Client Security
NRPE Client only listens to requests from one IP - the server
This is defined in /etc/hosts.allow (tcpwrappers) and /etc/xinetd.d/nrpe (xinetd).
It may also be limited by iptables.
Client NRPE Install
Download nrpe and nagios-plugin.
Tarball names will vary depending on the release number of the packages
tar -xf nrpe.......
tar -xf nagios-plugin........
Nagios Plugin Installation
cd nagios-plugin dir
./configure
make
make install
chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec
NRPE Installation
cd ../nrpe.... directory
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
edit /etc/xinetd.d/nrpe
add the name of the Nagios server to the line
only_from = 127.0.0.1
edit /etc/services
add the line
nrpe 5666/tcp
Restart xinetd daemon with
service xinetd restart
Test NRPE
Test nrpe with
netstat -at | grep nrpe
Edit TCP wrappers
vi /etc/hosts.allow
Add the line
nrpe: 17.0.0.1 server.name.domain.edu
where server.name.domain.edu is your Nagios server DNS name
Test New client
/usr/local/nagios/libexec/check_nrpe -H localhost
If you get back the NRPE version number, you are done on the client
Setup IPTABLES
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
lets all packets with a destination of port 5666 past the firewall
Define Commands
Edit /usr/local/nagios/etc/nrpe.cfg on the client
Pick the commands that can be run when the server makes a request.
source: virginia.edu
No comments:
Post a Comment