NRPE SSL handshake issue

[youngek]

on the remote machine I ran this: /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 and got version 2.15.
I ran the check command from the core server when I got the SSL Handshake error.
nrpe[46663] Host 56.190.15.8 is not allowed to talk

[tgriep]

To fix this

nrpe[46663] Host 56.190.15.8 is not allowed to talk

Edit the /usr/local/nagios/etc/nrpe.cfg file and add that IP address to the allowed_hosts line like the example below

Code: Select all

allowed_hosts=127.0.0.1,56.190.15.8

Save the file

Then edit the /etc/xinetd.d/nrpe file and change the only_from option to the following example

Code: Select all

only_from = 127.0.0.1 56.190.15.8

Save the file

Restart the NRPE Agent by running

Code: Select all

service nrpe retarts
service xinetd restart

Then test the agent from the Nagios server and see if it works.

[youngek]

Is there a script that removes the agent? I have recently done this on this machine:
delgroup nagios
deluser nagios
rm -f /etc/xinet.d/nrpe
service xinetd restart
rm -rf /usr/local/nagios

I still think there are some parts of Nagios on this machine. Is there a better way to remove all of it and start all over?

[tgriep]

The newer 3.0.1 version of the NRPE Agent has an uninstaller and it would be in the /usr/local/nagios/bin folder but you deleted it already.
You removed most of it but if this file exists, you can delete it as well

Code: Select all

/etc/init/nrpe.conf

[youngek]

I get this in the console now. After I have reinstalled the agent. Got this issue resolved. but, have this issue again.

[tacolover101]

you'll want to compare your commands that you were entering in the console, against how your commands are defined within Nagios. if it's working fine on the CLI, then there is simply a mistake somewhere that needs to be updated.

[dwhitfield]

What @tacolover101 said is correct. We can help you look for the error. Please PM me your Profile. You can download it by going to Admin > System Config > System Profile and click the Download Profile button towards the top. If for whatever reason you *cannot* download the profile, please put the output of View System Info (5.3.4+, Show Profile if older) in the thread (that will at least get us some info). This will give us access to many of the logs we would otherwise ask for individually. If security is a concern, you can unzip the profile take out what you like, and then zip it up again. We may end up needing something you remove, but we can ask for that specifically.

After you PM the profile, please update this thread. Updating this thread is the only way for it to show back up on our dashboard.

UPDATE: profile received and shared with techs

[tgriep]

To make NRPE version 3.0.1 work better with the Wizards in XI, edit the nrpe.cfg file on the remote system and comment out this section.

Code: Select all

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

Then add this section to the file

Code: Select all

### GENERIC SERVICES ###
command[check_init_service]=sudo /usr/local/nagios/libexec/check_init_service $ARG1$
command[check_services]=/usr/local/nagios/libexec/check_services -p $ARG1$

### MISC SYSTEM METRICS ###
#command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_users]=/usr/local/nagios/libexec/check_users $ARG1$
command[check_load]=/usr/local/nagios/libexec/check_load $ARG1$
command[check_swap]=/usr/local/nagios/libexec/check_swap $ARG1$
command[check_cpu_stats]=/usr/local/nagios/libexec/check_cpu_stats.sh $ARG1$
command[check_mem]=/usr/local/nagios/libexec/custom_check_mem -n $ARG1$

### SYSTEM UPDATES ###
command[check_yum]=/usr/local/nagios/libexec/check_yum
command[check_apt]=/usr/local/nagios/libexec/check_apt

### DISK ###
command[check_disk]=/usr/local/nagios/libexec/check_disk $ARG1$
command[check_ide_smart]=/usr/local/nagios/libexec/check_ide_smart $ARG1$

### PROCESSES ###
command[check_all_procs]=/usr/local/nagios/libexec/custom_check_procs
command[check_procs]=/usr/local/nagios/libexec/check_procs $ARG1$

### OPEN FILES ###
command[check_open_files]=/usr/local/nagios/libexec/check_open_files.pl $ARG1$

### NETWORK CONNECTIONS ###
command[check_netstat]=/usr/local/nagios/libexec/check_netstat.pl -p $ARG1$ $ARG2$

Save the nrpe.cfg file and restart the nrpe agent on your remote system.

[youngek]

PMed the profile. I will also make the change to the nrpe.cfg. I still think that there are two agents on this machine. B/c I have two different nrpe.cfg in different locations.
1./usr/local/nagios/etc/nrpe.cfg
2./etc/nagios/nrpe.cfg

I believe this box was added to our version Nagios Core. And I built a NagiosXI server b/c we are thinking about moving to it.

[tgriep]

Do you need help on removing both versions of NRPE on your system?

Which version of the NRPE Agent do you want to use on the server?
Version 2.15 or the latest 3.x.x version?