3 - installation - nrpe client (centos 6.5) - how to - gutzmann gmbh.pdf
TRANSCRIPT
-
8/10/2019 3 - Installation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH.pdf
1/4
tallation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH
/wiki.gutzmann.com/confluence/pages/viewpage.action?pageId=12681241[11/09/2014 11:53:43 CH]
3 - Installation - NRPE Client (CentOS 6.5)
References
Prepare system
/etc/hosts
/etc/sysconfig/network
/etc/services
/etc/resolv.conf
Install latest updates
Install prerequisites
Start NTP
Start XINETD
Add Users and groupsApache
Firewall settings
Download Nagios and related software
Install Nagios Plugins
Install and setup NRPE
Install NRPE client
Configure xinetd
Restrict access to Nagios server
Set up logging
Test NRPE locally
Customize NRPE commands
Test NRPE from the Nagios monitoring server
References
Nagios: http://assets.nagios.com/downloads/nagioscore/docs/Installing_Nagios_Core_From_Source.pdf
NRPE: http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf
Prepare system
/etc/hosts
The host table must include information about the current host, for example
10. 3. 1. 16 wi ki - uh. gut zmann. com wi ki
/etc/sysconfig/network
The hostname should be set up accordingly in / et c/ sysconf i g/ net work:
HOSTNAME="wi ki . gut zmann. com"
/etc/services
Add the NRPE port to /etc/services:
vi / etc/ servi ces
locate "5671" and insert before:
Created by Thomas Gutzmann, last modified on 2014-04-22
Dashboard
ToolsHow To
Dashboard Public How To Pages Nagios - Transcripts
http://assets.nagios.com/downloads/nagioscore/docs/Installing_Nagios_Core_From_Source.pdfhttp://nagios.sourceforge.net/docs/nrpe/NRPE.pdfhttps://wiki.gutzmann.com/confluence/display/~gutzmthohttps://wiki.gutzmann.com/confluence/pages/diffpagesbyversion.action?pageId=12681241&selectedPageVersions=15&selectedPageVersions=16https://wiki.gutzmann.com/confluence/display/HowTohttps://wiki.gutzmann.com/confluence/dashboard.actionhttps://wiki.gutzmann.com/confluence/dashboard.actionhttps://wiki.gutzmann.com/confluence/category/sub-dashboard.action?categoryKey=publichttps://wiki.gutzmann.com/confluence/category/sub-dashboard.action?categoryKey=publichttps://wiki.gutzmann.com/confluence/display/HowTohttps://wiki.gutzmann.com/confluence/display/HowTohttps://wiki.gutzmann.com/confluence/collector/pages.action?key=HowTohttps://wiki.gutzmann.com/confluence/collector/pages.action?key=HowTohttps://wiki.gutzmann.com/confluence/display/HowTo/Nagios+-+Transcriptshttps://wiki.gutzmann.com/confluence/display/HowTo/Nagios+-+Transcriptshttps://wiki.gutzmann.com/confluence/collector/pages.action?key=HowTohttps://wiki.gutzmann.com/confluence/display/HowTohttps://wiki.gutzmann.com/confluence/category/sub-dashboard.action?categoryKey=publichttps://wiki.gutzmann.com/confluence/dashboard.actionhttps://wiki.gutzmann.com/confluence/display/HowTohttps://wiki.gutzmann.com/confluence/pages/diffpagesbyversion.action?pageId=12681241&selectedPageVersions=15&selectedPageVersions=16https://wiki.gutzmann.com/confluence/display/~gutzmthohttp://nagios.sourceforge.net/docs/nrpe/NRPE.pdfhttp://assets.nagios.com/downloads/nagioscore/docs/Installing_Nagios_Core_From_Source.pdfhttps://wiki.gutzmann.com/confluence/homepage.actionhttps://wiki.gutzmann.com/confluence/homepage.action -
8/10/2019 3 - Installation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH.pdf
2/4
tallation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH
/wiki.gutzmann.com/confluence/pages/viewpage.action?pageId=12681241[11/09/2014 11:53:43 CH]
nrpe 5666/ t cp # NRPE
/etc/resolv.conf
Out of context: You should consider using a fast DNS server. I found that Google DNS is much faster than those of
most hosting providers.
vi / etc/ resol v. conf
Insert the line
nameser ver 8. 8. 8. 8before all other nameserver directives.
Install latest updates
yum updat e
Install prerequisites
Some of the packages may already have been installed. If during the installation on your particular server you find a
other missing packages, please be so kind to add a comment to this post.
yum i nst al l bi nd- ut i l s php nt p xi netd openssl - devel make gcc wget
Make sure that Perl is installed by typing "per l - v ". If it's missing, add it by:
yum i nstal l per l
Start NTP
It's important that all servers show the correct time:
servi ce nt pd start
chkconf i g nt pd on
If the system is running on a virtual machine, NTP may fail with the following error message in /var/log/messages:
cap_set_proc() failed to drop root privileges: Operation not permitted
See herehow to handle this problem.
Start XINETD
Check if xinetd is running and start it otherwise:
servi ce xi net d status
If not running:
servi ce xi net d st ar t
Add Users and groups
useradd nagi os
gr oupadd nagcmd
user mod - a - G nagcmd nagi os
Apache
If Apache is installed on the client and you want to have it monitored, make sure that an "index.html" exists:
t ouch / var / www/ html / i ndex. html
Firewall settings
https://wiki.gutzmann.com/confluence/display/HowTo/NTPD+-+cap_set_proc%28%29+failed+to+drop+root+privileges%3A+Operation+not+permittedhttps://wiki.gutzmann.com/confluence/display/HowTo/NTPD+-+cap_set_proc%28%29+failed+to+drop+root+privileges%3A+Operation+not+permitted -
8/10/2019 3 - Installation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH.pdf
3/4
tallation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH
/wiki.gutzmann.com/confluence/pages/viewpage.action?pageId=12681241[11/09/2014 11:53:43 CH]
Consider setting up your firewall for dynamic DNSnames.
Add the following line to /etc/sysconfig/iptables, replacing the monitoring server name as required:
vi / etc/ sysconf i g/ i ptabl es
- A I NPUT - m st at e - - st at e NEW - m t cp - p t cp - s moni t or - a. gut zmann. com - - dport 5666 - j
ACCEPT
Restart the firewall:
servi ce i pt abl es r estart
Download Nagios and related software
Install Nagios Plugins
cd / t mp/ nagi os-pl ugi ns- *
. / conf i gure - - wi t h- nagi os- user=nagi os - - wi t h- nagi os- gr oup=nagi os
make
make i nstal l
Install and setup NRPE
Install NRPE client
cd / t mp/ nr pe- *
. / conf i gure
make al l
make i nstal l - pl ugi n
make i nst al l - daemon
make i nst al l - daemon- conf i g
make i nstal l - xi net d
Configure xinetd
Restrict access to Nagios server
vi / etc/ xi netd. d/ nrpe
locate the line starting with "only_from" and append the address(es) of the Nagios monitoring server(s). In this
example we are using 81.20.136.81.
IPv4 only:
onl y_f r om = 127. 0. 0. 1 10. 3. 1. 14
IPv4 and IPv6:
onl y_fr om = 127. 0. 0. 1 81. 20. 136. 81 : : f f f f : 10. 3. 1. 14
Make sure the nrpe daemon is running under xinetd:
net st at - at | gr ep nrpe
The output out this command should show something like this:
t cp 0 0 *: nr pe *: * LI STEN
If you don't see this output, try to restart XINETD:
servi ce xi net d r est ar t
If the test still fails, check / var / l og/ messages.
Check at websites below for more recent versions.
https://wiki.gutzmann.com/confluence/display/HowTo/IPTables+Firewall+Setup+for+Dynamic+DNShttps://wiki.gutzmann.com/confluence/display/HowTo/IPTables+Firewall+Setup+for+Dynamic+DNS -
8/10/2019 3 - Installation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH.pdf
4/4
tallation - NRPE Client (CentOS 6.5) - How To - Gutzmann GmbH
/wiki gutzmann com/confluence/pages/viewpage action?pageId=12681241[11/09/2014 11:53:43 CH]
Set up logging
Make sure that xinetd writes to its own log file, so it doesn't clutter /var/log/messages.
vi / et c/ xi net d. conf
locate the line defining "log_type", and replace it by
l og_t ype = FI LE / var / l og/ xi net dl og
Test NRPE locally
Next, check to make sure the NRPE daemon is functioning properly. To do this, run the check_nrpe plugin that was
installed for testing purposes.
/ usr/ l ocal / nagi os/ l i bexec/ check_nrpe - H 127. 0. 0. 1
You should get a string back that tells you what version of NRPE is installed, like this:
NRPE v2. 15
Customize NRPE commands
Add commands to NRPE by editing /usr/local/nagios/etc/nrpe.cfg. Here is an example:
vi / usr / l ocal / nagi os/ etc/ nrpe. cfg
locate the sections listing NRPE commands and add:
command[ check_root] =/ usr / l ocal / nagi os/ l i bexec/ check_di sk - w 20% - c 10% - p /
command[check_home]=/ usr/ l ocal / nagi os/ l i bexec/ check_di sk - w 20% - c 10% - p / home
Now test the new commands:
/ usr / l ocal / nagi os/ l i bexec/ check_nr pe - H 127. 0. 0. 1 - c check_home
Test NRPE from the Nagios monitoring server
At your Nagios monitoring server (not the one you're running this installation!), run the following command, replacin
"wiki.gutzmann.com" with the name of the actual client server:
/ usr/ l ocal / nagi os/ l i bexec/ check_nrpe -H 10. 3. 1. 17 - c check_l oad
If you see an error message indicating that check_nrpe was not found, check that you didn't miss the definition on t
command in /usr/local/nagios/etc/objects/commands.cfg; see "1 - Installation - Nagios Server (CentOS 6.4)".
If you see the error message "CHECK_NRPE: Error - Could not complete SSL handshake.", you should check:
Went something wrong with the firewall configuration? Try "t el net 10. 3. 1. 17 5666" from the Nagios
server (replace the IP name with the name or address of your NRPE client). Enter "QUIT" do stop the telnet
session (there are more correct ways, but this will do).
Check all configuration files if you accidentally entered sample data from this How-To.
Make sure that you actually testing from the Nagios monitoring server and not from the host you just installed
NRPE Client on. Reason is that you didn't allow the client's public IP address in /etc/xinet.d/nrpe, just localho
and the Nagios server.
No lab
For comments and questions please contact wikigutzmann.com.
Powered byAtlassian Confluence, a Confluence theme by RefinedWiki
https://wiki.gutzmann.com/confluence/pages/viewpage.action?pageId=12681239mailto:[email protected]:[email protected]://www.atlassian.com/software/confluencehttp://www.refinedwiki.com/http://www.refinedwiki.com/http://www.atlassian.com/software/confluencemailto:[email protected]://wiki.gutzmann.com/confluence/pages/viewpage.action?pageId=12681239