Nagios Support Forum

I've spent weeks beating me head off NRPE. I developed a plugin in Perl that works from the commandline when run as the nagios user, but, it will not work over NRPE at all. I had thought it was something to do with my script, but after some more experimentation today, I think it's a problem with NRPE, or with the NRPE package from RPMForge for RHEL6.

I decided to go right back to first principles, and try get the absolute most elemental script I could to work, so I wrote the following plugin that simply always returns OK:
This works from the commandline as the user nagios, so I added it to NRPE with the following command:
command[check_test]=/usr/lib64/nagios/plugins/check_true.pl

This gives the following error over NRPE: NRPE: Unable to read output

I decided to simplify things even more, and commented out the two use statements, THEN it worked! It turns out that as soon as I use ANYTHING, even standard parts of Perl, NRPE breaks.

To investigate further I wrote a little wrapper shell script to capture STDERR as well as STDOUT when the script is run by NRPE. The wrapper I used was simply:
This executed via NRPE, and returned the following output:
I checked on the server for the location of strict.pm, it is located at /usr/share/perl5/strict.pm, and as you can see, that path IS shown in @INC.

I'm at a loss to see why such a trivial script could work when run as the user nagios, but break so badly when run as the user nagios through NRPE? What does NRPE do to the environment that could break Perl this badly? And does anyone know a work-around other than re-writing my entire plugin in a different language?

Thanks,

Bart.

Hmmm I can only speculate why it's not working I've never had the same issue with NRPE. I suppose a good starting point would be to check that the nrpe user has access to the perl libs, though I have no idea why it wouldn't. Also are you running SELinux (aka the silent breaker of all things)?

Perhaps try su - nrpeuser and try to run the script from the command line... that will be the most telling way I suppose of knowing if it's a permissions issue or an NRPE environment issue.

jsmurphy wrote:Also are you running SELinux (aka the silent breaker of all things)?

I am running SELinux, and it did cross my mind, so I checked the SELinux logs to see if anything was being denied, and nothing was. BTW - I love your nickname for it, so true

jsmurphy wrote: Perhaps try su - nrpeuser and try to run the script from the command line... that will be the most telling way I suppose of knowing if it's a permissions issue or an NRPE environment issue.

NRPE is running as the user nagios, and I have tested the plugin using su - nagios and it runs perfectly. To me this implies the file permissions are fine on the libs.

Correction - it IS an SELinux problem, I'd been looking in the wrong log file.

I guess the question now is how best to turn off SELinux for just NRPE because I don't want to turn it off completely for security reasons. I did some googling and on CentOS there is a boolean to for turning off SELinux for NRPE, but that boolean doesn't exist on RHEL 6.

Hopefully someone else here has more experience with SELinux than I do, but honestly I think your best bet now that you've narrowed it down to an SELinux problem is to contact Red Hat. Their support team will be far more knowledgeable about that.