client file check
list Scot Kreienkamp
Hi everyone... Does anyone know how the client file check works? My client is running as a non-privileged user and trying to check a file in the Postgres directory, which of course it doesn't have access to. I would let it use sudo if I could, but adding sudo to the ls command in the client config doesn't do anything. So what mechanism does the client use to do file checks? Thanks, Scot Kreienkamp
list dOCtoR MADneSs
▸
Scot Kreienkamp a écrit :
Hi everyone… Does anyone know how the client file check works? My client is running as a non-privileged user and trying to check a file in the Postgres directory, which of course it doesn’t have access to. I would let it use sudo if I could, but adding sudo to the ls command in the client config doesn’t do anything. So what mechanism does the client use to do file checks? Thanks, Scot Kreienkamp
Hi, You could try something like this : in local-client.cfg add a section for this host : [my_host] file:`sudo ls /your/file` and in hobbit-clients.cfg add a line in your host section : HOST=my_host FILE /your/file YOUR_SWITCHES anyone disagree with it ?
list Thomas R. Brand
-----Original Message----- From: dOCtoR MADneSs [mailto:user-d54077869176@xymon.invalid]
▸
You could try something like this :
in local-client.cfg add a section for this host :
[my_host]
file:`sudo ls /your/file`
and in hobbit-clients.cfg add a line in your host section :
HOST=my_host
FILE /your/file YOUR_SWITCHES
anyone disagree with it ?Somewhat of a security risk; when using sudo, I recommend using full path to the executable: sudo /bin/ls /your/file and in your /etc/sudoers file: # Hobbit may run /bin/ls but flags are not allowed hobbit ALL = NOPASSWD: /bin/ls [!-]* t09trbrxs# su - hobbit hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys /root/.ssh/authorized_keys hobbit at t09trbrxs:~> sudo /bin/ls --color=always /root/.ssh/authorized_keys hobbit's password: hobbit at t09trbrxs:~>
list Scot Kreienkamp
That doesn't work. It doesn't like the backticks in client-local.cfg. Now my clients say no files checked. Thanks, Scot Kreienkamp La-Z-Boy Inc. user-462cf0b6d846@xymon.invalid XXX-XXX-XXXX ext XXXX
▸
-----Original Message-----
From: Brand, Thomas R. [mailto:user-10a840458972@xymon.invalid]
Sent: Monday, July 06, 2009 4:31 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] client file check
-----Original Message----- From: dOCtoR MADneSs [mailto:user-d54077869176@xymon.invalid] You could try something like this : in local-client.cfg add a section for this host : [my_host] file:`sudo ls /your/file` and in hobbit-clients.cfg add a line in your host section : HOST=my_host FILE /your/file YOUR_SWITCHES anyone disagree with it ?
Somewhat of a security risk; when using sudo, I recommend using full path to the executable: sudo /bin/ls /your/file and in your /etc/sudoers file: # Hobbit may run /bin/ls but flags are not allowed hobbit ALL = NOPASSWD: /bin/ls [!-]* t09trbrxs# su - hobbit hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys /root/.ssh/authorized_keys hobbit at t09trbrxs:~> sudo /bin/ls --color=always /root/.ssh/authorized_keys hobbit's password: hobbit at t09trbrxs:~>
list Scot Kreienkamp
Check that.... I was getting an error message in the client logs about requiring a tty. Changed that in the sudo config so that is no longer a problem. Still getting permission denied though.
▸
Thanks,
Scot Kreienkamp
La-Z-Boy Inc.
user-462cf0b6d846@xymon.invalid
XXX-XXX-XXXX ext XXXX
-----Original Message-----
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
Sent: Tuesday, July 07, 2009 10:19 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] client file check
That doesn't work. It doesn't like the backticks in client-local.cfg.
Now my clients say no files checked.
Thanks,
Scot Kreienkamp
La-Z-Boy Inc.
user-462cf0b6d846@xymon.invalid
XXX-XXX-XXXX ext XXXX
-----Original Message-----
From: Brand, Thomas R. [mailto:user-10a840458972@xymon.invalid]
Sent: Monday, July 06, 2009 4:31 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] client file check
-----Original Message----- From: dOCtoR MADneSs [mailto:user-d54077869176@xymon.invalid] You could try something like this : in local-client.cfg add a section for this host : [my_host] file:`sudo ls /your/file` and in hobbit-clients.cfg add a line in your host section : HOST=my_host FILE /your/file YOUR_SWITCHES anyone disagree with it ?
Somewhat of a security risk; when using sudo, I recommend using full path to the executable: sudo /bin/ls /your/file and in your /etc/sudoers file: # Hobbit may run /bin/ls but flags are not allowed hobbit ALL = NOPASSWD: /bin/ls [!-]* t09trbrxs# su - hobbit hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys /root/.ssh/authorized_keys hobbit at t09trbrxs:~> sudo /bin/ls --color=always /root/.ssh/authorized_keys hobbit's password: hobbit at t09trbrxs:~>
list Thomas R. Brand
▸
-----Original Message----- From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] Sent: Tuesday, July 07, 2009 10:19 AM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] client file check That doesn't work. It doesn't like the backticks in client-local.cfg. Now my clients say no files checked. Thanks, Scot Kreienkamp La-Z-Boy Inc. user-462cf0b6d846@xymon.invalid XXX-XXX-XXXX ext XXXX -----Original Message----- From: Brand, Thomas R. [mailto:user-10a840458972@xymon.invalid] Sent: Monday, July 06, 2009 4:31 PM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] client file check-----Original Message----- From: dOCtoR MADneSs [mailto:user-d54077869176@xymon.invalid] You could try something like this : in local-client.cfg add a section for this host : [my_host] file:`sudo ls /your/file` and in hobbit-clients.cfg add a line in your host section : HOST=my_host FILE /your/file YOUR_SWITCHES anyone disagree with it ?Somewhat of a security risk; when using sudo, I recommend using full path to the executable: sudo /bin/ls /your/file and in your /etc/sudoers file: # Hobbit may run /bin/ls but flags are not allowed hobbit ALL = NOPASSWD: /bin/ls [!-]* t09trbrxs# su - hobbit hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys /root/.ssh/authorized_keys hobbit at t09trbrxs:~> sudo /bin/ls --color=always /root/.ssh/authorized_keys hobbit's password: hobbit at t09trbrxs:~>
Did you add a corresponding rule in hobbit-clients.cfg ? Example rule from my hobbit-clients.cfg file: # Check for core dump files; see "client-local.cfg" file FILE "%.*(core|hs_err_pid.*log).*" yellow NOEXIST This matches the below check in client-local.cfg file:`find / -maxdepth 1 -name "*core*" -mmin -360 2>/dev/null` So, if the client finds a core file in the root directory (/some_core_file) it reports it to the server; on the server the FILE rule says "set the 'files' column to YELLOW if a *core* file is found' which causes the web page to show: Files status at Tue Jul 7 10:20:08 PDT 2009 ! /core.20090707.050107.2457.dmp File exists Then you need to set an appropriate ALERT in hobbit-alerts.cfg: HOST=testbox SERVICE=files MAIL user-f1c346e7357f@xymon.invalid COLOR=YELLOW
list Scot Kreienkamp
Yes. The file appears on the web page and the client is trying to
report on it. But it doesn't have permissions to get to the file I need
to monitor.
Wound up reading about debugging for a few hours, and tried using strace
to see what was going on. Here's the line from the output:
lstat("/var/lib/pgsql/data/recovery.conf", 0x7fff3a23d510) = -1 EACCES
(Permission denied)
It's using it's own internal workings to check on files, not external
programs, which means it's not possible to use sudo unless you raise the
entire program's permissions. Or run the client as root in those few
instances where it's an issue for me.
Thanks for your help.
Scot Kreienkamp
▸
-----Original Message-----
From: Brand, Thomas R. [mailto:user-10a840458972@xymon.invalid]
Sent: Tuesday, July 07, 2009 1:30 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] client file check
-----Original Message----- From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] Sent: Tuesday, July 07, 2009 10:19 AM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] client file check That doesn't work. It doesn't like the backticks in client-local.cfg. Now my clients say no files checked. Thanks, Scot Kreienkamp La-Z-Boy Inc. user-462cf0b6d846@xymon.invalid XXX-XXX-XXXX ext XXXX -----Original Message----- From: Brand, Thomas R. [mailto:user-10a840458972@xymon.invalid] Sent: Monday, July 06, 2009 4:31 PM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] client file check-----Original Message----- From: dOCtoR MADneSs [mailto:user-d54077869176@xymon.invalid] You could try something like this : in local-client.cfg add a section for this host : [my_host] file:`sudo ls /your/file` and in hobbit-clients.cfg add a line in your host section : HOST=my_host FILE /your/file YOUR_SWITCHES anyone disagree with it ?Somewhat of a security risk; when using sudo, I recommend using full path to the executable: sudo /bin/ls /your/file and in your /etc/sudoers file: # Hobbit may run /bin/ls but flags are not allowed hobbit ALL = NOPASSWD: /bin/ls [!-]* t09trbrxs# su - hobbit hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys /root/.ssh/authorized_keys hobbit at t09trbrxs:~> sudo /bin/ls --color=always /root/.ssh/authorized_keys hobbit's password: hobbit at t09trbrxs:~>
Did you add a corresponding rule in hobbit-clients.cfg ? Example rule from my hobbit-clients.cfg file: # Check for core dump files; see "client-local.cfg" file FILE "%.*(core|hs_err_pid.*log).*" yellow NOEXIST This matches the below check in client-local.cfg file:`find / -maxdepth 1 -name "*core*" -mmin -360 2>/dev/null` So, if the client finds a core file in the root directory (/some_core_file) it reports it to the server; on the server the FILE rule says "set the 'files' column to YELLOW if a *core* file is found' which causes the web page to show: Files status at Tue Jul 7 10:20:08 PDT 2009 ! /core.20090707.050107.2457.dmp File exists Then you need to set an appropriate ALERT in hobbit-alerts.cfg: HOST=testbox SERVICE=files MAIL user-f1c346e7357f@xymon.invalid COLOR=YELLOW