check_procs

Andreas Ericsson ae at op5.se
Wed Dec 17 12:42:49 CET 2014

Previous message: check_procs
Next message: check_nagios plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That's because restricted users can't, by default, see processes
from other users. Allowing them to do so would make it trivial to
glean for example passwords, usernames or other sensitive info
that people tend to put in commandlines.

On 2014-12-17 11:04, m. rothdach wrote:
> Hi there
> I am using the check_procs plugin to monitor java processes ... in one case it doesn't work ... it doesn't find the process running if it is called via nrpe. But works on the command line. Could you please have a quick look... here the logs from nrpe and command line::
> NRPE:Dec 16 17:03:22 CSS01 nrpe[4233]: Handling the connection...Dec 16 17:03:22 CSS01 nrpe[4233]: Host is asking for command 'proc_mcs_extended' to be run...Dec 16 17:03:22 CSS01 nrpe[4233]: Running command: /opt/plugins/check_procs -v -v -w 1:1 -c 1:2 -C java -a /home/xe3ops/1/bin/NISmngrDec 16 17:03:22 CSS01 nrpe[4233]: Command completed with return code 2 and output: CMD: /bin/ps axwo 'stat uid pid ppid vsz rss pcpu comm args' PROCS CRITICAL: 0 processes with command name 'java', args '/home/xe3ops/1/bin/NISmngr'|processes=0;Dec 16 17:03:22 CSS01 nrpe[4233]: Sending response - bytes left: 161Dec 16 17:03:22 CSS01 nrpe[4233]: Return Code: 2, Output: CMD: /bin/ps axwo 'stat uid pid ppid vsz rss pcpu comm args' PROCS CRITICAL: 0 processes with command name 'java', args '/home/xe3ops/1/bin/NISmngr'|processes=0;Dec 16 17:03:22 CSS01 nrpe[4233]: Connection from 172.20.10.37 closed.
>

In this case it's being executed as whatever user NRPE runs as
(which is usually "nobody" or a similarly restricted user), so it
fails.

> direct on command line:CSS01 /etc# /opt/plugins/check_procs -v -v -w 1:1 -c 1:2 -C java -a /home/xe3ops/1/bin/NISmngrCMD: /bin/ps axwo 'stat uid pid ppid vsz rss pcpu comm args'Matched: uid=1000 vsz=1288528 rss=88668 pid=33636 ppid=28860 pcpu=0.90 stat=Sl etime= prog=java args=java -DStartupTimeout=30000 -Dcom.sun.CORBA.transport.ORBSocketFactoryClass=xsa.xgos.nis.common.s2k.misc.MISCorbSocketFactory -DSocketConnectionTimeout=5000 -Djava.library.path=/home/xe3ops/1/lib:/home/xe3ops/SMF/run/SMF/lib -classpath /home/xe3ops/1/bin/NISmngr.jar:/home/xe3ops/1/lib/NISsmf_drivers.jar:/opt/platform3pp/eclipse-3.5.0__32/plugins/org.eclipse.swt.gtk.linux.x86_3.5.0.v3550b.jar::/opt/application3pp/products/edtftpj-1.5.2/edtftpj-1.5.2.jar xsa.xgos.nis.mngr.core.NISmngrMainPROCS OK: 1 process with command name 'java', args '/home/xe3ops/1/bin/NISmngr'|processes=1;
>

In this case it's being run as root, which has unlimited access to
other users' processes, so in this case it succeeds.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

Previous message: check_procs
Next message: check_nagios plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Help mailing list