Support for Nagios products and services
https://support.nagios.com/forum/
Also, on the npre server make sure that SELinux is not enabled./usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -t 30 -c check_init_service -a 'crond'
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -t 30 -c check_init_service -a 'sshd'
setenforce 0
Same result after turning off firewalld via systemctl.# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -t 30 -c check_init_service -a 'sshd'
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -t 30 -c check_init_service -a 'crond'
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
# firewall-cmd --list-all
drop (active)
target: DROP
icmp-block-inversion: no
interfaces: ens160
sources:
services: dhcpv6-client http ssh https
ports: 5666/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Code: Select all
# more /etc/xinetd.d/nrpe
# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
disable = no
per_source = 25
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
only_from = 127.0.0.1 192.168.1.100
log_on_success =
}
Code: Select all
Dec 11 10:30:39 nrpeserver xinetd[19492]: libwrap refused connection to nrpe (libwrap=nrpe) from ::ffff:127.0.0.1
Dec 11 10:30:39 nrpeserver xinetd[19492]: FAIL: nrpe libwrap from=::ffff:127.0.0.1
Dec 11 10:30:39 nrpeserver check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 127.0.0.1: rc=-1 SSL-error=5
Dec 11 10:30:39 nrpeserver check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 127.0.0.1: rc=-1 SSL-error=5
Code: Select all
# yum history info 88 | grep ssl
Updated openssl-1:1.0.2k-12.el7.x86_64 @base
Updated openssl-devel-1:1.0.2k-12.el7.x86_64 @base
Updated openssl-libs-1:1.0.2k-12.el7.x86_64 @base
Code: Select all
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=SYSCALL msg=audit(1544543909.412:343): arch=c000003e syscall=2 success=yes exit=5 a0=556ca84eba90 a1=2 a2=180 a3=3 items=1 ppid=5908 pid=5909 auid=4294967295 uid=1002 gid=1002 euid=0 suid=0 fsuid=0 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" key="logins"
Dec 11 10:58:29 nrpeserveraudispd: node=nrpeserver type=SYSCALL msg=audit(1544543909.412:343): arch=c000003e syscall=2 success=yes exit=5 a0=556ca84eba90 a1=2 a2=180 a3=3 items=1 ppid=5908 pid=5909 auid=4294967295 uid=1002 gid=1002 euid=0 suid=0 fsuid=0 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" key="logins"
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=CWD msg=audit(1544543909.412:343): cwd="/"
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=CWD msg=audit(1544543909.412:343): cwd="/"
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=PATH msg=audit(1544543909.412:343): item=0 name="/var/run/faillock/nagios" inode=33632 dev=00:13 mode=0100600 ouid=1002 ogid=1002 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=PATH msg=audit(1544543909.412:343): item=0 name="/var/run/faillock/nagios" inode=33632 dev=00:13 mode=0100600 ouid=1002 ogid=1002 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=PROCTITLE msg=audit(1544543909.412:343): proctitle=7375646F002F7573722F6C6F63616C2F6E6167696F732F6C6962657865632F636865636B5F696E69745F736572766963650073736864
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=PROCTITLE msg=audit(1544543909.412:343): proctitle=7375646F002F7573722F6C6F63616C2F6E6167696F732F6C6962657865632F636865636B5F696E69745F736572766963650073736864
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=USER_ACCT msg=audit(1544543909.414:344): pid=5909 uid=1002 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=? acct="nagios" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=USER_ACCT msg=audit(1544543909.414:344): pid=5909 uid=1002 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=? acct="nagios" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=USER_CMD msg=audit(1544543909.415:345): pid=5909 uid=1002 auid=4294967295 ses=4294967295 msg='cwd="/" cmd=2F7573722F6C6F63616C2F6E6167696F732F6C6962657865632F636865636B5F696E69745F736572766963652073736864 terminal=? res=success'
Dec 11 10:58:29 nrpeserver audispd: node=nrpeserver type=USER_CMD msg=audit(1544543909.415:345): pid=5909 uid=1002 auid=4294967295 ses=4294967295 msg='cwd="/" cmd=2F7573722F6C6F63616C2F6E6167696F732F6C6962657865632F636865636B5F696E69745F736572766963652073736864 terminal=? res=success'
# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -t 30 -c check_init_service -a 'sshd'
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -t 30 -c check_init_service -a 'crond'
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer