NRPEv2 with sudo
I am using Pfsense 2.2.6 and I want to monitor my IPSEC tunnel.
I wrote a script to monitor my IPSEC tunnel, it worked well as root user.
When I tried to execute it with NRPEv2, the user nagios doesn't have permission to connect to the chacon socket.
Then I installed sudo package, but in the sudo package configuration interface I can't add nagios user to execute my script.
How can I monitor my IPSEC tunnel with NRPEv2?
If not can I monitor IPSEC tunnel with SNMP?
did you try to enable the "sudo" checkbox in the command definition?
I only get this to work to edit the sudoers file:
nagios ALL=(ALL) NOPASSWD: /usr/local/sbin/racoonctl
nagios ALL=(ALL) NOPASSWD: /usr/pbi/nrpe-amd64/libexec/nagios/check_racoon
nagios ALL=(ALL) NOPASSWD: /usr/pbi/nrpe-amd64/libexec/nagios/check_icmp
Thank you for your response,
I've tried changing the sudoers file directly it works,
but sometimes it is overwritten by the system.
If I enable the "sudo" checkbox the nrpe command stops working.
I think it possible by ssh.
I too am having issues with nrpev2 in general. Not only with my custom script to monitor ipsec tunnels, but also out of the box checks.
I'm seeing constant CHECK_NRPE: Socket timeout after 20 seconds. Errors/Alerts. It's not consistent. It will work fine when I run locally, and it will work fine for an hour (checks are happening every 20-30 secs)….Then out of the blue will throw that error.
This is definitely a pfsense/nrpev2 issue, as we aren't seeing this with any of our other hosts....Every single one of the 5 pfsense hosts I've added show sporadic issues.
If it was just my custom sudo script, I'd blame myself :)
Not sure where to go here.
We've created a feature request/PR against the sudo package that should hopefully mean that there's no more hacking of the actual sudoers file on disk, should it get merged in: