Page 1 of 1
ROUND TWO: Purposely sending metachars to NRPE
Posted: Tue Feb 03, 2015 4:33 pm
by highness
Ok - I modified one of my checks from yesterday that I'm trying to pass a string to, but am getting the same issue as yesterday - this time, I'm ignoring what the Test Check Command says, but when I add it and execute the check, it still is failing.
The output under the "Service Status Detail" looks like this:
Code: Select all
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
The logs on the remote server logs look like this
Code: Select all
Feb 3 16:39:10 ip-10-yyy-yyy-yyy xinetd[17020]: START: nrpe pid=20340 from=::ffff:10.XXX.XXX.XXX
Feb 3 16:39:10 ip-10-yyy-yyy-yyy nrpe[20340]: Error: Request contained illegal metachars!
Feb 3 16:39:10 ip-10-yyy-yyy-yyy nrpe[20340]: Client request was invalid, bailing out...
Feb 3 16:39:10 ip-10-yyy-yyy-yyy xinetd[17020]: EXIT: nrpe status=0 pid=20340 duration=0(sec)
The check in CCM --> Services looks like this:
-a '-u
https://www.ourwebsite.org -w 900 -c 1500 -s "Terms & Service" '
Ergh...
Re: ROUND TWO: Purposely sending metachars to NRPE
Posted: Tue Feb 03, 2015 5:07 pm
by tgriep
Are you trying to check a web site for this string "Terms & Service" on that site?
If so, you should use the check_http command instead and the check would look like this .
Code: Select all
./check_http -H www.ourwebsite.org -u https://www.ourwebsite.org -w 900 -c 1500 -s "Terms & Service"
Re: ROUND TWO: Purposely sending metachars to NRPE
Posted: Tue Feb 03, 2015 5:08 pm
by highness
tgriep wrote:Are you trying to check a web site for this string "Terms & Service" on that site?
If so, you should use the check_http command instead and the check would look like this .
Code: Select all
./check_http -H www.ourwebsite.org -u https://www.ourwebsite.org -w 900 -c 1500 -s "Terms & Service"
I am, but I'm gathering a ton of other behind the scenes info that check_http doesn't give me...
Re: ROUND TWO: Purposely sending metachars to NRPE
Posted: Tue Feb 03, 2015 5:23 pm
by tgriep
Try changing the check to
Code: Select all
-a '-u https://www.ourwebsite.org -w 900 -c 1500 -s "Terms \& Service" '
Save the changes, Apply the config and go to the service and schedule a forced immediate check.
Re: ROUND TWO: Purposely sending metachars to NRPE
Posted: Tue Feb 03, 2015 5:33 pm
by highness
tgriep wrote:Try changing the check to
Code: Select all
-a '-u https://www.ourwebsite.org -w 900 -c 1500 -s "Terms \& Service" '
Save the changes, Apply the config and go to the service and schedule a forced immediate check.
Yeah, tried that a few times - even changed the text I'm searching for. Still no joy... looks like the issue is the quotes.
Service Status Detail still shows:
Code: Select all
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
and the remote logs show this:
Code: Select all
Feb 3 17:33:00 ip-10-yyy-yyy-yyy xinetd[17020]: START: nrpe pid=25835 from=::ffff:10.xxx.xxx.xxx
Feb 3 17:33:00 ip-10-yyy-yyy-yyy nrpe[25835]: Error: Request contained illegal metachars!
Feb 3 17:33:00 ip-10-yyy-yyy-yyy nrpe[25835]: Client request was invalid, bailing out...
Feb 3 17:33:00 ip-10-yyy-yyy-yyy xinetd[17020]: EXIT: nrpe status=0 pid=25835 duration=0(sec)
Re: ROUND TWO: Purposely sending metachars to NRPE
Posted: Tue Feb 03, 2015 5:58 pm
by abrist
highness wrote:looks like the issue is the quotes.
Indeed, quotes are illegal meta characters.
You may want to hard code this check into the remote systems nrpe.cfg.
Or you could look at using the nrpe master branch that has quotes removed from the illegal metacharacter list. But beware! This may open the system up to specific vulnerabilities.
https://github.com/NagiosEnterprises/nr ... its/master