Stuck on NRPE for OS X Server

Allan Clark allanc at chickenandporn.com
Thu Mar 19 16:28:42 CET 2009
Previous message: Stuck on NRPE for OS X Server
Next message: Stuck on NRPE for OS X Server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Mar 19, 2009 at 10:57, Andrew Davis <nccomp at gmail.com> wrote:

>  One person suggested my openssl version might be too new (0.9.8). I just
> removed it and installed 0.9.7i, older enough version to be safe and one
> that I know another user has in a working configuration. After compiling it,
> I then recompiled NRPE against it and copied the files in place. It still
> fails with the same error.
>
> /var/log/system.log shows:
>
> Mar 19 10:45:17 seth xinetd[26057]: Started working: 1 available service
> Mar 19 10:45:25 seth nrpe[26064]: Error: NRPE daemon cannot be run as
> user/group root!
>
> I had it set to run as nobody:nobody, but that wasn’t working. I even tried
> setting to run as daemon:wheel, but the same results. Finally, I created a
> nagios user and configured /etc/xinetd.d/nrpe to run as nagios:nagios and
> updated /etc/nagios/nrpe.cfg to use the same. However, all remote tests
> still result in the following:
>
> >From the server:
>
> [nagios at nagios ~]$ /usr/local/nagios/libexec/check_nrpe -H seth
> CHECK_NRPE: Error - Could not complete SSL handshake.
>
> >From the client:
>
> Mar 19 10:45:17 seth xinetd[26057]: Started working: 1 available service
> Mar 19 10:45:25 seth nrpe[26064]: Error: NRPE daemon cannot be run as
> user/group root!
>
> Scouring Google shows that the “cannot be run as ... root” error is in the
> nrpe.c code. What I can’t figure out is why its trying to run as root
> instead of the configured user...
>
> Anyone running NRPE with xinetd for Mac’s? I’m frustrated enough that I
> almost just want to use check_by_ssh, but I’d prefer to get this working and
> keep things consistent (ie: with NRPE). My /etc/nagios/nrpe.cfg and
> /etc/xinetd.d/nrpe are below:
>
> seth:/etc/xinetd.d root# pwd
> /etc/xinetd.d
> seth:/etc/xinetd.d root# cat nrpe
> # /etc/xinetd.d/nrpe
> # description: NRPE
> # default: on
> service nrpe
> {
>         flags           = REUSE
>         socket_type     = stream
>         port        = 5666
>         wait            = no
>         user            = nagios
>         group           = nagios
>         server          = /usr/local/sbin/nrpe
>         server_args     = -c /etc/nagios/nrpe.cfg --inetd
>         log_on_failure  += USERID
>         disable         = no
>         only_from       = 127.0.0.1 10.1.1.170
> }
>
>
Hi Andrew;

I'm not convinced xinetd is running nrpe for you.  As a simple test, try
changing the port number from 5666 in /etc/xinetd.d/nrpe, but leave it as
5666 in nrpe.cfg, and see if you can connect on the old or new port -- just
to ensure that the port is serviced as a hand-off from xinetd.  (5666 or
5556?)  Normally I'd confirm this with a "sudo netstat -pant" but I don't
know the equivalent on MacOSX, so I'm suggesting quick molestation for
proof, even though I see the "only 127.0.0.1" setting in nrpe.cfg.

You might want to run xinetd with "-d" option for debugging spam; it also
doesn't background the process, so run on a different terminal.  Looking for
confirmation that xinetd is changing user after accept()/fork().

Allan
-- 
allanc at chickenandporn.com  "金鱼" http://linkedin.com/in/goldfish
please, no proprietary attachments (http://tinyurl.com/cbgq)
Sent from: New York NY United States.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090319/20b9d738/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Stuck on NRPE for OS X Server
Next message: Stuck on NRPE for OS X Server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list