I checked all over, there are many answers to this issue, but none worked.
I am following this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-ubuntu-16-04
The Nagios host is ubuntu 16.04, the client is ubuntu 18.04
Nagios® Core™ 4.3.4
The Nagios server and web is running ok, I can see the localhost status us 'up' in the dashboard.
Something very weird: I installed NRPE 3.2.1 on both the host and the client, but for some reason on the host is 2.15
Host:
root#nagios-1:/tmp/nrpe-nrpe-3.2.1# /usr/local/nagios/libexec/check_nrpe -H 10.142.0.50
NRPE v2.15
Client:
$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1
Just to make sure, when running check_nrpe from client to server I am using '-2' option to force v2 packets, but I am still getting to error
I added the client ip to the nrpe.cnf (on server), and to be sure also the server ip to the client nrpe.cfg file.
I enabled debug to see the messages in the syslog. this is the response:
Dec 4 00:35:47 nagios-1 check_nrpe: Remote 10.142.0.50 accepted a Version 2 Packet
Dec 4 00:35:51 nagios-1 nrpe[9953]: Connection from 10.142.0.11 port 49889
Dec 4 00:35:51 nagios-1 nrpe[9953]: Host address is in allowed_hosts
Dec 4 00:35:51 nagios-1 nrpe[9953]: Handling the connection...
Dec 4 00:35:51 nagios-1 nrpe[9953]: Error: Could not complete SSL handshake. 1
Dec 4 00:35:51 nagios-1 nrpe[9953]: Connection from closed.
On the host, port 5666 is open and listening
# netstat -at | grep nrpe
tcp 0 0 *:nrpe *:* LISTEN
tcp6 0 0 [::]:nrpe [::]:* LISTEN
I compiled nrpe with --
I am not using xinetd. I use the daemon
# ps aux | grep nrpe
nagios 9866 0.0 0.1 23960 2680 ? Ss 00:35 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Host nrpe conf file:
# grep -o '^[^#]*' /etc/nagios/nrpe.cfg
log_facility=daemon
pid_file=/var/run/nagios/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1, 10.142.0.50, 10.142.0.0/20,10.142.0.11
dont_blame_nrpe=1
allow_bash_command_substitution=0
debug=1
command_timeout=60
connection_timeout=300
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
include=/etc/nagios/nrpe_local.cfg
include_dir=/etc/nagios/nrpe.d/
If you need more info let me know and I will add it.
I found the answer!
I had two versions of NRPE on the host. The deamon was running 2.15. I had to kill this version, and I manually run the 3.2.1 version from its other location
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f
After that I was able to get a response in the client
Related
I have successfully started an AWS instance. I can connect with Putty and also
with WinSCP. I have ports 80 and 443 open and SSH port 22. I have installed LAMP successfully: Apache seems to start OK on the server:
[ec2-user ~]$ chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
but when I go enter the public DNS address on the browser it gets timed out!
I also get this report from:
[ec2-user ~]$ ls -l /var/www
total 20
drwxrwsr-x 2 root www 4096 Mar 18 20:24 cgi-bin
drwxrwsr-x 3 root www 4096 Apr 16 21:41 error
drwxrwsr-x 2 root www 4096 Apr 16 22:32 html
drwxrwsr-x 3 root www 4096 Apr 16 21:41 icons
drwxrwsr-x 2 root www 4096 Apr 16 21:41 noindex
[ec2-user#ip-172-31-24-2 ~]$ ^C
[ec2-user#ip-172-31-24-2 ~]$
I'm totally new to this so any help much appreciated!
I'm using a Windows 7 machine and the AWS instance is linux.
Can you please send "sudo netstat -nltp". You also said 80 and 443 is open, are these opened via security groups, right?
The first thing to check when a browser times out is the Security Group. Do you have a rule in your instance's security group that will authorize traffic to TCP Port 80 and / or TCP port 443 ?
If this is correct and SSH connectivity to the instance is OK too (it rules out networking issues), then I would check if your Apache server is actually running. Nothing from the command output shared in your question actually proof Apache is running. Type ps ax | grep http to verify http daemon is running or not. Also type netstat -tnlp as suggested in another reply to very http process is actually listening on port TCP 80 or TCP 443
Seb
I am trying to enable ssh connection to suse linux. I have sshd service running:
peeyush#linux-pohb:~/gccgo.work> systemctl status sshd.service
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-03-19 18:36:05 IST; 3h 50min ago
Process: 5702 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 6035 (sshd)
CGroup: /system.slice/sshd.service
└─6035 /usr/sbin/sshd -D
Mar 19 18:36:01 linux-pohb sshd-gen-keys-start[5702]: Checking for missing se...
Mar 19 18:36:05 linux-pohb sshd-gen-keys-start[5702]: ssh-keygen: generating ...
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on 0.0.0.0 port 22.
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
It is listening on port 22 fine:
peeyush#linux-pohb:~/gccgo.work> netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
But I am not able to connect to it.
[root#lep8a peeyush]# ssh root#192.168.122.19
ssh: connect to host 192.168.122.19 port 22: Connection timed out
My head is aching with finding solutions on internet. Nothing is working.
Could you guys please help me out?
Check if your firewall accepts incoming TCP connections on port 22:
# iptables -nL | grep 22
If the result is empty, you have to add a rule in your firewall.
Open Yast and firewall configuration:
# yast firewall
Goto "Allowed Services" and add "Secure Shell Server". Save and quit Yast and try to connect.
Comment: If you have disabled your firewall completly (not recommended) this answer does not apply.
Run this command:
systemctl enable sshd.service
Then make necessary changes in your /etc/ssh/sshd_config file, and start sshd via:
systemctl start sshd.service
I was dealing with the same problem in SUSE Linux Enterprise Server 15 x86-64. Within the system I was able to # ssh 127.0.0.1 (so the sshd service was working correctly), but from other nodes I got a "Timed out" message.
First, I checked the firewall rules (see answer from xloto):
# iptables -nL | grep 22
Resulted in an empty return message, so we need to set an additional rule.
To set the the firewall rule for SSH's standard port 22, I followed another tutorial (as I do not have a GUI):
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --reload
It worked for my case, but I'm not sure whether this is best practice.
when i am trying to connect to redis client db using a public key, by use of following command,
ssh -i somekey.pem -v -L 6379 : 127.0.0.1 user#domain.com
when i do so its not connecting and giving the following error
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
Bad local forwarding specification '6379'
there is no other redis instance running
what is the issue and what should i do to solve the issue
well i solved this
i did not put port number(6379) after host(127.0.0.1)
following command is working now
ssh -i somekey.pem -v -L 6379:127.0.0.1:6379 user#domain.com
I am using Fedora 20 and recently did a yum update. Now I can't get pound to work anymore. No real errors but just refuse connection:
Following output are copy and pastes from different times but output is always same except pid and time.
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://localhost
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.14 on linux-gnu.
URI encoding = ‘UTF-8’
--2014-11-06 11:59:53-- https://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Caching localhost => ::1 127.0.0.1
Connecting to localhost (localhost)|::1|:443... Closed fd 3
failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:443... Closed fd 3
failed: Connection refused.
Releasing 0x0000000001f33280 (new refcount 1).
[root#mymachine me]# service pound status
Redirecting to /bin/systemctl status pound.service
pound.service - Pound Reverse Proxy And Load-balancer
Loaded: loaded (/usr/lib/systemd/system/pound.service; enabled)
Active: active (running) since Thu 2014-11-06 11:30:12 EST; 6min ago
Process: 3019 ExecStart=/usr/sbin/pound (code=exited, status=0/SUCCESS)
Main PID: 3020 (pound)
CGroup: /system.slice/pound.service
├─3020 /usr/sbin/pound
└─3021 /usr/sbin/pound
Nov 06 11:30:12 mymachine systemd[1]: Starting Pound Reverse Proxy And Load-balancer...
Nov 06 11:30:12 mymachine pound[3019]: starting...
Nov 06 11:30:12 mymachine systemd[1]: PID file /var/run/pound.pid not readable (yet?) after start.
Nov 06 11:30:12 mymachine systemd[1]: Started Pound Reverse Proxy And Load-balancer.
[root#mymachine me]#
[root#mymachine me]# netstat -tulpn | grep pound
tcp 0 0 myip:443 0.0.0.0:* LISTEN 1379/pound
I can wget http:[stack complains about links//]localhost:80 (varnish) and wget http:[stack complains about links//]localhost:8080 (apache) I'm using a self signed pem file that can be found (no errors there), before I would have the "get me out of here" and "I know what I'm doing" from the browser but now it won't even connect with wget on localhost.
This is the /etc/pound.cfg:
User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"
ListenHTTPS
Address 128.199.217.77
Port 443
Cert "/var/www/html/test.pem"
Service
BackEnd
Address localhost
Port 80
End
End
End
It was an iptables problem. Added the rule to open port 443 with the iptables command, rules are not saved in any way when doing so. Used firewall-cmd instead:
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --list-services
When using wget you can't use localhost as pound isn't listening there, the command should be:
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://my.ip.address
CentOS 6.3 Minimal Configuration. Installed SSH Server, port 22. All works correctly.
I change port 22 on 777 and restart sshd and see in logs:
Jul 26 01:01:07 myserver sshd[1590]: error: Bind to port 777 on 0.0.0.0 failed: Permission denied.
Jul 26 01:01:07 myserver sshd[1590]: error: Bind to port 777 on :: failed: Permission denied.
Jul 26 01:01:07 myserver sshd[1590]: fatal: Cannot bind any address.
/etc/sysconfig/iptables contains:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 777 -j ACCEPT
netstat -tulpn | grep :22 and netstat -tulpn | grep :777 return nothing
Centos uses SELinux by default and I don't think Ubuntu does (or least I've not seen it). Have a look for SElinux permission errors in your logs too.
SELinux does not allow sshd to be run on another port on a default install of CentOS 6.3. Follow -> https://blog.tinned-software.net/change-ssh-port-in-centos-with-selinux/ :
dig a hole into your firewall (you already did that)
add a rule for SELinux to allow sshd to be run on port 777: sudo semanage port -a -t ssh_port_t -p tcp 777
you can disable selinux with command sudo setenforce 0.
sudo setenforce 0
firewall-cmd --add-port=777/tcp --permanent
firewall-cmd --reload
Port 777 is dedicated for Multiling HTTP and even though not in use you can't bind to it. If you try for example to bind to port 8777 it will work just fine.
The problem is informing SELinux, but I think there are two cases:
the port is not already allocated for a built-in service, in such case, this may work:
sudo semanage port -a -t ssh_port_t -p tcp 22777
the port is overwriting some existing service (don't ask me why); in this case this slightly different syntax is necessary:
sudo semanage port --modify -t ssh_port_t -p tcp 777
Of course, such ports should be then made available by updating the firewall:
sudo firewall-cmd --add-port=22777/tcp --permanent
or
sudo firewall-cmd --add-port=777/tcp --permanent
and then:
sudo firewal-cmd --reload