I have a permission issue that is driving me crazy. I am trying to monitor asterisk on an arch linux virtual machine, using the plugin "check_asterisk_peers". I have installed NRPE (the Nagios remote agent). The relevant section of nrpe.cfg is:
Code:
command[check_users]=/usr/lib/monitoring-plugins/check_users -w 5 -c 10
command[check_asterisk_peers]=/usr/lib/monitoring-plugins/check_asterisk_peers -p monika_gigaset
Here is what I am getting:
Code:
aag ~ $ /usr/lib/monitoring-plugins/check_nrpe -H 10.10.10.10 -c check_users
USERS OK - 2 users currently logged in |users=2;5;10;0
Now, this tells me that the NRPE is working all right, and all permissions are set correctly.
If I simply run the plugin (without invoking check_nrpe) I get:
Code:
aag ~ $ /usr/lib/monitoring-plugins/check_asterisk_peers -p monika_gigaset
CRITICAL: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
however if I run it with sudo it works fine, telling me that the plugin does not have sufficient privileges:
Code:
aag ~ $ sudo /usr/lib/monitoring-plugins/check_asterisk_peers -p monika_gigaset
OK: monika_gigaset
If I however run the asterisk plugin, I get:
Code:
aag ~ $ /usr/lib/monitoring-plugins/check_nrpe -H 10.10.10.10 -c check_asterisk_peers
CRITICAL: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
same thing if I run it with sudo:
Code:
aag ~ $ sudo /usr/lib/monitoring-plugins/check_nrpe -H 10.10.10.10 -c check_asterisk_peers
CRITICAL: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
I am certain that the issue is one of permissions, but I cannot wrap my head around it. The sudoers file (excerpt) reads like:
Code:
## User privilege specification
##
root ALL=(ALL) ALL
http ALL = NOPASSWD: /usr/sbin/asterisk -rx database *
# Allows running a script as root with any arguments
# THIS COULD BE DANGEROUS AND IS _NOT_ RECOMMENDED
nrpe ALL=(ALL) NOPASSWD: /usr/sbin/service,/usr/lib/monitoring-plugins/check_asterisk_peers
asterisk ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
%admins ALL= (ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
Defaults targetpw # Ask for the password of the target user
ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
Any hint would be gratefully appreciated! My diagnosis is that the plugin "check_asterisk_peers" does not have the permission to contact asterisk (which runs as root), but I do not understand how I can grant the appropriate permissions to it.