check_expiry
check_expiry
Hi, I am using check_expiry on Linux (RHEL 6) but while running it with check_nrpe, I always get "NRPE: Unable to read output"
I can see nagios is not able to execute this script to check user's password expiry information. any idea on how this can be achieved?
I can see nagios is not able to execute this script to check user's password expiry information. any idea on how this can be achieved?
Re: check_expiry
Edit line 15 to look like:
Test again and let us know the results. If it still fails, try running the script directly on the host and not using check_nrpe:
Code: Select all
if [[ $get_expiry_date == *"Never"* ]]
Code: Select all
bash -x ./check_expiry <username>
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: check_expiry
@hardik185, On top of what Craig recommended, I suggest adding the following entries to the /etc/sudoers file on the nrpe server.
Code: Select all
nagios ALL = NOPASSWD:/tmp/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: check_expiry
Hi,
Thanks for your response.
I have tried both but I still get the same error.
strace does not really help. If I run the script as nagios user I get the right output. It is just check_nrpe does not give.
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output
Any idea?
Thanks for your response.
I have tried both but I still get the same error.
strace does not really help. If I run the script as nagios user I get the right output. It is just check_nrpe does not give.
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output
Any idea?
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: check_expiry
@hardik185, Can you show us the check_appuser command in the nrpe.cfg file? Please upload the whole npre.cfg file so I could examine your settings.
Also, if your plugin is in the /usr/local/nagios/etc/libexec/ folder, then you need to adjust entries in the sudoers file to reflect that:
Also, if your plugin is in the /usr/local/nagios/etc/libexec/ folder, then you need to adjust entries in the sudoers file to reflect that:
Code: Select all
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: check_expiry
Hi @npolovenko,
Sure. I have added the entries as suggested in /etc/sudoers but still same output. Please find attached nrpe.cfg and suggest if there is any way to enable this check.
Sure. I have added the entries as suggested in /etc/sudoers but still same output. Please find attached nrpe.cfg and suggest if there is any way to enable this check.
- Attachments
-
- nrpe.cfg
- (10.35 KiB) Downloaded 344 times
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: check_expiry
@hardik185, Open the /etc/sudoers file and add the following entries instead of just two entries that I recommended earlier.
I added "sudo".
Let me know if this fixes the issue.
Open the /usr/local/nagios/libexec/check_expiry.sh script on the line 14, and change it to look like this:Defaults: nrpe !requiretty
Defaults: nagios !requiretty
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
Code: Select all
get_expiry_date=$(sudo /usr/sbin/lchage -l $1 | grep 'Password Expires' | cut -d: -f2)
Let me know if this fixes the issue.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: check_expiry
hi @npolovenko ,
I have added entries in sudoer file as suggested but did not help. not sure what is still missing.
I have added entries in sudoer file as suggested but did not help. not sure what is still missing.
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: check_expiry
@hardik185, Please switch to the nagios user, run the plugin and show us the output:
Please upload the /etc/sudoers file and upload the plugin with the modifications we suggested here as well.
Code: Select all
su - nagios
/usr/local/nagios/libexec/check_expiry.sh
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: check_expiry
sorry for replying late @npolovenko
I am able to run it successfully with "su - nagios"
-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser1
OK - Password never expires
-bash-4.1$ vim /usr/local/nagios/etc/nrpe.cfg
-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser2
OK - Password is 61 days from expiry
-bash-4.1$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output
-bash-4.1$
Below are the entries added in /etc/sudoers,
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh *
nagios ALL = NOPASSWD:/usr/sbin/lchage -l *
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
Below is the line updated in plugin,
function calculate_days_till_expiry {
get_expiry_date=$(sudo /usr/sbin/lchage -l $1 | grep 'Password Expires' | awk '{print $3}')
Can you review and suggest?
I am able to run it successfully with "su - nagios"
-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser1
OK - Password never expires
-bash-4.1$ vim /usr/local/nagios/etc/nrpe.cfg
-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser2
OK - Password is 61 days from expiry
-bash-4.1$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output
-bash-4.1$
Below are the entries added in /etc/sudoers,
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh *
nagios ALL = NOPASSWD:/usr/sbin/lchage -l *
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
Below is the line updated in plugin,
function calculate_days_till_expiry {
get_expiry_date=$(sudo /usr/sbin/lchage -l $1 | grep 'Password Expires' | awk '{print $3}')
Can you review and suggest?