NRPE needs sudo for some plugins

Started by bwlinux, August 29, 2022, 08:12:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 29, 2022, 08:12:48 PM
Hi all,

I'm monitoring several OPNsense firewalls w/ Icinga.

I know NRPE has it's security issues, but I'm able to protect access to port 5666 both in firewall rules and allowed hosts.

It appears the NRPE package does not allow adding the nagios user to sudoers any longer.
There also isn't the option to set the command prefix

Currently, I just add nagios to sudoers via the cli

# echo "nagios  ALL=(ALL) NOPASSWD: /usr/local/libexec/nagios/" > /usr/local/etc/sudoers.d/nrpe

Then any check like check_procs I create as:
/usr/local/bin/sudo /usr/local/libexec/nagios/check_procs -c 3:10 -C openvpn

While this works, it is not "restore safe".

Is there a better way to get the sudo prefix back into the configuration

Also, on the NRPE General screen, help for the Listen Interface says "Empty means listen to all addresses."
It should say "0.0.0.0 means listen to all addresses"

~
BW

February 11, 2024, 04:49:58 PM #1
Please be so kind to take a look at this post:

https://forum.opnsense.org/index.php?topic=38742.0

Do you have recommendations regarding firewall rules?
Print
Go Up Pages1
User actions