Nagios & Jail
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue Jan 6 16:15:09 UTC 2009
On Tue, 6 Jan 2009, Albert Shih wrote:
> Le 06/01/2009 à 15:06:37+0000, Bjoern A. Zeeb a écrit
>> On Tue, 6 Jan 2009, Albert Shih wrote:
>>
>>> In fact I found the problem :
>>>
>>> When I compile nagios-plugin ports in a jail the «configure» don't find
>>> syntax of ping :
>>>
>>> checking for ping... /sbin/ping
>>> checking for ping6... /sbin/ping6
>>> checking for ICMP ping syntax... configure: WARNING: unable to find usable ping syntax
>>>
>>> But if I compile the same ports in a «normal» server (both are amd64).
>>>
>>> checking for ping... /sbin/ping
>>> checking for ping6... /sbin/ping6
>>> checking for ICMP ping syntax... /sbin/ping -n -c %d %s
>>> checking for ICMPv6 ping syntax... /sbin/ping6 -n -c %d %s
>>>
>>> So if I use the check_ping produce by compiling in a no-jail server on a
>>> jail-server it's working.
>>>
>>> I think it's a bug about the nagios-plugins ports. What you think ?
>>
>> I think most of all configure stuff out there is ... ok, if you
>> compile the port inside a jail and permit raw sockets, does it work
>> then --
>> either by using the rc.conf option and restarting the jail with
>> rc.d/jail or using sysctl security.jail.allow_raw_sockets=1 ?
>
> You mean I MUST restart the jail after I change the sysctl value ? Because
> after I change it, I can make a ping from inside the jail without
> restarting the jail.
>
> Well I'm going to make a new jail to check that (all other jail is in
> production).
No, if you manually change the sysctl it's all fine and production
immediately.
If you change the option .. wait; my fault, raw sockets is not
supported by the rc framework in contrast to other things, so there is
no option there. I confused this with jail_socket_unixiproute_only in
which case just changing it in rc.conf would not be sufficient.
/bz
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-jail
mailing list