/etc/xinetd.d/nrpe "only_from"-param for check_nrpe based on hostname

Marc Powell marc at ena.com
Fri Oct 30 17:03:56 CET 2009

Previous message: Nagios3 distributed monitoring question
Next message: /etc/xinetd.d/nrpe "only_from"-param for check_nrpe based on hostname
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 30, 2009, at 9:12 AM, jonas kellens wrote:

> Hello there !
>
> I'm new to the list and rather new to Nagios also... I have the  
> following question :
>
> I have the NRPE-plugin for Nagios running as part of the Xinetd- 
> service on a remote server, this is its config :
>
> bash-3.2# cat /etc/xinetd.d/nrpe
> # default: on
> # description: NRPE (Nagios Remote Plugin Executor)
> service nrpe
> {
> flags = REUSE
> socket_type = stream
> port = 5666
> wait = no
> user = nagios
> group = nagios
> server = /usr/local/nagios/bin/nrpe
> server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
> log_on_failure += USERID
> disable = no
> only_from = 127.0.0.1 host.no-ip.biz
> }

> Question : How can I enable the lookup of a dynamic IP-address via  
> the DynDNS-domainname ?? How can I put my "host.no-ip.biz" into the  
> NRPE-service ??

I don't use NRPE under xinetd but on the face of it, this is a problem  
with your reverse DNS and the way that xinetd is doing the  
verification. When your nagios machine connects to NRPE, xinetd will  
take the IP address it sees as the source and look up the reverse DNS  
entry for it. If that name is not 'host.no-ip.biz', then it's going to  
refuse the connection. xinetd does _not_ ask what the current IP of host.no-ip.biz 
  is on every connection. It depends entirely on the reverse DNS PTR  
name. When your IP changes, do you automatically update the reverse  
DNS for that new IP to point to that name? I'm guessing you do not.

This is a very unusual situation. Most sane admins would never use  
DHCP or a dynamic address for a server. Your options are going to be  
very limited, mostly being to compromise on your security and allow  
more than just the single host.


man xinetd.conf --

       only_from        determines the remote hosts to  which  the   
particular
                         service  is  available.   Its  value  is  a  
list of IP
                         addresses which can be specified in any  
combination of
                         the following ways:

[snip]

                         d)   a host  name.   When  a  connection  is   
made  to
                              xinetd,  a  reverse  lookup is  
performed, and the
                              canonical name returned is compared to  
the speci-
                              fied host name.  You may also use domain  
names in
                              the form of .domain.com.  If the   
reverse  lookup
                              of the client’s IP is  
within .domain.com, a match
                              occurs.



--
Marc


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Nagios3 distributed monitoring question
Next message: /etc/xinetd.d/nrpe "only_from"-param for check_nrpe based on hostname
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list