Install NRPE in Linux

Overview of NRPE:

Installing and Configuring Nagios NRPE in Linux:

# cd /tmp
# wget
# tar -zxvf nrpe-2.12.tar.gz
# cd nrpe-2.12
# ./configure –enable-ssl –enable-command-args

(should create users/groups)
General Options:
NRPE port: 5666
NRPE user: nagios
NRPE group: nagios
Nagios user: nagios
Nagios group: nagios

# make
# make install
# make install-daemon
# make install-daemon-CONFIG
# make install-xinetd

Install XInetD (Debian)
# apt-get install xinetd

# vim /etc/services
nrpe 5666/tcp

Allow Nagios user to execute commands (sudoers)
# visudo
nagios ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/

Configure xinetd to start on boot(debian)
# update-rc.d xinetd defaults

Configure Xinetd
# vim /etc/inetd.conf

Start xinetd(nrpe)
# /etc/init.d/xinetd start

# vim /etc/xinetd.d/nrpe
only_from =

# vim /usr/local/nagios/etc/nrpe.cfg

The commands configured to run by NRPE should be in here:

# vim /usr/local/nagios/etc/command_def.cfg
#Nagios Remote Commands Definition File
command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
command[check_load]=/usr/local/nagios/libexec/check_load -w $ARG1$ -c $ARG2$
command[check_disk]=/usr/local/nagios/libexec/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$

with no arguments option set:
command[check_users]=/usr/local/nagios/libexec/check_users -w 2 -c 5
command[check_load]=/usr/local/nagios/libexec/check_load -w 10,20,30 -c 50,70,90
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 80 -c 90 -p /



Log Files:

Set debug to 1 in :
# vim /usr/local/nagios/etc/nrpe.cfg

open another terminal and execute:
# tail -f /var/log/syslog

then start querying the server with check_nrpe commands

CHECK_NRPE: Error – Could not complete SSL handshake
is error message could be due to several problems:

1.Different versions. Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon.
Newer versions of NRPE are usually not backward compatible with older versions.
2.SSL is disabled. Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support
and that neither are being run without SSL support (using command line switches).
3.Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios)
that executes the NRPE binary from inetd/xinetd.
4. Pseudo-random device files are not readable.Solaris 8 The files /devices/pseudo/random*
(linked through /dev/*random, and provided by Sun patch 112438) were not readable by the nagios
user I use to launch NRPE. Making the character devices world-readable solved it.”
5. Unallowed address. If you’re running the NRPE daemon under xinetd, make sure that you have a line in
the xinetd config file that say “only_from =”, where is the IP
address that you’re connected to the NRPE daemon from.

In my case it was none of this, I was missing the sudoers, and I was sending arguments (i had forgotten to compile with enable-args).


3 Thoughts

  1. There seems to be a problem with your suggested setting
    # vim /etc/xinetd.d/nrpe
    only_from =
    unless I am misunderstanding your meaning. The man page for xinetd.conf says: “Specifying this attribute without a value makes the service available to nobody.”

  2. In my case, the problem was that I had:

    allowed_hosts =

    once I removed the everything worked

Leave a Reply

Your email address will not be published. Required fields are marked *