nrpe linux monitoring ssl issue

[george-dudman]

Hi there, 
Starting off with info..
NEMS on RPi
Version 1.5
Build 7

In cockpit -> logs , seeing error: Could not complete ssl handshake with 192.168.x.x: rc=-1 SSL-error=5.
Have installed the nrpe server on the linux server as the Docs showed.. "apt-get install nagios-nrpe-server nagios-plugins" and changed allow hosts etc..
Could this be a compile issue with the install of nrpe? 


Any help would be greatly appreciated with this issue

Regards,

George

[Robbie Ferguson]

Hi George,
The docs are a bit out of date for NRPE at this point (since 1.5 is so many miles ahead of 1.3) - but did you follow https://docs.nemslinux.com/usage/nrpe_on_linux ?

I want to know if the docs are no longer true so I can look into fixing them. Unfortunatley I personally am very much focused on the builds until they're all done, so let me & the community know.

[george-dudman]

Hi Robbie,

Thanks for the reply! 
Yes i followed the documentation to a T yielding no results.. (can confirm ports are open and accessible from nems)
Reading up online there are some suggestions that you have to install it from source, otherwise it will compile with the "no-ssl" function.
In adagios seeing connection reset and connection reset by peer on the machine in question.
That is all I could find on the matter.. hope that may help someone investigate further.

[Cedico]

Did you managed to get this to working?

I'm seeing the exact same error with NRPE on Windows and can't get it to work,
Most related topics with Nagios sugest to change NRPE server settings to sometihng like this:


allow arguments = true
allow nasty_meta chars = true
allowed hosts = 127.0.0.1,xxx.xxx.xxx.xxx
port = 5666
use SSL = 1
ssl options =
verify mode = none
insecure = true


But even with above settings it keeps moaning about the SSL handshake

2019-06-06 09:44:02: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: sslv3 alert handshake failure: 1040

[george-dudman]

Hi,

I never did get this working, still cannot use NRPE for linux monitoring.
I think the documentation is very out of date as Robbie stated above.

[pickerin]

I'm having the same issue.  I'm pretty sure the NRPE version that is being shipped with NEMS was not compiled with SSL support.
I'm trying to move from an existing, working, Nagios Core installation, so I know NRPE on the client-side is fine.

-Rob

[pickerin]

I solved this problem in my installation.

The check_nrpe executable on NEMS at the time of this writing is version 3.2.1.
It does in fact have SSL compiled into it:

Code: Select all

root@nems:~# /usr/lib/nagios/plugins/check_nrpe --help
NRPE Plugin for Nagios
Version: 3.2.1

Copyright (c) 2009-2017 Nagios Enterprises
              1999-2008 Ethan Galstad ([email protected])

Last Modified: 2017-09-01

License: GPL v2 with exemptions (-l for more info)

SSL/TLS Available: OpenSSL 0.9.6 or higher required

However, in order for check_nrpe to work properly the corresponding NRPE server daemon on the client needs to be the SAME version.
I was running version 2.15.  After compiling version 3.2 for my server, the checks started working properly.

-Rob