summaryrefslogtreecommitdiffstats
path: root/README.md
blob: 801f9f8a661581c5887a52e818969e106387b002 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
![Nagios!](https://www.nagios.com/wp-content/uploads/2015/05/Nagios-Black-500x124.png)

[![Build Status](https://travis-ci.org/NagiosEnterprises/nrpe.svg?branch=master)](https://travis-ci.org/NagiosEnterprises/nrpe)

NRPE
====

## Nagios Remote Plugin Executor


For installation instructions and information on the design overview
of the NRPE addon, please read the PDF documentation that is found in
this directory: `docs/NRPE.pdf`.

If you are upgrading from a previous version, you'll want to
check the [Changelog](CHANGELOG.md) and then run `./update-cfg.pl` to
add the new SSL parameters to your config file.

TL;DR: You can jump straight to [Compiling](#compiling) and
[Installing](#installing)

You'll want to read up on the [Security](SECURITY.md) document
regarding NRPE, no doubt.

And make sure to check out the [SSL Readme](README.SSL.md) as well,
if you plan on using encryption methods to transmit `nrpe` data.


Purpose
-------
The purpose of this addon is to allow you to execute Nagios
plugins on a remote host in as transparent a manner as possible.


Contents
--------

There are two pieces to this addon:

1. `nrpe`

   This program runs as a background process on the
   remote host and processes command execution requests
   from the check_nrpe plugin on the Nagios host.
   Upon receiving a plugin request from an authorized
   host, it will execute the command line associated
   with the command name it received and send the
   program output and return code back to the
   check_nrpe plugin

2. `check_nrpe` 

   This is a plugin that is run on the Nagios host
   and is used to contact the NRPE process on remote
   hosts.  The plugin requests that a plugin be
   executed on the remote host and wait for the NRPE
   process to execute the plugin and return the result.
   The plugin then uses the output and return code
   from the plugin execution on the remote host for
   its own output and return code.


Compiling
---------

If you are having any problems compiling on your system, 
please let us know (preferrably with fixes). Most users 
should be able to compile `nrpe` and the `check_nrpe` 
plugin with the following commands...

    ./configure
    make all

***HINT:*** `./configure --help`

**NOTE:** If you're cloning from GitHub, you'll need to run
`autoconf` first.

**NOTE:** Since the check_nrpe plugin and nrpe daemon run 
on different machines (the plugin runs on the Nagios host and 
the daemon runs on the remote host), you will have to compile 
the nrpe daemon on the target machine.


Installing
----------

You have a few options here. The binaries created from `make all` 
were placed in your `src/` directory. You can either copy these 
where they need to be, or you can run any of the following 
`make install` options:

* `make install-groups-users`

   Add the users and groups sepcified during `./configure`. Defaults
   to nagios and nagios, respectively. You can override these with the
   `./configure --with-nrpe-user=USER --with-nrpe-group=GROUP`.

* `make install`

   This will run both `install-plugin` and `install-daemon`.

* `make install-plugin`

   This will install the plugin by default in 
   `/usr/local/nagios/libexec`. You can override this 
   behavior by using the `--with-pluginsdir=DIR` flag during
   `./configure`.

* `make install-daemon`

   This will install the plugin by default in 
   `/usr/local/nagios/bin`. You can override this 
   behavior by using the `--prefix=DIR` or 
   `--bindir=DIR` flags during `./configure`.

* `make install-config`

   This will install the sample config by default in 
   `/usr/local/nagios/etc`. You can override this 
   behavior by using the `--with-pkgsysconfdir=DIR` 
   flag during `./configure`.

* `make install-inetd`

   `./configure` attempts to determine your inetd type.
   If it finds it, it will install the appropriate inetd 
   script in the proper location. You can help it out with
   `./configure --with-inetd-type=TYPE` where `TYPE` can be
   one of: `inetd`, `xinetd`, `systemd`, `launchd`, 
   `smf10`, `smf11`.

* `make install-init`

   `./configure` attempts to determine the appropriate
   init type. If it figures it out, will install the
   required startup script. You can help it out with
   `./configure --with-init-type=TYPE` where TYPE can be
   one of: `bsd`, `sysv`, `systemd`, `launchd`, `smf10`, 
   `smf11`, `upstart`, `openrc`.

If you used all the necessary `./configure` flags, you shouldn't
need to tweak your config file any at this point, and a simple
`service nrpe start` or `systemctl start nrpe.service` should
work just fine.

Configuring
-----------

A sample config file for the NRPE daemon are located in the
`sample-config/` subdirectory.

If you used the proper flags during `./configure`, this file
should contain all of the appropriate information as a starting
point.


Running Under `inetd` or `xinetd`
---------------------------------

If you plan on running nrpe under inetd or xinetd and making use
of TCP wrappers, you need to add a line to your `/etc/services`
file as follows (modify the port number as you see fit)

     nrpe            5666/tcp    # NRPE

The run `make install-inetd` to copy the appropriate file, or
add the appropriate line to your `/etc/inetd.conf`.

**NOTE:** If you run nrpe under inetd or xinetd, the server_port
and allowed_hosts variables in the nrpe configuration file are
ignored.


* `inetd`

   After running `make install-inetd`, your `/etc/inetd.conf` file will
   contain lines similar to the following:

       # Enable the following entry to enable the nrpe daemon
       #nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
       # Enable the following entry if the nrpe daemon didn't link with libwrap
       #nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag

   Un-comment the appropriate line, then Restart inetd:

       /etc/rc.d/init.d/inet restart

   OpenBSD users can use the following command to restart inetd:

       kill -HUP `cat /var/run/inet.pid`

   Then add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
   file to enable TCP wrapper protection for the nrpe service.
   This is optional, although highly recommended.


* `xinetd`

   If your system uses xinetd instead of inetd, `make install-inetd`
   will create a file called `nrpe` in your `/etc/xinetd.d`
   directory that contains a file similar to this:

       # default: off
       # description: NRPE (Nagios Remote Plugin Executor)
       service nrpe
       {
           disable         = yes
           socket_type     = stream
           port            = @NRPE_PORT@
           wait            = no
           user            = nagios
           group           = nagios
           server          = /usr/local/nagios/bin/nrpe
           server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
           only_from       = 127.0.0.1
           log_on_failure  += USERID
       }

   * Replace `disable = yes` with `disable = no`
   * Replace the `127.0.0.1` field with the IP addresses of hosts which
     are allowed to connect to the NRPE daemon.  This only works if xinetd was
     compiled with support for tcpwrappers.
   * Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
     file to enable TCP wrapper protection for the nrpe service.
     This is optional, although highly recommended.

   * Restart xinetd:

          /etc/rc.d/init.d/xinetd restart


Configuring Things On The Nagios Host
---------------------------------------

Examples for configuring the nrpe daemon are found in the sample
`nrpe.cfg` file included in this distribution.  That config file
resides on the remote host(s) along with the nrpe daemon.  The
check_nrpe plugin gets installed on the Nagios host.  In order
to use the check_nrpe plugin from within Nagios, you will have
to define a few things in the host config file.  An example
command definition for the check_nrpe plugin would look like this:

    define command{
        command_name           check_nrpe
        command_line           /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
        }

In any service definitions that use the nrpe plugin/daemon to
get their results, you would set the service check command portion
of the definition to something like this (sample service definition
is simplified for this example):

    define service{
        host_name              someremotehost
        service_description    someremoteservice
        check_command          check_nrpe!yourcommand
        ... etc ...
        }

where `yourcommand` is a name of a command that you define in
your `nrpe.cfg` file on the remote host (see the docs in the
sample nrpe.cfg file for more information).


License Notice
--------------

NRPE - Nagios Remote Plugin Executor

Copyright (c) 2017 Nagios Enterprises

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


Questions?
----------

If you have questions about this addon, or encounter problems getting things
working along the way, your best bet for an answer or quick resolution is to check the
[Nagios Support Forums](https://support.nagios.com/forum/viewforum.php?f=5).