/etc/xinetd.d/nrpe "only_from"-param for check_nrpe based on hostname

jonas kellens jonas.kellens at telenet.be
Fri Oct 30 17:39:17 CET 2009


Marc, thanks for your reply !

I have an online Asterisk-server with a fixed IP of course and this is
the to-be-monitored-host.

I've set up a Nagios Monitoring server @ my home. I do not have a fixed
IP on my broadband-connection.

So I guess you understand my question.

I thought about making a VPN-connection. My Nagios-server @ home will
then always have the IP 10.10.8.2 or something like that...
Would that sound safer to you ?

Greetingz,
Jonas.


On Fri, 2009-10-30 at 11:03 -0500, Marc Powell wrote:

> On Oct 30, 2009, at 9:12 AM, jonas kellens wrote:
> 
> > Hello there !
> >
> > I'm new to the list and rather new to Nagios also... I have the  
> > following question :
> >
> > I have the NRPE-plugin for Nagios running as part of the Xinetd- 
> > service on a remote server, this is its config :
> >
> > bash-3.2# cat /etc/xinetd.d/nrpe
> > # default: on
> > # description: NRPE (Nagios Remote Plugin Executor)
> > service nrpe
> > {
> > flags = REUSE
> > socket_type = stream
> > port = 5666
> > wait = no
> > user = nagios
> > group = nagios
> > server = /usr/local/nagios/bin/nrpe
> > server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
> > log_on_failure += USERID
> > disable = no
> > only_from = 127.0.0.1 host.no-ip.biz
> > }
> 
> > Question : How can I enable the lookup of a dynamic IP-address via  
> > the DynDNS-domainname ?? How can I put my "host.no-ip.biz" into the  
> > NRPE-service ??
> 
> I don't use NRPE under xinetd but on the face of it, this is a problem  
> with your reverse DNS and the way that xinetd is doing the  
> verification. When your nagios machine connects to NRPE, xinetd will  
> take the IP address it sees as the source and look up the reverse DNS  
> entry for it. If that name is not 'host.no-ip.biz', then it's going to  
> refuse the connection. xinetd does _not_ ask what the current IP of host.no-ip.biz 
>   is on every connection. It depends entirely on the reverse DNS PTR  
> name. When your IP changes, do you automatically update the reverse  
> DNS for that new IP to point to that name? I'm guessing you do not.
> 
> This is a very unusual situation. Most sane admins would never use  
> DHCP or a dynamic address for a server. Your options are going to be  
> very limited, mostly being to compromise on your security and allow  
> more than just the single host.
> 
> 
> man xinetd.conf --
> 
>        only_from        determines the remote hosts to  which  the   
> particular
>                          service  is  available.   Its  value  is  a  
> list of IP
>                          addresses which can be specified in any  
> combination of
>                          the following ways:
> 
> [snip]
> 
>                          d)   a host  name.   When  a  connection  is   
> made  to
>                               xinetd,  a  reverse  lookup is  
> performed, and the
>                               canonical name returned is compared to  
> the speci-
>                               fied host name.  You may also use domain  
> names in
>                               the form of .domain.com.  If the   
> reverse  lookup
>                               of the client’s IP is  
> within .domain.com, a match
>                               occurs.
> 
> 
> 
> --
> Marc
> 
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20091030/32c4d78a/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list