I am getting an execution error when scanning linux hosts with NRPE. No issues on the Windows hosts.
Using 23.10
Question
Service scan error on disks
Hi
I managed to reproduce the problem on a 23.10 platform for Linux hosts.
The problem I personally encountered on the platform was related to Gorgone's whitelists.
The autodiscovery command was not authorised to be executed by the Gorgone user.
First, you can enable debug logs for Centreon Gorgone in "Administration > Parameters > Debug" then check "Centreon Gorgone debug" and "Save"
After that, you could relaunch a service discovery, you should see lines like this in /var/log/centreon-gorgone/gorgoned.log :
2024-05-06 10:05:34 - INFO - [action] command not allowed (whitelist): /usr/lib64/nagios/plugins/check_centreon_nrpe3 -H 127.0.0.1 -p 5666 -t 5 -u -c check_centreon_plugins -a 'os::linux::local::plugin' 'list-storages' ' --disco-show'
2024-05-06 10:05:34 - DEBUG - [action] internal message: [PUTLOG] [svc-disco-4d33d7bc:1-8-18] [] {"data":{"message":"command not allowed (whitelist) at array index '0'"},"code":1,"token":"svc-disco-4d33d7bc:1-8-18","instant":null,"etime":1714982734}
2024-05-06 10:05:34 - DEBUG - [core] Message received internal - [PUTLOG] [svc-disco-4d33d7bc:1-8-18] [] {"data":{"message":"command not allowed (whitelist) at array index '0'"},"code":1,"token":"svc-disco-4d33d7bc:1-8-18","instant":null,"etime":1714982734}If the error message is the same, there are two solutions:
- Disable the Gorgoned whitelist (not the most secure or recommended solution, but useful for debugging purposes):
Edit the /etc/centreon-gorgone/config.d/40-gorgoned.yaml file and change the whitelist_cmds parameter to false then restart gorgoned
- Add the discovery command to the whitelist:
Create a custom file in the /etc/centreon-gorgone/config.d/whitelist.conf.d/ folder with the following line (for example):
- \/usr\/lib64\/nagios\/plugins\/check_centreon_nrpe3\s+-H\s+\S+\s+-p\s+\d+\s+-t\s+\d+\s+-u\s+-c\s+\S+\s+-a\s+'.+'then restart gorgoned
Hope it helps!
Unfortunately, that didn’t work. I’ve enabled debug and get the the same whitelist errors from the log but after amending the yaml file to disable the whitelist_cmds parameter and bouncing the gorgoned daemon, I still get the error
I’ll open a ticket
[root@mon centreon-gorgone]# grep whitelist_cmds /etc/centreon-gorgone/config.d/40-gorgoned.yaml
whitelist_cmds: false
[root@mon centreon-gorgone]# systemctl restart gorgoned.service
[root@mon centreon-gorgone]#
[root@mon centreon-gorgone]# grep whitelist gorgoned.log
2024-05-07 10:59:39 - INFO - [action] command not allowed (whitelist): /usr/lib64/nagios/plugins/check_centreon_nrpe3 -H jira -p 5666 -t 5 -2 -c check_centreon_plugins -a 'os::linux::local::plugin' 'list-storages' ' --disco-show'
2024-05-07 10:59:39 - DEBUG - [action] internal message: [PUTLOG] [svc-disco-58ac6f5d:15-32-495] [] {"code":1,"etime":1715075979,"data":{"message":"command not allowed (whitelist) at array index '0'"},"instant":null,"token":"svc-disco-58ac6f5d:15-32-495"}
2024-05-07 10:59:39 - DEBUG - [core] Message received internal - [PUTLOG] [svc-disco-58ac6f5d:15-32-495] [] {"code":1,"etime":1715075979,"data":{"message":"command not allowed (whitelist) at array index '0'"},"instant":null,"token":"svc-disco-58ac6f5d:15-32-495"}
2024-05-07 10:59:39 - DEBUG - [core] Message received internal - [SERVICEDISCOVERYLISTENER] [svc-disco-58ac6f5d:15-32-495] [] { "code": 1, "data": {"message":"command not allowed (whitelist) at array index '0'"} }
2024-05-07 10:59:39 - DEBUG - [autodiscovery] Event: [SERVICEDISCOVERYLISTENER] [svc-disco-58ac6f5d:15-32-495] [] { "code": 1, "data": {"message":"command not allowed (whitelist) at array index '0'"} }
2024-05-07 10:59:39 - DEBUG - [autodiscovery] internal message: [PUTLOG] [41c8053a5153ee740709888590db3be119ec6bb1bb914949895442c8f5ea5dbd78e64d4b27d8996ea9be0c6f8729259ef4b76f5c3594002c7102866b1a122a0e] [] {"token":"41c8053a5153ee740709888590db3be119ec6bb1bb914949895442c8f5ea5dbd78e64d4b27d8996ea9be0c6f8729259ef4b76f5c3594002c7102866b1a122a0e","instant":null,"data":{"count_discoveries":"1","journal":[],"failed_discoveries":1,"message":"discovery finished","manual":{"495":{"rules":{"32":{"message":"command not allowed (whitelist) at array index '0'","failed":1,"discovery":{}}}}}},"etime":1715075979,"code":2}
2024-05-07 10:59:39 - DEBUG - [core] Message received internal - [PUTLOG] [41c8053a5153ee740709888590db3be119ec6bb1bb914949895442c8f5ea5dbd78e64d4b27d8996ea9be0c6f8729259ef4b76f5c3594002c7102866b1a122a0e] [] {"token":"41c8053a5153ee740709888590db3be119ec6bb1bb914949895442c8f5ea5dbd78e64d4b27d8996ea9be0c6f8729259ef4b76f5c3594002c7102866b1a122a0e","instant":null,"data":{"count_discoveries":"1","journal":[],"failed_discoveries":1,"message":"discovery finished","manual":{"495":{"rules":{"32":{"message":"command not allowed (whitelist) at array index '0'","failed":1,"discovery":{}}}}}},"etime":1715075979,"code":2}
2024-05-07 11:00:24 - INFO - [action] command not allowed (whitelist): /usr/lib64/nagios/plugins/check_centreon_nrpe3 -H jira -p 5666 -t 5 -2 -c check_centreon_plugins -a 'os::linux::local::plugin' 'list-storages' ' --disco-show'
2024-05-07 11:00:24 - DEBUG - [action] internal message: [PUTLOG] [svc-disco-fcbdda5d:1-32-495] [] {"code":1,"data":{"message":"command not allowed (whitelist) at array index '0'"},"token":"svc-disco-fcbdda5d:1-32-495","etime":1715076024,"instant":null}
2024-05-07 11:00:24 - DEBUG - [core] Message received internal - [PUTLOG] [svc-disco-fcbdda5d:1-32-495] [] {"code":1,"data":{"message":"command not allowed (whitelist) at array index '0'"},"token":"svc-disco-fcbdda5d:1-32-495","etime":1715076024,"instant":null}
2024-05-07 11:00:24 - DEBUG - [core] Message received internal - [SERVICEDISCOVERYLISTENER] [svc-disco-fcbdda5d:1-32-495] [] { "code": 1, "data": {"message":"command not allowed (whitelist) at array index '0'"} }
2024-05-07 11:00:24 - DEBUG - [autodiscovery] Event: [SERVICEDISCOVERYLISTENER] [svc-disco-fcbdda5d:1-32-495] [] { "code": 1, "data": {"message":"command not allowed (whitelist) at array index '0'"} }
2024-05-07 11:00:24 - DEBUG - [autodiscovery] internal message: [PUTLOG] [e67a00a64b2604cc06d7cedac5b29cbc4cf4b1998f16f1bc79ebf7000a76f1f5345f81c83750b6351347997b0cfb37fa6ed5eaa74f1f0825c831721812e6298c] [] {"data":{"journal":[],"count_discoveries":"1","failed_discoveries":1,"manual":{"495":{"rules":{"32":{"failed":1,"discovery":{},"message":"command not allowed (whitelist) at array index '0'"}}}},"message":"discovery finished"},"code":2,"token":"e67a00a64b2604cc06d7cedac5b29cbc4cf4b1998f16f1bc79ebf7000a76f1f5345f81c83750b6351347997b0cfb37fa6ed5eaa74f1f0825c831721812e6298c","etime":1715076024,"instant":null}
2024-05-07 11:00:24 - DEBUG - [core] Message received internal - [PUTLOG] [e67a00a64b2604cc06d7cedac5b29cbc4cf4b1998f16f1bc79ebf7000a76f1f5345f81c83750b6351347997b0cfb37fa6ed5eaa74f1f0825c831721812e6298c] [] {"data":{"journal":[],"count_discoveries":"1","failed_discoveries":1,"manual":{"495":{"rules":{"32":{"failed":1,"discovery":{},"message":"command not allowed (whitelist) at array index '0'"}}}},"message":"discovery finished"},"code":2,"token":"e67a00a64b2604cc06d7cedac5b29cbc4cf4b1998f16f1bc79ebf7000a76f1f5345f81c83750b6351347997b0cfb37fa6ed5eaa74f1f0825c831721812e6298c","etime":1715076024,"instant":null}
[root@mon centreon-gorgone]#
[root@mon centreon-gorgone]#
+21Hi, did you disable allowed_commands in /ect/centreon-gorgoned/config.d/40-gorgoned.yaml file?
+11Hi
Did you manage to find a solution to your issue? If so, feel free to share how you did it; it will help someone with the same problem find a solution easily.
Thank you,
+2whenever someone has the same issue on 24.4.x, the change must be done on the file /etc/centreon-gorgone/config.d/39-action.yaml
whitelist_cmds: false
restart gorgoned and you are good to go.
this is anoying as by default, when you install a remote, the following command configures for you the remote server : /usr/share/centreon/bin/centreon -u \"@GORGONE_USER@\" -p \"@GORGONE_PASSWORD@\" -w -o CentreonWorker -a processQueue and it is forbidden by rule
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.