check_nrpe fails, SSL handshake error (NOT Solved)
Patrick Soltani
PSoltani at iitcorporation.com
Tue Dec 23 21:46:48 CET 2003
>
> I tried truss while running in daemon mode and got lots of
> output. However,
> I don't
> know how to interpret that output. I also got nothing
> returned when I do a
> "netstat -a | grep -i nrpe ",and different results when I changed the
> ownership on nrpe.cfg from root to nagios. How would I run
> truss with an
> inetd process? Can I?
You can run truss against a running process by specifying the "process ID". Do a "man truss" and you'll have more switches than you would like to know ;-).
Usually truss -all does most of the work.
You are looking for entries such as ENOTTY; (Error NO tty) which will tell you what the program was trying to do and couldn't. You need to check each one and figure out the behavior. Err#9 EBADF which usually means Error BAD File handle or file, so on forth.
If you are running the module out of inetd, then the process will be active when a request for the module comes in thru the port specified at conf file. Only then you'll see the process.
Regards,
Patrick Soltani.
>
> -john
>
> #nrpe stream tcp nowait nagios /usr/bin/nrpe -c
> /etc/nrpe.cfg -i
> # truss /usr/bin/nrpe -c /etc/nrpe.cfg -d
> execve("/usr/bin/nrpe", 0xFFBEF3D4, 0xFFBEF3E8) argc = 4
> mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF3A0000
> resolvepath("/usr/lib/ld.so.1", "/usr/lib/ld.so.1", 1023) = 16
> open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
> open("/usr/lib/libnsl.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3,
> 0) = 0xFF390000
> mmap(0x00000000, 704512, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xFF280000
> mmap(0xFF31C000, 32740, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 573440) = 0xFF31C000
> mmap(0xFF324000, 30928, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF324000
> munmap(0xFF30C000, 65536) = 0
> memcntl(0xFF280000, 82252, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/lib/libsocket.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF390000
> mmap(0x00000000, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xFF370000
> mmap(0xFF38A000, 4365, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 40960) = 0xFF38A000
> munmap(0xFF37A000, 65536) = 0
> memcntl(0xFF370000, 14496, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/lib/libc.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF390000
> mmap(0x00000000, 794624, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xFF180000
> mmap(0xFF23A000, 24652, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 696320) = 0xFF23A000
> munmap(0xFF22A000, 65536) = 0
> memcntl(0xFF180000, 113332, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/lib/libdl.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF390000
> close(3) = 0
> open("/usr/lib/libmp.so.2", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3,
> 0) = 0xFF360000
> mmap(0x00000000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3,
> 0) = 0xFF340000
> mmap(0xFF354000, 865, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED,
> 3, 16384) = 0xFF354000
> munmap(0xFF344000, 65536) = 0
> memcntl(0xFF340000, 3124, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/platform/SUNW,Ultra-1/lib/libc_psr.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEE98C) = 0
> mmap(0xFF360000, 8192, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF360000
> mmap(0x00000000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3,
> 0) = 0xFF270000
> close(3) = 0
> munmap(0xFF360000, 8192) = 0
> brk(0x000267D0) = 0
> brk(0x000287D0) = 0
> fstat(-1, 0xFFBEEA78) Err#9 EBADF
> open("/etc/nrpe.cfg", O_RDONLY) = 3
> fstat64(3, 0xFFBEE098) = 0
> brk(0x000287D0) = 0
> brk(0x0002A7D0) = 0
> ioctl(3, TCGETA, 0xFFBEE024) Err#25 ENOTTY
> read(3, " # # # # # # # # # # # #".., 8192) = 5019
> fstat(-1, 0xFFBED468) Err#9 EBADF
> open("/dev/conslog", O_WRONLY) = 4
> fcntl(4, F_SETFD, 0x00000001) = 0
> fstat(4, 0xFFBED468) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> open("/usr/share/lib/zoneinfo/US/Eastern", O_RDONLY) = 5
> read(5, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1250
> close(5) = 0
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> brk(0x0002A7D0) = 0
> brk(0x0002C7D0) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> read(3, 0x0002681C, 8192) = 0
> llseek(3, 0, SEEK_CUR) = 5019
> close(3) = 0
> fork() = 1769
> llseek(0, 0, SEEK_CUR) = 70514
> _exit(0)
> # hostnam
> hostnam: not found
> # hostname
> photon
> #
>
>
> ----- Original Message -----
> From: "Patrick Soltani" <PSoltani at iitcorporation.com>
> To: "Michael Tucker" <mtucker at airmail.net>;
> <nagios-users at lists.sourceforge.net>
> Sent: Tuesday, December 23, 2003 2:26 PM
> Subject: RE: [Nagios-users] check_nrpe fails, SSL handshake error (NOT
> Solved)
>
>
> > Hi,
> >
> > When there is no more info on the module, then I'll turn to
> "truss" on
> Solaris and run the same command line but with truss to see
> what exactly the
> module is doing and what kind of internal roll-o-coaster it traverses.
> >
> > That should shed more light on the issue.
> >
> > Regards,
> > Patrick Soltani.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: nagios-users-admin at lists.sourceforge.net
> > > [mailto:nagios-users-admin at lists.sourceforge.net]On
> Behalf Of Michael
> > > Tucker
> > > Sent: Monday, December 22, 2003 8:23 PM
> > > To: nagios-users at lists.sourceforge.net
> > > Subject: Re: [Nagios-users] check_nrpe fails, SSL
> handshake error (NOT
> > > Solved)
> > >
> > >
> > >
> > > On Monday, December 22, 2003, at 05:34 PM, John Downs wrote:
> > >
> > > > I wish my problem was so easy to fix. I recompiled with
> > > > --disable-ssl
> > > > option and it works
> > > > a little better.(I tried the permissions issue it didn't
> > > help) I am
> > > > still
> > > > getting the following error
> > > > in /var/adm/messages:
> > > >
> > > > Network server bind failure (126: cannot assign
> requested addres)
> > > > This happens when I start start nrpe in daemon mode with:
> > > > /usr/bin/nrpe -c /etc/nrpe.cfg -d
> > > >
> > > > nrpe is owned by root and has suid bit set. nrpe.cfg is owned by
> > > > nagios and
> > > > is readable by everyone.
> > > >
> > > > any ideas on this?
> > > >
> > > > Thanks!!
> > > >
> > > > -john
> > > >
> > >
> > > Yeah, I get exactly the same thing. (Well *almost*
> exactly the same.
> > > Mine says "(125: cannot assign requested address)", but
> > > otherwise it's
> > > the same if I try to launch nrpe as a stand-alone daemon. (In
> > > my case,
> > > both nrpe and nrpe.cfg are owned by nagios:nagios, no suid
> > > bit set, and
> > > are readable by everyone.)
> > >
> > > It works if I use inetd with tcp wrappers, though, as I
> > > described in my
> > > first message...
> > >
> > > > /etc/inetd.conf:
> > > > nrpe stream tcp nowait nagios
> > > /usr/sfw/sbin/tcpd /usr/local/nagios/
> > > > bin/nrpe -c /usr/local/nagios/bin/nrpe.cfg -i
> > > >
> > > > /etc/services:
> > > > nrpe 5666/tcp # NRPE (Nagios remote plugin executor)
> > >
> > > ...but ONLY if I have SSL disabled (recompiled nrpe with
> > > --disable-ssl). I plan to deploy this to some sites where the SSL
> > > security will be critically important. I can continue with my
> > > testing
> > > without it, but sooner or later I've got to fix this link in
> > > the chain.
> > >
> > > Surely there's someone out there running Solaris who's
> had a similar
> > > problem, and figured out how to solve it?
> > >
> > > *frustrated*
> > >
> > > Michael
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: IBM Linux Tutorials.
> > > Become an expert in LINUX or just sharpen your skills. Sign
> > > up for IBM's
> > > Free Linux Tutorials. Learn everything from the bash shell
> > > to sys admin.
> > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > > _______________________________________________
> > > Nagios-users mailing list
> > > Nagios-users at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > > ::: Please include Nagios version, plugin version (-v) and OS
> > > when reporting any issue.
> > > ::: Messages without supporting info will risk being sent
> to /dev/null
> > >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills.
> Sign up for IBM's
> > Free Linux Tutorials. Learn everything from the bash shell
> to sys admin.
> > Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&opÌk
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent
> to /dev/null
> >
>
>
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list