NRPE - Configuring NRPE Commands To Accept Arguments

Configuring NRPE Commands To Accept Arguments

This KB article shows you how to configure NRPE to accept arguments.

When installing NRPE from source (How To Install NRPE v3 From Source) it comes preconfigured with five static commands:

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

 

Static commands are a secure method of configuring NRPE, there is no way of changing what is execute on the remote host without changing the nrpe.cfg file on the remote host. However this does add administrative overhead, if you wanted to change a threshold there is extra work involved, compared to making the change on the Nagios server to send the required arguments.

Using dynamic commands allows you to send the required arguments to NRPE without changing the remote nrpe.cfg file. This is not as secure as a static command, due to possibilities of a malicious user finding a weakness and exploiting that weakness. With that in mind this KB article will show several methods of using dynamic commands.

 

 

Assumed Knowledge

The following KB article contains an explanation of how NRPE works and may need to be referenced to completely understand this KB article:

NRPE - Agent and Plugin Explained

 

 

Editing Files

In many steps of this article you will be required to edit files. This documentation will use the vi text editor. When using the vi
editor:

 

The changes in this document reference editing the /usr/local/nagios/etc/nrpe.cfg file. To edit this file you need to execute the following command:

vi /usr/local/nagios/etc/nrpe.cfg

 

 

Restarting NRPE Service

Changes to the nrpe.cfg file in this KB article require you to restart the NRPE service. Please refer to the How To Install NRPE v3 From Source documentation on how to restart the service, it is summarized as part of each different operating system instructions.

 

 

Allow Arguments

NRPE has a configuration option that enables arguments to be received. If you followed the How To Install NRPE v3 From Source then this option will already be enabled.

Edit the nrpe.cfg file and locate the following option:

dont_blame_nrpe=0

 

Change the option to 1 to allow arguments to be received:

dont_blame_nrpe=1

 

This option only works when NRPE was compiled using the --enable-command-args argument. If you followed the How To Install NRPE v3 From Source then this option would have been used.

If you installed NRPE using your package manager like YUM then this argument is not used and you will not be able to proceed.

 

The remaining of this KB article will show you how to turn each of the five static commands into dynamic commands.

 

 

command[check_users]

The check_users command is hard coded with the -w 5 -c 10 arguments. To turn this into a dynamic command you should first comment out the static command by adding a # to the beginning of the line:

#command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10

 

There should be an example dynamic command in the nrpe.cfg file that is commented out with a # at the beginning, simply remove the hash to enable the command:

command[check_users]=/usr/local/nagios/libexec/check_users $ARG1$

Restart the NRPE service for this change to be applied.

 

You can now pass the arguments to NRPE from your Nagios host by enclosing them in single quotes:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_users -a '-w 5 -c 10'

It is important that the arguments are enclosed by single quotes, this means they are sent as one argument.

 

More Secure

A more secure method is to configure the command to use multiple arguments for the values of the thresholds only. For example:

command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$

 

You can now pass the thresholds values to NRPE from your Nagios host by only supplying the values:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_users -a 5 10

You will notice that the -w and -c are not used, this is because they are already hard coded in the command on the NRPE agent. Also take note that the arguments are NOT enclosed by single quotes, this means they are sent as multiple arguments.

 

 

command[check_load]

The check_load command is hard coded with the -r -w .15,.10,.05 -c .30,.25,.20 arguments. To turn this into a dynamic command you should first comment out the static command by adding a # to the beginning of the line:

#command[check_load]=/usr/local/nagios/libexec/check_load -r -w .15,.10,.05 -c .30,.25,.20

 

There should be an example dynamic command in the nrpe.cfg file that is commented out with a # at the beginning, simply remove the hash to enable the command:

command[check_load]=/usr/local/nagios/libexec/check_load $ARG1$

Restart the NRPE service for this change to be applied.

 

You can now pass the arguments to NRPE from your Nagios host by enclosing them in single quotes:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_load -a '-r -w .15,.10,.05 -c .30,.25,.20'

It is important that the arguments are enclosed by single quotes, this means they are sent as one argument.

 

More Secure

A more secure method is to configure the command to use multiple arguments for the values of the thresholds only. For example:

command[check_load]=/usr/local/nagios/libexec/check_load -r -w $ARG1$ -c $ARG2$

 

You can now pass the thresholds values to NRPE from your Nagios host by only supplying the values:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_load -a .15,.10,.05 .30,.25,.20

You will notice that the -r-w and -c are not used, this is because they are already hard coded in the command on the NRPE agent. Also take note that the arguments are NOT enclosed by single quotes, this means they are sent as multiple arguments.

 

 

command[check_hda1] OR command[check_disk]

The check_hda1 command is hard coded with the -w 20% -c 10% -p /dev/hda1 arguments. As you can see this restricts the command specifically to the /dev/hda1 disk which isn't very flexible (and may not exist on your system). To turn this into a dynamic command you should first comment out the static command by adding a # to the beginning of the line:

#command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1

 

There should be an example dynamic command in the nrpe.cfg file called check_disk that is commented out with a # at the beginning, simply remove the hash to enable the command:

command[check_disk]=/usr/local/nagios/libexec/check_disk $ARG1$

Restart the NRPE service for this change to be applied.

 

You can now pass the arguments to NRPE from your Nagios host by enclosing them in single quotes:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_disk -a '-w 20% -c 10% -p /'

It is important that the arguments are enclosed by single quotes, this means they are sent as one argument. In that example I was able to specify the disk used for the / mount point.

 

More Secure

A more secure method is to configure the command to use multiple arguments for the values of the thresholds only. For example:

command[check_disk]=/usr/local/nagios/libexec/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$

 

You can now pass the thresholds values to NRPE from your Nagios host by only supplying the values:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_disk -a 20% 10% /

You will notice that the -w, -c and -p are not used, this is because they are already hard coded in the command on the NRPE agent. Also take note that the arguments are NOT enclosed by single quotes, this means they are sent as multiple arguments.

 

 

command[check_zombie_procs]

The check_zombie_procs command is hard coded with the -w 5 -c 10 -s Z arguments. To turn this into a dynamic command you should first comment out the static command by adding a # to the beginning of the line:

#command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z

 

Add the following command in nrpe.cfg file:

command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs $ARG1$ -s Z

Restart the NRPE service for this change to be applied.

 

You can now pass the arguments to NRPE from your Nagios host by enclosing them in single quotes:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_zombie_procs -a '-w 5 -c 10'

It is important that the arguments are enclosed by single quotes, this means they are sent as one argument.

 

More Secure

A more secure method is to configure the command to use multiple arguments for the values of the thresholds only. For example:

command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w $ARG1$ -c $ARG2$ -s Z

 

You can now pass the thresholds values to NRPE from your Nagios host by only supplying the values:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_zombie_procs -a 5 10

You will notice that the -w and -c are not used, this is because they are already hard coded in the command on the NRPE agent. Also take note that the arguments are NOT enclosed by single quotes, this means they are sent as multiple arguments.

 

 

command[check_total_procs]

The check_total_procs command is hard coded with the -w 150 -c 200 arguments. To turn this into a dynamic command you should first comment out the static command by adding a # to the beginning of the line:

#command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

 

There should be an example dynamic command in the nrpe.cfg file that is commented out with a # at the beginning, simply remove the hash to enable the command:

command[check_procs]=/usr/local/nagios/libexec/check_procs $ARG1$

Restart the NRPE service for this change to be applied.

 

You can now pass the arguments to NRPE from your Nagios host by enclosing them in single quotes:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_procs -a '-w 150 -c 200'

It is important that the arguments are enclosed by single quotes, this means they are sent as one argument.

 

More Secure

A more secure method is to configure the command to use multiple arguments for the values of the thresholds only. For example:

command[check_procs]=/usr/local/nagios/libexec/check_procs -w $ARG1$ -c $ARG2$

 

You can now pass the thresholds values to NRPE from your Nagios host by only supplying the values:

/usr/local/nagios/libexec/check_nrpe -H <NRPE_AGENT> -c check_procs -a 150 200

You will notice that the -w and -c are not used, this is because they are already hard coded in the command on the NRPE agent. Also take note that the arguments are NOT enclosed by single quotes, this means they are sent as multiple arguments.

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/


Article ID: 759
Created On: Sun, Oct 15, 2017 at 8:13 PM
Last Updated On: Sun, Oct 15, 2017 at 10:53 PM
Authored by: tlea

Online URL: https://support.nagios.com/kb/article/nrpe-configuring-nrpe-commands-to-accept-arguments-759.html