Check_Process Fail with SSL/Certificate


#1

Hey,

i use NRPEv3 and want to check Processes but it failed. When i check for example check_uptime or check_disk it works. It also works with check_process when i dont use check_nrpe with certificates.

/usr/lib/nagios/plugins/check_nrpe_v3 -H IP -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -C /usr/local/nagios/etc/ssl/nagios_server_certs/nagios_server.pem -K /usr/local/nagios/etc/ssl/nagios_server_certs/nagios_server.key -c check_process CHECK_NRPE: Invalid packet type received from server.

/usr/lib/nagios/plugins/check_nrpe_v3 -H IP -A /usr/local/nagios/etc/ssl/ca/ca_cert.pem -C /usr/local/nagios/etc/ssl/nagios_server_certs/nagios_server.pem -K /usr/local/nagios/etc/ssl/nagios_server_certs/nagios_server.key -c check_uptime CRITICAL: uptime: 0:1h, boot: 2017-03-28 09:31:41 (UTC)|‘uptime’=76s;172800;86400

nsclient.ini

[/settings/NRPE/server] insecure = false ssl options = no-sslv2,no-sslv3 dh = certificate key = ${certificate-path}\client_cert.key certificate = ${certificate-path}\client_cert.pem ca = ${certificate-path}\ca_cert.pem allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH allow arguments = 1 verify mode = peer-cert use ssl = true

Any ideas?


#2

Maybe you need specific permissions to check a process?


#3

I read this article which helped me out:

https://support.nagios.com/kb/article.php?id=518&show_category=102

In the nsclient.ini set this:

payload length = 8192

And you have to use the length also in the check_nrpe command