Port checking difficulties

[rdubya]

That's my point, there is no nagios user on that system to su to, and other plugins run as expected. Or maybe I'm misunderstanding your request.

[rkennedy]

What user is NRPE running as?

Code: Select all

cat /usr/local/nagios/etc/nrpe.cfg | grep 'nrpe_'

[rdubya]

Nagios server;

Code: Select all

[root@engmon ~]# /usr/local/nagios/libexec/check_nrpe -H 10.177.177.220 -c check_users
USERS OK - 2 users currently logged in |users=2;5;10;0
[root@engmon ~]# /usr/local/nagios/libexec/check_nrpe -H 10.177.177.220 -c check_nexus_listen
NRPE: Unable to read output

NRPE client;

Code: Select all

[root@nexusfirewall ~]# /usr/lib64/nagios/plugins/check_users -w 5 -c 10
USERS OK - 2 users currently logged in |users=2;5;10;0
[root@nexusfirewall ~]# /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh -p 8070 -P tcp
OK -  Listening on 0.0.0.0:8070 (protocol: tcp)

I also created a nagios user;

Code: Select all

-bash-4.1$ /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh -p 8070 -P tcp
OK -  Listening on 0.0.0.0:8070 (protocol: tcp)
-bash-4.1$ /usr/lib64/nagios/plugins/check_users -w 5 -c 10
USERS OK - 2 users currently logged in |users=2;5;10;0

After creating the nagios user on the client, I returned to the the server and tried again;

Code: Select all

[root@engmon ~]# /usr/local/nagios/libexec/check_nrpe -H 10.177.177.220 -c check_nexus_listen
NRPE: Unable to read output

While previewing before posting I saw rkennedy's reply. Interesting.

Code: Select all

[root@nexusfirewall ~]# cat /etc/nagios/nrpe.cfg | grep 'nrpe_'
nrpe_user=nrpe
nrpe_group=nrpe

There is indeed an nrpe user, but it is set to nologin like everywhere else.

[rkennedy]

Could you try this?

Code: Select all

su nrpe
/usr/lib64/nagios/plugins/check_listen_tcp_udp.sh -p 8070 -P tcp

[rdubya]

Yes, once removing /sbin/nologin from the passwd entry.

Code: Select all

[root@nexusfirewall etc]# su nrpe
bash-4.1$ /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh -p 8070 -P tcp
OK -  Listening on 0.0.0.0:8070 (protocol: tcp)

No joy from the server side.

[rkennedy]

Hmm, what are the permissions on the file?

Code: Select all

ls -al /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh

[rdubya]

It's root:root, but so is everything else in the plugin directory;

Code: Select all

ls -al /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh
-rwxr-xr-x. 1 root root 5223 Aug 26 14:37 /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh
ls -al /usr/lib64/nagios/plugins/check_users
-rwxr-xr-x. 1 root root 44360 Sep 11  2015 /usr/lib64/nagios/plugins/check_users

[tgriep]

Some plugin have to run as the superuser account to function as they need to run as root to gather the required information.
Try running this to change the permissions for that plugin and see if it works.

Code: Select all

chmod u+s /usr/lib64/nagios/plugins/check_listen_tcp_udp.sh

[rdubya]

Same. What gets me is that this looks like an output formatting error. Is anybody here using this plugin successfully?

[tgriep]

Strange, I just tested out that plugin on my system and it worked.

Code: Select all

./check_nrpe -H 192.168.112.130 -c check_nexus_listen
OK -  Listening on 0.0.0.0:80 (protocol: tcp)

My remote system is a Centos7 server and here are the details on the permissions of the plugin and how it is defined in the nrpe.cfg file.

Code: Select all

command[check_nexus_listen]=/usr/local/nagios/libexec/check_listen_tcp_udp.sh -p 80 -P tcp

Code: Select all

-rwxr-xr-x 1 root nagios 5197 Sep 16 10:49 check_listen_tcp_udp.sh

The only difference it the group is set to nagios.
If changing that doesn't work, enable the debugging in the nrpe.cfg file on the remote server and see if you see any errors in the syslog files.