check_nrpe fails, SSL handshake error (NOT Solved)
Steve Feehan
sfeehan at sbb.uvm.edu
Wed Dec 24 00:24:27 CET 2003
On Tue, Dec 23, 2003 at 03:30:14PM -0500, John Downs wrote:
> I tried truss while running in daemon mode and got lots of output. However,
> I don't
> know how to interpret that output. I also got nothing returned when I do a
> "netstat -a | grep -i nrpe ",and different results when I changed the
> ownership on nrpe.cfg from root to nagios. How would I run truss with an
> inetd process? Can I?
>
> -john
Try running nrpe in daemon mode through truss again, this time
pass the -f option (I think that's the one to trace children as
well).
As for tracing through inetd, it will be messy on a busy system.
But it is possible... figure out the PID of inetd and then attach
truss to that process (i think it's -p PID). Make sure you specify
the -f (or whatever) to trace children. You'll get a lot of output
to wade through, but maybe it'll help.
In the trace below, the only think I see suspicious are the calls
to fstat(-1, ...). Not really sure where that's coming from. But
it would be nice to see the trace of the children after the fork.
I'll be glad to look at the truss output, problem is I'm going
out of town till Sunday. :)
Steve
> #nrpe stream tcp nowait nagios /usr/bin/nrpe -c /etc/nrpe.cfg -i
> # truss /usr/bin/nrpe -c /etc/nrpe.cfg -d
> execve("/usr/bin/nrpe", 0xFFBEF3D4, 0xFFBEF3E8) argc = 4
> mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF3A0000
> resolvepath("/usr/lib/ld.so.1", "/usr/lib/ld.so.1", 1023) = 16
> open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
> open("/usr/lib/libnsl.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF390000
> mmap(0x00000000, 704512, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xFF280000
> mmap(0xFF31C000, 32740, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 573440) = 0xFF31C000
> mmap(0xFF324000, 30928, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF324000
> munmap(0xFF30C000, 65536) = 0
> memcntl(0xFF280000, 82252, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/lib/libsocket.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF390000
> mmap(0x00000000, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xFF370000
> mmap(0xFF38A000, 4365, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 40960) = 0xFF38A000
> munmap(0xFF37A000, 65536) = 0
> memcntl(0xFF370000, 14496, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/lib/libc.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF390000
> mmap(0x00000000, 794624, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xFF180000
> mmap(0xFF23A000, 24652, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED, 3, 696320) = 0xFF23A000
> munmap(0xFF22A000, 65536) = 0
> memcntl(0xFF180000, 113332, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/lib/libdl.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF390000
> close(3) = 0
> open("/usr/lib/libmp.so.2", O_RDONLY) = 3
> fstat(3, 0xFFBEEAFC) = 0
> mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF360000
> mmap(0x00000000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF340000
> mmap(0xFF354000, 865, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED,
> 3, 16384) = 0xFF354000
> munmap(0xFF344000, 65536) = 0
> memcntl(0xFF340000, 3124, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
> close(3) = 0
> open("/usr/platform/SUNW,Ultra-1/lib/libc_psr.so.1", O_RDONLY) = 3
> fstat(3, 0xFFBEE98C) = 0
> mmap(0xFF360000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
> 0xFF360000
> mmap(0x00000000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF270000
> close(3) = 0
> munmap(0xFF360000, 8192) = 0
> brk(0x000267D0) = 0
> brk(0x000287D0) = 0
> fstat(-1, 0xFFBEEA78) Err#9 EBADF
> open("/etc/nrpe.cfg", O_RDONLY) = 3
> fstat64(3, 0xFFBEE098) = 0
> brk(0x000287D0) = 0
> brk(0x0002A7D0) = 0
> ioctl(3, TCGETA, 0xFFBEE024) Err#25 ENOTTY
> read(3, " # # # # # # # # # # # #".., 8192) = 5019
> fstat(-1, 0xFFBED468) Err#9 EBADF
> open("/dev/conslog", O_WRONLY) = 4
> fcntl(4, F_SETFD, 0x00000001) = 0
> fstat(4, 0xFFBED468) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> open("/usr/share/lib/zoneinfo/US/Eastern", O_RDONLY) = 5
> read(5, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1250
> close(5) = 0
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> brk(0x0002A7D0) = 0
> brk(0x0002C7D0) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> fstat(4, 0xFFBEDEC8) = 0
> time() = 1072211336
> getpid() = 1768 [1767]
> putmsg(4, 0xFFBED580, 0xFFBED574, 0) = 0
> open("/var/run/syslog_door", O_RDONLY) = 5
> door_info(5, 0xFFBED4B8) = 0
> getpid() = 1768 [1767]
> door_call(5, 0xFFBED4A0) = 0
> close(5) = 0
> read(3, 0x0002681C, 8192) = 0
> llseek(3, 0, SEEK_CUR) = 5019
> close(3) = 0
> fork() = 1769
> llseek(0, 0, SEEK_CUR) = 70514
> _exit(0)
> # hostnam
> hostnam: not found
> # hostname
> photon
> #
>
>
> ----- Original Message -----
> From: "Patrick Soltani" <PSoltani at iitcorporation.com>
> To: "Michael Tucker" <mtucker at airmail.net>;
> <nagios-users at lists.sourceforge.net>
> Sent: Tuesday, December 23, 2003 2:26 PM
> Subject: RE: [Nagios-users] check_nrpe fails, SSL handshake error (NOT
> Solved)
>
>
> > Hi,
> >
> > When there is no more info on the module, then I'll turn to "truss" on
> Solaris and run the same command line but with truss to see what exactly the
> module is doing and what kind of internal roll-o-coaster it traverses.
> >
> > That should shed more light on the issue.
> >
> > Regards,
> > Patrick Soltani.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: nagios-users-admin at lists.sourceforge.net
> > > [mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Michael
> > > Tucker
> > > Sent: Monday, December 22, 2003 8:23 PM
> > > To: nagios-users at lists.sourceforge.net
> > > Subject: Re: [Nagios-users] check_nrpe fails, SSL handshake error (NOT
> > > Solved)
> > >
> > >
> > >
> > > On Monday, December 22, 2003, at 05:34 PM, John Downs wrote:
> > >
> > > > I wish my problem was so easy to fix. I recompiled with
> > > > --disable-ssl
> > > > option and it works
> > > > a little better.(I tried the permissions issue it didn't
> > > help) I am
> > > > still
> > > > getting the following error
> > > > in /var/adm/messages:
> > > >
> > > > Network server bind failure (126: cannot assign requested addres)
> > > > This happens when I start start nrpe in daemon mode with:
> > > > /usr/bin/nrpe -c /etc/nrpe.cfg -d
> > > >
> > > > nrpe is owned by root and has suid bit set. nrpe.cfg is owned by
> > > > nagios and
> > > > is readable by everyone.
> > > >
> > > > any ideas on this?
> > > >
> > > > Thanks!!
> > > >
> > > > -john
> > > >
> > >
> > > Yeah, I get exactly the same thing. (Well *almost* exactly the same.
> > > Mine says "(125: cannot assign requested address)", but
> > > otherwise it's
> > > the same if I try to launch nrpe as a stand-alone daemon. (In
> > > my case,
> > > both nrpe and nrpe.cfg are owned by nagios:nagios, no suid
> > > bit set, and
> > > are readable by everyone.)
> > >
> > > It works if I use inetd with tcp wrappers, though, as I
> > > described in my
> > > first message...
> > >
> > > > /etc/inetd.conf:
> > > > nrpe stream tcp nowait nagios
> > > /usr/sfw/sbin/tcpd /usr/local/nagios/
> > > > bin/nrpe -c /usr/local/nagios/bin/nrpe.cfg -i
> > > >
> > > > /etc/services:
> > > > nrpe 5666/tcp # NRPE (Nagios remote plugin executor)
> > >
> > > ...but ONLY if I have SSL disabled (recompiled nrpe with
> > > --disable-ssl). I plan to deploy this to some sites where the SSL
> > > security will be critically important. I can continue with my
> > > testing
> > > without it, but sooner or later I've got to fix this link in
> > > the chain.
> > >
> > > Surely there's someone out there running Solaris who's had a similar
> > > problem, and figured out how to solve it?
> > >
> > > *frustrated*
> > >
> > > Michael
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: IBM Linux Tutorials.
> > > Become an expert in LINUX or just sharpen your skills. Sign
> > > up for IBM's
> > > Free Linux Tutorials. Learn everything from the bash shell
> > > to sys admin.
> > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > > _______________________________________________
> > > Nagios-users mailing list
> > > Nagios-users at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > > ::: Please include Nagios version, plugin version (-v) and OS
> > > when reporting any issue.
> > > ::: Messages without supporting info will risk being sent to /dev/null
> > >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
> > Free Linux Tutorials. Learn everything from the bash shell to sys admin.
> > Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&opÌk
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
> Free Linux Tutorials. Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&opÌk
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
--
Steve Feehan
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list