When installing Nagios NRPE agent to a Linux server (e.g., Red Hat 7, or CentOS 7), the following lines are added to /etc/sudoers:
# NEEDED TO ALLOW NAGIOS TO CHECK SERVICE STATUS
Defaults:nagios !requiretty
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_init_service
This has brought up an issue with the security scan by adding the account "nagios" to /etc/sudoers.
How does this service check work, and how important to allow nagios to check service status? Is it optional or required to run this plugin? If these lines are removed from /etc/sudoers, what would be the possible impact to the nagios agent?
allow nagios to check service status on Nagios NRPE agent
Re: allow nagios to check service status on Nagios NRPE agen
I believe that the nagios user needs sudoer permissions to check whether the init service is running on a host. You would probably break the ability for NRPE to check whether init is running on the host...
If you would like to see exactly what that a plugin is doing, you can usually just open it in a text editor.
If you would like to see exactly what that a plugin is doing, you can usually just open it in a text editor.
Code: Select all
vi /usr/local/nagios/libexec/check_init_serviceAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!