Installing NRPE (Nagios Client) on CentOS 5

What is Nagios?

from nagios.org/about Get proactive. Save time, money, and your sanity. Nagios is the industry standard in enterprise-class monitoring for good reason. It allows you to gain insight into your network and fix problems before customers know they even exist.

Basically Nagios is a Opensource network monitoring application that will allow you to monitor computers, servers, printers and switches from a web based administrative console.

Below I am going to list two ways to do this, one method is by adding a new repo, the other is by manually installing it from the nagios website.

Installing NRPE (Nagios Client) on CentOS 5 VIA repo

CentOS and Redhat do not natively support nagios in the default package manager repository (yum), so we need to get it from DAG.

First lets add DAG to our YUM configuration, DAG lists the different repositories for the different distros onhttp://dag.wieers.com/rpm/FAQ.php, so for a centos 5 64bit system I would use:

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

You can now install using:

sudo yum install nagios-nrpe-2.5.2-1.el5.rf.x86_64.rpm

If you installed via yum, skip down to the section on Check and configure NRPE.

Installing NRPE (Nagios Client) on CentOS 5 source

Grab the current NRPE installer from the nagios website http://www.nagios.org/download/addons/

In my case we are going to assume that I am getting nrpe-2.12.tar.gz

In the summary you'll see that nagios assumes that you will be running NRPE under the user "nagios", so lets add that user and group.

# /usr/sbin/adduser nagios
# passwd nagios

The last command will set a password for the account, as always you should set a good password for this account.

$ wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz

Now we need to unpack that:

$ tar -xfz nrpe-2.12.tar.gz

This will create a new directory for nrpe-2.12, go into that directory and we will compile the source.

If you want to add SSL support, add --enable-ssl to the command below.

./configure

This will start by outputting a series of checks, if it runs into any errors it will spit them out. In my case I was missing the SSL headers, so I will install them via yum.

# yum install openssl-devel

By default CentOS does not come with xinetd, so we need to grab that from YUM.

# yum install xinetd

Now we can complete the install:

# ./configure
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
# make install-xinetd

*Optional but not required below
# cp src/nrpe /usr/local/nagios/libexec/
# cp src/check_nrpe /usr/local/nagios/libexec/

Now we need to install the plug-ins so we will grab them from Nagios as well on the download page

# wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar -xf nagios-plugins-2.0.3.tar.gz
# cd nagios-plugins-2.0.3
# ./configure -prefix=/usr/local/nagios
# make
# make install

Now in the configuration find and update the allowed hosts line to be the IP of your nagios server(s)

# vi /usr/local/nagios/etc/nrpe.cfg
....
allowed_hosts=192.168.10.186

If your server has more than one NIC you may also want to update the line "server_address" as well to reflect the interface you want the NRPE to work on.

Now we need to update the xinetd file to listed for our server: (note that in this case I am saying the actual nagios SERVER is 192.168.10.186, this should not the IP of this host, rather it's the server.)

# vi /etc/xinetd.d/nrpe
...
 only_from       = 127.0.0.1
CHANGE TO
 only_from       = 192.168.10.186

If you have more than one Nagios server, you would seperate them with a ','.

Last, we need to append the following line to /etc/services:

# vi /etc/services
....
nrpe            5666/tcp

Check and configure your NRPE client

First, and most important, if you are running iptables or a firewall between the server and host, make sure that the host is allowing port 5666 from the server's IP address.

Here is an example for the iptables entry:

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp �dport 5666 -j ACCEPT

Last, lets set those permissions correctly:

# chown nagios.nagios /usr/local/nagios
# chown -R nagios.nagios /usr/local/nagios/libexec

Next lets start xinetd:

# /sbin/service xinetd restart

Lets check if NRPE is listening:

netstat -at | grep nrpe
....
tcp        0      0 *:nrpe                      *:*                         LISTEN

Now you should be able to add the host as normal to your nagios server config files.

You can test that everything is working by using the following command on the host:

# /usr/local/nagios/libexec/check_nrpe -H localhost

This should return the version output:

NRPE v2.12

You can run that same command on the Nagios server but specify the host's IP that you want to check (the IP address of the machine you just installed all of this onto.).

# /usr/local/nagios/libexec/check_nrpe -H 192.168.10.55

Trouble shooting

One error that you may get when testing your NRPE connection on the remote host is: CHECK_NRPE: Error - Could not complete SSL handshake.

This is due to one of two things, one, you didn't compile with SSL support, you can test this by trying the same command but adding the -n switch like this:

/usr/local/nagios/libexec/check_nrpe -n -H localhost

If that gives you an error that says: CHECK_NRPE: Error receiving data from daemon.

This is because your config files only allow one server to talk to it.

First check that NRPE is listening:

netstat -ant|grep 5666

That should return 1 line that shows it as listening, if not you may want to double check the steps above.

Next check your config file(s)

# vi /usr/local/nagios/etc/nrpe.cfg
....
server_address=xxx.xxx.xxx.xxx
....
allowed_hosts=xxx.xxx.xxx.xxx

Make sure that the xxx is the ip address of your nagios server, not the ip address of your local host OR 127.0.0.1

Also double check /etc/xinetd.d/nrpe:

# vi /etc/xinetd.d/nrpe
...
only_from       = xxx.xxx.xxx.xxx

That should be the same address as the one you used above.

At this point restart xinetd nrpe on the remote host then on the Nagios server run:

# /usr/local/nagios/libexec/check_nrpe -n -H xxx.xxx.xxx.xxx-p 5666

This time where xxx is the IP address of your remote host, you should get back the nagios version.

Another issue I saw *once* was that an admin had installed the package maintainers version of NRPE and compiled the source as well. Obviously this will cause some problems, you can check if this is the case for you by running:

yum list nagios*

If you have any that show as installed, you need to remove them, OR dont re-compile the code.

yum erase package name

Reference: https://darktraining.com/linux/30/