NRPE compile error Cannot find ssl libraries

For years I’ve avoided SSL with NRPE because it just never seemed to work for me and on an internal network is it really needed?

I’m now doing a new fresh install of Nagios on a raspberry PI and decided after recently setting up SSL certificates on all my sites, to see if I can get this working with NRPE.

First things first, I’ve made sure the following are installed

apt-get install openssl libssl-dev build-essential

It’s also presumed you have already compiled and installed the nagios plugins and have a nagios user and group. Download and unpacked nrpe 2.13

mkdir nagios
cd nagios
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz
tar xzvf nrpe-2.13.tar.gz

Now onto the actual work:-

cd nrpe-2.13/
./configure

After a little time I got the nice error I’m used to seeing

checking for SSL libraries… configure: error: Cannot find ssl libraries

So after a little searching I hit upon libssl.so missing. Well not so much missing, it just doesn’t have a link where it’s expected. The answer to which is to create a new symlink to it

ln -s /usr/lib/arm-linux-gnueabihf/libssl.so /usr/lib/libssl.so

UPDATE: Noticed on another system it didn’t work, this was because /usr/lib/libssl.so was already present but pointing to the wrong place. This stopped the link being created. So I ran rm/usr/lib/libssl.so then reran the above, this create the link properly and the ./configure then runs as normal.

On my system it’s in the /usr/lib/arm-linux-gnueabihf folder, but on an x86 system this could be something like /usr/lib/x86_64-linux-gnu/

So now I rerun the configure step

./configure

At the point I see

*** Generating DH Parameters for SSL/TLS ***
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
…………………+…………………+…………+…………………….++*++*++*++*++*++*

I know it’s taken the SSL stuff well. When it’s complete the configure run without errors you can continue to the make stage

make all

Update /etc/services inserting “nrpe 5666/tcp # NRPE”

nano -w /etc/services

I’ve always run nrpe under xinit.d for all my installs, so make sure xinitd is installed

apt-get install xinetd

Once it’s installed you need to add a new service. edit the file /etc/xinit.d/nrpe

nano -w /etc/xinit.d/nrpe

My sample configuration:-

# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1 192.168.0.0/16
}

You will probably need to change the user, group and only_from fields to suit your installation.
Next you’ll need a configuration. I’m just going to copy the sample for now

mkdir /usr/local/nagios/etc
cp sample-config/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg
chown -R nagios:nagios /usr/local/nagios/etc/

Lastly restart the xinitd service

etc/init.d/xinetd restart

You can test your nrpe installation from your nagios server with the check_nrpe command. It’s probably worth also checking the syslog or messages for the system after restarting xinitd as any errors regarding startup will be reported.
I’ve tested from my server using

/usr/local/nagios/libexec/check_nrpe -H titan

titan being the name of the server I have just complete an installation of plugins+nrpe on (I’ve already run through the above on titan itself). It responds with

NRPE v2.13

So all working.

UPDATE #2
I skipped through the steps above and was trying to just return the NRPE version, I kept hitting the error: “CHECK_NRPE: Error – Could not complete SSL handshake.”
Thinking something was wrong with the SSL I went back through everything, but same error. I then realised I hadn’t yet put a config in place for NRPE (as I was only trying to return the version number didn’t think it was too important) a silly mistake, but returns an off putting error.

mysql not in returning blank rows

ok a bit of a weird one I’ve hit twice in the last week. First time I solved it by changing the query around (so I thought, but it’s more likely I updated the data).

This is a query that’s being run:-

select `option_id`, '' as `image`, '99' as `sort_order`, `Subproduct Code` from CSV, oc_option where `Product Code` = `main_jan` and `Subproduct Code` not in (select `jan` from oc_option_value) group by `Product Code`

Basically it has to insert values into a table where they don’t already exist, pulling values from 2 other tables.

The problem I was encountering is that data wasn’t being insert, the table only had 2 records so it should have been inserting over 500 additional rows.
Running:-

(select `jan` from oc_option_value)

returned the 2 rows, and running:-

select `option_id`, '' as `image`, '99' as `sort_order`, `Subproduct Code` from CSV, oc_option where `Product Code` = `main_jan`

returned over 500, so why wont it work together.

Well I finally stumbled upon someone making a passing remark about a not lookup selecting nulls. Looking at my results the 2 entries that were already there were in fact nulls, so I added

where `jan` is not null making the whole statement:-

select `option_id`, '' as `image`, '99' as `sort_order`, `Subproduct Code` from CSV, oc_option where `Product Code` = `main_jan` and `Subproduct Code` not in (select `jan` from oc_option_value where `jan` is not null) group by `Product Code`

And it’s now all working.