Stuck on NRPE for OS X Server

Andrew Davis nccomp at gmail.com
Wed Mar 18 21:57:30 CET 2009
Previous message: Stuck on NRPE for OS X Server
Next message: Stuck on NRPE for OS X Server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If I'm reading this correctly, the line about "NRPE daemon cannot be run 
as user/group root!" is directly from the source code of NRPE. Its not 
an xinetd thing. I've confirmed that xinetd is running and listening on 
port 5666. I tried changing the owner/group from nobody:nobody to 
another unprivileged user, but it didn't work. Same results. It appears 
that despite my configuring the /etc/nagios/nrpe.cfg and the 
/etc/xinetd.d/nrpe files to use a user other than root, it still tries 
to start it as the root user and thus when an incoming connection comes 
in, it gives the "NRPE daemon cannot be run as user/group root!" error. 
Any thoughts on how to rectify this? Since NRPE is working fine on 
Linux, is this just a Mac OS X thing? Any help would be immensely 
appreciated.

AD

Andrew Davis wrote:
> FYI: /var/log/system.log on the client shows:
>
> Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170
> Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as 
> user/group root!
>
> whether I do the default test (with SSL) or use the -n flag to test 
> w/o SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set 
> to run as nobody:nobody and /etc/nagios/nrpe.cfg is owned by 
> nobody:nobody. Only /usr/local/sbin/nrpe is owned by root (as it 
> should be), but is also set to 755 perms. I've compared to a Linux box 
> I have with NRPE and xinetd working properly and the permissions are 
> identical.
>
> I'm stumped...
>
> Andrew Davis wrote:
>> I have two Mac OS X servers, one running 10.3, the other running 
>> 10.4. Neither can be upgraded to 10.5 due to third party s/w 
>> constraints. Both are PPC based XServe's.
>>
>> Trying to compile nrpe with:
>>
>>     ./configure --sysconfdir=/etc/nagios --enable-ssl
>>
>> Initially, I got the "cannot find ssl libraries" error:
>>
>>     ~
>>     checking for SSL headers... SSL headers found in /usr/local/ssl
>>     checking for SSL libraries... configure: error: Cannot find ssl
>>     libraries
>>
>> I downloaded the latest openssl and built it with:
>>
>>     ./config --prefix=/usr/local shared --openssldir=/usr/local/openssl
>>     make
>>     make test
>>     make install
>>
>> I then had to edit ~/src/nrpe/configure and change the reference from 
>> libssl.so to libssl.dylib
>>
>> After that, nrpe compiled cleanly and I was able to move 
>> ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've 
>> confirmed that port 5666 is open and xinetd is running:
>>
>>     /usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v
>>     greproot   29066   0.0 -0.0    27484    308  ??  Ss    3:53PM  
>>     0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive
>>     /usr/local/src/nrpe-2.12/src root# netstat -an|grep
>>     5666tcp4       0      0  *.5666                
>>     *.*                    LISTEN
>>
>> However, when connecting from the remote server, I get:
>>
>>     /usr/local/nagios/libexec/check_nrpe -H host.mydomain.org
>>     CHECK_NRPE: Error - Could not complete SSL handshake.
>>
>> The same test but w/o SSL gives yields:
>>
>>     [nagios at nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H
>>     host.mydomain.org
>>     CHECK_NRPE: Received 0 bytes from daemon.  Check the remote
>>     server logs for error messages.
>>
>> So two questions:
>>
>> 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad 
>> different being BSD-based. So what's the proper way to stop/restart 
>> the xinetd daemon?
>> 2) Any thoughts on SSL handshake error? I've googled it, but I'm not 
>> getting very far.
>>
>> Anyone have a step-by-step for compiling nagios plugins and NRPE from 
>> source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for 
>> all other internal hosts, so I prefer to use it for the Mac's too. I 
>> know I could do it via check_by_ssh and get around this, but I prefer 
>> to use NRPE if I can.
>> -- 
>>
>>
>>   A. Davis
>>   Email:     nccomp at gmail.com
>>
>>   "There is no limit to what a man can accomplish
>>    if he doesn't care who gets the credit." - Ronald Reagan
>>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090318/ac025830/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Stuck on NRPE for OS X Server
Next message: Stuck on NRPE for OS X Server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list