Re: UDP port for monitor
Posted: Fri Oct 05, 2018 2:01 pm
Can you attach your current check_udp_port file
Code: Select all
su nagios -c '/usr/local/nagios/libexec/check_udp_port -H xxxxxxxx -p 1162 -s "health-trap"'Nagios Support Forum
Support for Nagios products and services
https://support.nagios.com/forum/
UDP port for monitor
Page 3 of 3
Re: UDP port for monitor
Posted: Wed Oct 10, 2018 7:19 am
We've tested this with the same setup you have without error so the | isn't the problem, Lets go back to just the attached file for the plugin
then run the following and return the results
Re: UDP port for monitor
Posted: Fri Oct 12, 2018 5:57 am
hi scottwilkerson,scottwilkerson wrote:We've tested this with the same setup you have without error so the | isn't the problem, Lets go back to just the attached file for the plugin then run the following and return the resultsCode: Select all
su nagios -c '/usr/local/nagios/libexec/check_udp_port -H xxxxxxxx -p 1162 -s "health-trap"'
We have tested with the same plugin and PFB command output
[root@xxxxxxxxx libexec]# su nagios -c '/usr/local/nagios/libexec/check_udp_port -H xx.xxx.xxx.xx -p 1162 -s "health-trap"'
You requested a scan type which requires root privileges.
QUITTING!
result:
f_result:
p_result:
CRITICAL:
[root@xxxxxxxx libexec]# ./check_udp_port -H xx.xxx.xxx.xx -p 1162 -s "health-trap"
result:
Starting Nmap 6.47 ( http://nmap.org ) at 2018-10-12 11:53 BST
Nmap scan report for xx.xxx.xxx.xx
Host is up (0.00021s latency).
PORT STATE SERVICE
1162/udp open|filtered health-trap
MAC Address: 00:15:5D:6E:4E:27 (Microsoft)
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
f_result: 1162/udp open|filtered health-trap MAC Address: 00:15:5D:6E:4E:27 (Microsoft) Nmap done
p_result: 1162/udp open|filtered health-trap
OK: health-trap listening on port 1162: 1162/udp open|filtered health-trap
You have mail in /var/spool/mail/root
[root@xxxxxxxxx libexec]#
Re: UDP port for monitor
Posted: Fri Oct 12, 2018 1:45 pm
Try this, edit the /etc/sudoers file and add the following entries
Save the file and edit the check_udp_port script and change this line from
to
Save it out and run this test again to see if it allows nmap to run as root in the script.
Code: Select all
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_udp_port
nagios ALL=NOPASSWD: /usr/bin/nmap Code: Select all
result=`/usr/bin/nmap -sU -p $port -P0 $host`Code: Select all
result=`sudo /usr/bin/nmap -sU -p $port -P0 $host`Code: Select all
su nagios -c '/usr/local/nagios/libexec/check_udp_port -H xx.xxx.xxx.xx -p 1162 -s "health-trap"'Re: UDP port for monitor
Posted: Mon Oct 15, 2018 9:38 am
Hi tgriep,tgriep wrote:Try this, edit the /etc/sudoers file and add the following entriesSave the file and edit the check_udp_port script and change this line fromCode: Select all
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_udp_port nagios ALL=NOPASSWD: /usr/bin/nmaptoCode: Select all
result=`/usr/bin/nmap -sU -p $port -P0 $host`Save it out and run this test again to see if it allows nmap to run as root in the script.Code: Select all
result=`sudo /usr/bin/nmap -sU -p $port -P0 $host`Code: Select all
su nagios -c '/usr/local/nagios/libexec/check_udp_port -H xx.xxx.xxx.xx -p 1162 -s "health-trap"'
As you said i did the changes but still issue remains same.
so while digging into this issue suddenly one thing came to my mind and i tried with the old plugin and command but i changed the macarons path $USER1$=LC_ALL=C /usr/local/nagios/libexec this to $USER2$=/usr/local/nagios/libexec so after changing the path issue has been resolved and came to end finally. PFB SS as you have told to do changes and i have tested in the udp port 1162 copy1 working output.
Output:
[root@xxxxxxxxxx libexec]# su nagios -c '/usr/local/nagios/libexec/check_udp_port -H xx.xxx.xxx.xx -p 1162 -s "health-trap"'
result:
Starting Nmap 6.47 ( http://nmap.org ) at 2018-10-15 15:25 BST
Nmap scan report for xx.xxx.xxx.xx
Host is up (0.00020s latency).
PORT STATE SERVICE
1162/udp open|filtered health-trap
MAC Address: 00:15:5D:6E:4E:27 (Microsoft)
Nmap done: 1 IP address (1 host up) scanned in 5.78 seconds
f_result: 1162/udp open|filtered health-trap MAC Address: 00:15:5D:6E:4E:27 (Microsoft) Nmap done
p_result: 1162/udp open|filtered health-trap
OK: health-trap listening on port 1162: 1162/udp open|filtered health-trap
You have mail in /var/spool/mail/root
[root@xxxxxxxxxxx libexec]#
[root@xxxxxxxxx libexec]# ./check_udp1 -H xx.xxx.xxx.xx -p1162 -s "health-trap"
OK: health-trap listening on port 1162: 1162/udp open|filtered health-trap
Command:
check_udp_port_copy_1 $USER2$/check_udp1 -H $HOSTADDRESS$ -p $ARG1$ -s $ARG2$
Re: UDP port for monitor
Posted: Mon Oct 15, 2018 1:59 pm
I am glad your issue has been resolved, but wonder - why did you have this:
You should've had this:
Let us know if it is OK to lock this topic. Thank you!
Code: Select all
$USER1$=LC_ALL=C /usr/local/nagios/libexecCode: Select all
$USER1$=/usr/local/nagios/libexecRe: UDP port for monitor
Posted: Wed Oct 17, 2018 2:54 am
Hi lmiltchev,lmiltchev wrote:I am glad your issue has been resolved, but wonder - why did you have this:You should've had this:Code: Select all
$USER1$=LC_ALL=C /usr/local/nagios/libexecLet us know if it is OK to lock this topic. Thank you!Code: Select all
$USER1$=/usr/local/nagios/libexec
Actually i don't know what for $USER1$=LC_ALL=C /usr/local/nagios/libexec macarons created in our environment, i will be coordinate with my team members and modify asap.
Thanks for each and every one who have supported in this issue, you can lock this topic.