NRPEv2 with sudo

  • Hello,

    I am using Pfsense 2.2.6 and I want to monitor my IPSEC tunnel.
    I wrote a script to monitor my IPSEC tunnel, it worked well as root user.

    When I tried to execute it with NRPEv2, the user nagios doesn't have permission to connect to the chacon socket.
    Then I installed sudo package, but in the sudo package configuration interface I can't add nagios user to execute my script.
    How can I monitor my IPSEC tunnel with NRPEv2?
    If not can I monitor IPSEC tunnel with SNMP?


  • did you try to enable the "sudo" checkbox in the command definition?

  • I only get this to work to edit the sudoers file:

    nagios ALL=(ALL) NOPASSWD: /usr/local/sbin/racoonctl
    nagios ALL=(ALL) NOPASSWD: /usr/pbi/nrpe-amd64/libexec/nagios/check_racoon
    nagios ALL=(ALL) NOPASSWD: /usr/pbi/nrpe-amd64/libexec/nagios/check_icmp

  • Thank you for your response,

    I've tried changing the sudoers file directly it works,
    but sometimes it is overwritten by the system.

    If I enable the "sudo" checkbox the nrpe command stops working.

    I think it possible by ssh.

  • I too am having issues with nrpev2 in general. Not only with my custom script to monitor ipsec tunnels, but also out of the box checks.
    I'm seeing constant CHECK_NRPE: Socket timeout after 20 seconds. Errors/Alerts. It's not consistent. It will work fine when I run locally, and it will work fine for an hour (checks are happening every 20-30 secs)….Then out of the blue will throw that error.

    This is definitely a pfsense/nrpev2 issue, as we aren't seeing this with any of our other hosts....Every single one of the 5 pfsense hosts I've added show sporadic issues.

    If it was just my custom sudo script, I'd blame myself :)

    Not sure where to go here.

Log in to reply