Page 1 of 2
Solaris-nrpe-agent with SSL in Solaris 10
Posted: Thu Jun 18, 2015 8:35 am
by RockerMan
Hi
Installed on the subject instructions
https://assets.nagios.com/downloads/nag ... _Agent.pdf. Installation went smoothly and without errors. After installation is complete nrpe once appeared in advanced services
Code: Select all
bash-3.2# uname -a
SunOS virt 5.10 Generic_147148-26 i86pc i386 i86pc
Code: Select all
bash-3.2# svcs | grep nrpe
online 15:58:51 svc:/application/nagios/nrpe:default
Code: Select all
bash-3.2# netstat -a | grep nrpe
*.nrpe *.* 0 0 49152 0 LISTEN
Edit the configuration file, restart nrpe. To test runs on Solaris and get the error:
Code: Select all
bash-3.2# ./check_nrpe -H 10.10.255.31 -c check_users
CHECK_NRPE: Error - Could not complete SSL handshake.
It looks agent met without the support of the SSL. Pls tell me, have the ability to add SSL support to an already established agent? If not - how to uninstall the agent to nrpe and nagios-plugins compile from sources?
Thanks
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Thu Jun 18, 2015 1:37 pm
by abrist
First, verify that it was built without ssl support (add a -n arg):
Code: Select all
./check_nrpe -H 10.10.255.31 -c check_users -n
If you still have handshake/timeout errors, it is probably not ssl that is the cause.
Do you have the log from the build/install? It should have a note concerning whether or not ssl support was built.
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Fri Jun 19, 2015 2:47 am
by RockerMan
Sorry, I ran chek_nrpe this parameter "-n", forgot to write the result in the topic:
Code: Select all
bash-3.2# ./check_nrpe -H 10.10.255.31 -c check_users -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
I check the log /var/svc/log/application-nagios-nrpe:default.log. There is nothing on the subject, only to restart nrpe
Code: Select all
[ Jun 19 10:26:07 Stopping because service restarting. ]
[ Jun 19 10:26:07 Executing stop method ("/lib/svc/method/nrpe stop") ]
[ Jun 19 10:26:07 Method "stop" exited with status 0 ]
[ Jun 19 10:26:07 Executing start method ("/lib/svc/method/nrpe start") ]
[ Jun 19 10:26:07 Method "start" exited with status 0 ]
[ Jun 19 10:27:19 Stopping because service restarting. ]
[ Jun 19 10:27:19 Executing stop method ("/lib/svc/method/nrpe stop") ]
[ Jun 19 10:27:19 Method "stop" exited with status 0 ]
[ Jun 19 10:27:19 Executing start method ("/lib/svc/method/nrpe start") ]
[ Jun 19 10:27:19 Method "start" exited with status 0 ]
Logs agent installation preserved. There is nothing about that that nrpe setup with support for SSL.
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Fri Jun 19, 2015 12:08 pm
by tgriep
Can you edit this file on the Solaris system /etc/nagios/nrpe.cfg and add the IP address of the Nagios XI system to it and restart the daemon?
You may need to edit /etc/xinetd.d/nrpe and add the Nagios XI server IP address to this line
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Mon Jun 22, 2015 3:21 am
by RockerMan
have addresses, I added
Code: Select all
allowed_hosts=127.0.0.1,10.10.0.112
in Solaris 10 is no such directory /etc/xinetd.d
"You may need to edit /etc/xinetd.d/nrpe and add the Nagios XI server IP address to this line"
only_from =
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Mon Jun 22, 2015 10:20 am
by jdalrymple
In Solaris you use inetd, not xinetd. The configuration file is at /etc/inetd.conf. You'll need a line that looks like this:
Code: Select all
nrpe stream tcp nowait nagios /opt/bin/nrpe -c /etc/nrpe.cfg -i
You'll also need to verify that 5666 exists and is proper in your /etc/services file:
Code: Select all
bash-2.05# grep 5666 /etc/services
nrpe 5666 # Nagios NRPE Daemon
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Tue Jun 23, 2015 1:52 am
by RockerMan
in /etc/inetd.conf had a similar line
Code: Select all
nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /opt/nagios/bin/nrpe -c /etc/nagios/nrpe.cfg -i
I changed it as you suggest
Code: Select all
nrpe stream tcp nowait nagios /opt/nagios/bin/nrpe -c /etc/nagios/nrpe.cfg -i
In /etc/services all right
Changed config files, restart nrpe - nothing has changed
Code: Select all
bash-3.2# svcadm restart nrpe
bash-3.2#
bash-3.2# svcs -x nrpe
svc:/application/nagios/nrpe:default (NRPE daemon)
State: online since Tue Jun 23 09:44:48 2015
See: /var/svc/log/application-nagios-nrpe:default.log
Impact: None.
bash-3.2# ./check_nrpe -H 10.10.255.31 -c check_users
bash: ./check_nrpe: No such file or directory
bash-3.2# cd /opt/nagios/libexec/
bash-3.2# ./check_nrpe -H 10.10.255.31 -c check_users
CHECK_NRPE: Error - Could not complete SSL handshake.
bash-3.2# ./check_nrpe -H 10.10.255.31 -c check_users -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
In /var/svc/log/application-nagios-nrpe:default.log
Code: Select all
[ Jun 23 09:44:48 Stopping because service restarting. ]
[ Jun 23 09:44:48 Executing stop method ("/lib/svc/method/nrpe stop") ]
[ Jun 23 09:44:48 Method "stop" exited with status 0 ]
[ Jun 23 09:44:48 Executing start method ("/lib/svc/method/nrpe start") ]
[ Jun 23 09:44:48 Method "start" exited with status 0 ]
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Tue Jun 23, 2015 9:34 am
by jdalrymple
RockerMan wrote:in /etc/inetd.conf had a similar line
Code: Select all
nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /opt/nagios/bin/nrpe -c /etc/nagios/nrpe.cfg -i
I changed it as you suggest
Code: Select all
nrpe stream tcp nowait nagios /opt/nagios/bin/nrpe -c /etc/nagios/nrpe.cfg -i
The line I posted made assumptions about your environment. If those assumptions weren't correct (namely the path of the nrpe binary) then you would have potentially went from a working nrpe daemon to a broken one. Regardless it looks like you're using SMF to launch NRPE which means the inetd.conf line is unnecessary.
Open the location where you compiled nrpe and run the following:
Code: Select all
# grep ssl config.log
$ ./configure --enable-command-args --enable-ssl --with-ssl=/usr/local/ssl/bin --with-ssl-lib=/usr/local/ssl/lib
CFLAGS='-g -O2 -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include'
LDFLAGS=' -L/usr/local/ssl/lib'
LIBS=' -lssl -lcrypto'
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Wed Jun 24, 2015 2:43 am
by RockerMan
I laid out above installation log agent. There's nothing to support the SSL during installation. It may be necessary to modify the installer script and instructions to him to nrpe-agent for Solaris setup to support SSL.
P.S.
I think nrpe-agent installed according to the instructions
https://assets.nagios.com/downloads/nag ... _Agent.pdf will not work with SSL. The Solaris OS I not professional, so if someone can tell me how to uninstall (remove) correctly from the system installed by the above instructions solaris-nrpe-agent will be very grateful.
Re: Solaris-nrpe-agent with SSL in Solaris 10
Posted: Wed Jun 24, 2015 4:59 pm
by jdalrymple
find libssl please:
Code: Select all
# find / -name 'libssl*'
/usr/lib/mps/secv1/libssl3.so
/usr/lib/mps/libssl3.so
/usr/sfw/lib/libssl.so.0.9.8
/usr/dt/appconfig/SUNWns/libssl3.so
/usr/iplanet/nss3.3.1/lib/libssl3.so
/usr/iplanet/ds5/lib/libssldap50.so
/usr/iplanet/ds5/lib/libssl3.so
/usr/appserver/lib/libssldap50.so
/usr/local/ssl/lib/libssl.a
/usr/local/ssl/lib/libssl.so
/usr/local/ssl/lib/libssl.so.0.9.8
/usr/local/ssl/lib/pkgconfig/libssl.pc