NRPE allowed_hosts directive doesn't work?

Eli Spizzichino esac at javanet.info
Wed Jun 22 20:57:14 CEST 2005

Previous message: NRPE Agent Download site?
Next message: GD, PNG, and/or JPEG libraries could not be located - is this a problem?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,
It's all the day I'm trying to make nrpe accept connection from my host
but it seems ignoring allowed_host directive.
When is run in inetd + tcpwrapper _it works_ but I don't whant this
setup because nagios server is running from an host with a dynamic ip
and the reverse dns points conflict with the dns name I update when my
ip changes.
So or I recompile tcp-wrappers without paranoia config or I just use the
firewall for access control and this is what I whant to do.
I've read the FAQ(s) about "CHECK_NRPE: Error - Could not complete SSL
handshake" and several mails in the archive this are things I checked:

· telnetting to 5666 closes connection
· Different versions? on server (gentoo) nagios-nrpe is 2.0 on client
(the monitored host) there is debian-sarge and apt-cache show
nagios-nrpe-server Version: 2.0-7
maybe this is the problem...

· SSL: both on server and client side is installed
server 0.9.7e-r1
client 0.9.7e-3

· Incorrect file permissions:
-rw-rw----  1 nagios nagios 5.0K /etc/nagios/nrpe.cfg

· nrpe.cfg have allowed_hosts=127.0.0.1,[my_current_ip]
· netstat -pta |grep nrpe
tcp        0      0 *:nrpe     *:*     LISTEN     31399/nrpe
· nmap -sT -p 5666 -PT client-IP
5666/tcp open  unknown
on server it shouldn't needed to open up ports but I enable both in and
out connection to 5666.

· command line used to run the client:
su -c '/usr/sbin/nrpe -d -c /etc/nagios/nrpe.cfg' nagios

· logs (not very helpfull)

Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5
-c 30,25,20
Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w
5 -c 10 -s Z
Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w
150 -c 200
INFO: SSL/TLS initialized. All network traffic will be encrypted.
Starting up daemon
Listening for connections on port 5666
Allowing connections from: 127.0.0.1, [my_temp_IP]
Connection from [my_temp_IP] port 57860
Host [my_temp_IP] is not allowed to talk to us!
Connection from [my_temp_IP] closed.


I hope someone has good ideas...
thanks in advance
Eli


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: NRPE Agent Download site?
Next message: GD, PNG, and/or JPEG libraries could not be located - is this a problem?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list