[hobbit] client file check

Scot Kreienkamp SKreien at la-z-boy.com
Tue Jul 7 19:50:09 CEST 2009


Yes.  The file appears on the web page and the client is trying to
report on it.  But it doesn't have permissions to get to the file I need
to monitor.

Wound up reading about debugging for a few hours, and tried using strace
to see what was going on.  Here's the line from the output:
lstat("/var/lib/pgsql/data/recovery.conf", 0x7fff3a23d510) = -1 EACCES
(Permission denied)

It's using it's own internal workings to check on files, not external
programs, which means it's not possible to use sudo unless you raise the
entire program's permissions.  Or run the client as root in those few
instances where it's an issue for me.

Thanks for your help.

Scot Kreienkamp

-----Original Message-----
From: Brand, Thomas R. [mailto:TRBrand at cvs.com] 
Sent: Tuesday, July 07, 2009 1:30 PM
To: hobbit at hswn.dk
Subject: RE: [hobbit] client file check

> -----Original Message-----
> From: Scot Kreienkamp [mailto:SKreien at la-z-boy.com]
> Sent: Tuesday, July 07, 2009 10:19 AM
> To: hobbit at hswn.dk
> Subject: RE: [hobbit] client file check
> 
> That doesn't work.  It doesn't like the backticks in client-local.cfg.
> Now my clients say no files checked.
> 
> Thanks,
> 
> Scot Kreienkamp
> La-Z-Boy Inc.
> skreien at la-z-boy.com
> 734-242-1444 ext 6379
> 
> -----Original Message-----
> From: Brand, Thomas R. [mailto:TRBrand at cvs.com]
> Sent: Monday, July 06, 2009 4:31 PM
> To: hobbit at hswn.dk
> Subject: RE: [hobbit] client file check
> 
> 
> > -----Original Message-----
> > From: dOCtoR MADneSs [mailto:doctor at makelofine.org]
> >
> > You could try something like this :
> > in local-client.cfg add a section for this host :
> > [my_host]
> > file:`sudo ls /your/file`
> > and in hobbit-clients.cfg add a line in your host section :
> > HOST=my_host
> > FILE /your/file YOUR_SWITCHES
> >
> > anyone disagree with it ?
> 
> Somewhat of a security risk; when using sudo, I recommend using
> full path to the executable:
> sudo /bin/ls /your/file
> 
> and in your /etc/sudoers file:
> 
> # Hobbit may run /bin/ls but flags are not allowed
> hobbit   ALL = NOPASSWD: /bin/ls [!-]*
> 
> 
> t09trbrxs# su - hobbit
> hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys
> /root/.ssh/authorized_keys
> hobbit at t09trbrxs:~> sudo /bin/ls --color=always
> /root/.ssh/authorized_keys
> hobbit's password:
> hobbit at t09trbrxs:~>
> 

Did you add a corresponding rule in hobbit-clients.cfg ?

Example rule from my hobbit-clients.cfg file:
# Check for core dump files; see "client-local.cfg" file
FILE "%.*(core|hs_err_pid.*log).*" yellow NOEXIST

This matches the below check in client-local.cfg
file:`find / -maxdepth 1 -name "*core*" -mmin -360 2>/dev/null`

So, if the client finds a core file in the root directory
(/some_core_file) it reports it to the server; on the server the FILE
rule says
"set the 'files' column to YELLOW if a *core* file is found'
which causes the web page to show:

---------------------------------------------------
Files status at Tue Jul 7 10:20:08 PDT 2009

! /core.20090707.050107.2457.dmp
File exists
-----------------------------------------------------  


Then you need to set an appropriate ALERT in hobbit-alerts.cfg:
HOST=testbox SERVICE=files
   MAIL  yourEmail at yourmail.com COLOR=YELLOW







More information about the Xymon mailing list