Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Recommended check_nrpe permissions

https://support.nagios.com/forum/viewtopic.php?t=49804

Page 1 of 1

Recommended check_nrpe permissions

Posted: Wed Aug 08, 2018 12:34 pm
by saber
Hi,

What are the recommended permissions for the file "/usr/local/nagios/libexec/check_nrpe" ?

When installing using the linux-agent script (https://assets.nagios.com/downloads/nag ... ent.tar.gz) , it seems that it does the following:

Code: Select all

chmod 755 /usr/local/nagios/libexec/*
chown root:nagios /usr/local/nagios/libexec/*
However, when compiling from source, the permissions are

Code: Select all

# stat /usr/local/nagios/libexec/check_nrpe
  File: `/usr/local/nagios/libexec/check_nrpe'
  Size: 132384    	Blocks: 264        IO Block: 4096   regular file
Device: 802h/2050d	Inode: 7609249     Links: 1
Access: (0775/-rwxrwxr-x)  Uid: (  502/  nagios)   Gid: (  504/  nagios)
Access: 2018-08-08 19:23:58.419950791 +0200
Modify: 2018-08-08 19:12:12.494951418 +0200
Change: 2018-08-08 19:12:12.494951418 +0200

Owner: nagios
Group: nagios
Access: 775
We were updating the nrpe agent to v3 using https://support.nagios.com/kb/article.php?id=520 . Nrpe agent was previously installed using the linux-agent (nagiosxi agent script). It means it uses Xinetd.

What are the optimal permissions for "/usr/local/nagios/libexec/check_nrpe" in terms of security?

Thanks!

Re: Recommended check_nrpe permissions

Posted: Wed Aug 08, 2018 1:33 pm
by apetsuch
Hi, @saber

when you are running through the installation of the NRPE plugin,
our documentation recommends you make the following changes to your permissions:

Depending on the version of the plugins, the permissions on the plugin directory and the plugins may need
to be fixed at this point. If so run the following commands:

Code: Select all

# useradd nagios
# groupadd nagios
# usermod -a -G nagios nagios
# chown nagios.nagios /usr/local/nagios
# chown -R nagios.nagios /usr/local/nagios/libexec
Hope this helps!

Re: Recommended check_nrpe permissions

Posted: Thu Aug 09, 2018 11:09 am
by lmiltchev
@saber, let us know if you have any more questions. Thank you!

Re: Recommended check_nrpe permissions

Posted: Mon Aug 13, 2018 4:41 pm
by saber
Thanks for the answer :)

How about the access (chmod)?

Re: Recommended check_nrpe permissions

Posted: Tue Aug 14, 2018 9:14 am
by lmiltchev
My permissions are 775 (by default) but I believe that 550 *should* be sufficient permissions for the plugin to function properly (rx for user & group).

Re: Recommended check_nrpe permissions

Posted: Tue Aug 14, 2018 9:18 am
by saber
So we can simply keep the default permissions given by compiling from source?

Re: Recommended check_nrpe permissions

Posted: Tue Aug 14, 2018 9:21 am
by lmiltchev
Sure, this would be fine.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited