Re: what is nagios 'SECURITY information'?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Alex Dean
Date:  
To: Main PLUG discussion list
Subject: Re: what is nagios 'SECURITY information'?

On Nov 29, 2010, at 3:04 PM, Jason Holtzapple wrote:

> On 11/29/2010 12:45 PM, Alex Dean wrote:
>> I have Nagios running on a local server, and I occasionally get some emails from it with the subject "*** SECURITY information for <hostname>***". The body of the message is just a few characters. I've done some searching in my Nagios logs and online, and I have no idea what these emails are or what they mean.
>>
>> The latest instance was last night. I had my local network torn apart for a few hours, and when I reconnected everything, I had about 40 of these emails waiting for me.
>>
>> The Nagios I'm using is from Ubuntu 9.10. I'm using only a very few HTTP, ssh, & ping monitors. Nothing complex at all.
>
> sudo creates emails with subjects like that if there are security
> issues, but the body of your mail is not typical of sudo. Do any of your
> nagios checks use sudo as part of the check?


Nice fine. My checks using check_ide_smart do use sudo.

define command{
        command_name    check_smartd
        command_line    /usr/bin/sudo /usr/lib/nagios/plugins/check_ide_smart -d $ARG1$ -n 
}
define service{
        use                             generic-service
        host_name                       localhost
        service_description             SMART status 2
        check_command                   check_smartd!/dev/disk/by-id/scsi-SATA_WDC_WD6401AALS-_WD-WCASY7715793
}



/etc/sudoers
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ide_smart


For the example SECURITY email I sent (dated Nov 28, 21:29:59), /var/log/auth.log has a record:
Nov 28 21:29:59 artichoke sudo: nagios : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/lib/nagios/plugins/check_ide_smart -d /dev/disk/by-id/scsi-SATA_WDC_WD6401AALS-_WD-WCASY7715793 -n

As far as I can tell, that looks normal. The smartd checks were never in error while my network was down. I'm only using local passwd/group/shadow files for authentication, no LDAP or yp or other external authentication service.

alex
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss