Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check_yum.py #421

Open
fernandezguzmas opened this issue Apr 16, 2024 · 1 comment
Open

check_yum.py #421

fernandezguzmas opened this issue Apr 16, 2024 · 1 comment

Comments

@fernandezguzmas
Copy link

YUM WARNING: Cannot find summary line in yum output. Please make sure you have upgraded to the latest version from https://github.com/HariSekhon/Nagios-Plugins. If the problem persists, please raise a ticket at https://github.com/HariSekhon/Nagios-Plugins/issues with the full -vvv output
@adlerweb
Copy link
Contributor

adlerweb commented Jul 16, 2024
edited
Loading

This message appears on RHEL with subscription repositories when the check is not run as root. Full log:

Nagios Plugin for Yum updates on RedHat/CentOS systems - Version 0.12.8
Author: Hari Sekhon

setting plugin timeout to 30 seconds
running command: /usr/bin/yum --security check-update
Returncode: '0'
Output: 'Not root, Subscription Management repositories not updated
Last metadata expiration check: 0:24:30 ago on Tue 16 Jul 2024 09:49:12 AM CEST.
'
YUM WARNING: Cannot find summary line in yum output. Please make sure you have upgraded to the latest version from https://github.com/HariSekhon/Nagios-Plugins. If the problem persists, please raise a ticket at https://github.com/HariSekhon/Nagios-Plugins/issues with the full -vvv output

As we probably want to update the repositories to check for new updates, ignoring the message is not an option. The easiest way would be to setuid the script to rool (chown root check_yum.py && chmod u+s check_yum.py), this however may cause security concerns. A bit more restrictive would be modifying the script to use sudo (see attachment) and allow the two commands in /etc/sudoers.d/icinga as follows:

icinga ALL=(ALL) NOPASSWD: /usr/bin/yum --security check-update
icinga ALL=(ALL) NOPASSWD: /usr/bin/yum check-update

(Edit user "icinga" to match whatever your monitoring system is executing the script as)

Ultimately the script should probably check if the necessary permissions are already in place, switch to sudo if not and show a less generic error message for permission errors.

(attachments seem to be broken ATM)

--- check_yum.org.py    2024-07-16 10:25:24.280882380 +0200
+++ check_yum.py        2024-07-16 10:33:42.463331371 +0200
@@ -84,6 +84,7 @@
         print("UNKNOWN: %s" % message)
         sys.exit(UNKNOWN)

+SUDO = "/usr/bin/sudo"
 YUM = "/usr/bin/yum"
 DNF = '/usr/bin/dnf'

@@ -313,7 +314,7 @@
         """Gets all updates. Returns a single integer of the
         number of available updates"""

-        cmd = "%s check-update" % YUM
+        cmd = "%s %s check-update" % (SUDO, YUM)

         output = self.run(cmd)

@@ -385,7 +386,7 @@
         security and normal updates. Returns a tuple of the number
         of security and normal updates"""

-        cmd = "%s --security check-update" % YUM
+        cmd = "%s %s --security check-update" % (SUDO, YUM)

         output = self.run(cmd)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adlerweb @fernandezguzmas