Check for updates using the NCPA agent

[jakai]

MONITORME is Linux Ubuntu. This command isnt function

[pbroste]

Hello @jakai

Thanks for following up @gsmith is out of the office today. I see that he had you run the telnet command to verify the ability to connect on port 5693. Sounds like you want to go ahead and verify firewall status rules.

Depending on your distro and what it services are enabled we want to first check to see is 'ufw' (Uncomplicated Firewall) is enabled and configured for your distro.

Code: Select all

ufw status

Depending on the results you can configure your firewall with the 'ufw' or use 'iptables' to open/allow port 5693. Both have plenty of online help man's available to refer to.

Please let us know how things are looking,
Perry

[jakai]

Hello,
I have open port.

[pbroste]

Hello @jakai

Thanks for following up, with the details we see that port 5693 is allowed and that the 'ncpa_listener' and 'ncpa_passive' services are running on the device receiving the connection request. Please make sure that there are no security applications blocking things, like Selinux or Apparamor.

Verify that the services are 'established':

Code: Select all

ss -p | grep -Ei 'ncpa|5693'

View ports established/listening port for conflicts:

Code: Select all

netstat -an | grep -E '5693'

or

Code: Select all

ss -at

Setting the ncpa.cfg to listen for ipv4: (or manually updating /usr/local/ncpa/etc/ncpa.cfg)

Code: Select all

sed -i 's/#ip = 0.0.0.0/ip = 0.0.0.0/g' /usr/local/ncpa/etc/ncpa.cfg

Then restarting the 'ncpa_listener':

Code: Select all

systemctl restart ncpa_listener

Verify that you are able to connect:

Code: Select all

curl -v telnet://XXX.XXX.XX.XXX:5693

where XXX.XXX.XX.XXX is the IP of the machine you are trying to monitor

If it comes back with:

[root@gs-rhel8-23-84 audit]# curl -v telnet://192.168.23.81:5693
* Rebuilt URL to: telnet://192.168.23.81:5693/
* Trying 192.168.23.81...
* TCP_NODELAY set
* Connected to 192.168.23.81 (192.168.23.81) port 5693 (#0)

then that means we have connectivity. Use ctrl-c to exit out of the curl command.

Or take a look at the route:

Code: Select all

traceroute xxx.xxx.xxx.xxx -p 5693

The example results should look like:

traceroute to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx), 30 hops max, 60 byte packets
1 xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 0.216 ms 0.197 ms 0.179 ms

Please let us know how things are looking,
Perry

[jakai]

I did everything according to your procedure. Unfortunately, the problem still persists.

[pbroste]

Hello @jakai

Thanks for following up with the screenshot, it appears that it is listening for ipv6 address and not a ipv4 address. Let's verify what address your server is associated with to make sure that you are not using a ipv6 internal address.

Code: Select all

ip address

or

Code: Select all

ifconfig

In the previous message I had you set the ncpa config to listen to ipv4 address:

setting the ncpa.cfg to listen for ipv4: (or manually updating /usr/local/ncpa/etc/ncpa.cfg)

Code: Select all

sed -i 's/#ip = 0.0.0.0/ip = 0.0.0.0/g' /usr/local/ncpa/etc/ncpa.cfg

Let's verify that this was updated in the config:

Code: Select all

cat /usr/local/ncpa/etc/ncpa.cfg | grep 'ip ='

The result will look something like this: (red is the line of interest)

# Default: ip = ::
# Default (Windows): ip = 0.0.0.0
ip = 0.0.0.0

Please make the necessary adjustments if needed then restart the service:

Then restarting the 'ncpa_listener':

Code: Select all

systemctl restart ncpa_listener

Thanks,
Perry

[jakai]

I did as you write. The problem still persists.

[pbroste]

Hello @jakai

Looks like the screenshot may have cut off some, it should not have a "#" in front of the ip = 0.0.0.0

Code: Select all

cat /usr/local/ncpa/etc/ncpa.cfg | grep 'ip ='

Please verify and make the necessary updates if needed and then restart the ncpa_listener.

Thanks,
Perry

[jakai]

I've tried this before. This procedure does not work.

[pbroste]

Hello @jakai

Thanks for following up, and circling back want to go ahead and get the config and logs from you on this so we can see what is going on.

Code: Select all

grep -Eir 'ncpa' /var/log/* > /tmp/ncpatemp.txt && tar -cvf /tmp/ncpainfo.tar.gz /usr/local/ncpa/var/ /usr/local/ncpa/etc/ /tmp/ncpatemp.txt

Let's verify the version:

Code: Select all

/usr/local/nagios/libexec/check_ncpa.py -H yourhostaddresshere -V

Want to get a list:

Code: Select all

/usr/local/nagios/libexec/check_ncpa.py -H yourhostaddresshere -t yourtokenhere --list --verbose

Please [PM] over the '/tmp/ncpainfo.tar.gz' when you get a chance, we will get this dialed in.

Thanks,
Perry