }'`
if [ "$FAIL_COUNT" -gt "0" ]
then
echo "WARNING - failed root login attempt on `hostname` please investigate"
echo ""
cat $TALLY_LOG
exit 2
else
echo "No attempted root logins recorded"
exit 0
fiThanks.