Page 1 of 2
[sort of SOLVED] Script (plugin) not working as expected
Posted: Wed Mar 07, 2012 8:08 am
by darthcolo
Hello guys!
We are developing a script in our Nagiso Server to check a Host by "check_by_ssh" plugin. We have everything correctly configured.
This is the script (modificated for preserve delicate information):
Code: Select all
#!/bin/bash
RESPUESTA=`/usr/lib/nagios/plugins/check_by_ssh -H 10.xx.xx.xx -C /usr/opt/something/command | grep SOMETHING1 | grep SOMETHING-MORE`
# RESPUESTA will be like: "17561 something 123 SOMETHING1 /usr/opt/something/SOMETHING-MORE"
if [[ "$RESPUESTA" == *SOMETHING-MORE* ]]
then
echo "Evryting working OK:" $RESPUESTA
exit 0
elif [[ "$RESPUESTA" != *SOMETHING-MORE* ]]
then
echo "### Error: check_by_ssh failed ###"
exit 2
else
echo "### Script error ###"
exit 3
fi
When we run this script as "root" in the command line, it returns:
Code: Select all
root@nagios03:/usr/lib/nagios/plugins# ./script
Evryting working OK: 17561 something 123 SOMETHING1 /usr/opt/something/SOMETHING-MORE
But in the web interface in Nagios, it shows:
Code: Select all
### Error: check_by_ssh failed ###
We have tried to run the script like this:
Code: Select all
root@nagios03:/usr/lib/nagios/plugins# su nagios -c './script'
and nothing is returned.
Does anyone has a clue about how to solve this issue?
Thanks!
Re: Script (plugin) not working as expected
Posted: Wed Mar 07, 2012 9:47 am
by darthcolo
Answer to myself:
In order to work, I had to:
1) Assign a Shell to user nagios:
2) Include user nagios in sudoers list:
Code: Select all
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_by_ssh
3) Edit the script:
Code: Select all
RESPUESTA=`sudo /usr/lib/nagios/plugins/check_by_ssh -H 10.xx.xx.xx -C /usr/opt/something/command | grep SOMETHING1 | grep SOMETHING-MORE`
Now... this is a major security concern.
Can you figure out a better way to do this?
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Wed Mar 07, 2012 11:22 am
by mguthrie
Would it have been simpler to do a:
Are there other system commands being called by that script that require root permissions?
For the ssh login, is the nagios user attempting to login to the remote machine and not having access?
Are you developing your own check_by_ssh plugin, or having issues with the remote command that's being run after the ssh login? There's a check_by_ssh plugin that ships with the nagios-plugins package that's already had years of development on it. If you're developing your own, I would look at what's already been built and tested instead of recreating the wheel.
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Wed Mar 07, 2012 11:32 am
by darthcolo
Thanks for the response.
These are the current settings of check_by_ssh:
Code: Select all
-rwxr-xr-x 1 root root 39796 may 22 2011 check_by_ssh
The command executed in the remote Host (.../usr/opt/something/command | grep SOMETHING1 | grep SOMETHING-MORE...) needs root privileges.
Nagios user can login through ssh just fine (I think...).
I'm having issues with the remote command that's being run after the ssh login.
Thanks for your comments.
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Wed Mar 07, 2012 3:26 pm
by mguthrie
OH ok, I think I see what you're saying. So what you should probably do is add a special sudoers line for the nagios user, giving him permission to run your :
command.
Or if that's a home-grown script, then just give it executable permissions for the nagios user.
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Thu Mar 08, 2012 8:26 am
by darthcolo
This:
is on the remote Host, and I can't touch it for something else that diagnosis commands.
We cannot change anything about that command.
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Thu Mar 08, 2012 12:57 pm
by mguthrie
Can you add something to that remote machine's sudoers file so the nagios user can't log in, but they can run that particular command?
Code: Select all
User_Alias NAGIOS=nagios
# Nagios Core
NAGIOS ALL = NOPASSWD:/usr/opt/something/command
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Fri Mar 09, 2012 8:17 am
by darthcolo
Nope. I can't do anything in the remote machine, because is a production server.
But thank you!
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Mon Mar 19, 2012 3:38 am
by dpnctl
I am sorry but I am new to this forum, not able to locate a link to post a new one
Re: [sort of SOLVED] Script (plugin) not working as expected
Posted: Mon Mar 19, 2012 9:47 am
by mguthrie
Can you post this as a new thread? This is not the same issue at all.