In order to utilize the "Force Service Status" feature on Unix/Linux operating systems, additional configuration steps may be necessary for security reasons. The steps below are not necessary if the target system you are monitoring allows root logins via SSH, and the account configured in EventSentry is the root user or equivalent.
The instructions below should work on most common Linux distributions but may differ and come without warranty. On the target systems perform the following steps.
1. Create a new user by running this command:
sudo useradd -m [username]
2. Create a password for the new user (write down the user name and password since that will later need to be configured in EventSentry:
sudo passwd [username]
3. Grant the new user access to the command to start/stop services. This requires the creation of a file in /etc/sudoers.d called [username]. You can use your preferred text editor, for this example we use nano.
The sudoers file is a critical and sensitive file; a typo or an error in this file could lead to issues executing elevated commands and render the system unusable. Double check before saving. |
sudo nano /etc/sudoers.d/[username]
The following 3 lines must be added to this new file:
[username] ALL=NOPASSWD: /bin/systemctl start *
[username] ALL=NOPASSWD: /bin/systemctl stop *
[username] ALL=NOPASSWD: /bin/systemctl status *
Replace [username] with the username that was enter in step 1. Save the changes by using CTRL+S and exit the editor with CTRL+X.
An alternative way to do the same is by downloading our creation script and run it by:
wget https://raw.githubusercontent.com/eventsentry/configuration/main/es_servicemonitor.sh
sudo sh es_servicemonitor.sh
The script will ask for the username and password and will create the corresponding files authorize that user to start/stop services.