I have a permission issue that is driving me crazy. I am trying to monitor asterisk on an arch linux virtual machine, using the plugin "check_asterisk_peers". I have installed NRPE (the Nagios remote agent). The relevant section of nrpe.cfg is:
command[check_users]=/usr/lib/monitoring-plugins/check_users -w 5 -c 10
command[check_asterisk_peers]=/usr/lib/monitoring-plugins/check_asterisk_peers -p monika_gigaset
Here is what I am getting:
/usr/lib/monitoring-plugins/check_nrpe -H 10.10.10.10 -c check_users
USERS OK - 2 users currently logged in |users=2;5;10;0
Now, this tells me that the NRPE is working all right, and all permissions are set correctly.
If I simply run the plugin (without invoking check_nrpe) I get:
aag ~ $ /usr/lib/monitoring-plugins/check_asterisk_peers -p monika_gigaset
CRITICAL: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
however if I run it with sudo it works fine (from which I conclude that the plugin does not have sufficient privileges when run as non-root):
aag ~ $ sudo /usr/lib/monitoring-plugins/check_asterisk_peers -p monika_gigaset
OK: monika_gigaset
If I however run the asterisk plugin, I get:
aag ~ $ /usr/lib/monitoring-plugins/check_nrpe -H 10.10.10.10 -c check_asterisk_peers
CRITICAL: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
same thing if I run it with sudo:
aag ~ $ sudo /usr/lib/monitoring-plugins/check_nrpe -H 10.10.10.10 -c check_asterisk_peers
CRITICAL: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
I am certain that the issue is one of permissions, but am unable to solve it.
The sudoers file (excerpt) reads like:
root ALL=(ALL) ALL
http ALL = NOPASSWD: /usr/sbin/asterisk -rx database *
nrpe ALL=(ALL) NOPASSWD: /usr/sbin/service,/usr/lib/monitoring-plugins/check_asterisk_peers
asterisk ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%admins ALL= (ALL) ALL
Defaults targetpw # Ask for the password of the target user
ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
Any hint would be gratefully appreciated! My diagnosis is that the plugin "check_asterisk_peers" does not have the permission to contact asterisk (which runs as root), but I do not understand how I can grant the appropriate permissions to it.
Best Answer
Correct solution:
in /etc/asterisk/asterisk.conf change owner of socket to
And add nrpe or nagios user(user you use you can see in nrpe.cfg) to asterisk group.