rmoesbergen
commented
7 years ago Quick fix:
--- /usr/lib64/nagios/plugins/check_exim_queue.org 2017-05-03 12:52:34.375176544 +0200 +++ /usr/lib64/nagios/plugins/check_exim_queue 2017-05-03 12:52:49.949751120 +0200 @@ -125,7 +125,7 @@ exit "$STATE_UNKNOWN" fi
-CMDSTRING="${SUDOBIN} ${EXIMBIN} -bpc" +CMDSTRING="${SUDOBIN} -u exim ${EXIMBIN} -bpc"
if [ "${EXIMCF}" != "/etc/exim/exim.conf" ]; then CMDSTRING="${CMDSTRING} -C ${EXIMCF}"
akissa
The new 2.1.5 / 6.9 nrpe check seems to not be working. I just upgraded 2 nodes, and the check returns 'no result' (timeout). Investigation shows that the check script uses sudo to perform various queue checks. To allow this, a sudoers file had been created:
baruwa ALL=(exim) NOPASSWD: /usr/sbin/exim -C /etc/exim/exim_out.conf -M , \ /usr/sbin/exim -C /etc/exim/exim_out.conf -Mf , \ /usr/sbin/exim -C /etc/exim/exim_out.conf -Mrm , \ /usr/sbin/exim -C /etc/exim/exim_out.conf -Mg , \ /usr/sbin/exim -C /etc/exim/exim_out.conf -Mar , \ /usr/sbin/exim -C /etc/exim/exim_out.conf -qff, \ /usr/sbin/exim -Mrm , \ /usr/sbin/exim -Mg , \ /usr/sbin/exim -Mar , \ /usr/sbin/exim -qGbaruwa -Mrm , \ /usr/sbin/exim -qGbaruwa -Mg , \ /usr/sbin/exim -qGbaruwa -Mar *
So these commands are allowed when sudo-ing from the 'nrpe' to the 'exim' user. However: the check script does not supply a -u exim when executing the check commands, so the sudo will actually be requested to user 'root'... Which then prompt for a sudo password, which makes the check time-out.
Another issue is that the old check used to supply performance data, like this:
print "$msg|unsent=$msg_q;$opt_w;$opt_c;0\n";
But the new check has no perf. data (no | + counters). Might be good to add that back as well.