nagios-nrpe-server: Ignores dont_blame_nrpe=1

We have Debian Wheezy running on all our production machines. Debian Jessie is out there for a while and I wanted to give it a try...
An upgrade like this should be painless and without any major problems.

I installed a machine with Debian Jessie and made it ready for production by playing some ansible playbooks against it. More or less everything was fine, but the nagios nrpe server. This is what I noticed in the log:

Oct 30 17:08:36 was1 nrpe[14125]: Error: Request contained command arguments!
Oct 30 17:08:36 was1 nrpe[14125]: Client request was invalid, bailing out...

After digging a little bit I kinda figured out what happened.
nagios-nrpe-server debian package was compiled without --enable-command-args because there are security problems and that this feature is often used wrong.

The quickest fix for this was to recompile it with --enable-command-args and reinstall it.

  • Get the source.

[codesyntax lang="bash"]

apt-get source nagios-nrpe-server
apt-get install libssl-dev dpatch debhelper libwrap0-dev autotools-dev build-essential fakeroot
apt-get build-dep collectd collectd-core
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so

[/codesyntax]

  • Edit nagios-nrpe-2.15/debian/rules and just after --enable-ssl \ insert --enable-command-args \ (it should be line number 16)

[codesyntax lang="bash"]

sed '16i\\t\t--enable-command-args \\' nagios-nrpe-2.15/debian/rules

[/codesyntax]

  • Build the package

[codesyntax lang="bash"]

cd nagios-nrpe-2.15/
dpkg-buildpackage -rfakeroot

[/codesyntax]

  • Install the newly created package

[codesyntax lang="bash"]

cd ..
dpkg -i nagios-nrpe-server_2.15-1_amd64.deb

[/codesyntax]

Note: in case you're interested in the whole story, please read this.

  1. Thanks for the tip! Was driving me crazy.

Scrie si tu o vorbulita


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.