Nagios Support Forum

Posted: **Wed Nov 23, 2016 1:16 am**

I use nagios3-3.5.1.dfsg-2.1ubuntu1 on ubuntu 16.04. I want to use NRPE with args to remote checks, but get:

CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

Is there any way to query nrpe to learn if this package nagios3-3.5.1.dfsg-2.1ubuntu1 was compiled with --enable-command-args ?

Posted: **Wed Nov 23, 2016 11:13 am**

I would look at the exact error message that is being logged on your client side syslog, when that command is executing as it'll say exactly why it's not working.

If it's just the arguments, you should be able to just modify the configuration file -

Code: Select all

# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1

Posted: **Tue Nov 29, 2016 6:05 pm**

Thanks. It seems nagios-nrpe-server on Ubuntu is likely compiled without --enable-command-args. I'll need to pivot to defining the remote checks explicitly without arguments.

Checking the source package, this is present in the diff:

Code: Select all

in nagios-nrpe_2.15-1ubuntu1.diff:

nagios-nrpe (2.15-1) unstable; urgency=high

  This update disables the command-args support in nrpe. The feature
  has several security problems and is often used wrong. If you have to
  use this feature recompile the package with --enable-command-args
  in debian/rules.

 -- Alexander Wirt <[email protected]>  Tue, 15 Jul 2014 09:52:48 +0200

This files are included from the /etc/nagios/nrpe.cfg

This package is built without support for command argument processing. If you
want to enable it, you will have to rebuild this package with
--enable-command-args in debian/rules.

The feature has several security problems and should not be used. If you
really need some dynamic argument processing try check_by_ssh or something
similar.

Prior to discovering the above, I had the following notes (for other's reference):

I do have dont_blame_nrpe=1 set in config, both on the hosts being monitored via nrpe (computeN), and the hosts doing the monitoring (headN).

Code: Select all

ubuntu@compute1:~$ grep dont_blame_nrpe= /etc/nagios/nrpe.cfg
dont_blame_nrpe=1

ubuntu@head1:~$ grep dont_blame_nrpe= /etc/nagios/nrpe.cfg
dont_blame_nrpe=1

The error on the host being monitored via nrpe is of the form:

Code: Select all

ubuntu@compute1:~$ grep nrpe /var/log/syslog |tail -n 6
Nov 29 21:31:41 compute01 nrpe[22879]: Error: Request contained command arguments!
Nov 29 21:31:41 compute01 nrpe[22879]: Client request was invalid, bailing out...
Nov 29 21:31:42 compute01 nrpe[22881]: Error: Request contained command arguments!
Nov 29 21:31:42 compute01 nrpe[22881]: Client request was invalid, bailing out...

The nrpe server is running on the hosts being monitored:

Code: Select all

ubuntu@compute1:~$ sudo service nagios-nrpe-server status
● nagios-nrpe-server.service - LSB: Start/Stop the Nagios remote plugin execution daemon
   Loaded: loaded (/etc/init.d/nagios-nrpe-server; bad; vendor preset: enabled)
   Active: active (running) since Tue 2016-11-22 23:54:03 UTC; 6 days ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 1
   Memory: 516.0K
      CPU: 4min 35.056s
   CGroup: /system.slice/nagios-nrpe-server.service
           └─15176 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d

Nov 29 21:55:59 compute1 nrpe[26628]: Error: Request contained command arguments!
Nov 29 21:56:02 compute1 nrpe[26630]: Error: Request contained command arguments!
Nov 29 21:56:37 compute1 nrpe[26688]: Error: Request contained command arguments!
Nov 29 21:56:40 compute1 nrpe[26694]: Error: Request contained command arguments!
Nov 29 21:56:42 compute1 nrpe[26698]: Error: Request contained command arguments!
Nov 29 21:56:57 compute1 nrpe[26706]: Error: Request contained command arguments!
Nov 29 21:56:58 compute1 nrpe[26711]: Error: Request contained command arguments!
Nov 29 21:57:00 compute1 nrpe[26713]: Error: Request contained command arguments!
Nov 29 21:57:42 compute1 nrpe[26750]: Error: Request contained command arguments!
Nov 29 21:57:42 compute1 nrpe[26752]: Error: Request contained command arguments!

I don't find any more specific error messages than the above in syslog.

Posted: **Wed Nov 30, 2016 10:55 am**

Thanks for posting your findings. Guessing you were able to recompile already, but I'll leave these links here for anyone that may need them.

NRPE manual install - https://support.nagios.com/kb/article.p ... ategory=22
Compile NRPEv3 from source - https://support.nagios.com/kb/article.p ... ategory=22

Would you mind if we marked this thread resolved, and locked it up?

Posted: **Wed Nov 30, 2016 6:14 pm**

Yes, OK to lock thread. I didn't recompile with --enable-command-args, instead I am writing out all permutations of wanted commands with their args in /etc/nagios/nrpe_local.cfg.

Nagios Support Forum

How to check if NRPE compiled with --enable-command-args?

How to check if NRPE compiled with --enable-command-args?

Re: How to check if NRPE compiled with --enable-command-args

Re: How to check if NRPE compiled with --enable-command-args

Re: How to check if NRPE compiled with --enable-command-args

Re: How to check if NRPE compiled with --enable-command-args