Code: Select all
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.How to check if NRPE compiled with --enable-command-args?
How to check if NRPE compiled with --enable-command-args?
I use nagios3-3.5.1.dfsg-2.1ubuntu1 on ubuntu 16.04. I want to use NRPE with args to remote checks, but get:
Is there any way to query nrpe to learn if this package nagios3-3.5.1.dfsg-2.1ubuntu1 was compiled with --enable-command-args ?
Last edited by dwhitfield on Thu Dec 01, 2016 10:52 am, edited 1 time in total.
Reason: marking with green check mark
Reason: marking with green check mark
Re: How to check if NRPE compiled with --enable-command-args
I would look at the exact error message that is being logged on your client side syslog, when that command is executing as it'll say exactly why it's not working.
If it's just the arguments, you should be able to just modify the configuration file -
If it's just the arguments, you should be able to just modify the configuration file -
Code: Select all
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=1
Former Nagios Employee
Re: How to check if NRPE compiled with --enable-command-args
Thanks. It seems nagios-nrpe-server on Ubuntu is likely compiled without --enable-command-args. I'll need to pivot to defining the remote checks explicitly without arguments.
Checking the source package, this is present in the diff:
Prior to discovering the above, I had the following notes (for other's reference):
I do have dont_blame_nrpe=1 set in config, both on the hosts being monitored via nrpe (computeN), and the hosts doing the monitoring (headN).
The error on the host being monitored via nrpe is of the form:
The nrpe server is running on the hosts being monitored:
I don't find any more specific error messages than the above in syslog.
Checking the source package, this is present in the diff:
Code: Select all
in nagios-nrpe_2.15-1ubuntu1.diff:
nagios-nrpe (2.15-1) unstable; urgency=high
This update disables the command-args support in nrpe. The feature
has several security problems and is often used wrong. If you have to
use this feature recompile the package with --enable-command-args
in debian/rules.
-- Alexander Wirt <formorer@debian.org> Tue, 15 Jul 2014 09:52:48 +0200
This files are included from the /etc/nagios/nrpe.cfg
This package is built without support for command argument processing. If you
want to enable it, you will have to rebuild this package with
--enable-command-args in debian/rules.
The feature has several security problems and should not be used. If you
really need some dynamic argument processing try check_by_ssh or something
similar.I do have dont_blame_nrpe=1 set in config, both on the hosts being monitored via nrpe (computeN), and the hosts doing the monitoring (headN).
Code: Select all
ubuntu@compute1:~$ grep dont_blame_nrpe= /etc/nagios/nrpe.cfg
dont_blame_nrpe=1
ubuntu@head1:~$ grep dont_blame_nrpe= /etc/nagios/nrpe.cfg
dont_blame_nrpe=1Code: Select all
ubuntu@compute1:~$ grep nrpe /var/log/syslog |tail -n 6
Nov 29 21:31:41 compute01 nrpe[22879]: Error: Request contained command arguments!
Nov 29 21:31:41 compute01 nrpe[22879]: Client request was invalid, bailing out...
Nov 29 21:31:42 compute01 nrpe[22881]: Error: Request contained command arguments!
Nov 29 21:31:42 compute01 nrpe[22881]: Client request was invalid, bailing out...Code: Select all
ubuntu@compute1:~$ sudo service nagios-nrpe-server status
● nagios-nrpe-server.service - LSB: Start/Stop the Nagios remote plugin execution daemon
Loaded: loaded (/etc/init.d/nagios-nrpe-server; bad; vendor preset: enabled)
Active: active (running) since Tue 2016-11-22 23:54:03 UTC; 6 days ago
Docs: man:systemd-sysv-generator(8)
Tasks: 1
Memory: 516.0K
CPU: 4min 35.056s
CGroup: /system.slice/nagios-nrpe-server.service
└─15176 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Nov 29 21:55:59 compute1 nrpe[26628]: Error: Request contained command arguments!
Nov 29 21:56:02 compute1 nrpe[26630]: Error: Request contained command arguments!
Nov 29 21:56:37 compute1 nrpe[26688]: Error: Request contained command arguments!
Nov 29 21:56:40 compute1 nrpe[26694]: Error: Request contained command arguments!
Nov 29 21:56:42 compute1 nrpe[26698]: Error: Request contained command arguments!
Nov 29 21:56:57 compute1 nrpe[26706]: Error: Request contained command arguments!
Nov 29 21:56:58 compute1 nrpe[26711]: Error: Request contained command arguments!
Nov 29 21:57:00 compute1 nrpe[26713]: Error: Request contained command arguments!
Nov 29 21:57:42 compute1 nrpe[26750]: Error: Request contained command arguments!
Nov 29 21:57:42 compute1 nrpe[26752]: Error: Request contained command arguments!Re: How to check if NRPE compiled with --enable-command-args
Thanks for posting your findings. Guessing you were able to recompile already, but I'll leave these links here for anyone that may need them.
NRPE manual install - https://support.nagios.com/kb/article.p ... ategory=22
Compile NRPEv3 from source - https://support.nagios.com/kb/article.p ... ategory=22
Would you mind if we marked this thread resolved, and locked it up?
NRPE manual install - https://support.nagios.com/kb/article.p ... ategory=22
Compile NRPEv3 from source - https://support.nagios.com/kb/article.p ... ategory=22
Would you mind if we marked this thread resolved, and locked it up?
Former Nagios Employee
Re: How to check if NRPE compiled with --enable-command-args
Yes, OK to lock thread. I didn't recompile with --enable-command-args, instead I am writing out all permutations of wanted commands with their args in /etc/nagios/nrpe_local.cfg.