<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000099"> FYI: /var/log/system.log on the client shows: Mar 18 16:08:07 shu xinetd[29066]: START: nrpe pid=557 from=10.1.1.170 Mar 18 16:08:07 shu nrpe[557]: Error: NRPE daemon cannot be run as user/group root! whether I do the default test (with SSL) or use the -n flag to test w/o SSL. The odd thing is that the nrpe config in /etc/xinetd.d is set to run as nobody:nobody and /etc/nagios/nrpe.cfg is owned by nobody:nobody. Only /usr/local/sbin/nrpe is owned by root (as it should be), but is also set to 755 perms. I've compared to a Linux box I have with NRPE and xinetd working properly and the permissions are identical. I'm stumped... Andrew Davis wrote: <blockquote cite="mid:49C1529C.2030106@gmail.com" type="cite">I have two Mac OS X servers, one running 10.3, the other running 10.4. Neither can be upgraded to 10.5 due to third party s/w constraints. Both are PPC based XServe's. Trying to compile nrpe with: <blockquote>./configure --sysconfdir=/etc/nagios --enable-ssl </blockquote> Initially, I got the "cannot find ssl libraries" error: <blockquote>~ checking for SSL headers... SSL headers found in /usr/local/ssl checking for SSL libraries... configure: error: Cannot find ssl libraries </blockquote> I downloaded the latest openssl and built it with: <blockquote>./config --prefix=/usr/local shared --openssldir=/usr/local/openssl make make test make install </blockquote> I then had to edit ~/src/nrpe/configure and change the reference from libssl.so to libssl.dylib After that, nrpe compiled cleanly and I was able to move ~src/nrpe/src/nrpe to /usr/local/sbin and start xinetd up. I've confirmed that port 5666 is open and xinetd is running: <blockquote>/usr/local/src/nrpe-2.12/src root# ps waux|grep xinet|grep -v greproot 29066 0.0 -0.0 27484 308 ?? Ss 3:53PM 0:00.02 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive /usr/local/src/nrpe-2.12/src root# netstat -an|grep 5666tcp4 0 0 *.5666 *.* LISTEN </blockquote> However, when connecting from the remote server, I get: <blockquote>/usr/local/nagios/libexec/check_nrpe -H host.mydomain.org CHECK_NRPE: Error - Could not complete SSL handshake. </blockquote> The same test but w/o SSL gives yields: <blockquote>[nagios@nephilim src]$ /usr/local/nagios/libexec/check_nrpe -n -H host.mydomain.org CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages. </blockquote> So two questions: 1) I'm a UNIX guy, but obviously Mac's are A) different and B) a tad different being BSD-based. So what's the proper way to stop/restart the xinetd daemon? 2) Any thoughts on SSL handshake error? I've googled it, but I'm not getting very far. Anyone have a step-by-step for compiling nagios plugins and NRPE from source on OS X 10.x (specifically 10.3 and 10.4)? I'm using NRPE for all other internal hosts, so I prefer to use it for the Mac's too. I know I could do it via check_by_ssh and get around this, but I prefer to use NRPE if I can. <pre class="moz-signature" cols="72">-- A. Davis Email: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:nccomp@gmail.com">nccomp@gmail.com</a> "There is no limit to what a man can accomplish if he doesn't care who gets the credit." - Ronald Reagan </pre> </blockquote> </body> </html>