Book Image

Nagios Core Administration Cookbook - Second Edition

By : Tom Ryder
Book Image

Nagios Core Administration Cookbook - Second Edition

By: Tom Ryder

Overview of this book

Nagios Core is an open source monitoring framework suitable for any network that ensures both internal and customer-facing services are running correctly and manages notification and reporting behavior to diagnose and fix outages promptly. It allows very fine configuration of exactly when, where, what, and how to check network services to meet both the uptime goals of your network and systems team and the needs of your users. This book shows system and network administrators how to use Nagios Core to its fullest as a monitoring framework for checks on any kind of network services, from the smallest home network to much larger production multi-site services. You will discover that Nagios Core is capable of doing much more than pinging a host or to see whether websites respond. The recipes in this book will demonstrate how to leverage Nagios Core's advanced configuration, scripting hooks, reports, data retrieval, and extensibility to integrate it with your existing systems, and to make it the rock-solid center of your network monitoring world.
Table of Contents (18 chapters)
Nagios Core Administration Cookbook Second Edition
About the Author
About the Reviewer

Giving limited sudo(8) privileges to NRPE

In this recipe, we'll learn how to deal with the difficulty of executing permissions for NRPE. The majority of standard Nagios plugins don't require special privileges to run, although this also depends on how stringent your system's security restrictions are. However, some of the plugins require being run as root or perhaps as another user other than nagios. This is sometimes the case with plugins that need to make requests of system-level resources such as checking the integrity of RAID arrays.

There are four general approaches to fixing this:

  • Bad: Change the plugins to setuid, meaning that they will always be run as the user who owns them, no matter who executes them. The problem with this is that setting this bit allows anyone to run the program as root, not just nrpe, a very common vector for exploits.

  • Worse: Run nrpe as root or as the appropriate user. This is done by changing the nrpe_user and nrpe_group properties in nrpe.cfg. This is even...