Possible bug with NRPE running under xinetd

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
cherdt
Posts: 5
Joined: Mon Nov 30, 2015 12:08 pm
Contact:
Contact cherdt

Possible bug with NRPE running under xinetd

Post by cherdt »

This is based on my experience with NRPE 3.2.0 on CentOS 7.4, although based on my reading of the NRPE source it would affect other versions as well.

The default /etc/nagios/nrpe.cfg indicates in the comments that the nrpe_user and nrpe_group options are ignored if running under xinetd.

However, I've found that the behavior differs if they are set in nrpe.cfg versus not being set at all, which suggests they are not ignored.

I have 2 related users on my system:

Code: Select all

nagios:x:995:993::/var/spool/nagios:/sbin/nologin
nrpe:x:994:992:NRPE user for the NRPE service:/var/run/nrpe:/sbin/nologin
And 2 related groups:

Code: Select all

nagios:x:993:nrpe
nrpe:x:992:
In nrpe.cfg:

Code: Select all

nrpe_user=nrpe
nrpe_group=nrpe
In /etc/xinetd.d/nrpe:

Code: Select all

user = nagios
group = nagios
This leads to warnings in the messages log such as:

Code: Select all

Jan 25 16:40:53 trinculo nrpe[30095]: Warning: Could not set effective GID=992
Jan 25 16:40:53 trinculo nrpe[30095]: Warning: Unable to change supplementary groups using initgroups()
Jan 25 16:40:53 trinculo nrpe[30095]: Warning: Could not set UID=994
I've found 2 ways to eliminate the warnings:
  • Specify user/group nrpe/nrpe in /etc/xinetd.d/nrpe (no supplemental groups)
  • Comment out the nrpe_user and nrpe_group in /etc/nagios/nrpe.cfg
The latter suggests that these options have an effect even when NRPE is run under xinetd and are not ignored, as stated in the comments. Assuming I am interpreting this correctly, either the comments should be adjusted to reflect the actual behavior, or the behavior changed to match the comments.
Top
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Contact dwhitfield

Re: Possible bug with NRPE running under xinetd

Post by dwhitfield »

The best place to report bugs is https://github.com/NagiosEnterprises/nrpe/issues/new

That said, there are a couple of *related* fixes in 3.2.1:
Change seteuid error messages to warning/debug (Bryan Heden)
Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden)
Regardless, the devs are going to want to see this on 3.2.1 in order to dig into fixing it, so I would suggest upgrading.
Top
cherdt
Posts: 5
Joined: Mon Nov 30, 2015 12:08 pm
Contact:
Contact cherdt

Re: Possible bug with NRPE running under xinetd

Post by cherdt »

Excellent, thanks! When I have time I will see if I can reproduce it on 3.2.1 and, if so, open an issue on github.
Top
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Contact dwhitfield

Re: Possible bug with NRPE running under xinetd

Post by dwhitfield »

If you want, we can leave this open for questions, but if you're fine talking to the devs directly on github, do you mind if I lock this one up?

(if you want to just leave this open until you've tested, the best thing to do is just not respond. If you respond, then one of the techs will have to respond come Monday)
Top
Locked

Return to “Open Source Nagios Projects”