CHECK_NRPE: Receive header underflow - only 0 bytes received

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby cocoyanouck » Wed Jun 20, 2018 5:08 am

Hello,

I'm sorry to open once again this topic. I have reinstall a new nagios on debian 9. Then if i run
Code: Select all
apt install nagios-nrpe-plugins
check_nrpe is on /usr/lib/nagios/plugins => OK

But I can't find any nrpe.cfg file on /etc/nagios/ do you know where is this file with this kind of installation ?

root@Nagios-VZ:~# cd /etc/nagios-plugins/
root@Nagios-VZ:/etc/nagios-plugins# ls
config
root@Nagios-VZ:/etc/nagios-plugins# cd config/
root@Nagios-VZ:/etc/nagios-plugins/config# ls
check_nrpe.cfg
root@Nagios-VZ:/etc/nagios-plugins/config# vi check_nrpe.cfg

Code: Select all
# this command runs a program $ARG1$ with no arguments and enables SSL support
define command {
        command_name    check_nrpe
        command_line    /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

# this command runs a program $ARG1$ with no arguments and disables SSL support
define command {
        command_name    check_nrpe_nossl
        command_line    /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
}


I have recolted theses informations :

Code: Select all
root@Nagios-VZ:/home/nagios# apt list  --installed |grep nrpe

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

nagios-nrpe-plugin/stable,now 3.0.1-3+deb9u1 i386  [installé]



Code: Select all
root@Nagios-VZ:/etc/nagios-plugins/config# apt list  --installed |grep libc6

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libc6/stable,now 2.24-11+deb9u3 i386  [installé]
libc6-dev/stable,now 2.24-11+deb9u3 i386  [installé, automatique]


Code: Select all
root@Nagios-VZ:/etc/nagios-plugins/config# uname -a
Linux Nagios-VZ 4.9.0-6-686-pae #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) i686 GNU/Linux


Code: Select all
root@Nagios-VZ:/etc/nagios-plugins/config# cat /etc/*release*

PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"


Code: Select all
root@Nagios-VZ:/etc/nagios-plugins/config# /usr/lib/nagios/plugins/check_nrpe -V

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required



Since I can't find the nrpe.cfg, I'm not able to modify allowed host by the IP of my server, so I've theses errors :

Code: Select all
root@Nagios-VZ:/etc/nagios-plugins/config# /usr/lib/nagios/plugins/check_nrpe -H 10.0.2.130
connect to address 10.0.2.130 port 5666: Connection refused
connect to host 10.0.2.130 port 5666: Connection refused
root@Nagios-VZ:/etc/nagios-plugins/config# /usr/lib/nagios/plugins/check_nrpe -H localhost
connect to address ::1 port 5666: Connection refused
connect to address 127.0.0.1 port 5666: Connection refused
connect to host localhost port 5666: Connection refused
cocoyanouck
 
Posts: 90
Joined: Fri Apr 08, 2016 3:17 am

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby tgriep » Wed Jun 20, 2018 9:23 am

You also need to install the NRPE server on the system by running the following.
Code: Select all
apt install nagios-nrpe-server


Then the nrpe.cfg file should be in the /etc/nagios folder.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tgriep
Madmin
 
Posts: 7213
Joined: Thu Oct 30, 2014 9:02 am

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby cocoyanouck » Wed Jun 20, 2018 9:35 am

OK thanks.

So after the installation of nagios-nrpe-server and modification of the allowed host :


Code: Select all
root@Nagios-VZ:/usr/local/nagios/libexec# apt list  --installed |grep nrpe

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

nagios-nrpe-plugin/stable,now 3.0.1-3+deb9u1 i386  [installé]
nagios-nrpe-server/stable,now 3.0.1-3+deb9u1 i386  [installé]


Code: Select all
root@Nagios-VZ:/usr/lib/nagios/plugins# ./check_nrpe -H 10.0.2.130
CHECK_NRPE: Error - Could not connect to 10.0.2.130: Connection reset by peer
cocoyanouck
 
Posts: 90
Joined: Fri Apr 08, 2016 3:17 am

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby scottwilkerson » Wed Jun 20, 2018 10:38 am

did you install the nrpe server on 10.0.2.130?

did you start the service?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 12248
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby cocoyanouck » Thu Jun 21, 2018 1:27 am

10.0.2.130 is the localhost = nagios so yes this is installed and launched.
cocoyanouck
 
Posts: 90
Joined: Fri Apr 08, 2016 3:17 am

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby scottwilkerson » Thu Jun 21, 2018 8:15 am

please run and return the following
Code: Select all
netstat -nlp|grep 5666
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 12248
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby cocoyanouck » Fri Jun 22, 2018 3:35 am

Code: Select all
root@Nagios-VZ:/home/nagios# netstat -nlp|grep 5666
tcp        0      0 0.0.0.0:5666            0.0.0.0:*               LISTEN      11897/nrpe
tcp6       0      0 :::5666                 :::*                    LISTEN      11897/nrpe
cocoyanouck
 
Posts: 90
Joined: Fri Apr 08, 2016 3:17 am

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby scottwilkerson » Fri Jun 22, 2018 7:38 am

please share your nrpe.cfg & /etc/xinetd.d/nrpe (if you have one)

Is 10.0.2.130 in the allowed hosts and only from?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 12248
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby cocoyanouck » Tue Jun 26, 2018 7:17 am

root@nagios-debian:/etc/nagios# cat nrpe.cfg
Code: Select all
#############################################################################
#
#  Sample NRPE Config File
#
#  Notes:
#
#  This is a sample configuration file for the NRPE daemon.  It needs to be
#  located on the remote host that is running the NRPE daemon, not the host
#  from which the check_nrpe client is being executed.
#
#############################################################################


# LOG FACILITY
# The syslog facility that should be used for logging purposes.

log_facility=daemon



# LOG FILE
# If a log file is specified in this option, nrpe will write to
# that file instead of using syslog.

#log_file=/var/log/nrpe.log



# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on

debug=0



# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number.  The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.

pid_file=/var/run/nagios/nrpe.pid



# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-privileged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

server_port=5666



# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

#server_address=127.0.0.1



# LISTEN QUEUE SIZE
# Listen queue size (backlog) for serving incoming connections.
# You may want to increase this value under high load.

#listen_queue_size=5



# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_user=nagios



# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

nrpe_group=nagios



# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address.  I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

allowed_hosts=127.0.0.1,::1



# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=0



# BASH COMMAND SUBSTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...).  This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
#         1=allow bash command substitutions

allow_bash_command_substitution=0



# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for allowing
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password.  If you do this, make sure you don't give
# random users write access to that directory or its contents!

# command_prefix=/usr/bin/sudo


# MAX COMMANDS
# This specifies how many children processes may be spawned at any one
# time, essentially limiting the fork()s that occur.
# Default (0) is set to unlimited
# max_commands=0



# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.

command_timeout=60



# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.

connection_timeout=300



# WEAK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness

#allow_weak_random_seed=1



# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.

# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
#        SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
#        TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
#        TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
#        TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.

#ssl_version=SSLv2+

# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.

#ssl_use_adh=1

# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
# greater.

#ssl_cipher_list=ALL:!MD5:@STRENGTH
#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH

# SSL Certificate and Private Key Files

#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem

# SSL USE CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default)
#         1 = Ask for client certificates
#         2 = Require client certificates

#ssl_client_certs=0

# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.

# Values: 0x00 (0)  = No additional logging (default)
#         0x01 (1)  = Log startup SSL/TLS parameters
#         0x02 (2)  = Log remote IP address
#         0x04 (4)  = Log SSL/TLS version of connections
#         0x08 (8)  = Log which cipher is being used for the connection
#         0x10 (16) = Log if client has a certificate
#         0x20 (32) = Log details of client's certificate if it has one
#         -1 or 0xff or 0x2f = All of the above

#ssl_logging=0x00



# NASTY METACHARACTERS
# This option allows you to override the list of characters that cannot
# be passed to the NRPE daemon.

# nasty_metachars="|`&><'\\[]{};\r\n"



# COMMAND DEFINITIONS
# Command definitions that this daemon will run.  Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on!  The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory.  Also note that you will have to modify the definitions below
# to match the argument format the plugins expect.  Remember, these are
# examples only!


# The following examples use hardcoded command arguments...
# This is by far the most secure method of using NRPE

command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200


# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'.  This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.

### MISC SYSTEM METRICS ###
#command[check_users]=/usr/lib/nagios/plugins/check_users $ARG1$
#command[check_load]=/usr/lib/nagios/plugins/check_load $ARG1$
#command[check_disk]=/usr/lib/nagios/plugins/check_disk $ARG1$
#command[check_swap]=/usr/lib/nagios/plugins/check_swap $ARG1$
#command[check_cpu_stats]=/usr/lib/nagios/plugins/check_cpu_stats.sh $ARG1$
#command[check_mem]=/usr/lib/nagios/plugins/custom_check_mem -n $ARG1$

### GENERIC SERVICES ###
#command[check_init_service]=sudo /usr/lib/nagios/plugins/check_init_service $ARG1$
#command[check_services]=/usr/lib/nagios/plugins/check_services -p $ARG1$

### SYSTEM UPDATES ###
#command[check_yum]=/usr/lib/nagios/plugins/check_yum
#command[check_apt]=/usr/lib/nagios/plugins/check_apt

### PROCESSES ###
#command[check_all_procs]=/usr/lib/nagios/plugins/custom_check_procs
#command[check_procs]=/usr/lib/nagios/plugins/check_procs $ARG1$

### OPEN FILES ###
#command[check_open_files]=/usr/lib/nagios/plugins/check_open_files.pl $ARG1$

### NETWORK CONNECTIONS ###
#command[check_netstat]=/usr/lib/nagios/plugins/check_netstat.pl -p $ARG1$ $ARG2$

### ASTERISK ###
#command[check_asterisk]=/usr/lib/nagios/plugins/check_asterisk.pl $ARG1$
#command[check_sip]=/usr/lib/nagios/plugins/check_sip $ARG1$
#command[check_asterisk_sip_peers]=sudo /usr/lib/nagios/plugins/check_asterisk_sip_peers.sh $ARG1$
#command[check_asterisk_version]=/usr/lib/nagios/plugins/nagisk.pl -c version
#command[check_asterisk_peers]=/usr/lib/nagios/plugins/nagisk.pl -c peers
#command[check_asterisk_channels]=/usr/lib/nagios/plugins/nagisk.pl -c channels
#command[check_asterisk_zaptel]=/usr/lib/nagios/plugins/nagisk.pl -c zaptel
#command[check_asterisk_span]=/usr/lib/nagios/plugins/nagisk.pl -c span -s 1



# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.

#include=<somefile.cfg>



# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

#include_dir=<somedirectory>
#include_dir=<someotherdirectory>



# local configuration:
# if you'd prefer, you can instead place directives here

include=/etc/nagios/nrpe_local.cfg

# you can place your config snipplets into nrpe.d/
# only snipplets ending in .cfg will get included

include_dir=/etc/nagios/nrpe.d/


I tried allowed_hosts=10.0.2.130 too

root@nagios-debian:/etc/init.d# cat nrpe
Code: Select all
#!/bin/sh
# Start/stop the nrpe daemon.
#
# Contributed by Andrew Ryder 06-22-02
# Slight mods by Ethan Galstad 07-09-02

NrpeBin=/usr/local/nagios/bin/nrpe
NrpeCfg=/usr/local/nagios/etc/nrpe.cfg

test -f $NrpeBin || exit 0

case "$1" in
start)  echo -n "Starting nagios remote plugin daemon: nrpe"
        start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
        echo "."
        ;;
stop)   echo -n "Stopping nagios remote plugin daemon: nrpe"
        start-stop-daemon --stop --quiet --exec $NrpeBin
        echo "."
        ;;
restart) echo -n "Restarting nagios remote plugin daemon: nrpe"
        start-stop-daemon --stop --quiet --exec $NrpeBin
        start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
        echo "."
        ;;
reload|force-reload) echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"
        # nrpe reloads automatically
        echo "."
        ;;
*)      echo "Usage: /etc/init.d/nrpe start|stop|restart|reload|force-reload"
        exit 1
        ;;
esac
exit 0
cocoyanouck
 
Posts: 90
Joined: Fri Apr 08, 2016 3:17 am

Re: CHECK_NRPE: Receive header underflow - only 0 bytes rece

Postby scottwilkerson » Tue Jun 26, 2018 7:23 am

in nrpe.cfg change the following
Code: Select all
allowed_hosts=127.0.0.1,::1

to
Code: Select all
allowed_hosts=127.0.0.1,::1,10.0.2.130,NAGIOS_IP_ADDRESS


Then restart nrpe service

Then verify 5666 is not blocked by any firewalls on this system, and try the command again
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 12248
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

PreviousNext

Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 24 guests