Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NRPEv2 with sudo

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fpt
      last edited by

      Hello,

      I am using Pfsense 2.2.6 and I want to monitor my IPSEC tunnel.
      I wrote a script to monitor my IPSEC tunnel, it worked well as root user.

      When I tried to execute it with NRPEv2, the user nagios doesn't have permission to connect to the chacon socket.
      Then I installed sudo package, but in the sudo package configuration interface I can't add nagios user to execute my script.
      How can I monitor my IPSEC tunnel with NRPEv2?
      If not can I monitor IPSEC tunnel with SNMP?

      Regards,

      1 Reply Last reply Reply Quote 0
      • D
        dneuhaeuser
        last edited by

        did you try to enable the "sudo" checkbox in the command definition?

        1 Reply Last reply Reply Quote 0
        • H
          hec
          last edited by

          I only get this to work to edit the sudoers file:
          /usr/pbi/sudo-amd64/etc/sudoers

          nagios ALL=(ALL) NOPASSWD: /usr/local/sbin/racoonctl
          nagios ALL=(ALL) NOPASSWD: /usr/pbi/nrpe-amd64/libexec/nagios/check_racoon
          nagios ALL=(ALL) NOPASSWD: /usr/pbi/nrpe-amd64/libexec/nagios/check_icmp

          1 Reply Last reply Reply Quote 0
          • F
            fpt
            last edited by

            Thank you for your response,

            I've tried changing the sudoers file directly it works,
            but sometimes it is overwritten by the system.

            If I enable the "sudo" checkbox the nrpe command stops working.

            I think it possible by ssh.

            M 1 Reply Last reply Reply Quote 0
            • S
              SMiTTY4x4
              last edited by

              I too am having issues with nrpev2 in general. Not only with my custom script to monitor ipsec tunnels, but also out of the box checks.
              I'm seeing constant CHECK_NRPE: Socket timeout after 20 seconds. Errors/Alerts. It's not consistent. It will work fine when I run locally, and it will work fine for an hour (checks are happening every 20-30 secs)….Then out of the blue will throw that error.

              This is definitely a pfsense/nrpev2 issue, as we aren't seeing this with any of our other hosts....Every single one of the 5 pfsense hosts I've added show sporadic issues.

              If it was just my custom sudo script, I'd blame myself :)

              Not sure where to go here.

              1 Reply Last reply Reply Quote 0
              • M
                monotypeTattoo @fpt
                last edited by

                We've created a feature request/PR against the sudo package that should hopefully mean that there's no more hacking of the actual sudoers file on disk, should it get merged in:

                https://github.com/pfsense/FreeBSD-ports/pull/936

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.