grsecurity forums

[josesan311]

Hello,

Im trying to monitor a grsec kernel based server from a remote server using nrpe nagios plugin.
I have compiled and configured nrpe to do this, everytime the remote server attempts to use nrpe I get the following error:

Code: Select all

Apr 27 12:44:04 servername xinetd[29036]: START: nrpe pid=29825 from=remote_ip
Apr 27 12:44:04 servername kernel: grsec: From remote_ip: denied untrusted exec of /usr/local/nagios/bin/nrpe by /usr/sbin/xinetd[xinetd:29825] uid/euid:515/515 gid/egid:516/516, parent /usr/sbin/xinetd[xinetd:29036] uid/euid:0/0 gid/egid:0/0
Apr 27 12:44:04 servername xinetd[29825]: execv( /usr/local/nagios/bin/nrpe ) failed: Permission denied (errno = 13)
Apr 27 12:44:04 servername xinetd[29036]: EXIT: nrpe status=0 pid=29825 duration=0(sec)
Apr 27 12:44:05 servername root: Process did not exit cleanly, returned 255 with signal 0

Code: Select all

[root@servername ~]# grep "nagios" /etc/passwd
nagios:x:515:516::/home/nagios:/bin/bash
[root@servername ~]# grep "nagios" /etc/group
nagios:x:516:

How can i get rid of this error and let the remote server use nrpe plugin accordingly?

Any help will be very appreciated.

Thank you in advance.

[Grach]

This is a TPE issue:

Apr 27 12:44:04 servername kernel: grsec: From remote_ip: denied untrusted exec of /usr/local/nagios/bin/nrpe by /usr/sbin/xinetd[xinetd:29825] uid/euid:515/515 gid/egid:516/516, parent /usr/sbin/xinetd[xinetd:29036] uid/euid:0/0 gid/egid:0/0

You should use chmod to deny writes to /usr/local/nagios/bin/nrpe and its path directories for anybody but root.

[josesan311]

Hello,

That fixed it. Thank you very much Grach!
Very appreciated!

[eduardb]

Hi,

Can you tell me please what permission i must to set to resolve this problem?

Thank You