Local Pfsense service check "running", "not running" on remote check

jledur · February 7, 2025, 10:39pm

Recently upgraded pfsense from 24.03 to 24.11.

Prior to the upgrade all service checks were working (radiusd and openvpn).

Now, running the check on the pfsense box itself:
./check_pf_services -name radiusd
OK - radiusd service is running)

Running the check from a monitoring satellite:
‘/usr/lib64/nagios/plugins/check_nrpe’ ‘-H’ ‘192.168.168.47’ ‘-c’ ‘check_service’ ‘-u’ ‘-a’ ‘radiusd’
CRITICAL - radiusd service not running

Debuglog following remote check execution:
notice/Process: Running command ‘/usr/lib64/nagios/plugins/check_nrpe’ ‘-H’ ‘192.168.173.47’ ‘-c’ ‘check_service’ ‘-u’ ‘-a’ radiusd’: PID 2615021
[2025-02-08 11:09:57 +1300] notice/Process: PID 2615021 (‘/usr/lib64/nagios/plugins/check_nrpe’ ‘-H’ ‘192.168.173.47’ ‘-c’ ‘check_service’ ‘-u’ ‘-a’ ‘radiusd’) terminated with exit code 2

No other checks are impacted since the upgrade. Network security controls still allowing all traffic between the two. Anyone else encountered something similar to this? Cheers

Monitoring Satellite Details:
icinga2 --version: r2.13.7-1
OS: Redhat 8.10 4.18.0-553.33.1.el8_10.x86_64

Cayuga · June 22, 2025, 9:47am

Hi jledur, i have ran into the same problem with pfSense CE 2.8.0. I dug a little into the pfsense NRPE check to see what is up. Eventually it runs pkill -0 to check whether the process is running. Which works under root/admin, but the nagios user (used for NRPE execution) is not allowed to do that for other users PID’s.

pkill -0 -x php_wg
pkill: signalling pid 94588: Operation not permitted

It makes sense, not sure how this used to work in previous versions.

The quick fix is to just elevate privileges for this check. To do this:

Install the sudo package from the pfsense package manager.
Add the check to allowed commands for the nagios user without password at the sudo config page in the webinterface (under system → sudo) command list: /usr/local/libexec/nagios/check_pf_services.
Check the sudo box with the check_pf_services command in the NRPE config in the webinterface.

Bob is ur uncle, not classy, but it works for now.

rivad · June 23, 2025, 10:37am

maybe a more precise sudo config can be used. Something like monitoring-plugins/assets/sudoers/Debian.sudoers at main · Linuxfabrik/monitoring-plugins · GitHub