Changed host IP now get SSL handshake failed from NRPE

[ScottG]

NMAP shows it open.

Code: Select all

[root@nagiosxi libexec]# nmap 10.33.16.39 -p 5666

Starting Nmap 6.47 ( http://nmap.org ) at 2017-11-29 10:51 CST
Nmap scan report for redrad01.uark.edu (10.33.16.39)
Host is up (0.0012s latency).
PORT     STATE SERVICE
5666/tcp open  nrpe

Also, I took out the 130.184. address from nrpe.cfg and restarted, and now I only see the SSL error, not the other one:

Code: Select all

[sgardne@redrad01 ~]$ sudo systemctl status nrpe
● nrpe.service - Nagios Remote Program Executor
   Loaded: loaded (/usr/lib/systemd/system/nrpe.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-11-29 11:09:49 CST; 3min 34s ago
     Docs: http://www.nagios.org/documentation
  Process: 37090 ExecStart=/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d $NRPE_SSL_OPT (code=exited, status=0/SUCCESS)
 Main PID: 37091 (nrpe)
   CGroup: /system.slice/nrpe.service
           └─37091 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d

Nov 29 11:09:49 redrad01.uark.edu systemd[1]: Starting Nagios Remote Program Executor...
Nov 29 11:09:49 redrad01.uark.edu nrpe[37091]: Starting up daemon
Nov 29 11:09:49 redrad01.uark.edu systemd[1]: Started Nagios Remote Program Executor.
Nov 29 11:09:49 redrad01.uark.edu nrpe[37091]: Server listening on 0.0.0.0 port 5666.
Nov 29 11:09:49 redrad01.uark.edu nrpe[37091]: Server listening on :: port 5666.
Nov 29 11:09:49 redrad01.uark.edu nrpe[37091]: Warning: Daemon is configured to accept command arguments from clients!
Nov 29 11:09:49 redrad01.uark.edu nrpe[37091]: Listening for connections on port 5666
Nov 29 11:09:49 redrad01.uark.edu nrpe[37091]: Allowing connections from: 127.0.0.1,10.7.2.37
Nov 29 11:10:00 redrad01.uark.edu nrpe[37153]: Error: Could not complete SSL handshake with 10.7.2.37: 1

[ScottG]

Also keep in mind that this worked before I made a change. The only change that was made was to the IP address.

[npolovenko]

@ScottG, Are you able to connect with no ssl option. On the Nagios server navigate to /user/local/nagios/libexec and run:

Code: Select all

./check_nrpe -H nrpe_hostname -n

If you are able to connect that way, please run the command with specifying IPV4:

Code: Select all

./check_nrpe -H nrpe_hostname -4

[ScottG]

I'm very sorry, but this ended up being a firewall issue. Our next-gen firewall was doing some inconsistent things that weren't getting logged, so I missed it. I really appreciate your time on this.

FYI for anyone running PAN-OS firewalls, entering "nagios" as the application and "application-defaults" for the service will cause this type of intermittent behavior. Instead create a new service for tcp-5666 and make the application "any".

-Scott

[npolovenko]

@ScottG, That's alright. Thanks for sharing the solution with us. I will go ahead and close this thread as resolved.