Encrypt data between client and server nagios xi

[Naveed]

Sure! My bad I miss it.

I am looking by using Check_nt

NSClient version is 0.4.3

You may ask for anything which is needed to fulfil this request.
Thank you very much!

[lmiltchev]

I don't see any options in the check_nt plugin's usage for SSL... Also, according to the NSClient++ documentation:

Check_nt is NOT a good protocol and is considerd abandoneware. NSClient++ supports it only for legacy reasons. There is generally no reason to use check_nt

https://docs.nsclient.org/0.4.4/faq/index.html?

I would recommend using check_nrpe instead.

[Naveed]

Thank you very much lmiltchev

Can you please suggest the way that how I can achieve secure communication between client and server using check_nrpe?

Much appreciated.
Thank you!

[Naveed]

One more thing which need to add.

I am following nagios xi documentation for nsclient++ for secure communication between naigos and client.

after implementing all suggested parameters in nsclient.ini file on windows client.

NSCA server which listens on port 5667 is still down.

I am having logs as entries as follows:

17:44:00: error:c:\source\nscp\include\socket/connection.hpp:243: Failed to establish secure connection: short read: 219

Need your help to figure out what goes wrong?

Thank you in advance.

[rkennedy]

The document you posted is how to configure SSL with Nagios in regards to https on the web GUI.

Can you please show us what you've done? If you're using NRPE with NSClient++, it should encrypt it all by default. What commands are you running from the XI machine, and what is your current configuration in NSClient++?

[Naveed]

I want to achieve secure communication between my nagios xi (Linux) and hosts (Windows 2012 r2).

I have installed nsclient++ with check_nt command and all is working fine.

Someone tell me on this thread that check_nt do not support secure communication, so try to use check_nrpe.

I have reinstalled nsclient++ with check_nrpe, but this time few services are not up,because of port 12489 is no more on listening state.

I need your help to make secure communication (Encrypt data) between nagios xi and hosts using check_nrpe.

I have attached my nscliet.ini and screenshot of monitoring screen.

please see and suggest me the best suitable way to achieve this.

nsclient.ini
*********************************************************
# If you want to fill this file with all avalible options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; Undocumented section
[/settings/default]

; Undocumented key
password = 12345678

; Undocumented key
allowed hosts =

; Undocumented section
[/settings/NRPE/server]

; Undocumented key
verify mode = none

; Undocumented key
insecure = true


; Undocumented section
[/modules]

; Undocumented key
CheckExternalScripts = 1

; Undocumented key
CheckHelpers = 1

; Undocumented key
CheckNSCP = 1

; Undocumented key
CheckDisk = 1

; Undocumented key
CheckSystem = 1

; Undocumented key
CheckEventLog = 1

; Undocumented key
NSCAClient = 1

; Undocumented key
NRPEServer = 1


*********************************************************
Thank you very much in advance.

[rkennedy]

Below this -

Code: Select all

; Undocumented key
NRPEServer = 1

add this -

Code: Select all

NSClientServer = 1

; Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = 1

; PORT NUMBER - Port to use for check_nt.
port = 12489

Then restart the NSClient++ service. As mentioned, you will probably want to use check_nrpe though, and not check_nt -- as @lmiltchev mentioned -

I don't see any options in the check_nt plugin's usage for SSL... Also, according to the NSClient++ documentation:

Check_nt is NOT a good protocol and is considerd abandoneware. NSClient++ supports it only for legacy reasons. There is generally no reason to use check_nt

https://docs.nsclient.org/0.4.4/faq/index.html?

I would recommend using check_nrpe instead.

[Naveed]

Thank you very much rkennedy

Its working fine now.

The parameter you suggested are added and my monitoring screen starts showing all services in Ok state.

One last question is as follows:

I am using check_nrpe now rather than check_net, so the communication between client server is secured(Encrypted) now or not?

I much appreciate all of your efforts.

Thank you!

[Naveed]

Adding it to that,

Following log entry in recorded in nsclient++ log files

error:c:\source\nscp\include\nrpe/server/protocol.hpp:80: Rejected connection from nagios server IP

Please explain this as well.
Thank you!

[rkennedy]

You need to specify something with your allowed hosts field, for example you have -

Code: Select all

; Undocumented key
allowed hosts = 

My configuration is set to this -

Code: Select all

; Undocumented key
allowed hosts = 192.168.4.179

Depending on what you're using, you may need to enter this in multiple places.