[Bug 1888184] [NEW] nagios-nrpe-server-4 is creating incorrect log spam

JP Vossen Sun, 19 Jul 2020 22:31:01 -0700

Public bug reported:

Server: Debian 10 (buster), nagios-nrpe-plugin-3.2.1-2
Node: Linux Mint 20 (Ulyana), using Ubuntu Focal, 
nagios-nrpe-server-4.0.0-2ubuntu1


Icinga1 server on Debian monitoring a bunch of LinuxMint-19.3, using protocol 
v3, and working just fine since last year.  I just built 2x new install 
Mint-20.0 nodes and on *both* of them, for every single `check_nrpe` from the 
server to the node, the node spams its logs with:
* Jul 19 22:02:56 node nrpe[13152]: Error: (use_ssl == true): Request packet 
version was invalid!
* Jul 19 22:02:56 node nrpe[13152]: Could not read request from client 
192.168.1.11, bailing out...
* Jul 19 22:02:56 node nrpe[13152]: INFO: SSL Socket Shutdown.

And the server spams its logs with:
* Jul 19 22:02:05 server check_nrpe: Remote 192.168.1.120 does not support 
Version 3 Packets

Yet despite all of that noise, the checks actually work just fine.

Expected: the checks using nrpe-v3 should Just Work with no incorrect log spam
What happens: the nrpe-v3 checks work but spam the logs on both sides

Nice-to-have: any clues on how to cut down the log spam until the fix is 
released.
Using `/etc/nagios/nrpe.d/node.cfg` to set `debug=1` or `debug=0` works to turn 
debugs logs on and off, but that has no effect on the rest of the spam.

Server side sanity checks:
```
$ /usr/lib/nagios/plugins/check_nrpe -H node-mint20.0 -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).

$ /usr/lib/nagios/plugins/check_nrpe -H node-mint20.0 -2     # (NO LOG SPAM)
NRPE v4.0.0

$ /usr/lib/nagios/plugins/check_nrpe -H node-mint20.0        # (v3 STILL WORKS, 
but with log spam)
NRPE v4.0.0


$ /usr/lib/nagios/plugins/check_nrpe -H node-mint19.3
NRPE v3.2.1
```

SERVER side test run, with deliberate errors to bracket the logs:
```
[root@drake:T1:L1:C4975:J0:2020-07-20_01:02:04_EDT]
/root# /usr/lib/nagios/plugins/check_nrpe -H node -c check_load_start
NRPE: Command 'check_load_start' not defined

[root@drake:T1:L1:C4976:J0:2020-07-20_01:02:07_EDT]
/root# /usr/lib/nagios/plugins/check_nrpe -H node -c check_load
OK - load average: 0.33, 0.14, 0.05|load1=0.330;3.000;5.000;0; 
load5=0.140;2.000;4.000;0; load15=0.050;2.000;4.000;0; 

[root@drake:T1:L1:C4976:J0:2020-07-20_01:02:12_EDT]
/root# /usr/lib/nagios/plugins/check_nrpe -H node -c check_end
NRPE: Command 'check_end' not defined
```

NODE side debug log, notes the errors, note the LOG SPAM, note the check still 
runs:
```
Jul 20 01:01:52 node systemd[1]: nagios-nrpe-server.service: Succeeded.
Jul 20 01:01:52 node nrpe[18424]: Added 
command[check_ntp_peer]=/usr/lib/nagios/plugins/check_ntp_peer -H localhost
Jul 20 01:01:52 node nrpe[18424]: Added 
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 325 -c 360
Jul 20 01:01:52 node nrpe[18424]: Added 
command[check_disks]=/usr/lib/nagios/plugins/check_disk -w 15% -c 8% -l -X 
tmpfs -X udev -X usbfs -X fuse -X fuse.sshfs -X fuse.gvfsd-fuse -X 
fuse.gvfs-fuse-daemon -X squashfs -x /run/docker/netns/default
Jul 20 01:01:52 node nrpe[18424]: Added 
command[check_load]=/usr/lib/nagios/plugins/check_load -w 3,2,2 -c 5,4,4
Jul 20 01:01:52 node nrpe[18424]: INFO: SSL/TLS initialized. All network 
traffic will be encrypted.
Jul 20 01:01:52 node nrpe[18424]: Starting up daemon
Jul 20 01:01:52 node nrpe[18424]: SETUP_WAIT_CONN FOR: IPv4 address: 0.0.0.0 
((null))
Jul 20 01:01:52 node nrpe[18424]: Server listening on 0.0.0.0 port 5666.
Jul 20 01:01:52 node nrpe[18424]: SETUP_WAIT_CONN FOR: IPv4 address: :: ((null))
Jul 20 01:01:52 node nrpe[18424]: Server listening on :: port 5666.
Jul 20 01:01:52 node nrpe[18424]: Listening for connections on port 5666
Jul 20 01:01:52 node nrpe[18424]: Allowing connections from: 
127.0.0.1,192.168.1.11
Jul 20 01:02:07 node nrpe[19664]: CONN_CHECK_PEER: checking if host is allowed: 
192.168.1.11 port 12975
Jul 20 01:02:07 node nrpe[19664]: Connection from 192.168.1.11 port 12975
Jul 20 01:02:07 node nrpe[19664]: is_an_allowed_host (AF_INET): is host 
>192.168.1.11< an allowed host >192.168.1.11<
Jul 20 01:02:07 node nrpe[19664]: message repeated 2 times: [ 
is_an_allowed_host (AF_INET): is host >192.168.1.11< an allowed host 
>192.168.1.11<]
Jul 20 01:02:07 node nrpe[19664]: is_an_allowed_host (AF_INET): host is in 
allowed host list!
Jul 20 01:02:07 node nrpe[19664]: Host address is in allowed_hosts
Jul 20 01:02:07 node nrpe[19664]: Error: (use_ssl == true): Request packet 
version was invalid!
Jul 20 01:02:07 node nrpe[19664]: Could not read request from client 
192.168.1.11, bailing out...
Jul 20 01:02:07 node nrpe[19664]: INFO: SSL Socket Shutdown.
Jul 20 01:02:07 node nrpe[19664]: Connection from 192.168.1.11 closed.
Jul 20 01:02:07 node nrpe[19671]: CONN_CHECK_PEER: checking if host is allowed: 
192.168.1.11 port 13487
Jul 20 01:02:07 node nrpe[19671]: Connection from 192.168.1.11 port 13487
Jul 20 01:02:07 node nrpe[19671]: is_an_allowed_host (AF_INET): is host 
>192.168.1.11< an allowed host >192.168.1.11<
Jul 20 01:02:07 node nrpe[19671]: message repeated 2 times: [ 
is_an_allowed_host (AF_INET): is host >192.168.1.11< an allowed host 
>192.168.1.11<]
Jul 20 01:02:07 node nrpe[19671]: is_an_allowed_host (AF_INET): host is in 
allowed host list!
Jul 20 01:02:07 node nrpe[19671]: Host address is in allowed_hosts
Jul 20 01:02:07 node nrpe[19671]: Host 192.168.1.11 is asking for command 
'check_load_start' to be run...
Jul 20 01:02:07 node nrpe[19671]: NRPE: Command 'check_load_start' not defined
Jul 20 01:02:07 node nrpe[19671]: Return Code: 3, Output: NRPE: Command 
'check_load_start' not defined
Jul 20 01:02:07 node nrpe[19671]: Connection from 192.168.1.11 closed.
Jul 20 01:02:11 node nrpe[19673]: CONN_CHECK_PEER: checking if host is allowed: 
192.168.1.11 port 14511
Jul 20 01:02:11 node nrpe[19673]: Connection from 192.168.1.11 port 14511
Jul 20 01:02:11 node nrpe[19673]: is_an_allowed_host (AF_INET): is host 
>192.168.1.11< an allowed host >192.168.1.11<
Jul 20 01:02:11 node nrpe[19673]: message repeated 2 times: [ 
is_an_allowed_host (AF_INET): is host >192.168.1.11< an allowed host 
>192.168.1.11<]
Jul 20 01:02:11 node nrpe[19673]: is_an_allowed_host (AF_INET): host is in 
allowed host list!
Jul 20 01:02:11 node nrpe[19673]: Host address is in allowed_hosts
Jul 20 01:02:12 node nrpe[19673]: Error: (use_ssl == true): Request packet 
version was invalid!
Jul 20 01:02:12 node nrpe[19673]: Could not read request from client 
192.168.1.11, bailing out...
Jul 20 01:02:12 node nrpe[19673]: INFO: SSL Socket Shutdown.
Jul 20 01:02:12 node nrpe[19673]: Connection from 192.168.1.11 closed.
Jul 20 01:02:12 node nrpe[19675]: CONN_CHECK_PEER: checking if host is allowed: 
192.168.1.11 port 15023
Jul 20 01:02:12 node nrpe[19675]: Connection from 192.168.1.11 port 15023
Jul 20 01:02:12 node nrpe[19675]: is_an_allowed_host (AF_INET): is host 
>192.168.1.11< an allowed host >192.168.1.11<
Jul 20 01:02:12 node nrpe[19675]: message repeated 2 times: [ 
is_an_allowed_host (AF_INET): is host >192.168.1.11< an allowed host 
>192.168.1.11<]
Jul 20 01:02:12 node nrpe[19675]: is_an_allowed_host (AF_INET): host is in 
allowed host list!
Jul 20 01:02:12 node nrpe[19675]: Host address is in allowed_hosts
Jul 20 01:02:12 node nrpe[19675]: Host 192.168.1.11 is asking for command 
'check_load' to be run...
Jul 20 01:02:12 node nrpe[19675]: Running command: 
/usr/lib/nagios/plugins/check_load -w 3,2,2 -c 5,4,4
Jul 20 01:02:12 node nrpe[19676]: WARNING: my_system() seteuid(0): Operation 
not permitted
Jul 20 01:02:12 node nrpe[19675]: Command completed with return code 0 and 
output: OK - load average: 0.33, 0.14, 0.05|load1=0.330;3.000;5.000;0; 
load5=0.140;2.000;4.000;0; load15=0.050;2.000;4.000;0; 
Jul 20 01:02:12 node nrpe[19675]: Return Code: 0, Output: OK - load average: 
0.33, 0.14, 0.05|load1=0.330;3.000;5.000;0; load5=0.140;2.000;4.000;0; 
load15=0.050;2.000;4.000;0; 
Jul 20 01:02:12 node nrpe[19675]: Connection from 192.168.1.11 closed.
Jul 20 01:02:15 node nrpe[19684]: CONN_CHECK_PEER: checking if host is allowed: 
192.168.1.11 port 16047
Jul 20 01:02:15 node nrpe[19684]: Connection from 192.168.1.11 port 16047
Jul 20 01:02:15 node nrpe[19684]: is_an_allowed_host (AF_INET): is host 
>192.168.1.11< an allowed host >192.168.1.11<
Jul 20 01:02:15 node nrpe[19684]: message repeated 2 times: [ 
is_an_allowed_host (AF_INET): is host >192.168.1.11< an allowed host 
>192.168.1.11<]
Jul 20 01:02:15 node nrpe[19684]: is_an_allowed_host (AF_INET): host is in 
allowed host list!
Jul 20 01:02:15 node nrpe[19684]: Host address is in allowed_hosts
Jul 20 01:02:15 node nrpe[19684]: Error: (use_ssl == true): Request packet 
version was invalid!
Jul 20 01:02:15 node nrpe[19684]: Could not read request from client 
192.168.1.11, bailing out...
Jul 20 01:02:15 node nrpe[19684]: INFO: SSL Socket Shutdown.
Jul 20 01:02:15 node nrpe[19684]: Connection from 192.168.1.11 closed.
Jul 20 01:02:15 node nrpe[19686]: CONN_CHECK_PEER: checking if host is allowed: 
192.168.1.11 port 16559
Jul 20 01:02:15 node nrpe[19686]: Connection from 192.168.1.11 port 16559
Jul 20 01:02:15 node nrpe[19686]: is_an_allowed_host (AF_INET): is host 
>192.168.1.11< an allowed host >192.168.1.11<
Jul 20 01:02:15 node nrpe[19686]: message repeated 2 times: [ 
is_an_allowed_host (AF_INET): is host >192.168.1.11< an allowed host 
>192.168.1.11<]
Jul 20 01:02:15 node nrpe[19686]: is_an_allowed_host (AF_INET): host is in 
allowed host list!
Jul 20 01:02:15 node nrpe[19686]: Host address is in allowed_hosts
Jul 20 01:02:15 node nrpe[19686]: Host 192.168.1.11 is asking for command 
'check_end' to be run...
Jul 20 01:02:15 node nrpe[19686]: NRPE: Command 'check_end' not defined
Jul 20 01:02:15 node nrpe[19686]: Return Code: 3, Output: NRPE: Command 
'check_end' not defined
Jul 20 01:02:15 node nrpe[19686]: Connection from 192.168.1.11 closed.
```

** Affects: nagios-nrpe (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1888184

Title:
  nagios-nrpe-server-4 is creating incorrect log spam

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1888184/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1888184] [NEW] nagios-nrpe-server-4 is creating incorrect log spam

Reply via email to