nagios-nrpe-server: Ignores dont_blame_nrpe=1

We have Debian Wheezy running on all our production machines. Debian Jessie is out there for a while and I wanted to give it a try...
An upgrade like this should be painless and without any major problems.

I installed a machine with Debian Jessie and made it ready for production by playing some ansible playbooks against it. More or less everything was fine, but the nagios nrpe server. This is what I noticed in the log:

Oct 30 17:08:36 was1 nrpe[14125]: Error: Request contained command arguments!
Oct 30 17:08:36 was1 nrpe[14125]: Client request was invalid, bailing out...

After digging a little bit I kinda figured out what happened.
nagios-nrpe-server debian package was compiled without --enable-command-args because there are security problems and that this feature is often used wrong.

The quickest fix for this was to recompile it with --enable-command-args and reinstall it.

  • Get the source.
apt-get source nagios-nrpe-server
apt-get install libssl-dev dpatch debhelper libwrap0-dev autotools-dev build-essential fakeroot
apt-get build-dep collectd collectd-core
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so
  • Edit nagios-nrpe-2.15/debian/rules and just after --enable-ssl \ insert --enable-command-args \ (it should be line number 16)
sed '16i\\t\t--enable-command-args \\' nagios-nrpe-2.15/debian/rules
  • Build the package
cd nagios-nrpe-2.15/
dpkg-buildpackage -rfakeroot
  • Install the newly created package
cd ..
dpkg -i nagios-nrpe-server_2.15-1_amd64.deb

Note: in case you're interested in the whole story, please read this.

One thought on “nagios-nrpe-server: Ignores dont_blame_nrpe=1”

Leave a Reply

Your email address will not be published. Required fields are marked *