Nmap Development mailing list archives
Re: [NSE] NRPE query script
From: David Fifield <david () bamsoftware com>
Date: Thu, 30 Dec 2010 13:51:16 -0800
On Tue, Dec 14, 2010 at 05:22:30PM -0600, Mak Kolybabi wrote:
I am submitting the attached script for (hopefully) inclusion into Nmap. This script queries Nagios NRPE daemons, and returns the results from the plugins. The list of commands that it attempts to execute are the ones enabled by default if you compile from source. The list of commands can be overridden by a script-arg. Comments, concerns, criticism, and testing are appreciated.
I tested this by installing the Debian packages nagios-nrpe-plugin, nagios-nrpe-server, nagios-plugins-basic, and nagios-plugins-standard. I had trouble because the server was using SSL but the script wasn't. Here's the output in daemon.log: Dec 30 08:50:00 debian nrpe[17694]: Error: Network server getpeername() failure (107: Transport endpoint is not connected) Dec 30 08:50:00 debian nrpe[17694]: Cannot remove pidfile '/var/run/nrpe.pid' - check your privileges. Dec 30 08:50:00 debian nrpe[17694]: Daemon shutdown Dec 30 08:50:00 debian nrpe[17697]: Error: Could not complete SSL handshake. 1 Dec 30 08:50:00 debian nrpe[17699]: Error: Could not complete SSL handshake. 1 Dec 30 08:50:00 debian nrpe[17701]: Error: Could not complete SSL handshake. 1 Dec 30 08:50:00 debian nrpe[17703]: Error: Could not complete SSL handshake. 1 Dec 30 08:50:00 debian nrpe[17705]: Error: Could not complete SSL handshake. 1 And here's Nmap's output: NSE: Starting 'nrpe-enum' (thread: 0x2266390) against 127.0.0.1:5666. NSE: Can't read NRPE response: ERROR NSE: Can't read NRPE response: ERROR NSE: Can't read NRPE response: ERROR NSE: Can't read NRPE response: ERROR NSE: Can't read NRPE response: ERROR NSE: Finished 'nrpe-enum' (thread: 0x2266390) against 127.0.0.1:5666. Running with -sV and detecting SSL doesn't help. If I make this patch: --- scripts/nrpe-enum.nse +++ scripts/nrpe-enum.nse @@ -152,7 +152,7 @@ local nrpe_check = function(host, port, cmd) -- Create socket. local sock = nmap.new_socket("tcp") sock:set_timeout(2000) - local status, err = sock:connect(host, port) + local status, err = sock:connect(host, port, "ssl") if not status then stdnse.print_debug(1, "Can't connect: %s", err) sock:close() I then get this output: PORT STATE SERVICE REASON 5666/tcp open nrpe syn-ack | nrpe-enum: | Command State Response | check_hda1 CRITICAL DISK CRITICAL - /dev/hda1 is not accessible: No such file or directory | check_load OK OK - load average: 0.04, 0.05, 0.01|load1=0.040;15.000;30.000;0; load5=0.050;10.000;25.000;0; load15=0.010;5.000;20.000;0; | check_total_procs WARNING PROCS WARNING: 192 processes | check_users WARNING USERS WARNING - 7 users currently logged in |users=7;5;10;0 |_check_zombie_procs OK PROCS OK: 0 processes with STATE = Z What do you think, is there a good way to make this work? I notice that the check_nrpe command has a -n option for "no SSL." Using that option makes the commands fail for me in the same way. $ /usr/lib/nagios/plugins/check_nrpe -H localhost -c check_total_procs PROCS WARNING: 194 processes $ /usr/lib/nagios/plugins/check_nrpe -n -H localhost -c check_total_procs CHECK_NRPE: Error receiving data from daemon. Please use the copy of the script I have renamed and attached. It's changed to work with some changes to tab.lua I made today. David Fifield
Attachment:
nrpe-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] NRPE query script Mak Kolybabi (Dec 14)
- Re: [NSE] NRPE query script David Fifield (Dec 30)