nrpe: Host is not allowed to talk to us

Question

I installed nrpe on new servers. Nagios is already running and checking other server (I haven't installed).

I've got several error lines in my syslog file :

Oct 31 15:17:01 myservername nrpe[41848]: Host nagios_ip is not allowed to talk to us!

My nrpe.cfg file includes the following line :

allowed_hosts=nagios_ip

What am I doing wrong ?

(with nagios_ip the actual IP for my nagios server)

Have you tried restarting the nrpe service on the target server? — norrland, Oct 31 '13 at 14:45
Also. Check nrpe.conf for whitespaces after allowed_hosts=. In vim :set list — norrland, Oct 31 '13 at 14:54

score 6 · Accepted Answer · answered Jul 01 '15 at 15:09

6

Had the same entry in my syslog. Editing /etc/nagios/nrpe.cfg and enter missing IP will fixed it at all.

allowed_hosts=1.2.3.4/24,127.0.0.1

After editing you have to restart or even reload nrpe deamon.

/etc/init.d/nagios-nrpe-server reload

Check if it is all fine with your configuration. Syslog should have an entry like this:

Allowing connections from: 1.2.3.4/24,127.0.0.1

I advise you not to add user nagios to sudoers because of security issues.

answered Jul 01 '15 at 15:09

JaMaBing

176
1
3

"I advise you not to add user nagios to sudoers because of security issues." Could you elaborate on this? – gxx Dec 09 '15 at 20:57

ZalemCitizen · Answer 2 · 2016-08-03T16:17:27.210

A lot of how-to's here and there ask you to allow your monitoring server IP like this in your host's /etc/nagios/nrpe.cfg :

allowed_hosts=127.0.0.1, 1.2.3.4

On some distribs (Ubuntu 14.04 LTS for instance), it's working. On other (Ubuntu 12.04 LTS - tested on Microsoft Azure in my case), it does not.

Just remove the space before second IP :

allowed_hosts=127.0.0.1,1.2.3.4

Then, of course, restart your host's nrpe service :

$ service nagios-nrpe-server restart

score 2 · Answer 3 · answered Oct 31 '13 at 15:14

2

I found the solution, but the error message is totally misleading. The user nagios has to be in the suders...

/etc/sudoers:

nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/

answered Oct 31 '13 at 15:14

Jean-Philippe Caruana

199
1
1
7

3

this is not correct at all, actually – Keith Oct 31 '13 at 18:02
3

well, this solved the problem at once. Could you be more specific ? – Jean-Philippe Caruana Nov 04 '13 at 09:16
One should definitely not do this. The nagios user should not have super permissions. Use the answer from @JaMaBing – David Baucum Oct 26 '18 at 04:13

score 0 · Answer 4 · answered Aug 11 '22 at 06:41

0

I am having the same issue. However, this was previously working fine. there is no whitespace in my allowed_hosts line. However when I run systemctl status nrpe it shows that it is only allowing connections from 127.0.0.1.,::1 Issue only started recently

answered Aug 11 '22 at 06:41

Johnathan Rubinsky

1

This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://serverfault.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://serverfault.com/help/whats-reputation), you can also [add a bounty](https://serverfault.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/527445) – Swisstone Aug 12 '22 at 04:38

score 0 · Answer 5 · answered Dec 09 '15 at 17:13

0

You do not want to add nagios to your sudoers file. If you're nagios server is in allowed_hosts but you're still getting this error, the following work flow will probably fix it (at least it did with mine):

sudo@host: ls -l /usr/lib/nagios/plugins/ if any are -rwxr-x-r-x then

sudo@host: chmod 777 /usr/lib/nagios/plugins/* sudo@host: /etc/init.d/nagios-nrpe-server reload

then to check, do on your nagios server

/usr/lib/nagios/plugins/check_nrpe -H <server>

Good Luck!

answered Dec 09 '15 at 17:13

A.C

9
1

`chmod 777` is a quite bad advice; making all the files world write-/read-/executable? Really...? – gxx Dec 09 '15 at 20:56
"You do not want to add nagios to your sudoers file." Could you elaborate on this? – gxx Dec 09 '15 at 20:57
you're making these perl/python/bash scripts that check system information rwx by everyone instead of giving **sudo** access to a user. If you don't understand how sudo works, or what it is I encourage you to google it. if you're worried about it, `chmod 755` – A.C Dec 10 '15 at 18:23
Thanks for your comment; I'm appreciating your hints...good to see, that _you_ are in fact quite clueless what's possible with `sudo`, and how to limit access. Just giving a user access to `sudo` doesn't mean anything, in contrast to your `chmod 777`. – gxx Dec 10 '15 at 18:32

score 0 · Answer 6 · answered Jul 22 '16 at 01:17

I just ran into this problem myself. The way I fixed it was to remove all of the whitespace from the allowed_hosts line. This is on nrpe 2.12 that's shipping on ubuntu 12.04. There is some documentation that indicated you should use ', ' for the field delimiter, however that does not appear to be the case.

nrpe: Host is not allowed to talk to us

6 Answers6