- Red Hat Enterprise Linux (RHEL) 7.6
- nagios or nrpe
sudostopped working after update to
nrpeplugin can not execute commands via
As a workaround, a local
SELinux policy can be created:
# cat > nagios-sudo.cil << EOF (allow systemd_logind_t nrpe_t (dbus (send_msg))) (allow nrpe_t systemd_logind_t (dbus (send_msg))) (allow nrpe_t systemd_logind_t (process (getattr))) (allow systemd_logind_t nagios_unconfined_plugin_t (dbus (send_msg))) EOF # semodule -i nagios-sudo.cil
The list of rules necessary to work around the issue temporarily is dependent on the current system setup and on modules which are used.
The regression is a result of
sudo rebase in
RHEL 7.6, see the sudo skips PAM account module in case NOPASSWD is used in sudoers bugzilla for more details. The denial is triggered when the
nagios plugin uses
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.