Nagios XI services requiring sudo permissions don't work

[HIINNS]

Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=PROCTITLE msg=audit(1627377439.495:231386461): proctitle="(systemd)"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=EOE msg=audit(1627377439.495:231386461):
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=SYSCALL msg=audit(1627377439.496:231386462): arch=c000003e syscall=257 success=yes exit=14 a0=f a1=561bfea9e7d1 a2=2a0000 a3=0 items=1 ppid=1 pid=1251959 auid=7887 uid=7887 gid=400 euid=7887 suid=7887 fsuid=7887 egid=400 sgid=400 fsgid=400 tty=(none) ses=13396 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="successful-access" ARCH=x86_64 SYSCALL=openat AUID="mylogin" UID="mylogin" GID="nagroup" EUID="mylogin" SUID="mylogin" FSUID="mylogin" EGID="nagroup" SGID="nagroup" FSGID="nagroup"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=CWD msg=audit(1627377439.496:231386462): cwd="/"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=PATH msg=audit(1627377439.496:231386462): item=0 name="block" inode=45587 dev=00:15 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=PROCTITLE msg=audit(1627377439.496:231386462): proctitle="(systemd)"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=EOE msg=audit(1627377439.496:231386462):
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=SYSCALL msg=audit(1627377439.496:231386463): arch=c000003e syscall=257 success=yes exit=15 a0=e a1=561bfea9e7d1 a2=2a0000 a3=0 items=1 ppid=1 pid=1251959 auid=7887 uid=7887 gid=400 euid=7887 suid=7887 fsuid=7887 egid=400 sgid=400 fsgid=400 tty=(none) ses=13396 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="successful-access" ARCH=x86_64 SYSCALL=openat AUID="mylogin" UID="mylogin" GID="nagroup" EUID="mylogin" SUID="mylogin" FSUID="mylogin" EGID="nagroup" SGID="nagroup" FSGID="nagroup"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=CWD msg=audit(1627377439.496:231386463): cwd="/"
Jul 27 05:17:19 nagclient audisp-syslog[1483]: node=nagclient type=PATH msg=audit(1627377439.496:231386463): item=0 name="dm-11" inode=48616 dev=00:15 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root" - From /var/log/messages

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X
NRPE v4.0.3 - From NagiosXI server

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X
-bash: /usr/local/nagios/libexec/check_nrpe: No such file or directory - From Nagios client

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -t 30 -c check_init_service -a 'crond'
sh: sudo: command not found - After making change.

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -t 30 -c check_init_service -a 'crond'
sh: sudo: command not found - From Nagios XI server

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -t 30 -c check_init_service -a 'crond'
-bash: /usr/local/nagios/libexec/check_nrpe: No such file or directory - From RH8 client

ps aux | grep nrpe - This command shows nothing. NRPE runs under xinetd.

find / -name nrpe.cfg
/tmp/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg
/usr/share/common/AIX/nagios/linux-nrpe-agent/agentstuff/etc/nrpe.cfg
/usr/share/common/AIX/nagios/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg
/usr/share/common/AIX/nagios/brw/agentstuff/etc/nrpe.cfg
/usr/share/common/AIX/nagios/brw/subcomponents/nrpe/mods/cfg/nrpe.cfg
/usr/local/nagios/etc/nrpe.cfg
/tc/tcsoftware/usrid/Orchetstration/Nagios/Nagios-XI/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg
/tc/tcsoftware/usrid/tc-nagios/Orig-installation-n-files/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/john-notes/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/john-notes/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/Linuxclient/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/subcomponents/nrpe/nrpe-3.2.1/sample-config/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/subcomponents/nrpe/mods/cfg/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/subcomponents/nrpe/nrpe-4.0.2/sample-config/nrpe.cfg
/tc/tcsoftware/General_Software/Nagios/NRPE4/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe.cfg

[HIINNS]

Instead of manually trying to fix nrpe, can you show me how to fix the installation in the first place? Because of the way my company operates, I need to download and manually install the pips and some of the rpms. I can attach the install.log file for your review. Please let me know. Thank you.

[HIINNS]

Sorry, if forgot to mention that I also need to comment out the sudo install, as my installation puts a common sudoers file on each server for all applications. Installing your sudoers file wipes out the common sudoers file and prevents me from running until our UNIX team restores the common /etc/sudoers file.
\

[ssax]

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -t 30 -c check_init_service -a 'crond'
sh: sudo: command not found

That's the issue, NRPE doesn't know where sudo is.

Run this command:

Code: Select all

which sudo

Then change sudo in your nrpe commands to whatever it lists. You'll need to provide the full path to it (the command above listed /usr/bin/sudo on my system):

Code: Select all

command[check_init_service]=/usr/bin/sudo /usr/local/nagios/libexec/check_init_service $ARG1$

[HIINNS]

I am back to having the same error that I started with -> /usr/local/nagios/libexec/check_nrpe -H <Red Hat 8 client> -t 30 -c check_init_service -a 'crond'
NRPE: Unable to read output

What started this in the first place was that the install script (fullinstall) did not install nrpe. Being my company is about to standardize on RedHat 8 shortly, I would appreciate getting help getting the script to install correctly, rather than trying to install nrpe separately. Above, I posted comments to this effect, and detailed how I must run the installation script (fullinstall) within my environment. Please help,

[ssax]

Does changing the command to add 2>&1 on the end of it with your fixed sudo show any additional information?

Code: Select all

command[check_init_service]=/usr/bin/sudo /usr/local/nagios/libexec/check_init_service $ARG1$ 2>&1

If that doesn't, please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:

https://support.nagios.com/tickets/

Thank you!

[HIINNS]

Unfortunately, adding the $ARG1$ 2>&1 to the command doesn't fix the problem. And there may be a problem setting up a remote session. RIght now I would have to set up the remote session, and my installation uses Web Ex. The company policy may have changed as I have not had to set up/or join a remote session in quite some time. I'll get back to you with what I find out, probably next wee sometime.

[ssax]

Sounds good.We'll keep an eye out. We use webex here as well.

The 2>&1 wasn't mean to fix it, only to try to get additional output related to the failure.

[HIINNS]

I can join your meeting. However, I am not allowed to share anything.

[ssax]

I just labbed it up in EL8 and it's working properly. It's up to you whether you want to do a remote or not.

Now that it's saying "NRPE: Unable to read output", put 2>&1 onto the end of the command in your nrpe config, set debug=0 in the nrpe.cfg, run the check again, and see if there is any additional output from the check command.

Look in /var/log/messages for any NRPE debug information after running the check, send us any related messages.

Do you have selinux enabled on the system?

Code: Select all

sestatus