0

I have written a small script to check the states of PfSense, and using this script to get the output in nagios, through NRPE...

Here is the script

used=`pfctl -s state | wc -l | bc | cut -c1-5 | bc`

echo "States consumed=$used"

Normal output of the script is as follows (as it runs on the client.

States consumed=25519

But the issue is that when the same script is ran through NRPE from the nagios server, I get this command.

States consumed=0

But when I put anything in the variable "used" , for example pass it value of 123, or abc,,it is visible on the nagios server through nrpe... What can be the issue here? I have tried every possible solution from my side, since last 5 days..

Community
  • 1
Farhan
  • 4,210
  • 9
  • 47
  • 76

2 Answers2

1

Is "pfctl" in the PATH for nagios user? I would use the absolute path in the script.

cjc
  • 24,533
  • 2
  • 49
  • 69
  • yes, thats why i am getting an output, otherwise script wont run at all – Farhan Jan 03 '12 at 12:15
  • I don't mean the check script called by nrpe. I mean the pfctl command itself (I'm not familiar with FreeBSD, so I don't know if that's standard, or if it's in /usr/sbin and /usr/sbin isn't in the default PATH for nagios user). From what you've pasted, you're calling "pfctl" and assuming that the nagios user can find it in its PATH. – cjc Jan 03 '12 at 12:22
  • got it. i am running it with /sbin/pfctl ...now i have added the nrpe user to WHEELS group, but still nrpe is unable to run the command pfctl.. – Farhan Jan 03 '12 at 13:26
  • 1
    You may have to invoke your script using sudo. You can restrict nagios user to only that command run by adding something like this to the sudoers file: "nagios ALL=(ALL) NOPASSWD: /path/to/script" and then changing your nrpe.cfg so that you're running "sudo /path/to/script". See if that works. It's possible pfctl won't run as non-root, even with a user in the right group. Again, I'm not a BSD user so I'm not sure if that's the case. – cjc Jan 03 '12 at 13:44
  • i was trying not to use sudo, but as it was last resort, that i had left with..so its working now. Thanks – Farhan Jan 03 '12 at 14:50
1

Is it because of the user that the script runs as?

JamesRyan
  • 8,138
  • 2
  • 24
  • 36
  • the permission of script is 777, which means anyone can execute this command. but with which user nrpe runs the scripts? – Farhan Jan 03 '12 at 12:14
  • What user is the nrpe daemon running as? That's the user that will run the script. – MadHatter Jan 03 '12 at 13:59