I can't understand how nrpe 2.16 should be installed
Posted: Mon Dec 14, 2015 10:00 am
Seems that nrpe 2.16's got a better ssl support.
Ubuntu Server 14.04.03
I downloaded the zip from https://github.com/NagiosEnterprises/nr ... e-2-16-RC2 and manually copied what's inside into a new nagios server test machine.
So:
and edited vi /usr/local/nagios/etc/nrpe.cfg to:
If something is wrong please correct me
Now, what and how should I install the nrpe-server on a client-testing machine?
Should I use this same version? How should I configure it then?
Really, there's no documentation anywhere and the readme file inside the zip says anything. Just a copy/paste of files from years ago. Which as well say anything too.
Edit: using code and not quote
Ubuntu Server 14.04.03
I downloaded the zip from https://github.com/NagiosEnterprises/nr ... e-2-16-RC2 and manually copied what's inside into a new nagios server test machine.
So:
Code: Select all
root@nagios02:/home/user/downloads/nrpe-2-16rc2# ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
and edited vi /usr/local/nagios/etc/nrpe.cfg to:
Code: Select all
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
ssl_version=TLSv1.2+
# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.
#ssl_use_adh=1
# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
# will be changed to something something else in a later version of NRPE.
ssl_cipher_list=ALL:!MD5:@STRENGTH
# SSL Certificate and Private Key Files
#ssl_cacert_file=/usr/local/nagios/com/ssl/ca-cert.pem
#ssl_cert_file=/usr/local/nagios/com/ssl/nagios-cert.pem
#ssl_privatekey_file=/usr/local/nagios/com/ssl/nagios-key.pem
# SSL CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates
# 1 = Ask for client certificates
# 2 = Require client certificates
#ssl_client_certs=0
# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
ssl_logging=0
Now, what and how should I install the nrpe-server on a client-testing machine?
Should I use this same version? How should I configure it then?
Really, there's no documentation anywhere and the readme file inside the zip says anything. Just a copy/paste of files from years ago. Which as well say anything too.
Edit: using code and not quote