Nagios Support Forum

Hi All,

I am new to the forums. I am trying to get nrpe working on a remote linux server - which has RHEL 6.9.

When I try to test nrpe locally, I receive the following error:

CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer.

I installed nrpe using the fullinstall from this youtube link https://www.youtube.com/watch?time_cont ... I4t2zqAiDQ - which is from Nagios itself.

I checked my hosts file and everything is in order. Also, the NagiosXI server is an allowed host(even though this is just for local testing).

Any advice on this would be very much appreciated!

Hello, @sanzen. Please show me the command you're using to test the NRPE locally. Do you have a firewall set up on the linux server? Please run the following command and show me the output:

nmap 127.0.0.1

Can you upload the following file in this thread?

/etc/xinetd.d/nrpe

Can you run the following command on the client (remote machine) and show the output?

Hello! Thanks for the response. It is very much appreciated


Here are the results below


nmap 127.0.0.1:

at 2019-04-04 10:40 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00037s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
4445/tcp open upnotifyp
5666/tcp open nrpe
7937/tcp open nsrexecd
7938/tcp open lgtomapper
8009/tcp open ajp13
8080/tcp open http-proxy
8443/tcp open https-alt





cat /etc/xinetd.d/nrpe:

p# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
disable = no
per_source = 25
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
only_from = 127.0.0.1 10.x.x.x
log_on_success =
}

Have you tried restarting xinetd to see if this is going to fix the issue?

Can you run a few more commands on the machine with the NRPE installed on it, and show the output? BTW, if this (the letter "p") a typo?

p# default: off

the p was a typo in the file, so i removed it. I have restarted the service and it does nothing


Netstat –at | grep nrpe | grep –v grep:

tcp 0 0 *:nrpe *:* LISTEN


ps axuw | grep nrpe | grep -v grep:

did not have any results


/usr/local/nagios/bin/nrpe:

Incorrect command line arguments supplied

NRPE - Nagios Remote Plugin Executor
Version: 3.2.1

Copyright (c) 2009-2017 Nagios Enterprises
1999-2008 Ethan Galstad ([email protected])

Last Modified: 2017-09-01

License: GPL v2 with exemptions (-l for more info)

SSL/TLS Available, OpenSSL 0.9.6 or higher required

***************************************************************
** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **
** Read the NRPE SECURITY file for more information **
***************************************************************

***************************************************************
** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE! **
** Read the NRPE SECURITY file for more information **
***************************************************************

Usage: nrpe [-V] [-n] -c <config_file> [-4|-6] <mode>

Options:
-V, --version Print version info and quit
-n, --no-ssl Do not use SSL
-c, --config=FILE Name of config file to use
-4, --ipv4 Use ipv4 only
-6, --ipv6 Use ipv6 only
<mode> (One of the following operating modes)
-i, --inetd Run as a service under inetd or xinetd
-d, --daemon Run as a standalone daemon
-s, --src Run as a subsystem under AIX
-f, --no-forking Don't fork() (for systemd, launchd, etc.)

Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios. It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.


/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 and /usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer

Are you using TCP wrappers? Do you have anything in the /etc/hosts.allow and/or /etc/hosts.deny?

Also, are you using IPv6? Does the check work when you add "-4" to your command? or

I get the same response when adding -4 to the command.

As for the allow and deny files.....


Allow says:
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd : ALL
sendmail : 127.0.0.1


Deny says:

#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
ALL : ALL


I am not sure how to check if something is using tcp wrappers(kind of a noob when it comes to Linux)

I suspect the issue is caused by the TCP wrappers settings, even though I am not a 100% sure. Can you try adding the following line to the /etc/hosts.allow (the line in red)?

sshd : ALL
sendmail : 127.0.0.1
nrpe: ALL

Note: If you wanted to limit access to two IPs only, you could probably use:

sshd : ALL
sendmail : 127.0.0.1
nrpe: 127.0.0.1
nrpe: 10.x.x.x

where "10.x.x.x" is your Nagios XI server's IP address.

Save, exit and restart xinetd: Test your check again. Let us know if this helped.

I think that did it!

I will continue to test, but I think it works now.

Thank you all so much!