nrpe under xinetd

[matson-itops]

Newbie-ish question here.

I have 2 nagios servers and want to be able to monitor the same box (testing)
Is this possible using nrpe under xinetd? i want to add y.y.y.y to the config. can I use allow_from?

Details : ‘nrpe’ under /etc/xinetd.d/nrpe.cfg

# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
type = UNLISTED
port = 5666
socket_type = stream
wait = no
user = nagios
group = nagios
server = /usr/sbin/nrpe
server_args = -c /etc/nagios/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = x.x.x.x
}

[dchurch]

Main doc: https://github.com/NagiosEnterprises/nr ... -or-xinetd

Using the only_from directive inside the xinetd config file works if xinetd was compiled with support for tcpwrappers. You can check this if you run the following command:

Code: Select all

if ldd /usr/sbin/xinetd |grep -q libwrap; then echo "xinetd supports tcp wrappers"; else echo "no such luck :-("; fi

Anyway there are essentially three ways to limit the NRPE requests by IP address:

1. Using only_from in the /etc/xinetd.d/nrpe.cfg
2. Using allowed_hosts inside /usr/local/nagios/etc/nrpe.cfg
3. Using a firewall rule

If you're using option 1, you'll want to consult the xinetd.conf man page to figure out how to add multiple addresses there.

With modifying NRPE's config file, if you do that, you'll want to remove the only_from line from the xinetd config.