Open fernandezguzmas opened 7 months ago
This message appears on RHEL with subscription repositories when the check is not run as root. Full log:
Nagios Plugin for Yum updates on RedHat/CentOS systems - Version 0.12.8
Author: Hari Sekhon
setting plugin timeout to 30 seconds
running command: /usr/bin/yum --security check-update
Returncode: '0'
Output: 'Not root, Subscription Management repositories not updated
Last metadata expiration check: 0:24:30 ago on Tue 16 Jul 2024 09:49:12 AM CEST.
'
YUM WARNING: Cannot find summary line in yum output. Please make sure you have upgraded to the latest version from https://github.com/HariSekhon/Nagios-Plugins. If the problem persists, please raise a ticket at https://github.com/HariSekhon/Nagios-Plugins/issues with the full -vvv output
As we probably want to update the repositories to check for new updates, ignoring the message is not an option. The easiest way would be to setuid the script to rool (chown root check_yum.py && chmod u+s check_yum.py
), this however may cause security concerns. A bit more restrictive would be modifying the script to use sudo (see attachment) and allow the two commands in /etc/sudoers.d/icinga as follows:
icinga ALL=(ALL) NOPASSWD: /usr/bin/yum --security check-update
icinga ALL=(ALL) NOPASSWD: /usr/bin/yum check-update
(Edit user "icinga" to match whatever your monitoring system is executing the script as)
Ultimately the script should probably check if the necessary permissions are already in place, switch to sudo if not and show a less generic error message for permission errors.
(attachments seem to be broken ATM)
--- check_yum.org.py 2024-07-16 10:25:24.280882380 +0200
+++ check_yum.py 2024-07-16 10:33:42.463331371 +0200
@@ -84,6 +84,7 @@
print("UNKNOWN: %s" % message)
sys.exit(UNKNOWN)
+SUDO = "/usr/bin/sudo"
YUM = "/usr/bin/yum"
DNF = '/usr/bin/dnf'
@@ -313,7 +314,7 @@
"""Gets all updates. Returns a single integer of the
number of available updates"""
- cmd = "%s check-update" % YUM
+ cmd = "%s %s check-update" % (SUDO, YUM)
output = self.run(cmd)
@@ -385,7 +386,7 @@
security and normal updates. Returns a tuple of the number
of security and normal updates"""
- cmd = "%s --security check-update" % YUM
+ cmd = "%s %s --security check-update" % (SUDO, YUM)
output = self.run(cmd)
YUM WARNING: Cannot find summary line in yum output. Please make sure you have upgraded to the latest version from https://github.com/HariSekhon/Nagios-Plugins. If the problem persists, please raise a ticket at https://github.com/HariSekhon/Nagios-Plugins/issues with the full -vvv output