Show Posts
1
General Discussion / NRPE needs sudo for some plugins
« on: August 29, 2022, 08:12:48 pm »
Hi all,
I'm monitoring several OPNsense firewalls w/ Icinga.
I know NRPE has it's security issues, but I'm able to protect access to port 5666 both in firewall rules and allowed hosts.
It appears the NRPE package does not allow adding the nagios user to sudoers any longer.
There also isn't the option to set the command prefix
Currently, I just add nagios to sudoers via the cli
# echo "nagios ALL=(ALL) NOPASSWD: /usr/local/libexec/nagios/" > /usr/local/etc/sudoers.d/nrpe
Then any check like check_procs I create as:
/usr/local/bin/sudo /usr/local/libexec/nagios/check_procs -c 3:10 -C openvpn
While this works, it is not "restore safe".
Is there a better way to get the sudo prefix back into the configuration
Also, on the NRPE General screen, help for the Listen Interface says "Empty means listen to all addresses."
It should say "0.0.0.0 means listen to all addresses"
~
BW
I'm monitoring several OPNsense firewalls w/ Icinga.
I know NRPE has it's security issues, but I'm able to protect access to port 5666 both in firewall rules and allowed hosts.
It appears the NRPE package does not allow adding the nagios user to sudoers any longer.
There also isn't the option to set the command prefix
Currently, I just add nagios to sudoers via the cli
# echo "nagios ALL=(ALL) NOPASSWD: /usr/local/libexec/nagios/" > /usr/local/etc/sudoers.d/nrpe
Then any check like check_procs I create as:
/usr/local/bin/sudo /usr/local/libexec/nagios/check_procs -c 3:10 -C openvpn
While this works, it is not "restore safe".
Is there a better way to get the sudo prefix back into the configuration
Also, on the NRPE General screen, help for the Listen Interface says "Empty means listen to all addresses."
It should say "0.0.0.0 means listen to all addresses"
~
BW