:::: MENU ::::

NRPE – Enable command args (Jessie, …)

  • Nov 24 / 2016
  • 0
Linux

NRPE – Enable command args (Jessie, …)

With recent versions of NRPE server, the possibility to enable command args has been disabled.

For example, on a Debian Jessie, you can get this kind of error on console:

CHECK_NRPE: Received 0 bytes from daemon

and in logs:

Error: Request contained command arguments! 

!WARNING! This change can lead to security issue, this is why it has been disabled by default. You have to double check your servers can’t be reached from anywhere with NRPE commands (to avoid execution of unwanted or malicious code).

Once you’re sure there’s no security breach in your infra, you can go on with the installation of source:

cd /tmp
apt-get update
apt-get install -y build-essential devscripts debhelper libssl-dev dpatch libwrap0-dev autotools-dev
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so
apt-get source nagios-nrpe-server

Then, you’ll have to change the rules defined in the rules file:

cd nagios-nrpe-2.15/
vi debian/rules

You must add this line –enable-command-args after –libdir=/usr/lib/nagios.
You should so get something like

override_dh_auto_configure:
  ./configure 
    --prefix=/usr 
    --enable-ssl 
    --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) 
    --sysconfdir=/etc 
    --localstatedir=/var 
    --libexecdir=/usr/lib/nagios/plugins 
    --libdir=/usr/lib/nagios 
    --enable-comand-args

Finally, you can compile your new configuration and install it:

./configure
make all
cd ..
dpkg -i nagios-nrpe-server_2.15-1.1_amd64.deb

Ensure you set the value for dont_blame_nrpe in /etc/nagios/nrpe.cfg (this is the default path, it can be different depending on your installation).

dont_blame_nrpe=1

And here you go, you can now restart your NRPE server and send any nrpe commands.

Comments are closed.

Question ? Contact