Creating new NRPE command definitions securely
In this recipe, we'll learn how to securely create new command definitions for nrpe to run upon request by a monitoring server. We need to do this, because even if we have a huge set of plugins installed on our target host running nrpe, the daemon will only run commands defined in its configuration file.
We'll also learn how arguments can be passed to these commands, if strictly necessary, and about the potentially negative security consequences of this.
Getting ready
You should have a target host configured for checking in a Nagios Core 4.0 or later monitoring server. The target host should be running the nrpe daemon. You can verify that nrpe is running with pgrep(1) or ps(1):
# pgrep nrpe 29964 # ps -e | grep [n]rpe nagios 29964 1 0 21:55 ? 00:00:01 nrpe
We can inspect the list of commands that nrpe is already configured to run by looking for command directives in its configuration file. By default, this file is /usr/local/nagios/etc/nrpe.cfg...
