Alan McKay wrote: > Oh one more thing - will it matter that SELinux is in permissive mode > rather than disabled? > > I've never seen a circumstance where it would. > > But on the server it is set to "permissive" which shows warnings in > the log files but allows the activity anyway. And I do see see this > each time : > > Jan 4 10:50:02 solexa2 setroubleshoot: SELinux is preventing ethtool > (ifconfig_t) "read write" to socket (initrc_t). For complete SELinux > messages. run sealert -l 97787abc-6be8-45cd-a06c-e0e572f35697 > Jan 4 10:50:53 solexa2 kernel: device eth0 entered promiscuous mode > Jan 4 10:51:08 solexa2 nrpe[10937]: Error: Could not complete SSL > handshake. 1 > > Oh, and I just noticed that NRPE error is new since I installed NRPE > from yum instead of the sources I was using. That seems to be the crux > of it I guess. But I'm using the -n flag in my check_nrpe because I do > not want to use SSL
yes but the server needs to know as well that you don't wanna use ssl. so the handshake error in the nrpe server log is totally right - client denies to fulfill the ssl handshake and therefore erroring out. nrpe server without ssl can be achieved by telling the daemon not to use it. # /usr/sbin/nrpe --help NRPE - Nagios Remote Plugin Executor Copyright (c) 1999-2008 Ethan Galstad ([email protected]) Version: 2.12 Last Modified: 03-10-2008 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required TCP Wrappers Available *************************************************************** ** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! ** ** Read the NRPE SECURITY file for more information ** *************************************************************** Usage: nrpe [-n] -c <config_file> <mode> Options: -n = Do not use SSL <config_file> = Name of config file to use <mode> = One of the following two operating modes: -i = Run as a service under inetd or xinetd -d = Run as a standalone daemon Notes: This program is designed to process requests from the check_nrpe plugin on the host(s) running Nagios. It can run as a service under inetd or xinetd (read the docs for info on this), or as a standalone daemon. Once a request is received from an authorized host, NRPE will execute the command/plugin (as defined in the config file) and return the plugin output and return code to the check_nrpe plugin. since you started nrpe as daemon via initscript, you might wanna edit that in there, adding -n as start option as well. then restart the deamon and try again. daemon $prog -n -c "$CONFIG" -d kind regards, michael > > Once again I ask - how do I configure this to not use SSL? I don't > care about security in my situation I just want it to work. Or > otherwise where are full details on getting this working with it? > > thanks, > -Alan > > -- > “Don't eat anything you've ever seen advertised on TV” > - Michael Pollan, author of "In Defense of Food" > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > > > _______________________________________________ > icinga-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/icinga-users -- DI (FH) Michael Friedrich Vienna University Computer Center Universitaetsstrasse 7 A-1010 Vienna, Austria email: [email protected] phone: +43 1 4277 14359 mobile: +43 664 60277 14359 fax: +43 1 4277 14338 web: http://www.univie.ac.at/zid http://www.aco.net Lead Icinga Core Developer http://www.icinga.org ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ icinga-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/icinga-users
