NRPE and root access

[desmondlewissmith]

is it manditory that I have root privs to install and run nrpe on my RHEL boxes I'm monitoring. While I own the boxes, our central IT department OWNS the hardware and only gives us sudo privs.

I'm running NAGIOS XI

Is there any information available I can provide them on exactly what access I need to install NRPE on the RHEL servers and run NRPE on the RHEL servers?

[lmiltchev]

You do need a root access to install NRPE (see quotes):

a) Prerequisites
In order to complete these installation instructions, you'll need:
– Root access on the remote Linux/Unix host
– Access to the nagios user account on the monitoring host

and

c) Remote Host Setup
These instructions should be completed on the remote Linux/Unix host that the NRPE daemon will be installed on.
You'll be installing the Nagios plugins and the NRPE daemon...
i. Create Account Information
Become the root user. You may have to use sudo -s on Ubuntu and other distros.
su -l

http://www.google.com/url?sa=t&rct=j&q= ... LA&cad=rja

You may also want to take a look at this:
http://www.cyberz.org/blog/2009/01/03/n ... ad-output/

Hope this helps.

[desmondlewissmith]

OK, so after reading that here's my question.

If I have my IT department install as root, once installed will it be running under application space as opposed to root space? Will the daemon be running as root or as NAGIOS user?

My IT departments main concern is that if NAGIOS is running in the root space, it will be flagged as foreign when they are running patching software. I'm just trying to figure out to what degree the root account is used once the NRPE agent is installed.

I hope I'm not repeating myself, just trying to get a better grip.

[lmiltchev]

I am not sure how to answer this question. Most often, the xinetd daemon is used with NRPE, which is a root process. However, if you look at "/etc/xinetd/nrpe", you will see that xinetd calls user/group nagios.

Code: Select all

# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 192.168.X.X
}

[desmondlewissmith]

This one is still a problem for me. Ulitimately whats happening here is that our central IT owns the VM's and they are telling me that don't want anything running as root. Is it possible to setup/install not as root?

[mguthrie]

Correction to the post above. The NRPE daemon runs under xinetd, but as the nagios user. There might be some individual checks that need to be run as setuid root, but the daemon runs as nagios.

Note the xinetd config:

# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios

[desmondlewissmith]

Is there any chance I can use one of my support calls to get a NAGIOS engineer on the phone with my IT so I can get this running? I'm fighting my internal IT department and not getting consistent answers. I've used NAGIOS since I worked at McAfee 7 years ago and I'm trying to implement NAGIOS XI Cisco wide as a solution since I love the product. I've paid for our one server but plan to implement much larger installation should this go well.

[mguthrie]

Currently we don't offer phone support at this time. The above post is correct, the NRPE daemon runs under xinetd as the nagios user. However, the installation will require root permissions for some of the setup steps because there are some system-level files (like the xinetd config) that need to be modified.

We'll do our best to address your issues in a timely manner, if you have other questions in addition to this, let us know.