Recommended check_nrpe permissions

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
saber
Posts: 41
Joined: Wed Sep 14, 2016 4:32 pm

Recommended check_nrpe permissions

Post by saber »

Hi,

What are the recommended permissions for the file "/usr/local/nagios/libexec/check_nrpe" ?

When installing using the linux-agent script (https://assets.nagios.com/downloads/nag ... ent.tar.gz) , it seems that it does the following:

Code: Select all

chmod 755 /usr/local/nagios/libexec/*
chown root:nagios /usr/local/nagios/libexec/*
However, when compiling from source, the permissions are

Code: Select all

# stat /usr/local/nagios/libexec/check_nrpe
  File: `/usr/local/nagios/libexec/check_nrpe'
  Size: 132384    	Blocks: 264        IO Block: 4096   regular file
Device: 802h/2050d	Inode: 7609249     Links: 1
Access: (0775/-rwxrwxr-x)  Uid: (  502/  nagios)   Gid: (  504/  nagios)
Access: 2018-08-08 19:23:58.419950791 +0200
Modify: 2018-08-08 19:12:12.494951418 +0200
Change: 2018-08-08 19:12:12.494951418 +0200

Owner: nagios
Group: nagios
Access: 775
We were updating the nrpe agent to v3 using https://support.nagios.com/kb/article.php?id=520 . Nrpe agent was previously installed using the linux-agent (nagiosxi agent script). It means it uses Xinetd.

What are the optimal permissions for "/usr/local/nagios/libexec/check_nrpe" in terms of security?

Thanks!
Top
apetsuch

Re: Recommended check_nrpe permissions

Post by apetsuch »

Hi, @saber

when you are running through the installation of the NRPE plugin,
our documentation recommends you make the following changes to your permissions:

Depending on the version of the plugins, the permissions on the plugin directory and the plugins may need
to be fixed at this point. If so run the following commands:

Code: Select all

# useradd nagios
# groupadd nagios
# usermod -a -G nagios nagios
# chown nagios.nagios /usr/local/nagios
# chown -R nagios.nagios /usr/local/nagios/libexec
Hope this helps!
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: Recommended check_nrpe permissions

Post by lmiltchev »

@saber, let us know if you have any more questions. Thank you!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
saber
Posts: 41
Joined: Wed Sep 14, 2016 4:32 pm

Re: Recommended check_nrpe permissions

Post by saber »

Thanks for the answer :)

How about the access (chmod)?
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: Recommended check_nrpe permissions

Post by lmiltchev »

My permissions are 775 (by default) but I believe that 550 *should* be sufficient permissions for the plugin to function properly (rx for user & group).
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
saber
Posts: 41
Joined: Wed Sep 14, 2016 4:32 pm

Re: Recommended check_nrpe permissions

Post by saber »

So we can simply keep the default permissions given by compiling from source?
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: Recommended check_nrpe permissions

Post by lmiltchev »

Sure, this would be fine.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios XI”