Home » Categories » Multiple Categories

Disabling Port 113 IDENT Requests

Problem Description

You are seeing port 113 return requests either from your Nagios XI server (when submitting NSCA passive results) to the originating host OR you are seeing port 113 return requests when checking NRPE services).

You will see this behaviour on your firewall logs as you will most likely not have a firewall rule for port 113.

 

 

Explanation

This is usually because you are running an NRPE check through XINETD with USERID included on the log_on_success or log_on_failure options in your remote hosts /etc/xinetd.d/nrpe file.

OR this could be because you are submitting passive results to the XI server through NSCA (which is running under XINETD) /etc/xinetd.d/nsca with the same options as above.

Further information can be found in the following link:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Reference_Guide/s2-tcpwrappers-xinetd-alt.html#s3-tcpwrappers-xinetd-alt-log

Note that the USERID option requires an IDENT request to port 113 on the originating server to determine the USERID, that's why you're seeing it.

 

Resolution

Then remove the USERID option from the log_on_failure AND log_on_success to stop the IDENT from occurring. The file you need to change depends on:

  • NRPE on remote host
    • /etc/xinetd.d/nrpe
  • NSCA on Nagios XI server
    • /etc/xinetd.d/nsca

For example, either comment this line out or remove it completely:

# default: on
# description: NSCA (Nagios Service Check Acceptor)
service nsca
{
           flags = REUSE
           socket_type = stream        
           wait = no
           user = nagios
           group = nagios
           server = /usr/local/nagios/bin/nsca
           server_args = -c /usr/local/nagios/etc/nsca.cfg --inetd
           log_on_failure += USERID
           disable = no
           only_from = 127.0.0.1
}

 

After making the changes you need to restart the xinetd service using one of the commands below:

 

RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/20

systemctl restart xinetd.service

 

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Optimizing The PHP Settings File
Viewed 11041 times since Thu, Jul 13, 2017
Nagios XI - SNMPTT Service generates Cannot find module errors
Viewed 2965 times since Sun, Apr 9, 2017
Nagios XI - Last Check Time Not Updating
Viewed 10498 times since Tue, Jan 6, 2015
NRPE - CHECK_NRPE: Socket Timeout After n Seconds
Viewed 52411 times since Sun, Jul 16, 2017
Web Browser Reports 330 Error Content Encoding
Viewed 2428 times since Tue, Mar 7, 2017
Nagios XI - Best Practices - NWC15
Viewed 4289 times since Thu, Feb 4, 2016
Nagios XI - HTTP 500 Error / White Screen After Login
Viewed 2652 times since Mon, Feb 29, 2016
Nagios XI - Common Upgrade Failures And Solutions
Viewed 5308 times since Thu, Jun 29, 2017
Nagios XI - SNMP MIB Upload Problems
Viewed 4672 times since Mon, Apr 10, 2017
NRPE - CHECK_NRPE: Error - Could Not Complete SSL Handshake
Viewed 73832 times since Fri, Jul 14, 2017