check_expiry

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

check_expiry

Postby hardik185 » Wed May 15, 2019 11:49 am

Hi, I am using check_expiry on Linux (RHEL 6) but while running it with check_nrpe, I always get "NRPE: Unable to read output"

I can see nagios is not able to execute this script to check user's password expiry information. any idea on how this can be achieved?
hardik185
 
Posts: 5
Joined: Wed May 15, 2019 11:44 am

Re: check_expiry

Postby cdienger » Wed May 15, 2019 4:47 pm

Edit line 15 to look like:

Code: Select all
        if [[ $get_expiry_date == *"Never"*  ]]


Test again and let us know the results. If it still fails, try running the script directly on the host and not using check_nrpe:

Code: Select all
bash -x ./check_expiry <username>
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
cdienger
Support Tech
 
Posts: 3454
Joined: Tue Feb 07, 2017 11:26 am

Re: check_expiry

Postby npolovenko » Wed May 15, 2019 5:00 pm

@hardik185, On top of what Craig recommended, I suggest adding the following entries to the /etc/sudoers file on the nrpe server.
Code: Select all
nagios ALL = NOPASSWD:/tmp/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
npolovenko
Support Tech
 
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: check_expiry

Postby hardik185 » Fri May 24, 2019 10:19 am

Hi,

Thanks for your response.
I have tried both but I still get the same error.

strace does not really help. If I run the script as nagios user I get the right output. It is just check_nrpe does not give.

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output

Any idea?
hardik185
 
Posts: 5
Joined: Wed May 15, 2019 11:44 am

Re: check_expiry

Postby npolovenko » Fri May 24, 2019 2:55 pm

@hardik185, Can you show us the check_appuser command in the nrpe.cfg file? Please upload the whole npre.cfg file so I could examine your settings.

Also, if your plugin is in the /usr/local/nagios/etc/libexec/ folder, then you need to adjust entries in the sudoers file to reflect that:
Code: Select all
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
npolovenko
Support Tech
 
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: check_expiry

Postby hardik185 » Tue May 28, 2019 7:05 am

Hi @npolovenko,
Sure. I have added the entries as suggested in /etc/sudoers but still same output. Please find attached nrpe.cfg and suggest if there is any way to enable this check.
Attachments
nrpe.cfg
(10.35 KiB) Downloaded 96 times
hardik185
 
Posts: 5
Joined: Wed May 15, 2019 11:44 am

Re: check_expiry

Postby npolovenko » Tue May 28, 2019 4:08 pm

@hardik185, Open the /etc/sudoers file and add the following entries instead of just two entries that I recommended earlier.
Defaults: nrpe !requiretty
Defaults: nagios !requiretty

nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh
nagios ALL = NOPASSWD:/usr/sbin/lchage
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service


Open the /usr/local/nagios/libexec/check_expiry.sh script on the line 14, and change it to look like this:
Code: Select all
get_expiry_date=$(sudo /usr/sbin/lchage -l $1 | grep 'Password Expires' | cut -d: -f2)

I added "sudo".

Let me know if this fixes the issue.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
npolovenko
Support Tech
 
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: check_expiry

Postby hardik185 » Fri May 31, 2019 6:00 am

hi @npolovenko ,
I have added entries in sudoer file as suggested but did not help. not sure what is still missing.
hardik185
 
Posts: 5
Joined: Wed May 15, 2019 11:44 am

Re: check_expiry

Postby npolovenko » Fri May 31, 2019 4:07 pm

@hardik185, Please switch to the nagios user, run the plugin and show us the output:
Code: Select all
su - nagios
/usr/local/nagios/libexec/check_expiry.sh


Please upload the /etc/sudoers file and upload the plugin with the modifications we suggested here as well.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
npolovenko
Support Tech
 
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: check_expiry

Postby hardik185 » Thu Jun 13, 2019 11:08 am

sorry for replying late @npolovenko

I am able to run it successfully with "su - nagios"

-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser1
OK - Password never expires
-bash-4.1$ vim /usr/local/nagios/etc/nrpe.cfg
-bash-4.1$ /usr/local/nagios/libexec/check_expiry.sh appuser2
OK - Password is 61 days from expiry
-bash-4.1$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_appuser
NRPE: Unable to read output
-bash-4.1$

Below are the entries added in /etc/sudoers,
nagios ALL = NOPASSWD:/usr/local/nagios/etc/libexec/check_expiry.sh *
nagios ALL = NOPASSWD:/usr/sbin/lchage -l *
nagios ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service
nrpe ALL = NOPASSWD: /sbin/service,/usr/bin/systemctl,/usr/sbin/service

Below is the line updated in plugin,
function calculate_days_till_expiry {
get_expiry_date=$(sudo /usr/sbin/lchage -l $1 | grep 'Password Expires' | awk '{print $3}')

Can you review and suggest?
hardik185
 
Posts: 5
Joined: Wed May 15, 2019 11:44 am

Next

Return to Nagios Plugin Development

Who is online

Users browsing this forum: harithas and 0 guests