<html>
<head>
</head>
<body style="margin-left: 4px; margin-top: 4px; margin-bottom: 1px; font-variant: normal; margin-right: 4px; line-height: normal">
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">This is probably a case of missing the obvious but i have tried everything i could think of and also what the nrpe.pdf doc suggests. </font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">I am installing nrpe on centOS box using yum. The package installs without error.</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Version info: nagios-nrpe x86_64 2.12-1.el5.rf</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">I've added the check_nrpe command to /etc/nagios/objects/commands.cfg</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4"># 'check_nrpe' command definition</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">define command {</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">command_name check_nrpe</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">}</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">and the host IP address to nrpe.cfg</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">nrpe is configured to run as a daemon and shows as running:</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ps auxw | grep nrpe</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">root 26257 0.0 0.0 61164 692 pts/3 S+ 13:43 0:00 grep nrpe</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">nagios 29589 0.0 0.0 39968 1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">nrpe is listening on the correct port:</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">netstat -at | grep nrpe</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">tcp 0 0 mail.panoston.com:nrpe *:* LISTEN</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">The problem(s) arise when I run check_nrpe on the remote host.</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Running without ssl yields</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">/usr/lib64/nagios/plugins/check_nrpe -H Remote IP address -n</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Running with ssl yields:</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">/usr/lib64/nagios/plugins/check_nrpe -H 192.168.2.231</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">CHECK_NRPE: Error - Could not complete SSL handshake.</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">I've verified that IPtables is set correctly. Here is the output:</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">iptables -L</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Chain INPUT (policy ACCEPT)</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">target prot opt source destination</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">RH-Firewall-1-INPUT all -- anywhere anywhere</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Chain FORWARD (policy ACCEPT)</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">target prot opt source destination</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">RH-Firewall-1-INPUT all -- anywhere anywhere</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT all -- 192.168.21.0/24 anywhere</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Chain OUTPUT (policy ACCEPT)</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">target prot opt source destination</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Chain RH-Firewall-1-INPUT (2 references)</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">target prot opt source destination</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT all -- anywhere anywhere</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT icmp -- anywhere anywhere icmp any</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT esp -- anywhere anywhere</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT ah -- anywhere anywhere</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT udp -- anywhere anywhere udp dpt:ipp</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere tcp dpt:ipp</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT all -- 192.168.2.31 anywhere state NEW</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT all -- IP Address anywhere state NEW</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT udp -- anywhere anywhere udp spt:6277</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:responsenet</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3121</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vtr-emulator</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rsf-1</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">REJECT all -- anywhere anywhere reject-with icmp-host-prohibited</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">Here is the allowd_hosts line from nrpe.cfg</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">allowed_hosts= 96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1</font> </p>
<br> <br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Thorndale AMT" size="4">The only thing I haven't tried is compiling from source using ./configure --enable-ssl. I assume yum will make the ssl option available on installation.</font> </p>
<br>
</body>
</html>