Nagios Support Forum

Hi,

I am writing up an event handler to deal with a recalcitrant crashing process on a bunch of boxes
which the world community in that particular tool has not solved (it has a mass of plugins and
debugging it is a nightmare, if even possible.)

The service and command entries for the cfg files and the event handler shell script itself are fine.

My question is, as usual, in the security.

The Barth text indicates the nagios user and a sudoers entry for nagios-as-root needs to be on each managed node
so that nagios can run the event handler shell script which has as the side-effect restarting the process if hard-down
or 3 soft-errors.

Is my interpretation of the security requirement correct or does it need a re-write?

Looks like event handlers require NPRE and there's no other method
of remote execution?

I'm a bit confused as to what you mean by "Barth text". Can you explain what that is?

And NRPE is one way to do remote commands, but you can also do it via nrpe SSH which eliminates the need to make a sudoers exception for nagios if you are running as an already-allowed user.

Edit: Thank you eloyd for pointing out my typo. Fixed.

Wolfgang Barth. Query Wolfgang Barth Nagios at Amazon.

I think Trevor meant to say "another way is via SSH."

We run event handlers two ways:
1. Through NRPE (in which case, yes, Nagios needs to be in sudoers file on the remote machine to be able to execute the restart on the remote machine)
2. Through SSH (in which case Nagios needs to be able to SSH as root to the remote machine with an empty passphrase)

Both have pros and cons. We're actually switching all our remote event handlers over to NRPE because we're also switching all our Nagios infrastructure over to Chef (I think that will be my Nagios World Conference 2015 talk!), so we can manage the sudoers file and the nrpe.cfg file through Chef and make our lives much easier.

But we've also done it via a shared database....put the command in the database on the Nagios server and then extract it via cron on the remote host and execute commands as root that way.

Your imagination is your only limitation.

smcracraft, did eloyd and I answer your question?