NRPE arguments

Steve Shipway s.shipway at auckland.ac.nz
Tue Jan 31 21:24:55 CET 2006


> Hi, I'm trying to pass arguments from one system to another 
> and am having some trouble. I have rebuilt nrpe with the 
> command-args option enabled, yet i am still getting "Error: 
> Request contained command arguments, but argument option is 
> not enabled" in our log entries.

For the NRPE daemon to accept arguments to the requested commands, you need
to do 3 things.

1) Compile NRPE with argument support.
2) Enable arguments in the nrpe.cfg (dont_blame_nrpe = 1)
3) Define the command with arguments in the nrpe.cfg

I suspect your problem is number (2).

This is disabled by default as it is a security problem.  If you enable
this, I strongly recommend you do all of the following:

1) Make sure that all NRPE command definitions have QUOTES around the
arguments, to prevent people sending metacharacters or spaces in the
parameters and cracking your system.  Very important.
2) Use the allowed_hosts option in the nrpe.cfg, or else tcpwrappers or
xinetd (unix), to restrict access to the daemon to only your nagios host.
3) Run the daemon as an unprivileged account created for this purpose only
(unix)

If you look into it for a short while, you will realise why this option is
disabled by default - and how much chaos you could cause on a system which
doesn't take these precautions.

Steve




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list