Page 1 of 5
ssl handshake error
Posted: Thu Nov 17, 2016 1:22 pm
by baber
dear all
Hi
i get this error on my nagios client that want monitor that
[root@linux- libexec]# /usr/local/nagios/libexec/check_nrpe -H localhost
/usr/local/nagios/libexec/check_nrpe: error while loading shared libraries: libssl.so.4: cannot open shared object file: No such file or directory
and show ths eror on nagios monitor for that server attached pic
Re: ssl handshake error
Posted: Thu Nov 17, 2016 1:45 pm
by dwhitfield
Looks like you don't have the appropriate architecture libraries for SSL on the client.
On the client, could you give the output of uname -a and cat /etc/*-release? Thanks!
Re: ssl handshake error
Posted: Thu Nov 17, 2016 1:51 pm
by baber
Code: Select all
uname - a
Linux npmbsrv-3 2.6.32-642.el6.x86_64 #1 SMP Wed Apr 13 00:51:26 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
and
Code: Select all
cat /etc/*-release
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Red Hat Enterprise Linux Server release 6.8 (Santiago)
Red Hat Enterprise Linux Server release 6.8 (Santiago)
Re: ssl handshake error
Posted: Thu Nov 17, 2016 2:30 pm
by dwhitfield
Can you run yum list installed openssl and see what you have installed?
If you have nothing, just run yum install openssl and see if that fixes the issue. If you do have something installed, can you post the output? Thanks!
Re: ssl handshake error
Posted: Thu Nov 17, 2016 2:40 pm
by baber
i have installed these packages
Code: Select all
[root@linux /]# rpm -qa *ssl*
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch
openssl-1.0.1e-48.el6.x86_64
openssl-devel-1.0.1e-48.el6.x86_64
openssl-1.0.1e-48.el6.i686
nss_compat_ossl-0.9.6-2.el6_7.x86_64
openssl098e-0.9.8e-20.el6_7.1.x86_64
openssl-devel-1.0.1e-48.el6.i686
openssl098e-0.9.8e-20.el6_7.1.i686
Re: ssl handshake error
Posted: Thu Nov 17, 2016 3:03 pm
by dwhitfield
Did you use
https://support.nagios.com/kb/article.php?id=515 to install NRPE? If you have an old version of NRPE, could you upgrade using
https://support.nagios.com/kb/article.php?id=520? What version of Core are you running? Lastly, did this client previously work or is this a server you are monitoring for the first time?
I noticed you used rpm instead of yum. Is this server not connected to the Internet? It looks like you are running older versions of a few things, so if it is connected to the Internet, I would just run
yum update.
We could do the symlinking manually, but I am a little concerned that will break things in future upgrades. Thanks!
Re: ssl handshake error
Posted: Thu Nov 17, 2016 3:24 pm
by baber
i use nagios core Version 4.1.1
my nrpe version is nrpe-2.15.tar.gz i use this nrpe on all of my linux servers but most of them are redhat 6.4 and just this is redhat 6.8 and my server can not connect to internet now how can solve problem?
Re: ssl handshake error
Posted: Thu Nov 17, 2016 3:50 pm
by avandemore
check_nrpe needs to be recompiled on your system. I don't know how your system got into this state but you can confirm it by:
Code: Select all
# ldd /usr/local/nagios/libexec/check_nrpe
Here are the current installation instructions:
https://assets.nagios.com/downloads/nag ... e/NRPE.pdf
Re: ssl handshake error
Posted: Thu Nov 17, 2016 3:53 pm
by baber
this is output
Code: Select all
ldd /usr/local/nagios/libexec/check_nrpe
linux-gate.so.1 => (0x0026a000)
libssl.so.4 => not found
libcrypto.so.4 => not found
libnsl.so.1 => /lib/libnsl.so.1 (0x00d1b000)
libc.so.6 => /lib/libc.so.6 (0x0040c000)
/lib/ld-linux.so.2 (0x00fd5000)
Re: ssl handshake error
Posted: Thu Nov 17, 2016 4:01 pm
by dwhitfield
I would suggest upgrading to NRPE 3. There are a lot of security improvements:
https://www.nagios.com/news/2016/07/nrpe-3-release/. We're actually on 3.0.1 now, but the v3 page has more information.
Assuming that's not an option right now, run
locate libssl.so.4 and then recompile NRPE with
./configure --with-ssl=/path/to/ssl. It sounds like you have the compressed files on the server, so that is likely the quickest, if not the best option.