Installing NRPE Using the Install Script

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
CLee1972
Posts: 20
Joined: Wed Mar 07, 2018 1:53 pm

Installing NRPE Using the Install Script

Post by CLee1972 »

This is from Article 8 titled above. I am curious if there is a way to run the full install and exclude setting up the FireWall? I looked at the script itself and the only things I can think of it commenting out "run_sub ./4-firewall" or to run the part of the script below that:

if [ -f skipped.firewall ]; then
cat <<-SKIPFW

NOTICE:
Your firewall configuration was skipped
You need to manually open ports 5666 for TCP traffic

SKIPFW
fi

I believe I would just run it with "./fullinstall -f skipped.firewall" but I am unsure as the -h only brings up two perimeters:
./fullinstall -h

Nagios Linux Agent Installer Script v2.0.0
Copyright 2009-2017, Nagios Enterprises LLC.
License:
Nagios Software License <http://assets.nagios.com/licenses/nagio ... icense.txt>
Support:
XI Support Mailing List <xisupport@nagios.com> (customers only)
Community Forums <http://support.nagios.com/forum/>

Usage: fullinstall [options...]

Options:
-h | --help
Display this help text
-n | --non-interactive
Assume defaults for all questions (for scripted installs)
CLee1972
Posts: 20
Joined: Wed Mar 07, 2018 1:53 pm

Re: Installing NRPE Using the Install Script

Post by CLee1972 »

Well,

I did a bit more digging with my colleague and I found an option in the 4-firewall script that looks for either "installed.firewall" or "skipped.firewall". I could only find installed.firewall inside the linux-nrpe-agent so I am assuming if I changed that to skipped.firewall that it will see that empty file and ignore installing the Firewall rules. I will update everyone of my findings.
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Installing NRPE Using the Install Script

Post by tmcdonald »

Your thoughts are correct - running touch skipped.firewall before the fullinstall should properly skip those steps.

For reference, the following code:

Code: Select all

if [ -f skipped.firewall ]; then
is bash code for "if the file skipped.firewall exists, then" etc. etc. -f is not a flag that the script can use, but rather the way to check for the existence of a file in bash.
Former Nagios employee
CLee1972
Posts: 20
Joined: Wed Mar 07, 2018 1:53 pm

Re: Installing NRPE Using the Install Script

Post by CLee1972 »

Well,

I tried to untar the file, then I went into /tmp/linux-nrpe-agent/ and ran touch skipped.firewall and it still installed the firewall and enabled it. This is not good, because I need to be able to run this without it turning the firewall on. This is a Production environment and we have external Firewall rules so we don't need to run IPTables. The script I am trying to use is located here https://support.nagios.com/kb/article.php?id=8. Maybe someone else will have better luck?
CLee1972
Posts: 20
Joined: Wed Mar 07, 2018 1:53 pm

Re: Installing NRPE Using the Install Script

Post by CLee1972 »

So, based on the 4-firewall install script, I may be able to trick the script:

#!/bin/bash -e

. ./xi-sys.cfg

# Was previous step completed?
if [ ! -f installed.services ]; then
echo "Services were not initialized - run previous script" >&2
exit 1
fi

# Was this step already completed?
if [ -f installed.firewall ]; then
echo "Firewall rules already configured - skipping."
exit 0
fi

# UPDATE FIREWALL SETTINGS
skip_firewall() {
echo "Firewall rules not touched"
touch skipped.firewall
touch installed.firewall
exit
}

I am thinking if I do a touch skipped.firewall and touch installed.firewall that it will just completely skip over the step but I can't be 100% sure without testing it against another server. Ah, the dilemmas of an installer/tester LOL
CLee1972
Posts: 20
Joined: Wed Mar 07, 2018 1:53 pm

Re: Installing NRPE Using the Install Script

Post by CLee1972 »

Just a follow up. Using touch installed.firewall and touch skipped.firewall seemed to work like a charm. It came back with "Your firewall configuration was skipped" at the end of the script and did not turn on the iptables. Just to make sure I wasn't fully crazy, I decided to test another server that was not in full production rotation with just skipped.firewall and I got the below results:

NOTICE:
Your firewall configuration was skipped
You need to manually open ports 5666 for TCP traffic

But when I ran service iptables status, I got the below results:

[root@ip-10-0-0-113 linux-nrpe-agent]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5666

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

IPTables was disabled prior to running the script so the script is adding the entry even when it is requesting a skip.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Installing NRPE Using the Install Script

Post by cdienger »

Line 48 and 68 add the iptables rule and restarts iptables. Disabling the first line with a # at the beginning and changing the second to "service iptables status" seems to have done the trick on my system.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked