Check_Nrpe + Debian 9.6 = SSL Error


(Oliver Tatzmann) #1

Hi,

when I try to run check_nrpe on debian 9.6. I get an SSL Error. Since Debian is not my favorite distro, I’m not sure if there a not some dependencies missing. (seems similar to this topic )
Because the same host works on Centos 7.4

NSClient Config

    [/settings/NRPE/server]
    use ssl=true
    extended response = 1
    allowed ciphers = ALL:!MD5:@STRENGTH
    insecure=true
    verify mode = none

Debian

        OMD[monitoring@OMD-deb]: cat /etc/debian_version
        9.6
        OMD[monitoring@OMD-deb]: omd version
        OMD - Open Monitoring Distribution Version 2.80-labs-edition
        OMD[monitoring@OMD-deb]: ./check_nrpe -H 192.168.111.100
        CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 192.168.111.100: 1

       OpenSSL 1.1.0f  25 May 2017
     

Centos

        OMD[monitoring@mon]:cat /etc/redhat-release
        CentOS Linux release 7.4.1708 (Core)
        OMD[monitoring@mon]: omd version
        OMD - Open Monitoring Distribution Version 2.80-labs-edition
        OMD[monitoring@mon]: ./check_nrpe -H 192.168.111.100
        I (0.5.2.35 2018-01-28) seem to be doing fine...

        OpenSSL 1.0.2k-fips  26 Jan 2017

do you have any hints?

thx
Oliver


(Sven Nierlein) #2

is that the check_nrpe from OMD or from Debian/Centos itself?


(Oliver Tatzmann) #3

in both cases the checks from OMD


(Sven Nierlein) #4

It might worth a try to see if debians nrpe has the same issue. Quick check reveiled, OMD 2.80 has the latest upstream release of check_nrpe 3.2.1 while debian 9 has 3.0.1.
I don’t have any nsclient++ so i had to test with the debian nrpe-server which works fine:

OMD[test@debian9-64]:~/lib/nagios/plugins$ ./check_nrpe -H localhost
NRPE v3.0.1
OMD[test@debian9-64]:~/lib/nagios/plugins$ ./check_nrpe -V
Version: 3.2.1

Same for debians check_nrpe:

OMD[test@debian9-64]:~$ /usr/lib/nagios/plugins/check_nrpe -H localhost
NRPE v3.0.1
OMD[test@debian9-64]:~$ /usr/lib/nagios/plugins/check_nrpe -V
Version: 3.0.1

(Oliver Tatzmann) #5

hmm I couldn’t find any package for check_nrpe (since it’s not included in the “monitoring-plugins”.
So i pulled the official one and did a quick build

   git clone https://github.com/NagiosEnterprises/nrpe.git
   cd nrpe/
   ./configure --enable-command-args
   make
   make check_nrpe
   make install-plugin

same issue

root@OMD-deb:/install/checks/nrpe# /usr/local/nagios/libexec/check_nrpe -V
NRPE Plugin for Nagios
Version: 3.2.1

root@OMD-deb:/install/checks/nrpe# /usr/local/nagios/libexec/check_nrpe -H 192.168.111.100
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 192.168.111.100: 1

(Sven Nierlein) #6

yes, check_nrpe is not part of the monitoring plugins, its part of the nrpe package.

%> apt-file search /check_nrpe
nagios-nrpe-plugin: /usr/lib/nagios/plugins/check_nrpe