On Debian Jessie server, the NRPE checks didn’t work like Wheezy server.
Enabling the debug log (debug=1) of NRPE revealed:
Jun 25 11:30:02 irhtsrvp01 nrpe[7135]: Connection from monitoringserver port 24011 Jun 25 11:30:02 irhtsrvp01 nrpe[7135]: Host address is in allowed_hosts Jun 25 11:30:02 irhtsrvp01 nrpe[7135]: Handling the connection... Jun 25 11:30:02 irhtsrvp01 nrpe[7135]: Error: Request contained command arguments! Jun 25 11:30:02 irhtsrvp01 nrpe[7135]: Client request was invalid, bailing out... Jun 25 11:30:02 irhtsrvp01 nrpe[7135]: Connection from ... closed.
As I am using the same basic configuration of nrpe.cfg everywhere, I double-checked if I mistakenly disabled the “dont_blame_nrpe” setting.
But nope.
Then I came across this Debian bug report (756479). The maintainer of the nagios-nrpe-server package disabled the command arguments by compiling the package without the –enable-command-args option.
While the reason sounds plausible…
“This feature has several security problems and is often used wrong.”
… it punishes every other user who used this feature correctly.
Here the steps to recompile the package.
1) Add the deb-src line into your /etc/apt/sources.list file, if it doesn’t exist yet:
# deb-src http://http.debian.net/debian jessie main
Update the repository list afterwards:
# apt-get update
2) Install the build tools and dependencies needed to compile the package:
# apt-get install build-essential devscripts debhelper libssl-dev dpatch libwrap0-dev autotools-dev
3) Symlink the openssl library:
# ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so
4) Download the nagios-nrpe-server source package:
# apt-get source nagios-nrpe-server
The files will be downloaded into the current directory.
5) Change into the package directory and adapt the debian/rules file:
# cd nagios-nrpe-2.15/; vi debian/rules
At the end of the “override_dh_auto_configure” the “–enable-command-args” need to be added:
override_dh_auto_configure: ./configure \ --prefix=/usr \ --enable-ssl \ --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ --sysconfdir=/etc \ --localstatedir=/var \ --libexecdir=/usr/lib/nagios/plugins \ --libdir=/usr/lib/nagios \ --enable-command-args
6) Save and Exit. Edit the changelog:
# dch -i
This command will ask you to enter information what exactly you have done to this package. Example:
nagios-nrpe (2.15-1.1) UNRELEASED; urgency=medium * Non-maintainer upload. * Recompile with --enable-command-args -- Author Wed, 25 Jun 2016 11:42:40 +0200
7) Compile and create the package:
# ./configure # make all # dpkg-buildpackage
8) Move one directory up and you will see the newly created files:
# cd ..; ll | grep 2.15-1.1 -rw-r--r-- 1 root root 1748 Jun 25 11:47 nagios-nrpe_2.15-1.1_amd64.changes -rw-r--r-- 1 root root 11580 Jun 25 11:47 nagios-nrpe_2.15-1.1.diff.gz -rw-r--r-- 1 root root 1104 Jun 25 11:47 nagios-nrpe_2.15-1.1.dsc -rw-r--r-- 1 root root 19022 Jun 25 11:47 nagios-nrpe-plugin_2.15-1.1_amd64.deb -rw-r--r-- 1 root root 39268 Jun 25 11:47 nagios-nrpe-server_2.15-1.1_amd64.deb
By looking at the .changes file, we can see the previously entered changelog entry and the different checksums of the changed files:
# cat nagios-nrpe_2.15-1.1_amd64.changes Format: 1.8 Date: Wed, 25 Jun 2016 11:42:40 +0200 Source: nagios-nrpe Binary: nagios-nrpe-server nagios-nrpe-plugin Architecture: source amd64 Version: 2.15-1.1 Distribution: UNRELEASED Urgency: medium Maintainer: Debian Nagios Maintainer Group <[email protected]> Changed-By: Author Description: nagios-nrpe-plugin - Nagios Remote Plugin Executor Plugin nagios-nrpe-server - Nagios Remote Plugin Executor Server Changes: nagios-nrpe (2.15-1.1) UNRELEASED; urgency=medium . * Non-maintainer upload. * Recompile with --enable-command-args Checksums-Sha1: dd57d896cc4698a150cb55696f6fd3f9db80ab71 1104 nagios-nrpe_2.15-1.1.dsc b0928ac497f4670ca74a5f59df0a8692387b156b 11580 nagios-nrpe_2.15-1.1.diff.gz 3360ef223a15cc3cb31764d7f058e13f71d5c36f 39268 nagios-nrpe-server_2.15-1.1_amd64.deb 296a826c17e688f3b36cebb6d299a0d7f0443656 19022 nagios-nrpe-plugin_2.15-1.1_amd64.deb Checksums-Sha256: 682d43491235d65130499eb16a5fbcc1424d4664e59217fefa1cec05acc17d70 1104 nagios-nrpe_2.15-1.1.dsc a0a73a17d8f6031b098f4eaa9e1482e3feef370fd7325321d8df8276224554a1 11580 nagios-nrpe_2.15-1.1.diff.gz 67d62603bfa99c5b57ac7c180ed4d77a268d6de59d235ae22028ef77360f8c09 39268 nagios-nrpe-server_2.15-1.1_amd64.deb e96c99a46904a2f7986d17624ab9b7e99137bd4c6c582fa9474b32400e5a3457 19022 nagios-nrpe-plugin_2.15-1.1_amd64.deb Files: 3ffc7ee400afd760c795ec77ef65ebbc 1104 net optional nagios-nrpe_2.15-1.1.dsc 1f2d8b45af2d4aed8d8fea2d6ebe1348 11580 net optional nagios-nrpe_2.15-1.1.diff.gz 4ad15e0dcecedfd3f15a5b91bc4a594f 39268 net optional nagios-nrpe-server_2.15-1.1_amd64.deb a6f2e11f0516a4a6c05b4e3832df3281 19022 net optional nagios-nrpe-plugin_2.15-1.1_amd64.deb
9) The deb package can now be installed:
# dpkg -i nagios-nrpe-server_2.15-1.1_amd64.deb Selecting previously unselected package nagios-nrpe-server. (Reading database ... 26533 files and directories currently installed.) Preparing to unpack nagios-nrpe-server_2.15-1.1_amd64.deb ... Unpacking nagios-nrpe-server (2.15-1.1) ... Setting up nagios-nrpe-server (2.15-1.1) ... [ ok ] Starting nagios-nrpe: nagios-nrpe. Processing triggers for man-db (2.7.0.2-5) ...
# dpkg -l | grep nrpe ii nagios-nrpe-server 2.15-1.1 amd64 Nagios Remote Plugin Executor Server