Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NRPE on Amazon Linux

https://support.nagios.com/forum/viewtopic.php?t=42894

Page 4 of 5

Re: NRPE on Amazon Linux

Posted: Mon Apr 03, 2017 12:52 pm
by cybergene
I get this:

Code: Select all

Starting up daemon
Apr  3 nrpe[22127]: There's already an NRPE server running (PID 22019).  Bailing out...
Apr  3 nrpe[22130]: Host 127.0.0.1 is not allowed to talk to us!
Apr  3 check_nrpe: Error: Could not complete SSL handshake with 127.0.0.1: rc=-1 SSL-error=5
I added localhost to nrpe.conf but the error still shows.

Re: NRPE on Amazon Linux

Posted: Mon Apr 03, 2017 1:08 pm
by tgriep
Is there a process running at PID 22019?
When the agent was started, it seems to think that NRPE was already running.

Re: NRPE on Amazon Linux

Posted: Mon Apr 03, 2017 10:14 pm
by rkennedy
What user are you running all of these commands as? With NRPE barking about it running already I tend to believe it. If you're using a regular account with non-root privs this could be affecting it.

I'd consult whomever manages your linux systems to see if they can track it down.

Re: NRPE on Amazon Linux

Posted: Tue Apr 04, 2017 8:06 am
by cybergene
There is :

Code: Select all

nagios   22019  0.0  0.0  39628  1472 ?        Ss   Apr03   0:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Here:

Code: Select all

ps -ef |grep nrpe
ec2-user 13729 13629  0 12:59 pts/0    00:00:00 grep nrpe
nagios   22019     1  0 Apr03 ?        00:00:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Tried this command:

Code: Select all

./check_nrpe -H localhost -c check_load
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer

Re: NRPE on Amazon Linux

Posted: Tue Apr 04, 2017 8:38 am
by tgriep
A couple of problems bound be causing the Connection Reset by peer messahe.
If the NRPE agent wasn't compiled with SSL, it could cause it. To test that our, try running this command if it works, then SSL was not compiled in to the agent.

Code: Select all

./check_nrpe -H localhost -c check_load -n
Also, try running these variations of the command and see if they work.

Code: Select all

./check_nrpe -H 127.0.0.1 -c check_load
./check_nrpe -H 127.0.0.1 -c check_load -4

If the nrpe.cfg file is not setup to allow the localhost address, that could cause it as well. Take a look at this file and verify that the 127.0.0.1 address is in the Allowed Hosts option.
If you need help, post the file here.

Code: Select all

/usr/local/nagios/etc/nrpe.cfg
If you do any changes to the nrpe.cfg file, you will have to stop and start the daemon.

Re: NRPE on Amazon Linux

Posted: Tue Apr 04, 2017 9:03 am
by cybergene
This command doesn't work, then SSL WAS compiled in to the agent.

Code: Select all

[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H localhost -c check_load -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H 127.0.0.1 -c check_load -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H 127.0.0.1 -c check_load -4
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H localhost -c check_load -4
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer

The /usr/local/nagios/etc/nrpe.cfg file contains:

Code: Select all

allowed_hosts=127.0.0.1, ip,another ip
Other IPs to allow Nagios Core and agents to communicate over the network.

Re: NRPE on Amazon Linux

Posted: Tue Apr 04, 2017 11:53 am
by tgriep
What steps did you do to compile in SSL to the NRPE Agent?
Did you rebuild the agent and the check_nrpe command and use them both during the testing?

Can you run the following commands on the Amazon server and post the output?

Code: Select all

/usr/local/nagios/bin/nrpe
/usr/local/nagios/libexec/check_nrpe -V
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_load
ps -ef |grep nrpe
Also, post this file as well.

Code: Select all

/usr/local/nagios/etc/nrpe.cfg

Re: NRPE on Amazon Linux

Posted: Tue Apr 04, 2017 1:09 pm
by cybergene
Steps from here:https://support.nagios.com/kb/article.p ... ategory=22

Yes, I rebuild it again.

/usr/local/nagios/bin/nrpe :

Code: Select all

te Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available, OpenSSL 0.9.6 or higher required

***************************************************************
** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **
**      Read the NRPE SECURITY file for more information     **
***************************************************************

***************************************************************
** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE!  **
**      Read the NRPE SECURITY file for more information     **
***************************************************************

Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>

Options:
 -n               = Do not use SSL
 -c <config_file> = Name of config file to use
 -4               = use ipv4 only
 -6               = use ipv6 only
 <mode>           = One of the following operating modes:
   -i             =    Run as a service under inetd or xinetd
   -d             =    Run as a standalone daemon
   -d -s          =    Run as a subsystem under AIX
   -f             =    Don't fork() for systemd, launchd, etc.

Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios.  It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.
/usr/local/nagios/libexec/check_nrpe -V

Code: Select all

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1

Code: Select all

CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_load

Code: Select all

CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer

ps -ef |grep nrpe

Code: Select all

ps -ef |grep nrpe
ec2-user 19170 13629  0 18:09 pts/0    00:00:00 grep nrpe
nagios   22019     1  0 Apr03 ?        00:00:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

Re: NRPE on Amazon Linux

Posted: Tue Apr 04, 2017 2:23 pm
by tgriep
Lets stop and start the NRPE agent on the server by running the following as root

Code: Select all

kill 22019
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Then run this to test the Agent

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
If it fails, please post this file

Code: Select all

/usr/local/nagios/etc/nrpe.cfg

Re: NRPE on Amazon Linux

Posted: Wed Apr 05, 2017 7:01 am
by cybergene
It failed:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
connect to address 127.0.0.1 port 5666: Connection refused
connect to host 127.0.0.1 port 5666: Connection refused
See attached.
All times are UTC-05:00
Page 4 of 5

Powered by phpBB® Forum Software © phpBB Limited