Michael Medin wrote:If you are using 0.4.3 (which I assume) "default" security has been improved a bit. This unfortunately means the rather insecure check_nrpe wont work.
When you install NSClient++ you have the option of selecting "insecure mode" which should work fine with the classic check_nrpe.
You can also tweak this "in post" using the nrpe command like so:
nscp nrpe install --insecure
If you want to use the "slightly more secure" modes offered by NSClient++ you need to install NSClient++ on the nagios server as well and use the NSClient++ version of check_nrpe which support modern SSL and certificate based authentication.
What does the statement "you need to install NSClient++ on the nagios server and use the NSClient++ version of check_nrpe which support modern SSL and certificate based authentication" referring to? Please advice.
Thanks
Last edited by ssax on Wed May 18, 2016 9:04 am, edited 2 times in total.
Reason:Quotes added for clarity
Bearing in mind that the linked article is somewhat old, I believe Michael Medin (the NSClient author) was saying that in order to get a version of check_nrpe that will work with NSClient using "slightly more secure" methods, you will need to use the version included with NSClient.
We have since made changes to NRPE and check_nrpe to allow for far more secure encryption, so I don't believe this is still necessary.
tmcdonald wrote:Bearing in mind that the linked article is somewhat old, I believe Michael Medin (the NSClient author) was saying that in order to get a version of check_nrpe that will work with NSClient using "slightly more secure" methods, you will need to use the version included with NSClient.
We have since made changes to NRPE and check_nrpe to allow for far more secure encryption, so I don't believe this is still necessary.
Which version of nrpe & check_nrpe are you referring to?
The developer has a linux version of NSClient++ available, and in that version he has a plugin like check_nrpe called nscp that works with other machines running NSClient++.
The recent versions of NSClient++ are backwards compatible with check_nrpe, they just need you to run these commands:
Open a command prompt
Type cd "\Program Files\NSClient++\" and press Enter
Type nscp settings --path /settings/NRPE/server --key insecure --set true and press Enter
Then restart the NSClient++ service.
Box293 wrote:The developer has a linux version of NSClient++ available, and in that version he has a plugin like check_nrpe called nscp that works with other machines running NSClient++.
The recent versions of NSClient++ are backwards compatible with check_nrpe, they just need you to run these commands:
Open a command prompt
Type cd "\Program Files\NSClient++\" and press Enter
Type nscp settings --path /settings/NRPE/server --key insecure --set true and press Enter
Then restart the NSClient++ service.
