plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

Nagios check_procs plugin is failing using NRPE or check_by_ssh

Open michaelsage opened this issue 1 month ago • 4 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [x] The title contains the plugin to which this issue belongs

Describe the bug Up until the latest release I have been using check_procs on multiple firewalls with nagios successfully. I have always used NRPE and it worked fine. After the latest update check_procs is failing with unable to read output. All other check_* are working as far as I can see. This is happening on all firewalls I am monitoring (6 in total)

I tried switching to check_by_ssh on one of the firewalls and while this worked for about 2 hours it then stopped working with the same error.

This worked on the previous version and I have setup a new firewall and confirmed this.

To Reproduce Steps to reproduce the behavior:

  1. Setup NRPE services
  2. Configure plugin with custom commands for NRPE
  3. Add checks to nagios server using NRPE.

Expected behavior The plugin should report back the number of running processes or zombie processes.

Relevant log files Nothing in the NRPE Log

Environment OPNsense 25.7.8-amd64 os-nrpe 1.1_1

michaelsage avatar Dec 02 '25 12:12 michaelsage

I just updated today and have similar results

pdobrien3 avatar Dec 07 '25 13:12 pdobrien3

Apparently FreeBSD pushed this one and it's part of 25.7.8 (and 25.7.9)

https://github.com/opnsense/ports/commit/36293c9c4

You can probably get it to work using:

# opnsense-revert -r 25.7.7 monitoring-plugins

I'm not overly interested in debugging what was changed here. Whatever was broken in 2.4.0 -- I've found no reports for it in https://github.com/monitoring-plugins/monitoring-plugins regarding "check_procs".

Similar report here, but for Alma in 2023 https://github.com/monitoring-plugins/monitoring-plugins/issues/1897

Cheers, Franco

fichtner avatar Dec 07 '25 19:12 fichtner

I have the same issue, my processes and processes zombie check return status unknown.

digibaro avatar Dec 12 '25 21:12 digibaro

Try the revert first. I don’t have confirmation about it yet.

fichtner avatar Dec 12 '25 22:12 fichtner

https://www.reddit.com/r/opnsense/comments/1ppst3o/comment/nux59zs/

fichtner avatar Dec 20 '25 06:12 fichtner

@fichtner thanks for this, it worked. On a quick glance, that is the only plugin that has those permissions? Any idea why this was needed?

pdobrien3 avatar Dec 20 '25 13:12 pdobrien3

They likely changed the script to be more secure but incompatible with BSD now, but I didn’t check closely why. At this point upstream should be made aware of this. I’m only here to offer triage and community support as time permits and this does not appear to be a core issue until we have further data of what the intended change was.

Cheers, Franco

fichtner avatar Dec 20 '25 13:12 fichtner

Setting system tunable security.bsd.see_other_uids to 1 fixes this as well as chmod 4775 /usr/local/libexec/nagios/check_procs.

monitoring-plugins 2.4 was released July 25 2024 which is pretty old, and it wasn't updated in the latest opnsense update.

eyyit avatar Dec 20 '25 15:12 eyyit