nrpe in a CPanel managed machine.
Posted: Wed Jul 03, 2013 9:54 pm
Hi this is my first post to this forum so I am sorry of I have picked the wrong area. This appeared to be correct, hopefully this may help others.
After a recent automatic update I started to receive warnings from my Nagios system of all the NRPE monitored services on a remote CPanel hosted machine. Nagios would give the following type of error
CHECK_NRPE: Error - Could not complete SSL handshake.
Investigation of logs showed:
nrpe[28615]: warning: cannot open /etc/hosts.deny: Permission denied
In this system, I believe CPanel is forcing permissions on the hosts.deny file to be Root RW only and so checks by NRPE cause it to fail. Note I am running NRPE in Daemon mode not under the XInetd superdaemon.
Resolution: Add an entry to the hosts.allow file, this is checked first and nrpe will not check hosts.deny if it succeeds on the first check. hosts.allow has a Public readable permission.
e.g.
nrpe: aaa.bbb.ccc.ddd : allow
Where you replace aaa.bbb.ccc.ddd with the address of the machine hosting your NAGIOS service.
After a recent automatic update I started to receive warnings from my Nagios system of all the NRPE monitored services on a remote CPanel hosted machine. Nagios would give the following type of error
CHECK_NRPE: Error - Could not complete SSL handshake.
Investigation of logs showed:
nrpe[28615]: warning: cannot open /etc/hosts.deny: Permission denied
In this system, I believe CPanel is forcing permissions on the hosts.deny file to be Root RW only and so checks by NRPE cause it to fail. Note I am running NRPE in Daemon mode not under the XInetd superdaemon.
Resolution: Add an entry to the hosts.allow file, this is checked first and nrpe will not check hosts.deny if it succeeds on the first check. hosts.allow has a Public readable permission.
e.g.
nrpe: aaa.bbb.ccc.ddd : allow
Where you replace aaa.bbb.ccc.ddd with the address of the machine hosting your NAGIOS service.