UtahSysAdmin.com

Configuring Nagios Plugins & NRPE on Solaris 10

Here’s a step by step installation of the Nagios plugin NRPE for Solaris 10 x86 (as the remote host):

useradd -c “nagios system user” -d /usr/local/nagios -m nagios
chown nagios:nagios /usr/local/nagios/
cd /usr/local/src # or wherever you like to put source code
wget http://internap.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
wget http://internap.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
gunzip nagios-plugins-1.4.11.tar.gz
tar -xvf nagios-plugins-1.4.11.tar
gunzip nrpe-2.12.tar.gz
tar -xvf nrpe-2.12.tar

First we’ll compile the nagios plugins:

cd nagios-plugins-1.4.11
./configure
make
make install
chown -R nagios:nagios /usr/local/nagios/libexec
cd ..

Run a quick check to make sure the plugins are working:

/usr/local/nagios/libexec/check_disk -w 10 -c 5 -p /

Next, we’ll compile NRPE. Normally at this point we would just run `cd nrpe-2.12; ./configure`. Unfortunately, the configure script can not find the SSH headers and libraries on Solaris 10. You get errors like this:

checking for SSL headers… configure: error: Cannot find ssl headers

checking for SSL libraries… configure: error: Cannot find ssl libraries

The answer to this is, of course, to tell configure where to find them:

cd nrpe-2.12
./configure –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/

Currently there is a bug in 2.12 that it assumes that all systems have 2 syslog facilities that Solaris doesn’t have, so if you try and compile it generates the following errors:

nrpe.c: In function `get_log_facility’:
nrpe.c:617: error: `LOG_AUTHPRIV’ undeclared (first use in this function)
nrpe.c:617: error: (Each undeclared identifier is reported only once
nrpe.c:617: error: for each function it appears in.)
nrpe.c:619: error: `LOG_FTP’ undeclared (first use in this function)
*** Error code 1
make: Fatal error: Command failed for target `nrpe’
Current working directory /usr/local/src/nrpe-2.12/src
*** Error code 1
make: Fatal error: Command failed for target `all’

Unfortunately, the fix at this time is to comment out the code that calls these two facilities, lines 616-619, in src/nrpe.c:

/*else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTHPRIV;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_FTP;*/

UPDATE: You no longer need to comment out these lines, just replace them with the following:

else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTH;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_DAEMON;

Now it will compile:

# make all
cd ./src/; make ; cd ..
gcc -g -O2 -I/usr/sfw//include/openssl -I/usr/sfw//include -DHAVE_CONFIG_H -o nrpe nrpe.c utils.c -L/usr/sfw/lib/ -lssl -lcrypto -lnsl -lsocket ./snprintf.o
gcc -g -O2 -I/usr/sfw//include/openssl -I/usr/sfw//include -DHAVE_CONFIG_H -o check_nrpe check_nrpe.c utils.c -L/usr/sfw/lib/ -lssl -lcrypto -lnsl -lsocket

*** Compile finished ***

Next install the new binaries:

# make install
cd ./src/ && make install
make install-plugin
.././install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec
.././install-sh -c -m 775 -o nagios -g nagios check_nrpe /usr/local/nagios/libexec
make install-daemon
.././install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/bin
.././install-sh -c -m 775 -o nagios -g nagios nrpe /usr/local/nagios/bin

Optionally, if you want to use the sample config file run (Recommended if you don’t already have a standard config):

# make install-daemon-config
./install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc
./install-sh -c -m 644 -o nagios -g nagios sample-config/nrpe.cfg /usr/local/nagios/etc

Modify the nrpe.cfg file with your settings:

vi /usr/local/nagios/etc/nrpe.cfg

With Solaris 10, we don’t use either inetd or xinetd, but SMF. Thankfully, we can convert inetd entires into the SMF repository with the inetconv command. So first, add the following entry to /etc/services:

nrpe 5666/tcp # NRPE

Then add the following line to the end of /etc/inet/inetd.conf:

nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

Next, we need to convert it to SMF:

# inetconv
nrpe -> /var/svc/manifest/network/nrpe-tcp.xml
Importing nrpe-tcp.xml …Done
# inetconv -e
svc:/network/nrpe/tcp:default enabled

Check to make sure it went online:

# svcs svc:/network/nrpe/tcp:default
STATE STIME FMRI
online 15:53:39 svc:/network/nrpe/tcp:default
# netstat -a | grep nrpe
*.nrpe *.* 0 0 49152 0 LISTEN

Check the default installed parameters:

# inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name=”nrpe”
endpoint_type=”stream”
proto=”tcp”
isrpc=FALSE
wait=FALSE
exec=”/usr/sfw/sbin/tcpd -c /usr/local/nagios/etc/nrpe.cfg -i”
arg0=”/usr/local/nagios/bin/nrpe”
user=”nagios”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10

Change it so that it uses tcp_wrappers:

# inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE

And check to make sure it took effect:

# inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name=”nrpe”
endpoint_type=”stream”
proto=”tcp”
isrpc=FALSE
wait=FALSE
exec=”/usr/sfw/sbin/tcpd -c /usr/local/nagios/etc/nrpe.cfg -i”
arg0=”/usr/local/nagios/bin/nrpe”
user=”nagios”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
tcp_wrappers=TRUE
default connection_backlog=10

Modify your hosts.allow and hosts.deny to only allow your nagios server access to the NRPE port. Note that tcpd always looks at hosts.allow first, so even though we specify that everyone is rejected in the hosts.deny file, the ip addresses specified in hots.allow are allowed.
/etc/hosts.allow:

nrpe: LOCAL, 10.0.0.45

/etc/hosts.deny:

nrpe: ALL

Finally, check to make sure you have everything installed correctly (should return version information):

/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

Optionally, modify any firewalls between your nagios server and the remote host to allow port 5666.
Don’t forget to configure your nagios server to check your new service.

Please VOTE for this page at: ADD TO DEL.ICIO.US

This entry was posted on Friday, March 14th, 2008 @ 10:48 am on the category Technical.You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback from your own site.

118 Comments

James says:
I had to use this additional code change described here: http://www.nagios.org/faqs/viewfaq.php?faq_id=372 to get rid of SSL Handshake errors. Thanks for the resource!

Why did you use the /usr/sfw/bin/tcpd instead of using the built-in Solaris 10 wrappers built into inetd?
Posted March 30, 2008, 12:29 pm
Kevin Pendleton says:
Good points, you’ll notice that I used –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/ pointing to the SUNWcry and SUNWcryr packages that I had installed as also referenced in the FAQ above. As far as the tcpd I used, I don’t have any other on the system. Please post any alternatives you have. Thanks!
Posted March 30, 2008, 10:20 pm
Dave Try says:
When I run the final check for the nrpe plugin I run into the following error:

# /usr/local/nagios/libexec/check_nrpe -H localhost
ld.so.1: check_nrpe: fatal: libssl.so.0.9.7: open failed: No such file or directory

I’ve installed openssl-0.9.8 but it doesn’t install into the /usr/lib directory.

Any idea how this can be fixed?
Posted April 17, 2008, 10:28 pm
Kevin Pendleton says:
You have two options. One, install the SUNWcry and SUNWcryr packages and then use the parameters I specified on the NRPE compile. The second option, would to be to compile openssl, specifying a specific location for the install and then changing the ssl compile options when compiling NRPE. If I remember right, there was an compile option if you used openssl specifically. I don’t have access to check right now, but to see what compile options are available, run `./configure –help | less`. Please post your solution when you get it figured out.
Posted April 17, 2008, 11:14 pm
aerosmith says:
make in nagios-plugins-1.4.11 fails…on solaris 10 on sparc

eck_mysql-check_mysql.o `test -f ‘check_mysql.c’ || echo ‘./’`check_mysql.c; \
then mv -f “.deps/check_mysql-check_mysql.Tpo” “.deps/check_mysql-check_mysql.Po”; else rm -f “.deps/check_mysql-check_mysql.Tpo”; exit 1; fi
gcc: language strconst not recognized
gcc: check_mysql.c: linker input file unused because linking not done
mv: cannot access .deps/check_mysql-check_mysql.Tpo
*** Error code 2
make: Fatal error: Command failed for target `check_mysql-check_mysql.o’
Current working directory /var/tmp/nrpe/nagios-plugins-1.4.11/plugins
*** Error code 1
The following command caused the error:
failcom=’exit 1′; \
for f in x $MAKEFLAGS; do \
case $f in \
*=* | –[!k]*);; \
*k*) failcom=’fail=yes’;; \
esac; \
done; \
dot_seen=no; \
target=`echo all-recursive | sed s/-recursive//`; \
list=’gl lib plugins plugins-scripts plugins-root po’; for subdir in $list; do \
echo “Making $target in $subdir”; \
if test “$subdir” = “.”; then \
dot_seen=yes; \
local_target=”$target-am”; \
else \
local_target=”$target”; \
fi; \
(cd $subdir && make $local_target) \
|| eval $failcom; \
done; \
if test “$dot_seen” = “no”; then \
make “$target-am” || exit 1; \
fi; test -z “$fail”
make: Fatal error: Command failed for target `all-recursive’
Current working directory /var/tmp/nrpe/nagios-plugins-1.4.11
*** Error code 1
make: Fatal error: Command failed for target `all’
Posted April 25, 2008, 1:52 pm
Dave Try says:
I’m now getting a handshake error, despite editing the nrpe.c file as specified in that earlier post, although that line didn’t appear on 222, it was on 242 or 243 I believe.

I couldn’t find anything related to openssl in the ./configure -help file, only how to specify where libs were installed. I configured with the following “./configure -with-ssl=/usr/local/ssl/ -with-ssl-inc=/usr/local/ssl/include/openssl/ -with-ssl-lib=/usr/local/ssl/lib/” ….but it doesn’t appear to be working.
Posted April 28, 2008, 5:20 pm
Kevin Pendleton says:
Aerosmith:

When troubleshooting compile problems, no one will be able to tell you what is wrong from the output on the screen. The real problem with the compile will be found in the file config.log. Take a look in that file and see what was the last thing before the compile died and that’s what you should be looking into.

Dave:

What’s the handshake error you’re getting? The same error as referenced in the FAQ above or a different one?
Posted April 29, 2008, 10:19 pm
Aerosmith says:
Thanks @kevin
Posted May 2, 2008, 1:12 pm
gary says:
I followed every single step above to install nrpe on SUN Sparc 5.10 system, had the exactly the same problem Dave Try encountered. I verified that both SUNWcry and SUNWcryr and openssl 0.9.8 has been installed. but it still failed when I did the final check.

If using SUNWcry.
# /usr/local/nagios/libexec/check_nrpe -H localhost
ld.so.1: check_nrpe: fatal: libssl.so.0.9.7: open failed: No such file or directory

If using Openssl
# /usr/local/nagios/libexec/check_nrpe -H localhost
ld.so.1: check_nrpe: fatal: libssl.so.0.9.8: open failed: No such file or directory

Do I need to reinstall SUNWcry and SUNWcryr as Kevin suggested as option one?

Any suggestions and help will be appreciated.
Posted June 13, 2008, 12:28 pm
Kevin Pendleton says:
Gary, where is libssl.so.0.9.7 on your system, what is the path to it? Did you specify that same path in your configure options?

./configure –with-ssl=/path/to/main/ssl/dir –with-ssl-lib=/same/path/plus/lib/

Kevin
Posted June 13, 2008, 9:37 pm
gary says:
Hi Kevin,

I followed the exact steps as above
cd nrpe-2.12
./configure –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/
and I have verified that the file libssl.so.0.9.7 is in the directory /usr/sfw/lib
don’t know why it still complains.
the only difference is that we don’t have files hosts.allow and hosts.deny on our system, but it makes no difference after adding those two files.
Any suggestion about what I should look into next?

Thanks a lot!

Gary
Posted June 16, 2008, 6:05 pm
Mark says:
Aerosmith:

The method for getting the make of the plug-ins to work can be found here:

kernel-dump.blogspot.com/2008/01/how-to-compile-nagios-plugins-for.html

Read it carefully several times to make sure you understand the switches of users and use of Bash.
Posted June 19, 2008, 7:27 pm
Neil says:
Hello,

I think I’m having the same issue as Dave. I installed the SUNWcry and SUNWcryr packages, pointed the configure script to the appropriate ssl directories, modified both nrpe.c and check_nrpe.c to use the appropriate encryption, trying the lines:

SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”);

or

SSL_CTX_set_cipher_list(ctx,”ADH”); +
SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”);

as suggested in different forums, and still, when I restart the nrpe service and test it with

/usr/local/nagios/libexec/check_nrpe -H localhost

I get the ssl handshake error:

CHECK_NRPE: Error – Could not complete SSL handshake.

Any other thoughts?
Posted June 26, 2008, 9:20 am
Kevin Pendleton says:
So it sounds like you were able to get everything to compile correctly and have no library errors, you just can not complete the handshake with the remote server. Most often I have seen this error when running different versions of NRPE on the host and client.

This FAQ may help you troubleshoot this error:

http://www.nagios.org/faqs/viewfaq.php?faq_id=191

Kevin
Posted June 26, 2008, 9:58 am
mpower says:
In src/nrpe.c replace the lines 616 – 619 like that (don’t comment them):

else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTH;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_DAEMON;
Posted July 18, 2008, 8:16 am
Kevin Pendleton says:
I agree, that is a better solution. Have you recommended any solutions to the developers for a permanent fix for the next version of NRPE?
Posted July 18, 2008, 9:29 am
Axel Eble says:
Kevin,

how do you start nagios automagically at boot under Solaris 10?

Axel
Posted July 31, 2008, 8:43 am
Kevin Pendleton says:
Axel,

Solaris 10 uses SMF or the Service Management Facility to control what services start on bootup. If you followed the steps above, successfully converted it from inetd to SMF and the service went online, it will also come online every time you reboot.

Kevin
Posted July 31, 2008, 8:48 am
Axel Eble says:
Yes, the NRPE – I’m looking for starting Nagios itself on Solaris. As my Ultra 10 is idling away and twiddlikng its virtual thumbs anyway I have nagios installed on it, but would like to start it automagically at boot time (not the NRPE service, though).

Converting init.d files to SMF seems to be a tad bit trickier, though?
Posted July 31, 2008, 8:55 am
Kevin Pendleton says:
Ahh, sorry, I misread your question. Unfortunately, my nagios server runs on Solaris 9 still so I haven’t gone through that process yet. Thinking about it though, SMF has backwards compatibility specifically for this case – applications that only have init scripts built. SMF still executes scripts in /etc/rc<n>.d/ folders that have not been converted. So you should be able to use the script generated by the make install-init command, by placing it in /etc/rc3.d/, etc. You should also be able to start it manually by executing /etc/init.d/nagios start – if the script has all the right paths for your installation in it.
Posted July 31, 2008, 9:23 am
Axel Eble says:
After googling for several days (granted, I must have hit the wrong keywords), I came up with a template manifest. Hope this helps others, too.

Nagios Monitoring
Posted July 31, 2008, 9:49 am
Axel Eble says:
darn, that got swallowed :-)
Posted July 31, 2008, 9:49 am
Dartarrow says:
Dude,
Thanks for the lessons, But I have one problem more which is when i attempt to ./check_nrpe -H localhost i get the (apparently common) error
“CHECK_NRPE: Error – Could not complete SSL handshake.”

Now I do not have root on the machine which could be a problem, I cannot possibly in the near future get root on the machine, so installing extra packages is out of the question for now.

I’ve attempted modifying line 222 or src/nrpe.c but to no avail. For now anyway. So if anyone can help me out, that would be cool.

thx :D
Posted August 19, 2008, 3:08 am
Simone says:
Hi Guys,
can anyone help me?

Scenario

Nagios Server (core) 3.0.3 under Linux (Ubuntu 8.04) – NRPE 2.12 (latest)

Monitored Host: Solaris 10 (SunOS S10DBSERVER 5.10 Generic sun4u sparc SUNW,Sun-Blade-2500)

I tried to install NRPE 2.12 on S10:
Download package, extract in folder.

I HAVE NOT SUNWcry installed. I can’t find where download package for my S10 Sparc. Free download only for Solaris 8 :(

1) Apply the patch:
As mentioned here (The second solution is to change line 222 of src/nrpe.c like this: – SSL_CTX_set_cipher_list(ctx,”ADH”); + SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”); and recompile. )
DONE.

Comment these line in nrpe.c
/* else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTHPRIV;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_FTP; */

DONE.

2) Compile with:
./configure –with-ssl-lib=/usr/sfw/lib \
–with-ssl-inc=/usr/sfw/include –with-ssl=/usr/sfw \
–prefix=/opt/nagios

OK, done.

3) Edit the /opt/nagios/etc/nrpe.cfg file.
Only 1 change to do: change paths to nagios plugins

4) Edit the /etc/inetd.conf file, setting up like this:
nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg –inetd

5) Edit /etc/services adding
nrpe 5666/tcp # NRPE

6) Converting inetd to SMF
inetconv
inetconv -e
svcs svc:/network/nrpe/tcp:default
netstat -a | grep nrpe
inetadm -l svc:/network/nrpe/tcp:default
inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE
inetadm -l svc:/network/nrpe/tcp:default
vi /etc/hosts.allow (nrpe: LOCAL, NagiosServerIPaddress)
vi /etc/hosts.deny (nrpe: ALL)

Testing:

On S10:
bash-3.00# /opt/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

bash-3.00# /opt/nagios/libexec/check_nrpe -H localhost -c check_load
OK – load average: 0.21, 0.27, 0.27|load1=0.211;15.000;30.000;0; load5=0.270;10.000;25.000;0; load15=0.270;5.000;20.000;0;

WOW…it seems working…

Now, testing on Nagios Core server:

root@nagios-srv:~# /usr/local/nagios/libexec/check_nrpe -H 192.168.10.241
CHECK_NRPE: Error – Could not complete SSL handshake.

LOG on S10 tell: Aug 26 10:29:28 S10DBSERVER nrpe[32]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

Without SSL

root@nagios-srv:~# /usr/local/nagios/libexec/check_nrpe -H 192.168.10.241 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

LOG on S10 tell: Aug 26 10:29:58 S10DBSERVER nrpe[33]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

Same error -.-

—-

I installed also openssl0.9.8h:

./config –prefix=/opt/openssl
make
make test
make install

No errors

Recompile NRPE with:

./configure –with-ssl-lib=/opt/openssl/lib \
–with-ssl-inc=/opt/openssl/include –with-ssl=/opt/openssl \
–prefix=/opt/nagios

Error:
checking for SSL headers… SSL headers found in /opt/openssl/include/..
checking for SSL libraries… configure: error: Cannot find ssl libraries

bash-3.00# find . / -name “libssl.so.0.9.7″
/usr/sfw/lib/sparcv9/libssl.so.0.9.7
/usr/sfw/lib/libssl.so.0.9.7

So, no libssl.so.0.9.7 present in /opt/openssl/lib

—–

PLEASE help

Simone
Posted August 26, 2008, 2:36 am
Kevin Pendleton says:
From the README of openssl:

NOTE: The header files used to reside directly in the include
directory, but have now been moved to include/openssl so that
OpenSSL can co-exist with other libraries which use some of the
same filenames.

So try this instead:

–with-ssl-inc=/opt/openssl/include/openssl

Or try searching for ssl.h, which is the name of the SSL header file that is should be looking for.
Posted August 26, 2008, 8:01 am
Simone says:
Hi Kevin,
thank for reply.

But, my problem is that compiler can’t find SSL libraries, not headers.

However, I try this:

./configure –with-ssl-lib=/opt/openssl/lib –with-ssl-inc=/opt/openssl/include/openssl –with-ssl=/opt/openssl –prefix=/opt/nagios

checking for SSL headers… SSL headers found in /opt/openssl/include/openssl/..
checking for SSL libraries… configure: error: Cannot find ssl libraries

If I look for “ssl.h”, I get this result:

/opt/openssl/include/openssl/ssl.h (83972 bytes)
/usr/sfw/include/openssl/ssl.h (74911 bytes)

Mmh… I’m confused :/

What’s wrong? Headers or libraries?

Tnx,
Simone
Posted August 27, 2008, 3:50 am
Kevin Pendleton says:
Sorry, I misread your earlier post. You are having problems with the libraries. Did you find that it was looking for libssl.so.0.9.7 in config.log? I believe the libraries that you have installed are libcrypto.a and libssl.a and are the static libraries. If you need the libssl.so, then you need the shared libraries installed as well and should add the option “shared” to your configure when compiling openssl.
Posted August 27, 2008, 10:22 am
Simone says:
Tnx Kevin,
I tried to compile OpenSSL with:

./config shared –prefix=/opt/openssl

And recompiled NRPE with:

./configure –with-ssl-lib=/opt/openssl/lib –with-ssl-inc=/opt/openssl –with-ssl=/opt/openssl –prefix=/opt/nagios

Works, but there’s always same error:

nrpe[25471]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

Executing nrpe as a daemon without SSL, everything works fine!

Last chance is to find sunwcry and sunwcryr for my Solaris10

Thank you!
Posted August 28, 2008, 5:44 am
Kevin Pendleton says:
For the handshake errors have you tried going through these steps yet?

http://www.nagios.org/faqs/viewfaq.php?faq_id=191
Posted August 28, 2008, 8:52 am
Justin says:
I’m banging my head against the wall with this issue. Don’t know if this is RBAC or what is causing the problem. After compiling NRPE according to the instructions and getting SSL working, some scripts work: CPU, Load work great. The scripts that don’t work (and by “don’t work” I mean are not able to store sys command results into variables when being called by NRPE under SMF) are the ones that contain backticks or (). The check_oracle script is one of them. A simple example is below:

if I call a script alias from nagios to the solaris host, and the script contains:
#!/bin/ksh
test = `ps`
echo $test

the results passed back will be empty. I did some experimentation and found that the command IS executed, but it cannot be stored into a variable, so nagios displays the ‘no output returned’ message, unless I also echo some text. This is some wierd stuff.

My kernel is: SunOS 5.10 Generic_127127-11 sun4v sparc SUNW,SPARC-Enterprise-T5220. Anyone know what I should do?
Posted August 29, 2008, 2:58 pm
Kevin Pendleton says:
I saw that you had posted this on the nagiosplug-help mailing list. There are some great people on that list, I’d give them a couple more days to respond….
Posted August 29, 2008, 11:11 pm
Hanu says:
Hi,

I am receiving the same error as well:

CHECK_NRPE: Error – Could not complete SSL handshake.

I am using Sol 8. Have few Q’s after reading the FAQ at: http://www.nagios.org/faqs/viewfaq.php?faq_id=191

1. Since I am using Sol 8, and not Sol10, would installing sunwcry and sunwcryr pkgs help me?
2. I have installed NRPE 2.12 and nagios-plugins-1.4.11… if these versions are not compatible, can you suggest what combination of NRPE and nagios-plugins versions should I go for?

Thanks,
Hanu
Posted September 2, 2008, 6:16 am
Amrit Singh says:
Hi,

Thank you this wonderfull article and it really helped me configure NRPE on Solaris 10. I am sure it would have helped a lot of newbies like me.

However, I would like to install NRPE on SOLARIS 8 and 9 as well. Do you have any suggestions on installing NRPE on Solaris 8 & 9 under inetd or Xinetd?

Thanks a lot in advance for your help..
Posted September 15, 2008, 12:09 am
Henti says:
I cannot get check_swap to compile on solaris 10 x86. I keep getting :

Cannot use swapctl in the large files compilation environment

durign the configure stage and it does not add check_swap to Makefile.

Any ideas ?
Posted September 15, 2008, 1:37 am
Kevin Pendleton says:
Hanu – As long as you were able to compile NRPE with some SSL libraries, you should be fine. It is more likely that it is the version mis-match between servers. Make sure that the NRPE version is the same on both the server and client.

Amrit – You’re welcome! I don’t have a how to document written for those versions, however, they should be easier since you do not need to convert the inetd line to SMF.

Henti – This seems to be a long standing problem with 32-bit Solaris, hopefully you can get some developers on your side to get the code updated. Good luck!
Posted September 15, 2008, 10:15 pm
Kevin Pendleton says:
Please note that a new version on nagios-plugins (1.4.13) has been released. See the release notes for more information:

https://sourceforge.net/forum/forum.php?forum_id=870554

“This release contains enhancements for check_procs and pst3 on Solaris systems (so it works correctly in Solaris 10 zones and also runs much faster). There were other minor updates and fixes from Thomas Guyot-Sionnest, Holger Weiss and Matthias Eble.”
Posted September 25, 2008, 9:01 am
Dejan Dinic says:
Problem with ssl is because nrpe cant find ssl library in available lib’s paths.
1st install openssl package ( available on sunfreeware.com )
2nd crle -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib/
3rd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i
4th Check from nagios server check_nrpe -H solaris_ip
Posted October 16, 2008, 5:47 am
Anthony Bentley says:
Hello,

I was having the same issues. I found these commands resolved the problem:

#crle -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib/

#/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

Now confirm that nrpe is functioning properly:

#/usr/local/nagios/libexec/check_nrpe -H localhost

Hope this helps,

Anthony
Posted November 7, 2008, 8:36 pm
Donald Mahaya says:
Run ‘yum install openssl-devel’ and the ./configure script will run correctly afterward. This applies to linux systems. You may have to run ‘apt-get install openssl-devel’ depending on the linux variant.

-Donald
Posted December 24, 2008, 10:14 pm
AvaCam says:
I was having this error also: “CHECK_NRPE: Error – Could not complete SSL handshake.”
When I telnet’ed to the port I noticed this message:
“ld.so.1: tcpd: fatal: libc.so.1: open failed: No such file or directory”

So I updated my library locations using the crle command:
“crle -l /usr/sfw/lib:/usr/local/ssl/lib:/usr/local/lib:/usr/lib:/lib:/usr/local/ssl/lib”
I was then able to perform the check_nrpe test successfully.

I did not require the SSL ADH cypher change for it to work either.
Posted December 26, 2008, 4:06 pm
Basil Baby says:
I had similar kind of errors while compiling nrpe on Linux
Error Message: “checking for SSL headers… configure: error: Cannot find ssl headers”

I have pussed openssl-devel package to fix this.
yum install openssl-devel

File associated with it
[root@nuts]# rpm -ql openssl-devel | grep -v man
/usr/include/openssl
/usr/include/openssl/aes.h
/usr/include/openssl/asn1.h
/usr/include/openssl/asn1_mac.h
/usr/include/openssl/asn1t.h
/usr/include/openssl/bio.h
/usr/include/openssl/blowfish.h
/usr/include/openssl/bn.h
/usr/include/openssl/buffer.h
/usr/include/openssl/cast.h
/usr/include/openssl/comp.h
/usr/include/openssl/conf.h
/usr/include/openssl/conf_api.h
/usr/include/openssl/crypto.h
/usr/include/openssl/des.h
/usr/include/openssl/des_old.h
/usr/include/openssl/dh.h
/usr/include/openssl/dsa.h
/usr/include/openssl/dso.h
/usr/include/openssl/dtls1.h
/usr/include/openssl/e_os2.h
/usr/include/openssl/ebcdic.h
/usr/include/openssl/engine.h
/usr/include/openssl/err.h
/usr/include/openssl/evp.h
/usr/include/openssl/hmac.h
/usr/include/openssl/krb5_asn.h
/usr/include/openssl/kssl.h
/usr/include/openssl/lhash.h
/usr/include/openssl/md2.h
/usr/include/openssl/md4.h
/usr/include/openssl/md5.h
/usr/include/openssl/obj_mac.h
/usr/include/openssl/objects.h
/usr/include/openssl/ocsp.h
/usr/include/openssl/opensslconf-i386.h
/usr/include/openssl/opensslconf.h
/usr/include/openssl/opensslv.h
/usr/include/openssl/ossl_typ.h
/usr/include/openssl/pem.h
/usr/include/openssl/pem2.h
/usr/include/openssl/pkcs12.h
/usr/include/openssl/pkcs7.h
/usr/include/openssl/pq_compat.h
/usr/include/openssl/pqueue.h
/usr/include/openssl/rand.h
/usr/include/openssl/rc2.h
/usr/include/openssl/rc4.h
/usr/include/openssl/ripemd.h
/usr/include/openssl/rsa.h
/usr/include/openssl/safestack.h
/usr/include/openssl/sha.h
/usr/include/openssl/ssl.h
/usr/include/openssl/ssl2.h
/usr/include/openssl/ssl23.h
/usr/include/openssl/ssl3.h
/usr/include/openssl/stack.h
/usr/include/openssl/store.h
/usr/include/openssl/symhacks.h
/usr/include/openssl/tls1.h
/usr/include/openssl/tmdiff.h
/usr/include/openssl/txt_db.h
/usr/include/openssl/ui.h
/usr/include/openssl/ui_compat.h
/usr/include/openssl/x509.h
/usr/include/openssl/x509_vfy.h
/usr/include/openssl/x509v3.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto.so
/usr/lib/libssl.a
/usr/lib/libssl.so
/usr/lib/pkgconfig/libcrypto.pc
/usr/lib/pkgconfig/libssl.pc
/usr/lib/pkgconfig/openssl.pc
[root@nuts]#
Posted January 7, 2009, 9:52 am
Thomas says:
Hi all,

please note that tcp_trace HAS to be set to FALSE!

inetadm -m svc:/network/nrpe/tcp:default tcp_trace=FALSE

Otherwhise SSL handshake will fail, even though the rest is OK.
Maybe a note should be added, as on some systems the default is TRUE, while on others it’s FALSE. For example using JASS to harden the system sets this to TRUE I guess.

The packages I have:

# pkginfo|egrep ‘(ssl|cry)’
system SUNWcry Crypt Utilities
system SUNWcryr Solaris Root Crypto
system SUNWopenssl-commands OpenSSL Commands (Usr)
system SUNWopenssl-libraries OpenSSL Libraries (Usr)
system SUNWopensslr OpenSSL (Root)

So, no need to compile SSL yourself, though the upstream Solaris package is outdated and unsecure!
Posted January 27, 2009, 8:14 am
Brendon says:
Just wanted to chime in and say that the information in this post is very useful! I had to do the “crle -l /usr/sfw/lib:…” as shown a couple of comments up, and I HAD to use the SSL libraries in /usr/sfw for some reason. The Sun Freeware libraries would cause the compile to error out. Thanks!
Posted January 28, 2009, 6:31 pm
stee says:
Hi, all

this configuration is good , but I add the directory nagios for user nagios and it seem to be well.So for me /usr/sfw/sbin/tcpd is not well but /usr/sbin/tcpd.

thanks very much for this doc
Posted February 9, 2009, 4:44 am
AdamD says:
Also wanted to thank you for the howto. After crle’ing the lib dirs the SSL handshake issue went away, now onto why the “NRPE: Unable to read output” on all the service checks.
I’ll post my findings, if it comes to it.
A
Posted February 20, 2009, 4:14 pm
AdamD says:
This was caused by forgetting to run make install after compiling nagios-plugins.
A
Posted February 20, 2009, 4:26 pm
Kevin Pendleton says:
AdamD – Thanks for coming back and posting the fix!
Posted February 20, 2009, 5:36 pm
karthikeyan says:
hi iam configuring nagios 2.4 and nagios plugin 1.4.2 in solaris 9 server , ( client machine ).
comilation went thru after some hicups ( which is solved by editing src/nrpe.c ) , fine. I could do make all ,
now iam able to telnet localhost 5666
if i run ./check_nrpe -H localhost iam getting error as

CHECK_NRPE: Response packet had invalid CRC32.

pls help any one.
Posted March 12, 2009, 5:10 am
karthikeyanP says:
hei, i cant run make install in nrepe 2.4

root@telsrv30 # make all
cd ./src/; make ; cd ..

*** Compile finished ***

If the NRPE daemon and client compiled without any errors, you
can continue with installation. The NRPE daemon and client
binaries are located in the src/ subdirectory.

** If this is your monitoring host **

– Copy the check_nrpe client to the directory that
contains your Nagios plugins.
– Create a command definition in your Nagios config
file for the NRPE client. See the README file for
more info on doing this.

** If this host will be running the NRPE daemon **

– Copy the nrpe daemon to /usr/sbin, /usr/local/nagios
or wherever you feel it fits best.
– Copy the sample nrpe.cfg config file to /etc,
/usr/local/nagios or wherever you feel it fits best.
– Modify the /etc/services file and configure NRPE to
run under inetd, xinetd, or as a standalone daemon.
See the README file for more info on doing this.

root@telsrv30 # make install
make: Fatal error: Don’t know how to make target `install’
root@telsrv30 #

pls help me
Posted March 12, 2009, 5:19 am
Kevin Pendleton says:
Going through the compile on Solaris 9 and you need to make the same change in src/nrpe.c to use the right log_facility. I had no problems with it finding the ssl libraries or headers.
Posted March 27, 2009, 11:10 am
thomas wong says:
If you get this error during compilation of nagios-plugin:
pst3.c:1: sorry, unimplemented: 64-bit mode not compiled in
*** Error code 1

Goto “..nagios-plugins-1.4.13/plugins-root/check_icmp”
Edit Makefile. Remove all the -m64
———
Tested on Solaris 10 1/06 s10x_u1wos_19a X86.
Using gcc 3.4.6 from sunfreeware
OpenSSL -0.9.8e
——–
root@XXX01 # ./check_icmp -H sgXXX01
OK – sgXXX01: rta 0.444ms, lost 0%|rta=0.444ms;200.000;500.000;0; pl=0%;40;80;;

Looks like it is working…Hope this is helpful
Posted April 2, 2009, 6:59 pm
HELP says:
–INTERNAL SERVER ERROR–

HOW TO install nagios?
#./configure
#gmake clean
#gmake all
#gmake install
…
ok?
Posted April 6, 2009, 7:16 pm
Blacky says:
Here’s the issues I ran into:
At first, the check_http would not run on my Solaris 10 x86, because it didn’t find libgcc and libssl (although both are present)
so I manually added following lines to /etc/init.d/nagios
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/sfw/lib:/usr/local/ssl/lib
export LD_LIBRARY_PATH

And the other issue is that check_swap is not being compiled, due to a bug listed in the BUGS readme-file included with nagios-plugins-1.4.13

I’m developing a shell-script to replace check_swap for the time being.

Anyone created a manifest for Solaris 10 yet?
Posted April 9, 2009, 5:59 am
Ian says:
Has anyone tried this:

install nagios&nrpe compiled on solaris 9 in solaris 10 and does it work?
Posted April 29, 2009, 11:53 am
Kevin Pendleton says:
Ian: I would suspect that would not work. You would need to recompile on 10.
Posted April 29, 2009, 11:56 am
Ian says:
Thanks…I think I am close to completing the installation, but….

I compiled and installed nrpe and nagios plugin on solaris 10, but at the last step I got this error from /var/log/syslog

Apr 29 14:54:30 valley.adm.ubc.ca nrpe.cfg -i[9588]: [ID 947420 mail.warning] refused connect from localhost

when I execute this command #>./check_nrpe -H localhost -n

I made sure localhost is in hosts.allow and even added localhost to allowed host list in nrpe.cfg, but no help..

any help is appreciated!
Posted April 29, 2009, 4:07 pm
Kevin Pendleton says:
What is the error you get on the command prompt when you run it? Do you have LOCAL in your /etc/hosts.allow file?
Posted April 29, 2009, 9:09 pm
Ian says:
—from remote box—-
-bash-3.00$ ./check_nrpe -H localhost -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

— from nagios box —
./check_nrpe -H [remote box ip] -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

telent to localhost 5666 works, telnet from nagios server works
Posted April 30, 2009, 10:35 am
Kevin Pendleton says:
Why are you using -n? Could you not get SSL to work?
Posted April 30, 2009, 11:04 am
Ian says:
I got it to work! There was several typographical errors I made
Posted May 5, 2009, 10:47 am
Kevin Pendleton says:
Thanks for coming back and letting us know!
Posted May 15, 2009, 2:12 pm
swede says:
Solaris 10 sparc
Whatever I compile I am running into SSL handshake with nrpe 2-12

My settings:
Installed openssl-0.9.8k-sol10-sparc-local

Changed the nrpe.c and check_nrpe to the SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”);

Changed the log_priv stuff on nrpe.c

./configure –with-ssl-lib=/usr/local/ssl/lib –with-ssl=/usr/local/ssl –without-mysql

The compile goes ok.. do all the make install stuff with no problem

refresh the nrpe service svcs refresh svc:/network/nrpe/tcp:default

libraries looks ok
# ldd /usr/local/nagios/libexec/check_nrpe
libssl.so.0.9.8 => /usr/local/ssl/lib/libssl.so.0.9.8
libcrypto.so.0.9.8 => /usr/local/ssl/lib/libcrypto.so.0.9.8
libnsl.so.1 => /lib/libnsl.so.1
libsocket.so.1 => /lib/libsocket.so.1
libc.so.1 => /lib/libc.so.1
libdl.so.1 => /lib/libdl.so.1
libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1
libmp.so.2 => /lib/libmp.so.2
libmd.so.1 => /lib/libmd.so.1
libscf.so.1 => /lib/libscf.so.1
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libgen.so.1 => /lib/libgen.so.1
libm.so.2 => /lib/libm.so.2
/platform/FJSV,GPUZC-M/lib/libc_psr.so.1
/platform/FJSV,GPUZC-M/lib/libmd_psr.so.1

# /usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error – Could not complete SSL handshake.

# /usr/local/nagios/libexec/check_nrpe -H localhost -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

also followed
1st install openssl package ( available on sunfreeware.com )
2nd crle -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib/
3rd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i
4th Check from nagios server check_nrpe -H solaris_ip

I have tried so many things and nothing works.
Posted May 20, 2009, 9:28 am
Kevin Pendleton says:
I assume you have verified the permissions on the config files so that the user you are running as can read them? Also, that you have LOCAL in your /etc/hosts.allow?
Posted May 20, 2009, 9:08 pm
swede says:
yes I have all permissions and LOCAL in the hosts.allow file…
I uncomment the printf statements in the check_nrpe… right below the handshake printf statement…

Not sure what they mean but maybe you know?

/usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error – Could not complete SSL handshake.
SSL_connect=0
SSL_get_error=5
ERR_get_error=0
error:00000005:lib(0):func(0):DH lib
Posted May 26, 2009, 8:39 am
swede says:
Just another note…
If I run it as a daemon on client
/usr/local/nagios/bin/nrpe -d -c /usr/local/nagios/etc/nrpe.cfg
I will get NRPE v2.12 on the clientbox but the port isn’t listening and I get the SSL handshake from the host.
Posted May 28, 2009, 7:21 am
swede says:
I am all set now… thanks for this forum… it helped me all lot…
once I deployed to other solaris 10 and followed this page it worked.. it must have been the machine
Posted May 29, 2009, 10:46 am
Woot says:
I have nagios running on Solaris 9. I have 1 client on solaris 9 and 6 running on solaris 10. And I am only having probs with this one solaris 10 server. The builds on all Sol 10 servers are the same – same release and patch revision.

I am experiencing the same error as swede:
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

No matter what command I run from the nagios server using check_nrpe, they all return “NRPE v2.12″

I have been beating my head on this one..thx
Posted June 2, 2009, 1:35 pm
Wanda says:
I have installed this on multiple other solaris 10 servers. All are working fine. However this one server (configured identical to the others) will not report the information.

I changed the setting in nrpe.cfg for debugging to be turned on. I am getting the following:

Return code: 1, Output: NRPE: Unable to read output.

when i run check_nrpe -H host check_load (or any other cmd), it returns NRPE v2.12
Posted June 2, 2009, 2:02 pm
woot says:
i have addressed the previously posted items.

On half of the filesystems that I am monitoring, I am getting the following error

CHECK_NRPE: Response packet had invalid CRC32

It is not occurring on any other monitors and I have compared the configuration with the files systems that I am able to monitor.

I turned on debugging in nrpe.cfg but it didn’t provide me with any additional information.
Posted June 2, 2009, 2:50 pm
Denis Patterson says:
Thanks for sharing the above infromation. Works on Solaris SPARC also. I used on Solaris 9 SPARC with Openssl (./configure -with-ssl=/usr/lccal/ssl -with-ssl-lib=/usr/local/ssl/lib and crle -u -l /usr/local/ssl/lib)
Posted June 5, 2009, 9:46 am
Installing nagios plugin and NRPE on Solaris 10 « Srinivasa Raju PVS says:
[...] August 19, 2009 Configuring Nagios Plugins & NRPE on Solaris 10 [...]
Posted August 19, 2009, 2:33 am
Solaris and NRPE « System Adm says:
[...] very nice guide to install NRPE and nagios-plugins on Solaris 10 can be found here [...]
Posted August 19, 2009, 11:16 am
Tarique says:
Very nice post and Thanks very much. I appreciate your work and sharing this public.
Posted August 23, 2009, 2:24 pm
Ruben says:
how to unzip the Nagios file once I download it in the sun Solaris 10 environment?
Posted September 2, 2009, 8:55 pm
Kevin Pendleton says:
That’s what these commands do:

gunzip nagios-plugins-1.4.11.tar.gz tar -xvf nagios-plugins-1.4.11.tar gunzip nrpe-2.12.tar.gz tar -xvf nrpe-2.12.tar
Posted September 3, 2009, 1:23 pm
Andrew says:
Hello,

I get this message, can you please advise how to include the lnet library.

ld: fatal: library -lnet: not found
ld: fatal: File processing errors. No output written to check_ldap
collect2: ld returned 1 exit status
gmake[2]: *** [check_ldap] Error 1
gmake[2]: Leaving directory `/apps/nagios/downloads/nagios-plugins-1.4.11/plugins’
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory `/apps/nagios/downloads/nagios-plugins-1.4.11′
gmake: *** [all] Error 2
Posted September 9, 2009, 8:10 pm
Kevin Pendleton says:
Andrew – you need to look at the end of the config.log to find the full error of the compile, that should lead you in the right direction.
Posted September 9, 2009, 10:02 pm
Rommel Duldulao says:
I having an issue when compiling nagios-plugins:

make: Fatal error: Command failed for target `all-recursive’
Current working directory /usr/local/src/nagios-plugins-1.4.11
*** Error code 1
make: Fatal error: Command failed for target `all’

I’ve also tried the latest nagios-plugins-1.4.13 same issue when I run “make”
Posted September 17, 2009, 3:23 am
Bala says:
Dear Kevin -

Thanks for the post. I have followed the instructions and it worked fine and
I am getting the following error
CHECK_NRPE: Error – Could not complete SSL handshake.

Following is my setup

I have /xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg –inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1
}

————————-
#crle

Configuration file [version 4]: /var/ld/ld.config
Default Library Path (ELF): /lib:/usr/lib:/usr/sfw:/usr/sfw/lib
Trusted Directories (ELF): /lib/secure:/usr/lib/secure (system default)

Command line:
crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/sfw:/usr/sfw/lib

I am not able to figure out what’s causing the error

Regards
bala
Posted September 17, 2009, 8:00 am
Kevin Pendleton says:
@Rommel: Check the logfile config.log to see what the real error is.

@Bala: There are quite a few articles helping troubleshoot handshake errors here:
http://support.nagios.com/knowledgebase/faqs/?section_id=4&expand=false&showdesc=true
Posted September 17, 2009, 10:14 am
Rommel Duldulao says:
@Kevin: The config.log has an exit status of 0 because the ./configure was successful, my issue was when I run “make”. I am using SUNWgcc not the gcc from Sunfreeware:

bash-3.00# pkginfo -l SUNWgcc
pkginfo -l SUNWgcc
PKGINST: SUNWgcc
NAME: gcc – The GNU C compiler
CATEGORY: system
ARCH: i386
VERSION: 11.10.0,REV=2005.01.08.01.09
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: GNU C – The GNU C compiler 3.4.3
PSTAMP: sfw10-patch-x20080723112505
Posted September 18, 2009, 1:50 am
m says:
I am having a problem at the last step:

# /usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Socket timeout after 10 seconds.

I read through and tried everything that were suggested by everyone. I still can’t get the correct result.

- I ran the configure
./configure –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib

- I checked the ipfilter,

- netstat -a | grep nrpe,

- increased the timeout to 30 seconds,

- did crle -l to set the lib for ssl,
# crle

Configuration file [version 4]: /var/ld/ld.config
Default Library Path (ELF): /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib:/usr/sfw/lib
Trusted Directories (ELF): /lib/secure:/usr/lib/secure (system default)

Command line:
crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib:/usr/sfw/lib

- added tcp 5666 port to /etc/services,

- added the line for /etc/inet/inetd.conf,

- left /usr/local/nagios/etc/nrpe.cfg unchanged

everything was set exactly like it should be.

Anyone out there who experienced the same problem? How can I fix this.

~mark
Posted November 19, 2009, 3:52 pm
m says:
I am running nrpe daemon on Solaris 10 sparc machine

I also checked out

http://support.nagios.com/knowledgebase/faqs/?section_id=4&expand=false&showdesc=true

There were no solution to my problem. I know people have posted this problem before but please follow up how you fixed it. Thanks!

~mark
Posted November 19, 2009, 3:57 pm
Lambert says:
While running /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d everything works fine (at my environment). When setting up using the inetadm method the daemon started but I recieved the SSL Handshake error. When looking at the /var/adm/messages log there were errors stating chdir failed:

Nov 25 19:49:53 unknown inetd[16366]: [ID 702911 daemon.error] Failed to set credentials for the inetd_start method of instance svc:/network/nrpe/tcp:default (chdir: No such file or directory)

I created an home directory for the nagios user:

mkdir /export/home/nagios
chown nagios:nagios /export/home/nagios

and changed the /etc/passwd to set /export/home/nagios as home directory for the nagios user.

I also changed the entry nrpe in /etc/hosts.allow to:
nrpe: localhost, : allow

then svcadm restart svc:/network/nrpe/tcp:default

The error message in /var/adm/messages is gone and check_nrpe is working.
Posted November 25, 2009, 1:01 pm
Lambert says:
strange, the /etc/hosts.allow entry does not show up like I entered it. Should be:
nrpe: localhost,ip-address-of-nagios-server : allow
Posted November 25, 2009, 1:03 pm
Stephen LuShing says:
I am getting this error when compiling the plugin for a Solaris 10:

/bin/bash ../libtool –tag=CC –mode=link gcc -m64 -g -O2 -m64 -L. -L/usr/local/ssl/lib -o pst3 pst3-pst3.o -lpthread -ldl
gcc -m64 -g -O2 -m64 -o pst3 pst3-pst3.o -L/export/home/netsml/nagios-plugins-1.4.14/plugins-root -L/usr/local/ssl/lib -lpthread -ldl
Undefined first referenced
symbol in file
rpl_open pst3-pst3.o
ld: fatal: Symbol referencing errors. No output written to pst3
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `pst3′
Current working directory /export/home/netsml/nagios-plugins-1.4.14/plugins-root
*** Error code 1
make: Fatal error: Command failed for target `all-recursive’
Current working directory /export/home/netsml/nagios-plugins-1.4.14
*** Error code 1
make: Fatal error: Command failed for target `all’
#

Any ideas on why as I google and did not find anything.

Thanks in advance

steve
Posted February 2, 2010, 8:51 am
Kevin Pendleton says:
Stephen, check your config.log for more details on why the compile failed.
Posted February 2, 2010, 3:50 pm
Stephen LuShing says:
I looked at the config.log and see a reference :

configure:25845: checking for ps
configure:25863: found /usr/bin/ps
configure:25875: result: /usr/bin/ps
configure:25884: checking for ps syntax
configure:25940: result: using nagios-plugins internal ps command (pst3) for solaris
configure:25945: using 64bit pst3

My question – why the nagios cannot use the regular ps command in solaris 10. Are there any other way around this.

thanks in advance.
Posted February 4, 2010, 2:43 pm
Kevin Pendleton says:
There could be lots of reasons for doing that, most likely their version produces standard results across multiple operating systems. You’re bound to see lots of things like that and even some errors, but if it keeps going, that’s probably not the problem. Start at the bottom of the file and go up. Most likely that error is the one giving you trouble.
Posted February 5, 2010, 10:38 pm
Andy Fry says:
Hi,

For some reason when we compiled nrpe, it would not find the ssl libs at runtime.

The fix we came up with was to alter the configure file at line6686 from

LDFLAGS=”$LDFLAGS -L$ssllibdir”;

To

LDFLAGS=”$LDFLAGS -L$ssllibdir -R$ssllibdir”;

Works a treat now

Thanks

Andy
Posted February 11, 2010, 6:33 pm
Marc says:
I use the packages from sunfreeware.org. The don’t seem to have NRPE, so this page was very useful.

I got the error:
ld.so.1: nrpe: fatal: libssl.so.0.9.8: open failed: No such file or directory

OpenSSL was in the package SMCossl fixed this using.
./configure –with-ssl=/usr/local/ssl -with-ssl-lib=/usr/local/ssl/lib

Still got the error, only way to fix this was in the /lib dir of solaris:
ln -s /usr/local/ssl/lib/libssl.so.0.9.8
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.8
Posted March 8, 2010, 4:54 am
Shashi says:
Kevin/Marc,

I am new to nagios. I am trying to install nrpe2.12 on solaris 10. I am having the same issue:

ld.so.1: nrpe: fatal: libssl.so.0.9.8: open failed: No such file or directory

I followed all the steps Kevin suggested but I am still getting the same error.

Mark: you are creating a softlink for libssl to what??

Could you please help
Posted March 24, 2010, 6:16 am
Ed says:
Just been battling to get a fully-functional Nagios 3.2.1 with NPRE 1.4.14 build working on Solaris 10… have also hit the openssl linking problem.
I happen to consider that using “crle” to globally override the system runtime linker path is a *very bad* idea. It’s like setting a global LD_LIBRARY_PATH value.

The problem is that the generated Makefiles don’t specify -R/usr/local/ssl/lib to the linker command arguments, so that correct RPATH is not compiled in to the binaries (but it does somehow manage to use -R correctly for everything else!), the result being an incompletely-linked binary:
$ ldd /opt/nagios/libexec/check_http
…
libssl.so.0.9.8 => (file not found)
libcrypto.so.0.9.8 => (file not found)
…

My solution then is to specify -R in LDFLAGS at configure time, ie.

$ LDFLAGS=-R/usr/local/ssl/lib ./configure –prefix=/opt/nagios –with-mysql=/opt/coolstack/mysql_32bit –with-ssl=/usr/local/ssl
and after a “gmake install” voila:
$ ldd /opt/nagios/libexec/check_http
…
libssl.so.0.9.8 => /usr/local/ssl/lib/libssl.so.0.9.8
libcrypto.so.0.9.8 => /usr/local/ssl/lib/libcrypto.so.0.9.8
…
Regards, Ed.
Posted June 25, 2010, 6:03 am
Ed says:
I discovered that I also had a similar problem with “statusmap.cgi” in my nagios-3.2.1 install, the graphical maps didn’t work because it couldn’t find libgd.so and libiconv.so

Solved in the same way using:
$ LDFLAGS=-R/usr/local/lib ./configure –prefix=/opt/nagios
Posted June 25, 2010, 6:50 am
Stephen LuShing says:
I have a Solaris 10 server (SunOS sobanwap1 5.10 Generic_142900-13 sun4v sparc SUNW,Sun-Fire-T200) and I am trying to compile the Nagios Plugin (nagios-plugins-1.4.15) as I got this error:

../lib/libnagiosplug.a ../gl/libgnu.a -lnsl -lsocket -lresolv -lssl -lcrypto -lpthread -ldl
libtool: link: gcc -DNP_VERSION=\”1.4.15\” -g -O2 -o check_http check_http.o sslutils.o netutils.o utils.o -L/export/home/netsml/nagios/nagios-plugins-1.4.15/plugins -L/usr/local/ssl/lib ../lib/libnagiosplug.a ../gl/libgnu.a -lnsl -lsocket -lresolv -lssl -lcrypto -lpthread -ldl
Undefined first referenced
symbol in file
OpenSSL_add_all_algorithms sslutils.o
ld: fatal: Symbol referencing errors. No output written to check_http
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `check_http’
Current working directory /export/home/netsml/nagios/nagios-plugins-1.4.15/plugins
*** Error code 1
The following command caused the error:
failcom=’exit 1′; \
for f in x $MAKEFLAGS; do \
case $f in \
*=* | –[!k]*);; \
*k*) failcom=’fail=yes’;; \
esac; \
done; \
dot_seen=no; \
target=`echo all-recursive | sed s/-recursive//`; \
list=’gl tap lib plugins plugins-scripts plugins-root po’; for subdir in $list; do \
echo “Making $target in $subdir”; \
if test “$subdir” = “.”; then \
dot_seen=yes; \
local_target=”$target-am”; \
else \
local_target=”$target”; \
fi; \
(cd $subdir && make $local_target) \
|| eval $failcom; \
done; \
if test “$dot_seen” = “no”; then \
make “$target-am” || exit 1; \
fi; test -z “$fail”
make: Fatal error: Command failed for target `all-recursive’
Current working directory /export/home/netsml/nagios/nagios-plugins-1.4.15
*** Error code 1
make: Fatal error: Command failed for target `all’

I install the latest openssl from SUNFREEWARE and the path is correct:

echo $LD_LIBRARY_PATH
/usr/lib:/usr/local/lib:/usr/local/ssl/lib:/usr/ccs/lib:

Not sure where the problem is. Any help would be appreciated
Posted September 23, 2010, 12:46 pm
Stephen LuShing says:
I resolve the problem I had as I needed to install the openssl package deom sunfreewae (the Sun version was not working correctly) and also needed to link the libintl.so library since I have UTF8 in the kernel.
Posted September 23, 2010, 2:25 pm
Kiran Kishore says:
HI Kevin,

I am getting the below error, when trying to configure nagios-plugin-1.4.14

bash-2.05# uname -a
SunOS hyd-app2 5.9 Generic_118558-28 sun4u sparc SUNW,Sun-Fire-V240

bash-2.05# cd nagios-plugins-1.4.14
bash-2.05# PATH=$PATH:/usr/sbin:/usr/sfw/bin:/usr/ccs/bin
bash-2.05# ./configure –without-mysql
checking for a BSD-compatible install… build-aux/install-sh -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… build-aux/install-sh -c -d
checking for gawk… no
checking for mawk… no
checking for nawk… nawk
checking whether make sets $(MAKE)… yes
checking build system type… sparc-sun-solaris2.9
checking host system type… sparc-sun-solaris2.9
checking for gcc… no
checking for cc… no
checking for cl.exe… no
configure: error: no acceptable C compiler found in $PATH
See `config.log’ for more details.

Can you please help me on how to proceed further.

Thanks in advance ……
Posted November 30, 2010, 3:50 am
Kevin Pendleton says:
Kiran – You need to install gcc or another compiler in order to compile the source code into the needed binaries.
Posted November 30, 2010, 10:47 am
ryan says:
nice guide.

Solution for ld.so.1: check_nrpe: fatal: libssl.so.0.9.7: open failed: No such file or directory
ln -s /usr/sfw/lib/libssl.so.0.9.7 /usr/lib

Solution for ld.so.1: check_nrpe: fatal: libcrypto.so.0.9.7: open failed: No such file or directory
ln -s /usr/sfw/lib/libcrypto.so.0.9.7 /usr/lib

solution for Could not complete SSL handshake..
create home directory for user nagios

[root@localhost libexec]# ./check_nrpe -H localhost
NRPE v2.12

done.

reference from: http://forums.meulie.net/viewtopic.php?t=1892
Posted December 21, 2010, 9:27 pm
Nagios Nrpe-”klient” OpenIndiana » Tobias Mörtlund says:
[...] log_facility=LOG_AUTH; else if(!strcmp(varvalue,”ftp”)) log_facility=LOG_DAEMON; (Källa: http://www.utahsysadmin.com/2008/03/14/configuring-nagios-plugins-nrpe-on-solaris-10/) # make all # make install-plugin # make install-daemon # make [...]
Posted July 6, 2011, 6:42 am
Nagios Nrpe-plugin i OpenIndiana » Tobias Mörtlund says:
[...] log_facility=LOG_AUTH; else if(!strcmp(varvalue,”ftp”)) log_facility=LOG_DAEMON; (Källa: http://www.utahsysadmin.com/2008/03/14/configuring-nagios-plugins-nrpe-on-solaris-10) # make all # make [...]
Posted July 6, 2011, 7:34 am
RenuKumar says:
I am getting error while compiling plugins
configure: using 64bit pst3
configure: compiler do not like -m64
configure: compiler do not like -xarch=v9
configure: compiler do not like -xarch=amd64
configure: error: I don’t know how to build a 64-bit object!

Any clue how to fix?
Posted August 9, 2011, 7:13 am
Gaurav Kumar says:
Excellent Tutorial! Worked like a charm!
Posted August 12, 2011, 6:59 am
Dave K says:
i had the same pst3 problem:

configure gave

configure: using 64bit pst3
configure: compiler do not like -m64
configure: compiler do not like -xarch=v9
configure: compiler do not like -xarch=amd64
configure: error: I don’t know how to build a 64-bit object!

checked how I got fixed this before:

was using gcc out of /usr/local/bin

Reading specs from /usr/local/lib/gcc/i386-pc-solaris2.10/3.4.6/specs
Configured with: ../configure –with-as=/usr/ccs/bin/as –with-ld=/usr/ccs/bin/ld –enable-shared –enable-languages=c,c++,f77
Thread model: posix
gcc version 3.4.6

changed to /usr/sfw/bin

Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure –prefix=/usr/sfw –with-as=/usr/sfw/bin/gas –with-gnu-as –with-ld=/usr/ccs/bin/ld –without-gnu-ld –enable-languages=c,c++ –enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)

I’m going to guess that the newer version of the compiler I have doesn’t understand -m64 ?
Posted September 6, 2011, 2:10 pm
ag says:
Confirm that your time is accurate on both hosts as this may also cause you issues.

You can typicaly update this with ntpdate -u time-a.nist.gov
Posted September 27, 2011, 7:02 pm
Sukanta says:
For Andrew :

ndrew says:
Hello,

I get this message, can you please advise how to include the lnet library.

ld: fatal: library -lnet: not found
ld: fatal: File processing errors. No output written to check_ldap
collect2: ld returned 1 exit status
gmake[2]: *** [check_ldap] Error 1
gmake[2]: Leaving directory `/apps/nagios/downloads/nagios-plugins-1.4.11/plugins’
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory `/apps/nagios/downloads/nagios-plugins-1.4.11′
gmake: *** [all] Error 2

Install libnet from sunfreeware should solve the problem….
Posted October 23, 2011, 12:33 pm
Hans Andersen Yu says:
Hi, I have problems when trying to “make all”

$ make all
cd ./src/; make ; cd ..
gcc -g -O2 -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include -DHAVE_CONFIG_H -o nrpe nrpe.c utils.c -L/usr/local/ssl/lib/ -lssl -lcrypto -lnsl -lsocket ./snprintf.o -liberty
nrpe.c: In function `main’:
nrpe.c:211: warning: assignment discards qualifiers from pointer target type
nrpe.c:244: warning: assignment makes pointer from integer without a cast
ld: warning: global symbol `_END_’ has non-global binding:
(file /usr/local/ssl/lib//libssl.so value=LOCL);
ld: warning: global symbol `_START_’ has non-global binding:
(file /usr/local/ssl/lib//libssl.so value=LOCL);
ld: warning: global symbol `_END_’ has non-global binding:
(file /usr/local/ssl/lib//libcrypto.so value=LOCL);
ld: warning: global symbol `_START_’ has non-global binding:
(file /usr/local/ssl/lib//libcrypto.so value=LOCL);
Undefined first referenced
symbol in file
get_dh512 /var/tmp//ccp2Ohgi.o
ld: fatal: Symbol referencing errors. No output written to nrpe
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `nrpe’
Current working directory /tmp/nrpe-2.12/src
*** Error code 1
make: Fatal error: Command failed for target `all’
$

Do you guys think i need to tweak something?
THanks
Posted October 24, 2011, 12:50 am
Hugo says:
Hi all,

I got an error during “make” execution. The “configure” step was finished with exit status 0.

…
make[2]: Entering directory `/home/nagios/nagios-plugins-1.4.15/plugins’
/bin/bash ../libtool –tag=CC –mode=link gcc -DNP_VERSION=’”1.4.15″‘ -g -O2 -L. -L/usr/local/ssl/lib -o check_http check_http.o sslutils.o netutils.o utils.o ../lib/libnagiosplug.a ../gl/libgnu.a -lnsl -lsocket -lresolv -lpthread -ldl
libtool: link: gcc -DNP_VERSION=\”1.4.15\” -g -O2 -o check_http check_http.o sslutils.o netutils.o utils.o -L/home/nagios/nagios-plugins-1.4.15/plugins -L/usr/local/ssl/lib ../lib/libnagiosplug.a ../gl/libgnu.a -lnsl -lsocket -lresolv -lpthread -ldl
Undefined first referenced
symbol in file
SSL_load_error_strings sslutils.o
SSL_write sslutils.o
OpenSSL_add_all_algorithms sslutils.o
SSL_set_fd sslutils.o
SSL_free sslutils.o
SSL_read sslutils.o
SSLv23_client_method sslutils.o
SSL_new sslutils.o
SSL_CTX_new sslutils.o
SSL_connect sslutils.o
SSL_shutdown sslutils.o
SSL_CTX_free sslutils.o
SSL_library_init sslutils.o
ld: fatal: symbol referencing errors. No output written to check_http
collect2: ld returned 1 exit status
make[2]: *** [check_http] Error 1
make[2]: Leaving directory `/home/nagios/nagios-plugins-1.4.15/plugins’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/nagios/nagios-plugins-1.4.15′
make: *** [all] Error 2

SunOS gtt-dev 5.10 Generic_147441-01 i86pc i386 i86pc

I’ll be glad to see any suggestions. Thanks
Posted October 24, 2011, 5:54 am
Hugo says:
Hi again,

The problem “Undefined first referenced symbol in file SSL_load_error_strings sslutils.o …” was solved by using the following options with “configure”:

$ ./configure –with-openssl=/usr/local/ssl –with-mysql=/usr/sfw/bin
then clean and compile again using “gmake”
$ gmake clean
$ gmake

Thanks
Posted October 25, 2011, 2:20 am
NRPE 2.13 Available « Nagios Labs says:
[...] labs, the allowed_hosts directive in the nrpe.cfg file now allows IPv4 subnets. Also, thanks to a post by Kevin Pendleton at UtahSysAdmin.com, NRPE now compiles on Solaris [...]
Posted November 11, 2011, 1:51 pm
chethan sk says:
i tried to install nagios plugins and nrpe plugins in solaris10

root@andd139 # netstat -a | grep nrpe
*.nrpe *.* 0 0 49152 0 LISTEN

root@andd139 # /usr/local/nagios/libexec/check_nrpe -H localhost bash: /usr/local/nagios/libexec/check_nrpe: No such file or directory

am getting no such file or directory, please do resolve this
Posted December 19, 2011, 2:03 am
Kevin Pendleton says:
Chethan:

The binary check_nrpe will be installed to whichever directory you specified. Try typing:

which check_nrpe

to see if it is in your path.

Kevin
Posted December 19, 2011, 4:52 pm
chethan sk says:
i got this error , after inetconv

bash-3.00# inetconv
inetconv: Notice: Service manifest for 100235/1 already generated as /var/svc/manifest/network/rpc/100235_1-rpc_ticotsord.xml, skipped
inetconv: Notice: Service manifest for tftp already generated as /var/svc/manifest/network/tftp-udp6.xml, skipped
nrpe -> /var/svc/manifest/network/nrpe-tcp.xml
Importing nrpe-tcp.xml …Done
inetconv: Error /etc/inet/inetd.conf line 29 too few fields, skipped
Posted December 21, 2011, 5:39 am
chethan sk says:
am getting this error
bash-3.00# /usr/local/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error – Could not complete SSL handshake.

Please do resolve this
Posted December 21, 2011, 7:49 am
chethan sk says:
Will the above steps works for solaris 8 ..?
Posted January 3, 2012, 11:16 pm
Ewan says:
I have exactly the same problem as Hans Andersen Yu outlined above with Solaris 10. None of the advice above appears to fix this. Are there any other suggestions?
Posted January 18, 2012, 9:36 am
david.chang says:
http://nagiosplugins.org/book/export/html/1

configure: error: I don’t know how to build a 64-bit object!

you can check the website , it will be very helpful for this issue.

Solaris systems restrict the information that is available when you run ps. On other Unix systems, running ps will list you the entire arguments, but Solaris restricts the arguments to the first 64 characters at the kernel.

This is a problem if you need to access the arguments to find out a specific process (common for listing java programs).

/usr/ucb/ps does list the full arguments, but only for your own processes. If you are root, then running /usr/ucb/ps can get the full arguments for all processes. However, the columns for RSS and VSZ merge together when the values are too large and check_procs cannot pull the value out correctly.

The chosen approach is to create our own ps-like command, pst3. This outputs the required information in a known format for check_procs to parse. This is the default if you run ./configure on a Solaris system.

Because pst3 needs access to some kernel structures, it needs to be compiled in 32 and 64 bit modes.

If you are comfortable with the limitations, it is possible to use a Solaris ps command by specifying these options to ./configure:

–with-ps-command=”/usr/bin/ps -eo ’s uid pid ppid vsz rss pcpu etime
comm args’” \
–with-ps-format=”%s %d %d %d %d %d %f %s %s %n” \
–with-ps-cols=10 \
–with-ps-varlist=”procstat,&procuid,&procpid,&procppid,\
&procvsz,&procrss,&procpcpu,procetime,procprog,&pos”

(The with-ps-varlist should be on one line – separated here for readability).
Posted February 2, 2012, 1:39 am
david.chang says:
http://tarique21.wordpress.com/2009/08/23/binding-nrpe-with-inetdxinetd-on-solaris-10/

pls check the website to fix the issue like below…works for me .

CHECK_NRPE: Error – Could not complete SSL

(should return version information):

/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12
You may get CHECK_NRPE: Error – Could not complete SSL handshake. A quick solution to this either Download and install the SUNWcry and SUNWcryr packages, but they are export controled. (You are looking for the /usr/sfw/lib/libssl_extras.so.X.Y.Z library) or change line 222 of src/nrpe.c like this: – SSL_CTX_set_cipher_list(ctx,”ADH”); + SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”); and recompile.
Posted February 3, 2012, 3:01 am

Configuring Nagios Plugins & NRPE on Solaris 10

118 Comments

Leave a reply

Search

Tools

Categories:

Archives: