1

I see two different places where I can configure which Nagios server my NRPE clients will speak with.

The first one, while configuring NRPE to run under xinetd:

only_from       = 127.0.0.1 mon1.company.com

The second one, in the /etc/nagios/nrpe.cfg file:

allowed_hosts=127.0.0.1,mon1.company.com

My question is:

  1. Incase both are configured (nrpe.cfg and xinetd/nrpe) - Which configuration is stronger? Meaning, which one will override the other?
  2. If they do not override each other, should they both be configured?
Itai Ganot
  • 10,424
  • 27
  • 88
  • 143

1 Answers1

1
  1. If you configure both (and really use NRPE from xinetd), the xinetd configuration is stronger in the sense that a NRPE process will never be spawned if the originating host didn't match, so the configuration you do in the NRPE config fill will never be evaluated.
  2. I don't see a reason to do this. It might be a very little bit stronger, but you also increase the chance for misconfigurations. However, you have to be careful if you decide to drop xinetd in favor of a daemon mode for NRPE.
Sven
  • 97,248
  • 13
  • 177
  • 225
  • I found old servers in my company which both directives are configrued but NRPE is not responding there from the Nagios server, so i thought it could be problematic and worth a question.. thanks. – Itai Ganot Dec 02 '14 at 13:27