LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Nagios...NRPE and SSL communication...Must be a how to somewhere?? (https://www.linuxquestions.org/questions/linux-newbie-8/nagios-nrpe-and-ssl-communication-must-be-a-how-to-somewhere-641049/)

helptonewbie 05-09-2008 08:32 AM
Nagios...NRPE and SSL communication...Must be a how to somewhere??
 
Hi All,
Basically it should be quite obvious but i've been googling and i can't believe that i can't find a guide or howto anywhere, as far as i can see for explaining nagios nrpe and ssl. I may just go and use a stunnel route if i don't get much info here...or maybe thats the route your meant to take with nagios...i don't think from what i've seen its even explained at all in the nagios doc's...correct me if i'm wrong.

But at the moment the easiest method would be for me to set-up stunnel and create my own SSL CA for my certificates etc etc.... God idea?? Other Methods??? Actual method that perhaps is preferred by the nagios nation??

Cheers,

thedonkdonk 05-10-2008 02:31 AM
What you need to do is read http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf. Take a look at section 6. Basicly, you need to install OpenSSL as well as NRPE. Your NRPE server and client need to be compatiable versions. If you are still stuck post some log files.

helptonewbie 05-14-2008 07:57 AM
Its ok all sorted thanks. i'm SSL'd to the bone

helptonewbie 05-14-2008 09:50 AM
I do have one other thing, can you sudo commands one by one or is the only way to run any commands sudo, to have everything in the directory sudo. As it doesn't seem possible if you have commands outside of the sudo directory you specify in nrpe.cfg to run as normal, they seem to fail. So it looks to me like you either have sudo for everything or nothing at all. Unless its possible in the nrpe.cfg when setting commands to run if you can do this..:-
command[check_ping]=/usr/bin/sudo /usr/local/nagios/libexec/check_ping -H X.X.X.X -w 300.0,80% -c 500.0.0,100% -p 1

Obviously thats just an example, but i want to know if that works to obviously be able to have sudo run on a per command basis?

I couldn't get this working but maybe i set-up the sudo paremeters incorrectly in the /etc/sudoers file.
IE if this is possible what would be a correct entry in the sudoers file for this to work, i would have thought something like...
nagios ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/check_ping

Would work??

Cheers

helptonewbie 05-14-2008 10:08 AM
Forget that, i've worked out it is possible for whatever reason the way i tested it before i must have made a slight mistake somewhere. Typical


Thanks


All times are GMT -5. The time now is 04:29 PM.