1

I'm trying to monitor BackupPC with Icinga2.I've downloaded this plugin but I'm getting the following error.

enter image description here

I've added this to commands.conf

object CheckCommand "backuppc" {
        import "plugin-check-command"

        command = [ "sudo", "-u  backuppc",  PluginContribDir + "/check_backuppc" ]

        arguments = {
                "-w" = "$warn_lvl$"
                "-c" = "$crit_lvl$"
                "-v" = "$verbose$"
        }
}

This was added to \etc\sudoers

Defaults:nagios !requiretty
nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_backuppc

And this was added to services.conf

apply Service "backuppc" {
   import "generic-service"

   check_command = "backuppc"
   vars.warn_lvl = 14
   vars.crit_lvl = 30
   vars.verbose = ""

   assign where host.name == NodeName
}

Backuppc user exists and the command is working, when I run it from shell:

root@backup:/# sudo -u backuppc ./usr/lib/nagios/plugins/check_backuppc
Use of qw(...) as parentheses is deprecated at /usr/share/backuppc/lib/BackupPC/Storage/Text.pm line 302.
Use of qw(...) as parentheses is deprecated at /usr/share/backuppc/lib/BackupPC/Lib.pm line 1425.
BACKUPPC CRITICAL ( 1 OK, 0 UNKNOWN, 0 WARNING, 1 CRITICAL)

Ty

intelis
  • 175
  • 2
  • 10

2 Answers2

4

The problem is the way you put the command into Icinga2.

When you write:

command = [ "sudo", "-u  backuppc",  PluginContribDir + "/check_backuppc" ]

This gives the system a argument list, that puts

"-u  backuppc"

as a single argument. Now sudo tries to find the user " backuppc", with 2 spaces.

You should either write: (2 arguments)

"-u", "backuppc"

Or: (Single argument without space)

"-ubackuppc"

Usually spaces are meant to separate arguments, but only when parsed by a shell (like bash).

Icinga2 tries to run command in a safe way, so that shell code injection should not happen.

lazyfrosch
  • 790
  • 4
  • 10
1

The other answer from @lazyfrosh points to the problem perfectly. But there are two things I would like to add.

  • The way you are testing will always work, as you are logged in as root. If you want to test if user nagios is able to run the script, then first login as nagios and then run the command using sudo to see if it works.

  • Considering security, you may assign nagios user the sudo privilage limited to what only necessary to run the script as user backuppc and nothing more. Something like:

    nagios ALL=(backuppc) NOPASSWD: /usr/lib/nagios/plugins/check_backuppc

May be you will need to adjust it according to the script.

See this for similar info: Linux: How to allow a regular user to "su - anotherUser"?

Community
  • 1
Diamond
  • 8,791
  • 3
  • 22
  • 37
  • He put in "(ALL)" for the target user, so that can't be the problem... But yes, testing with the user Nagios is appreciated. Though the error suggests my described problem. – lazyfrosch Dec 20 '15 at 09:16