Projet

Général

Profil

Anomalie #2391

check_nrpe doesn't raise a CRITICAL state if /backup isn't accessible

Ajouté par Romain D. il y a plus de 7 ans. Mis à jour il y a plus de 7 ans.

Statut:
In Progress
Priorité:
Haut
Assigné à:
Victor Evolix L.
Début:
15/02/2018
Echéance:
% réalisé:

30%

Description

The check should be run as root but doesn't complaint if it is not:

# sudo -u nagios /usr/lib/nagios/plugins/check_bkctld
ls: cannot open directory '/backup/jails': Permission denied
OK - Nothing to signal
I suggest the following changes:
  • add a set -e so that the script exits with code ≠ 0 if anything goes wrong
  • add a portion of code to explicitly check if /backup is mounted (usually not the case after rebooting a server if /backup have to be decrypted manually.
  • and of course the check must be run as root

Here is a full patch (ignoring indentation change):

--- check_nrpe    2018-02-15 10:50:13.430996320 -0500
+++ check_nrpe.suggest    2018-02-15 10:50:28.994950465 -0500
@@ -4,6 +4,10 @@
 #
 # Copyright (c) 2017 Victor Laborie <vlaborie@evolix.fr>
 #
+# Note: the script must be run as root.
+#
+
+set -e

 [ -f /etc/default/bkctld ] && . /etc/default/bkctld

@@ -15,6 +19,7 @@
 cur_time=$(date "+%s")
 return=0

+if mount |grep -q "on /backup "; then
 jails=$(ls "$JAILDIR")
 for jail in $jails; do
     if [ -f "$JAILDIR/$jail/var/log/lastlog" ]; then
@@ -32,6 +37,10 @@
         return=2
     fi
 done
+else
+    echo "CRITICAL - /backup not mounted" 
+    return=2
+fi

 [ "$return" -eq 0 ] && echo "OK - Nothing to signal"

Historique

#1 Mis à jour par Victor Evolix L. il y a plus de 7 ans

  • Assigné à mis à Victor Evolix L.

#2 Mis à jour par Victor Evolix L. il y a plus de 7 ans

  • Statut changé de Nouveau à In Progress
  • % réalisé changé de 0 à 30
  • set -e will be added to entire bkctld script in future release after more testing
  • the trouble for checking if /backup if mounted are :
    • $JAILDIR and $INCDIR are not neccessary in /backup nor even in the same directory
    • /backup is not neccessary a mount point, it can be a simple subdir and can be in /home or any other place
  • the check is now necessarily run in root because it was merged into bkctld script which check if runtime user is root

This issue will be fixed in a future release (maybe 2.0), config will indicate a block device for /backup instead of a directory.
With this configuration, bkctld will directly manage mount point, encryption, filesystem and can check all of that.

Formats disponibles : Atom PDF