[Nagiosplug-help] check_nrpe shell command evaluation (aka backtickexpressions) within nrpe command definition possible?

[Ralph.Grothe at itdz-berlin.de]

Please excuse,
seems this is a mere lack of permission issue.

I forgot to ensure that the unprivileged nagios user under whom nrpe is
executing
simply is missing execute perms to chdir down to the Oracle dump dirs

$ ll -d /home/oracle
drwx------  12 oracle oinstall 4096 Jul 23 17:30 /home/oracle

Looks like I need to think up an apropriate sudo rule for user nagios.
Wonder if sudo would allow globbing on restricted file paths?

> -----Original Message-----
> From: nagiosplug-help-bounces at lists.sourceforge.net
> [mailto:nagiosplug-help-bounces at lists.sourceforge.net]On Behalf Of
> Ralph.Grothe at itdz-berlin.de
> Sent: Thursday, July 24, 2008 11:41 AM
> To: nagiosplug-help at lists.sourceforge.net
> Subject: [Nagiosplug-help] check_nrpe shell command evaluation (aka
> backtickexpressions) within nrpe command definition possible?
> 
> 
> Hi,
> 
> Because miraculously various Oracle dump directories 
> disappeared on a host
> our DBA asked me to monitor their presence by Nagios.
> 
> Because I was too lazy to tinker up an own plugin 
> (though this would have been most trivial for this particular 
> task I suppose)
> I first searched on Nagios Exchange for things like "check_file"
> and came across a suite of Nagios plugins based on the CPAN 
> module Nagios::Plugin
> and distributed by OpenFusion.
> Among them I found a check_file which I could abuse for my 
> trivial task.
> 
> The plugin works fine, so this is not related to this 
> check_file implementation
> but rather a basic nrpe puzzle for me.
> 
> I want to exploit the shell's globbing feature
> because I have no idea how many more files the DBAs might come up with
> for this kind of ridiculous checks.
> 
> So I can run the check in an interactive shell like so:
> 
> $ /usr/lib/nagios/plugins/check_file -s 1 -f $(echo 
> /home/oracle/app/oracle/admin/VIS*/[cu]dump|sed 's/ / -f /g')
> FILE OK -   OK: /home/oracle/app/oracle/admin/VISABH/cdump 
> (size 4096b), /home/oracle/app/oracle/admin/VISABH/udump 
> (size 4096b), /home/oracle/app/oracle/admin/VISASDB/cdump 
> (size 4096b), /home/oracle/app/oracle/admin/VISASDB/udump 
> (size 4096b), /home/oracle/app/oracle/admin/VISJUS/cdump 
> (size 4096b), /home/oracle/app/oracle/admin/VISJUS/udump 
> (size 4096b), /home/oracle/app/oracle/admin/VISKVA/cdump 
> (size 4096b), /home/oracle/app/oracle/admin/VISKVA/udump (size 4096b)
> 
> Thus I defined the following nrpe command:
> 
> $ grep dump-dirs /etc/nagios/nrpe.cfg
> command[check_exist_cu-dump-dirs_VISDBS]=/usr/lib/nagios/plugi
> ns/check_file -s 1 -f $(echo 
> /home/oracle/app/oracle/admin/VIS*/[cu]dump|sed 's/ / -f /g')
> 
> 
> But when I execute this via check_nrpe I see that 
> unfortunately nrpe doesn't
> seem to have a notion of shell globs or command expansion.
> 
> 
> $/usr/lib64/nagios/plugins/check_nrpe -n -H localhost -c 
> check_exist_cu-dump-dirs_VISDBS
> FILE CRITICAL - /home/oracle/app/oracle/admin/VIS*/[cu]dump$: 
> does not exist
> 
> 
> On the other hand, 
> if I place a fully expanded command in nrpe.cfg it also fails.
> I assume there's a number of characters limit such an nrpe 
> command string may hold?
> 
> $ grep dump-dirs /etc/nagios/nrpe.cfg |tail -1
> command[check_exist_cu-dump-dirs_VISDBS]=/usr/lib/nagios/plugi
> ns/check_file -s 1 -f 
> /home/oracle/app/oracle/admin/VISABH/cdump -f 
> /home/oracle/app/oracle/admin/VISABH/udump -f 
> /home/oracle/app/oracle/admin/VISASDB/cdump -f 
> /home/oracle/app/oracle/admin/VISASDB/udump -f 
> /home/oracle/app/oracle/admin/VISJUS/cdump -f 
> /home/oracle/app/oracle/admin/VISJUS/udump -f 
> /home/oracle/app/oracle/admin/VISKVA/cdump -f 
> /home/oracle/app/oracle/admin/VISKVA/udump
> 
> $ /usr/lib64/nagios/plugins/check_nrpe -n -H localhost -c 
> check_exist_cu-dump-dirs_VISDBS
> FILE CRITICAL - /home/oracle/app/oracle/admin/VISABH/cdump: 
> does not exist :: /home/oracle/app/oracle/admin/VISABH/udump: 
> does not exist :: 
> /home/oracle/app/oracle/admin/VISASDB/cdump: does not exist 
> :: /home/oracle/app/oracle/admin/VISASDB/udump: does not 
> exist :: /home/oracle/app/oracle/admin/VISJUS/cdump: does not 
> exist :: /home/oracle/app/oracle/admin/VISJUS/udump: does not 
> exist :: /home/oracle/app/oracle/admin/VISKVA/cdump: does not 
> exist :: /home/oracle/app/oracle/admin/VISKVA/udump: does not exist
> 
> But this is not true because the dirs all exist,
> as can be shown
> 
> $ /usr/lib64/nagios/plugins/check_nrpe -n -H localhost -c 
> check_exist_cu-dump-dirs_VISDBS|tr \: \\012|
> grep dump|cut -d- -f2|xargs ls -ld
> drwxr-xr-x  2 oracle oinstall 4096 Jun 13 17:19 
> /home/oracle/app/oracle/admin/VISABH/cdump
> drwxr-xr-x  2 oracle oinstall 4096 Jul 23 17:45 
> /home/oracle/app/oracle/admin/VISABH/udump
> drwxr-xr-x  2 oracle oinstall 4096 Jun 13 17:29 
> /home/oracle/app/oracle/admin/VISASDB/cdump
> drwxr-xr-x  2 oracle oinstall 4096 Jul 23 17:45 
> /home/oracle/app/oracle/admin/VISASDB/udump
> drwxr-xr-x  2 oracle oinstall 4096 Jun 13 17:29 
> /home/oracle/app/oracle/admin/VISJUS/cdump
> drwxr-xr-x  2 oracle oinstall 4096 Jul 23 18:28 
> /home/oracle/app/oracle/admin/VISJUS/udump
> drwxr-xr-x  2 oracle oinstall 4096 Jun 13 17:29 
> /home/oracle/app/oracle/admin/VISKVA/cdump
> drwxr-xr-x  2 oracle oinstall 4096 Jul 23 17:45 
> /home/oracle/app/oracle/admin/VISKVA/udump
> 
> 
> --------------------------------------------------------------
> -----------
> This SF.Net email is sponsored by the Moblin Your Move 
> Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & 
> win great prizes
> Grand prize is a trip for two to an Open Source event 
> anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting 
> any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
>