NSCA wont accept passive checks

[Michael Boman]

I have a small problem here. I can't get Nagios/NSCA to accept passive
service checks.

(From syslog on central server)
nsca[20937]: Connection from 10.101.65.7 port 16584
nsca[20937]: Host address checks out ok
nsca[20937]: Handling the connection...
nsca[20937]: Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?
nsca[20937]: End of connection...


Now, the thing is that I have not enabled encryption in the first place,
just to be sure that this is not the problem.


On the remote system side I have this in my /etc/nagios/send_nsca.cfg

password=password
encryption_method=0

And on the central server I have this (in /etc/nagios/nsca.cfg):

server_port=5667
allowed_hosts=10.101.65.7
nsca_user=nagios
nsca_group=nagios
debug=1
command_file=/var/nagios/rw/nagios.cmd
aggregate_writes=1
append_to_file=0
max_packet_age=10
password=password
decryption_method=0


As you can see the ecryption method on both sides are 0 (no encryption)
and the password are the same. Using TCPDump I find the communication not
very plain text like, but I haven't read the nsca source so I don't know
how the protocol should look like.. Anyway, when I attached strace/ltrace
to the nsca daemon on the central server I noticed the following
(ltrace output):

20937 syslog(6, "Handling the connection...")     = <void>
20937 fcntl(6, 3, 0xbffff10c, 0, 0)               = -1
20937 fcntl(6, 4, 2048, 0, 0)                     = -1
20937 malloc(160)                                 = 0x08054218
20937 fopen("/dev/urandom", "r")                  = 0x080521b8
20937 fgetc(0x080521b8)                           = 'K'
20937 fclose(0x080521b8)                          = 0
20937 srand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x2db19fd3
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x3a99f23f
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x1604c27a
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x3dba7799
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x0335c5bc
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x43de2b04
[...]
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x2559e593
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x3a45de67
20937 rand(75, 0x0804c45c, 0xbffff0b8, 0x400d9623, 0x4018e2c0) = 0x06fba7a1
20937 time(0xbffff104)                            = 1046828060
20937 send(6, 0xbffff110, 132, 0, 6)              = -1
20937 syslog(3, "Could not send init packet to cl"...) = <void>
20937 free(0x08054218)                            = <void>
20937 close(6)                                    = -1


Now, if nsca has been told NOT do do encryption, why is it grabbing random numbers (screen fulls) from urandom?

How would I go about to continue trouble-shooting this one?

Versions:
== Central server ==
# /usr/nagios/bin/nsca --version

NSCA - Nagios Service Check Acceptor
Copyright (c) 2000-2003 Ethan Galstad (nagios at nagios.org)
Version: 2.3
Last Modified: 01-26-2003
License: GPL
Encryption Routines: AVAILABLE


=== Remote system ===
# /usr/local/nagios/bin/send_nsca

NSCA Client 2.1
Copyright (c) 2000-2002 Ethan Galstad (nagios at nagios.org)
Last Modified: 06-10-2002
License: GPL
Encryption Routines: AVAILABLE


Both running on Linux/x86

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20030305/f895d036/attachment.sig>