[Bug 828670] New: server:monitoring/icinga: Bug Missing setuid bit on check_icmp check
https://bugzilla.novell.com/show_bug.cgi?id=828670 https://bugzilla.novell.com/show_bug.cgi?id=828670#c0 Summary: server:monitoring/icinga: Bug Missing setuid bit on check_icmp check Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software AssignedTo: lrupp@suse.com ReportedBy: l.bigonville@edpnet.be QAContact: opensuse-communityscreening@forge.provo.novell.com CC: nix@opensuse.org Found By: --- Blocker: --- Hi, It seems that the setuid bit is at least missing on the check_icmp check: Warning: This plugin must be either run as root or setuid root. To run as root, you can use a tool like sudo. To set the setuid permissions, use the command: chmod u+s yourpluginfile check_icmp: Failed to obtain ICMP socket: Operation not permitted This is annoying as at every update of the pkg, the bit might be reset. Cheers -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=828670 https://bugzilla.novell.com/show_bug.cgi?id=828670#c1 Lars Vogdt <lrupp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |lrupp@suse.com Resolution| |WORKSFORME --- Comment #1 from Lars Vogdt <lrupp@suse.com> 2013-07-09 17:49:59 CEST --- Please check the contents of the package: ~> rpm -ql nagios-plugins-dhcp /etc/apparmor.d /etc/apparmor.d/usr.lib.nagios.plugins.check_dhcp /usr/lib/nagios/plugins /usr/lib/nagios/plugins/check_dhcp /usr/share/doc/packages/nagios-plugins-dhcp /usr/share/doc/packages/nagios-plugins-dhcp/README.SuSE-check_dhcp ~> less /usr/share/doc/packages/nagios-plugins-dhcp/README.SuSE-check_dhcp Just quoting here to have the solution right at hand here in this bug (the README.SuSE-check_dhcp contains more information): == Special privileges == To be "safe per default", SuSE doesn't install this plugin with the suid bit set. There are two recommended ways about overriding this on your system: === Set the suid bit === Copy the prepared permissions file from this directory to the right place in your file system: ~ # cp /usr/share/doc/packages/nagios-plugins/example/permissions.d/nagios-plugins \ /etc/permissions.d/nagios-plugins ..afterwards adapt the file /etc/permissions.d/nagios-plugins to your needs (see comments in the file) and run: ~ # SuSEconfig --module permissions This will set the correct permissions (from now on also during an update). === Alternative: Use sudo to grant the permission and modify your plugin config === This way you need an entry like: nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_dhcp in ''/etc/sudoers'' and an adapted command definition like the following: define command{ command_name check_dhcp command_line /usr/bin/sudo $USER1$/check_dhcp <other_options_here> } => therefor closing as "works for me" here - the decision to have the suid bit set is done for security reasons. A solution (and an additional apparmor profile to secure the check even more) is already provided inside the package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com