Pull pfsense-packages, please!
-
It depends on how things are executed. I'm not sure how/why sudo was used in there (I really haven't had any time to look at it). Most everything runs as root, and most things in PHP will assume they are running as root.
-
I added sudo, because I needed to execute shell PHP scripts with ./php. I wasn't sure how to make the sudo.tbz "appear" in the pfsense download files for packages, so I was told to add the build_port_path variables and fill stuff out in there.
I'm now waiting for this to build sudo.tbz so I can commit the rest of the package and monitoring scripts for everyone to use. -
Well running scripts isn't really a problem if the program calling the script is running as root, but I don't remember if the nrpe package runs as root or some other user (or how easy that is to change).
-
The package runs as user nagios (which I'm sure isn't a terrible idea by itself), I don't know what the developing team's security policy is there.
But take a look at the changes proposed if you get around to it and let me think if you think that there is a problem! -
Have you detailed the changes in NRPEv2 anywhere? I posted a bounty a few years back to have several fixes made, so I'm really interested in any updates/improvements to the package.
-
All I did was write a bunch of scripts that monitor certain areas of Nagios, such as DNS, CARP, Logs files, VPN statuses, and many more. They're in PHP and I just customized the Nagios interface with a "sudo" box because that's what it needs to run php from the command line.
If you're interested, I can send them to you. Although it'd be awesome having them in that package install because it's a couple steps to get it up and running.
-
Isn't it already running as root?
I think if you remove the sudo, it will be easier to commit.
Briantist,
What kind of issues are you getting with nrpe? -
Isn't it already running as root?
I think if you remove the sudo, it will be easier to commit.
Briantist,
What kind of issues are you getting with nrpe?I believe that namezero is correct in that nrpe2 runs as user 'nagios' and not as root.
Marcello, I'm not having any issues with NRPE; but since I use it I was curious about the changes were. It sounds like these are extra scripts to allow better monitoring of pfSense's actual components, and that sounds really wonderful! I'm looking forward to this.
-
Yes they are extra scripts.
Look at the attached png for an example of monitored hosts as seen from centreon.If there is a way to run the scripts as non root without sudo, that'd be fine too, but they use the PFSense webgui code to determine a few things, and except for the manual deployment it's working great!
I've all since given up on getting this committed, but I can upload them here with the installation instructions of you're interested.
-
Two more example screens
-
Sure, I'd like to see the scripts and the instructions. Thanks!
