NRPE: Command 'check_init_service' not defined

[linuser]

Hm, this may be related to permissions. It would explain why your simple script worked as well. Can you try adding sudo before your command?

Code: Select all

command[check_init1]=sudo /usr/lib64/nagios/plugins/check_init_service bgpd
command[check_init2]=sudo /usr/lib64/nagios/plugins/check_init_service zebra

I'm not sure how this would matter. I am just swapping the contents of the check_init_service file that was already there. I will try though.

[linuser]

You may be right. I am still getting errors. The sudo trick did not work. I have bypassed that already by putting both the nagios and nrpe users in the sudoers file.

Here is the way I have it setup.

Code: Select all

# NEEDED TO ALLOW NAGIOS TO CHECK SERVICE STATUS
#Defaults:nagios !requiretty
nagios ALL=NOPASSWD:/usr/local/nagios/libexec/check_init_service bgpd
nagios ALL=NOPASSWD:/usr/local/nagios/libexec/check_init_service zebra
nagios ALL=NOPASSWD:/usr/local/nagios/libexec/check_nrpe
nrpe   ALL=NOPASSWD:/usr/local/nagios/libexec/check_nrpe
nrpe   ALL=NOPASSWD:/usr/local/nagios/libexec/check_init_service bgpd
nrpe   ALL=NOPASSWD:/usr/local/nagios/libexec/check_init_service zebra

And here are more denies in my audit.log file that pop up each time I run the command from the nagios server. But I just don't know what its failing on or what it wants.

Code: Select all

type=AVC msg=audit(1446051455.169:3313): avc:  denied  { execute } for  pid=15388 comm="check_init_serv" name="systemctl" dev="dm-1" ino=2101040 scontext=system_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1446051455.169:3313): arch=c000003e syscall=59 success=no exit=-13 a0=2098450 a1=209ba50 a2=209c680 a3=7fff573ff5b0 items=0 ppid=15386 pid=15388 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm="check_init_serv" exe="/usr/bin/bash" subj=system_u:system_r:nrpe_t:s0 key=(null)

type=AVC msg=audit(1446051455.169:3314): avc:  denied  { getattr } for  pid=15388 comm="check_init_serv" path="/usr/bin/systemctl" dev="dm-1" ino=2101040 scontext=system_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1446051455.169:3314): arch=c000003e syscall=4 success=no exit=-13 a0=2098450 a1=7fff573ff780 a2=7fff573ff780 a3=7fff573ff5b0 items=0 ppid=15386 pid=15388 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm="check_init_serv" exe="/usr/bin/bash" subj=system_u:system_r:nrpe_t:s0 key=(null)

type=AVC msg=audit(1446051455.169:3315): avc:  denied  { getattr } for  pid=15388 comm="check_init_serv" path="/usr/bin/systemctl" dev="dm-1" ino=2101040 scontext=system_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1446051455.169:3315): arch=c000003e syscall=4 success=no exit=-13 a0=2098450 a1=7fff573ff760 a2=7fff573ff760 a3=7fff573ff5b0 items=0 ppid=15386 pid=15388 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm="check_init_serv" exe="/usr/bin/bash" subj=system_u:system_r:nrpe_t:s0 key=(null)

[linuser]

This has been resolved. It was SELinux. Set to permissive and the commands started to work. I thought I had checked this yesterday but guess not Anyway the next problem I have is getting nagios to change status when the service is dead/not running but I will post a new thread for that one.

[rkennedy]

Nice catch on your SELinux. I'll close this thread now, and look for your next one to provide assistance.