Open nigemar opened 5 years ago
Can you show file permissions for the directory? ls -l -d /etc/nagios/nrpe.d
Are you able to find any messages in your log_file (defaults to /usr/local/nagios/var/nrpe.log
)?
Sure,
Here is the permission set for the host that is failing to find the checks:
total 4
drwxr-xr-x. 2 root root 35 Sep 2 12:45 ./
drwxrwxr-x. 5 root root 68 Sep 2 15:04 ../
-rw-r--r--. 1 root root 89 Sep 2 12:19 nrpe_nifi_cluster.cfg
/etc/nagios/nrpe.d# ls -ld .
drwxr-xr-x. 2 root root 35 Sep 2 12:45 ./
Here is the SELinux contexts applied to the nrpe.cfg and the nrpe_nifi_cluster.cfg
/etc/nagios# ls -lZ /etc/nagios/nrpe.cfg /etc/nagios/nrpe.d/nrpe_nifi_cluster.cfg
-rw-r--r--. root root system_u:object_r:nrpe_etc_t:s0 /etc/nagios/nrpe.cfg
-rw-r--r--. root root system_u:object_r:nrpe_etc_t:s0 /etc/nagios/nrpe.d/nrpe_nifi_cluster.cfg
Here is the boolean for nagios sudo
/etc/nagios# getsebool -a |grep -i nagios_run_sudo
nagios_run_sudo --> on
Looking at /var/log/messages, this an SELinux issue:
2019-09-04T07:49:29.142982+10:00 enk-nifi-03 nrpe[12711]: Could not open config directory '/etc/nagios/nrpe.d' for reading.
2019-09-04T07:49:29.143497+10:00 enk-nifi-03 nrpe[12711]: Continuing with errors...
2019-09-04T07:49:29.147873+10:00 enk-nifi-03 nrpe[12711]: Starting up daemon
2019-09-04T07:49:29.150269+10:00 enk-nifi-03 nrpe[12711]: Server listening on 0.0.0.0 port 5666.
2019-09-04T07:49:29.150983+10:00 enk-nifi-03 nrpe[12711]: Warning: Daemon is configured to accept command arguments from clients!
2019-09-04T07:49:29.151522+10:00 enk-nifi-03 nrpe[12711]: Listening for connections on port 5666
2019-09-04T07:49:29.152076+10:00 enk-nifi-03 nrpe[12711]: Allowing connections from: xxx.xsx.xsx.xxx, xxx.xsx.xsx.xxx, xxx.xsx.xsx.xxx
Do you know what context needs to be set for this directory and contents?
I have tried setting the context to use both nrpe_etc_t and nagios_etc_t and both still give the same warning about not being able to read
Could not open config directory '/etc/nagios/nrpe.d' for reading.
Do you know what the correct context should be?
Turns out setting the module context to be: etc_t allows the SELinux to read this correctly.
I am guessing the nrpe_etc_t or nagios_etc_t is broken in terms of system access. Do I need to submit this to red hat or this a policy you have developed?
Okay, that makes more sense. We don't maintain anything with regard to SELinux. If I remember correctly, this is part of a package distributed by Fedora/EPEL, so I'm not sure if you'd submit to Red Hat or somewhere else.
Than, I will raise a ticket with EPEL and then link it back to here and vice versa.
Thanks.
EPEL bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1749156
We're working on updating the SELinux policy relative to nagios and NRPE in epel7; this issue should be fixed soon.
Hello, It seems there is the same behaviour on RH8 and 4.0.2-2 and SELinux enabled On RH7 4.0.3-6, it works fine but without SELinux
Hi, I am trying to configure nrpe to use the configuration files that we drop under include_dir configuration in the nrpe.cfg file.
I have found that on our RHEL7 boxes when we set this configuration as follows:
include_dir=/etc/nagios/nrpe.d
and add the following file:
nrpe_nifi_cluster.cfg
When the nagios runs the check, we get an error saying the command 'check_nifi_cluster_query' not defined:
Running the code from nagios
The nrpe versions information is as follows:
While we have the same configuration on RHEL 6 server:
/etc/nagios/nrpe.cfg
File listing on RHEL 6
atm.cfg
Result:
Client server nrpe