check_nrpe doesn't raise a CRITICAL state if /backup isn't accessible
The check should be run as root but doesn't complaint if it is not:
# sudo -u nagios /usr/lib/nagios/plugins/check_bkctld ls: cannot open directory '/backup/jails': Permission denied OK - Nothing to signalI suggest the following changes:
- add a
set -eso that the script exits with code ≠ 0 if anything goes wrong
- add a portion of code to explicitly check if /backup is mounted (usually not the case after rebooting a server if /backup have to be decrypted manually.
- and of course the check must be run as root
Here is a full patch (ignoring indentation change):
--- check_nrpe 2018-02-15 10:50:13.430996320 -0500 +++ check_nrpe.suggest 2018-02-15 10:50:28.994950465 -0500 @@ -4,6 +4,10 @@ # # Copyright (c) 2017 Victor Laborie <firstname.lastname@example.org> # +# Note: the script must be run as root. +# + +set -e [ -f /etc/default/bkctld ] && . /etc/default/bkctld @@ -15,6 +19,7 @@ cur_time=$(date "+%s") return=0 +if mount |grep -q "on /backup "; then jails=$(ls "$JAILDIR") for jail in $jails; do if [ -f "$JAILDIR/$jail/var/log/lastlog" ]; then @@ -32,6 +37,10 @@ return=2 fi done +else + echo "CRITICAL - /backup not mounted" + return=2 +fi [ "$return" -eq 0 ] && echo "OK - Nothing to signal"
#2 Mis à jour par Victor Evolix L. il y a plus de 4 ans
- Statut changé de Nouveau à In Progress
- % réalisé changé de 0 à 30
- set -e will be added to entire bkctld script in future release after more testing
- the trouble for checking if /backup if mounted are :
- $JAILDIR and $INCDIR are not neccessary in /backup nor even in the same directory
- /backup is not neccessary a mount point, it can be a simple subdir and can be in /home or any other place
- the check is now necessarily run in root because it was merged into bkctld script which check if runtime user is root
This issue will be fixed in a future release (maybe 2.0), config will indicate a block device for /backup instead of a directory.
With this configuration, bkctld will directly manage mount point, encryption, filesystem and can check all of that.