SERVER: Ubuntu 14.04.03
My nagios server is 4.1.1 version.
Nrpe is 2.15
Apache2's got digest auth. and ssl cert.
Nrpe was configured like this: ./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
But now The server is using for nrpe the user (let's call it) ciccio, group: cicciomix
vi /etc/xinetd.d/nrpe
Code: Select all
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = ciccio
group = cicciomix
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1 192.168.10.215
}
At the beginning I installed nrpe using: apt-get install nagios-nrpe-server nagios-plugins
Then I wanted to use SSL here as well, so I:
Code: Select all
curl -L -O http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
[...]
./configure --with-nrpe-user=banana --with-nrpe-group=bananagrp --with-nagios-user=banana --with-nagios-group=bananagrp --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
I just want to skip where the server actually sends TLSv1.2 packets (as wireshark reports me) BUT the client respond in clear text, TCP.
Nagios of course is working and all my services and hosts are under monitoring.
Can anybody tell me how to encrypt everything between Nagios, Nrpe both server and client side?
TY, respect!
EDIT: I just discovered that apt-get install nagios-nrpe-server nagios-plugins IS NOT the same as curl -L -O http://***/nrpe-2.15.tar.gz
since the 1st is the one for every client (therefore the nrpe server) and the 2nd is the Nagios server nrpe plugin.
You can ./configure the Nagios server nrpe plugin with support for ssl (and it works)
BUT you can not ./configure the nagios-nrpe-server because you can only install it using apt-get install.
So, there is no encryption when the remote client responds to nrpe.
Unless of course, the Nagios server 'd begin a communication with its client and the client would respond in the same opened communication. But this does not happen.