Sudo

nagios nrpe 無法讀取輸出

  • October 9, 2016

我試圖用來check_nrpe檢查遠端伺服器,但它不起作用,我無法弄清楚我錯過了什麼……

# /usr/lib/nagios/plugins/check_nrpe -H XXX -c check_load -a 6,5,4 8,7,6
NRPE: Unable to read output
# 

遠端的伺服器系統日誌消息:

nrpe[18058]: Connection from XX.XX.XX.XX port 16267
nrpe[18058]: Host address is in allowed_hosts
nrpe[18058]: Handling the connection...
nrpe[18058]: Host is asking for command 'check_load' to be run...
nrpe[18058]: Running command: /usr/bin/sudo /usr/lib64/nagios/plugins/check_load -w 6,5,4 -c 8,7,6
nrpe[18058]: Command completed with return code 1 and output: 
nrpe[18058]: Return Code: 1, Output: NRPE: Unable to read output
nrpe[18058]: Connection from XX.XX.XX.XX closed.

要手動驗證它,我在遠端 shell 上發出相同的命令:

bash-4.1$ id
uid=497(nrpe) gid=497(nrpe) groups=497(nrpe) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
bash-4.1$ /usr/bin/sudo /usr/lib64/nagios/plugins/check_load -w 6,5,4 -c 8,7,6
OK - load average: 0.21, 0.23, 0.19|load1=0.210;6.000;8.000;0; load5=0.230;5.000;7.000;0; load15=0.190;4.000;6.000;0; 
bash-4.1$ 

…問題是即使nrpe_userinside of/etc/nagios/nrpe.cfg設置為nrpe,無論出於何種原因nrpenagios使用者身份執行,所以我不得不重新調整sudoers.d文件並且它立即開始工作…

# grep nrpe_user /etc/nagios/nrpe.cfg
nrpe_user=nrpe
# ps auxwww | grep nrpe
nagios   25388  0.0  0.0  41332  1240 ?        Ss   11:32   0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
root     26230  0.0  0.0 103252   828 pts/3    S+   11:47   0:00 grep nrpe
# cat /etc/sudoers.d/01_nagios 
Defaults:nagios !requiretty
nagios      ALL=(ALL)   NOPASSWD:   /usr/lib64/nagios/plugins/
# 

引用自:https://serverfault.com/questions/596614