I am facing on connection problem when I run NRPE checks from Nagios Server.. "Connection refused".
Environment :
- Nagios Server
- Linux Centos 7 Client
From Client side, seems working :
[root#client nagios]# systemctl status nrpe
? nrpe.service - Nagios Remote Program Executor
Loaded: loaded (/usr/lib/systemd/system/nrpe.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-10-13 14:06:55 GMT; 26s ago
Docs: http://www.nagios.org/documentation
Process: 4024 ExecStopPost=/bin/rm -f /var/run/nrpe/nrpe.pid (code=exited, status=0/SUCCESS)
Main PID: 4027 (nrpe)
CGroup: /system.slice/nrpe.service
+-4027 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
Oct 13 14:06:55 client systemd[1]: Started Nagios Remote Program Executor.
Oct 13 14:06:55 client systemd[1]: Starting Nagios Remote Program Executor...
Oct 13 14:06:55 client nrpe[4027]: Starting up daemon
Oct 13 14:06:55 client nrpe[4027]: Server listening on 127.0.0.1 port 5666.
Oct 13 14:06:55 client nrpe[4027]: Warning: Daemon is configured to accept command arguments from clients!
Oct 13 14:06:55 client nrpe[4027]: Listening for connections on port 5666
Oct 13 14:06:55 client nrpe[4027]: Allowing connections from: 127.0.0.1,<SERVER IP>
[root#client nagios]#
[root#client nagios]# ps aux | grep nrpe
nrpe 4027 0.0 0.0 44824 2732 ? Ss 14:06 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
root 4135 0.0 0.0 112648 948 pts/3 S+ 14:07 0:00 grep --color=auto nrpe
[root#client nagios]#
[root#client nagios]# /usr/lib64/nagios/plugins/check_nrpe -H 127.0.0.1
NRPE v3.2.1
[root#client nagios]#
[root#client nagios]# netstat -tulpn |grep 5666
tcp 0 0 127.0.0.1:5666 0.0.0.0:* LISTEN 4027/nrpe
[root#client nagios]#
From Server Side :
[root#server var]# systemctl is-active nagios
active
[root#server var]# /usr/lib64/nagios/plugins/check_nrpe -H <CLIENT IP> -p 5666
connect to address <CLIENT IP> port 5666: Connection refused
connect to host <CLIENT IP> port 5666: Connection refused[root#server var]#
[root#server var]# telnet <CLIENT IP> 5666
Trying <CLIENT IP>...
telnet: connect to address <CLIENT IP>: Connection refused
[root#server var]# tcptraceroute <CLIENT IP> 5666
traceroute to <CLIENT IP> (<CLIENT IP>), 30 hops max, 60 byte packets
1 <CLIENT IP> (<CLIENT IP>) <rst,ack> 0.247 ms 0.248 ms 0.232 ms
[root#server var]# nmap <CLIENT IP> -Pn -p 5666
Starting Nmap 6.40 ( http://nmap.org ) at 2019-10-13 16:11 CEST
Nmap scan report for <CLIENT IP>
Host is up (0.00087s latency).
PORT STATE SERVICE
5666/tcp closed nrpe
MAC Address: 50:6B:8D:2C:70:90 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
[root#server var]#
NMAP command output is strange for me, why is it closed ?
I notice that Firewalld service are stopped for troubleshooting reasons..
It is probably more networks reasons, but I need help :)
Jeremy
The log shows the following:
Oct 13 14:06:55 client nrpe[4027]: Server listening on 127.0.0.1 port
5666.
If the server is listening on the localhost IP address (127.0.0.1), it will only be able to accept connections on port 5666 which originate on the same server. If you try to connect from a different server, the connection will fail.
try to open your ports in both client side and remote server , this problem related to security groups , try to ping command in both systems and tell me the output.
Related
We have ubuntu server installed on our desktop machine. It is connected modem with ethernet port. We can access it with ssh via inside of our network. But can not from outside.
Here is what we've done so far:
We have static ip
My professor made this i dont know what it is
Our ubuntu server machine always picks 192.168.1.200
We have port forwarding
when I run ssh maviarge#213.XXXXXXX from our LAN which holds ubuntu server machine
maviarge#213.XXXXXXX's password:
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-104-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Thu 10 Mar 2022 08:45:36 AM UTC
System load: 0.07 Processes: 166
Usage of /: 2.0% of 438.13GB Users logged in: 1
Memory usage: 2% IPv4 address for docker0: 172.17.0.1
Swap usage: 0% IPv4 address for enp3s0: 192.168.1.200
Temperature: 50.0 C
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
0 updates can be applied immediately.
But when I run ssh -v maviarge#213.XXXXXXX from outside of our wifi.
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\MaviArge/.ssh/config
debug1: Connecting to 213.XXXXXXX [213.XXXXXXX] port 22.
debug1: connect to address 213.XXXXXXX port 22: Connection timed out
ssh: connect to host 213.XXXXXXX port 22: Connection timed out
When I run ping 213.XXXXXXX from outside
Pinging 213.XXXXXXX with 32 bytes of data:
Reply from 213.XXXXXXX: bytes=32 time=67ms TTL=46
Reply from 213.XXXXXXX: bytes=32 time=97ms TTL=46
Reply from 213.XXXXXXX: bytes=32 time=107ms TTL=46
Reply from 213.XXXXXXX: bytes=32 time=124ms TTL=46
Ping statistics for 213.XXXXXXX:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 124ms, Average = 98ms
Saw this command on internet sudo lsof -i:22 and the output:
sudo lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 3290 root 4u IPv4 38814 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:58124 (ESTABLISHED)
sshd 3375 maviarge 4u IPv4 38814 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:58124 (ESTABLISHED)
sshd 4057 root 3u IPv4 71589 0t0 TCP *:ssh (LISTEN)
sshd 4057 root 4u IPv6 71591 0t0 TCP *:ssh (LISTEN)
sshd 5662 root 4u IPv4 74261 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:60472 (ESTABLISHED)
sshd 5746 maviarge 4u IPv4 74261 0t0 TCP maviarge:ssh->host-213.XXXXXXX.reverse.superonline.net:60472 (ESTABLISHED)
Also nmap scan:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 05:17 EST
Nmap scan report for host-213.XXXXXXX.reverse.superonline.net (213.XXXXXXX)
Host is up (0.14s latency).
Not shown: 96 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp filtered ssh
25/tcp filtered smtp
5060/tcp filtered sip
5432/tcp open postgresql
Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds
What's wrong?
have you try this
sudo ufw allow from any to any port 22 proto tcp
or
sudo ufw allow ssh
I have a google compute running CentOS 7, and I wrote up a quick test to try and communicate with it over port 9000 (from my home PC) - but I'm unexpectedly getting network errors.
This happens both with my test script (which attempts to send a payload) and even with plink.exe (which I'm just using to check the port availability).
>plink.exe -v -raw -P 9000 <external_IP>
Connecting to <external_IP> port 9000
Failed to connect to <external_IP>: Network error: Connection refused
Network error: Connection refused
FATAL ERROR: Network error: Connection refused
I've added my external IP to googles firewall (https://console.cloud.google.com/networking/firewalls) and set to allow ingress traffic over port 9000 (it's the lowest priority, at 1000)
I also updated firewalld in CentOS to allow TCP traffic over the port:
Redirecting to /bin/systemctl start firewalld.service
[foo#bar ~]$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
success
[foo#bar ~]$ sudo firewall-cmd --reload
success
I've confirmed my listener is running on port 9000
[foo#bar ~]$ netstat -npae | grep 9000
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1000 18381 1201/python3
By default, CentOS 7 doesn't use iptables (just to be sure, I confirmed it wasn't running)
Am I missing something?
NOTE: Actual external IP replaced with <external_IP> placeholder
Update:
If I nmap my listener over port 9000 from the CentOS 7 compute instance over a local IP, like 127.0.0.1 I get some results. Interestingly, if I make the same nmap call over the servers external IP -- nadda. So this has to be a firewall, right?
external call
[foo#bar~]$ nmap <external_IP> -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 00:33 UTC
Nmap scan report for <external_IP>.bc.googleusercontent.com (<external_IP>)
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds
Internal Call
[foo#bar~]$ nmap 127.0.0.1 -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 04:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
In this case software running on the backend VM must be listening any IP (0.0.0.0 or ::), your's is listening to "127.0.0.1:9000" and it should be "0.0.0.0:9000".
The way to fix that it's to change the service config to listen to 0.0.0.0 instead of 127.0.0.1 .
Cheers.
I have a Dockerized Zabbix server (3.4) connecting to a CentOS 7 host w/ Mariadb.
This one works fine:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.version
mysql Ver 15.1 Distrib 5.5.56-MariaDB, for Linux (x86_64) using readline 5.1
This one does not:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.ping
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!
From /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf:
UserParameter=mysql.version,mysql -V
UserParameter=mysql.ping,HOME=/etc/zabbix mysqladmin ping | grep -c alive
It does read the .my.cnf in the HOME dir, when change host=localhost to host=127.0.0.1 I get:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.ping
mysqladmin: connect to server at '127.0.0.1' failed
error: 'Can't connect to MySQL server on '127.0.0.1' (13)'
Check that mysqld is running on 127.0.0.1 and that the port is 3306.
You can check this by doing 'telnet 127.0.0.1 3306'
Also tried adding the username and password directly in the command, but same result:
UserParameter=mysql.ping,mysqladmin -uroot --password="mypassword" ping | grep -c alive
Running that command on the host works fine:
mysqladmin -uroot --password="mypassword" ping | grep -c alive
1
The agent itself seems to run fine:
$ sudo -u zabbix zabbix_agentd -t mysql.ping
mysql.ping [t|1]
Socket is available:
# ls -l /var/lib/mysql/mysql.sock
srwxrwxrwx. 1 mysql mysql 0 Nov 5 18:01 /var/lib/mysql/mysql.sock
Process details:
# ps -ef | grep mysqld
mysql 3218 1 0 18:01 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 3488 3218 99 18:01 ? 06:08:26 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
systemd+ 6547 6530 0 Oct31 ? 00:06:15 mysqld --character-set-server=utf8 --collation-server=utf8_bin
Any suggestions?
Note: don't think it is relevant but just in case, on the host I also have a Dockerized mysql running on port 3307
localhost/127.0.0.1 in the container is not the same as localhost/127.0.0.1 on the host, because of cgroup network namespacing. Use proper IP in .my.cnf or run container in the host network namespace (docker run --net host ...).
If you want to use a socket for MySQL connection from the container, then you will need to use Docker volumes. You may have problems with socket permissions, socket owner, ... I recommend IP connecting approach.
The cause is selinux. selinux is prohibiting the Zabbix agent from accessing the mysql socket file and possibly other resources.
Run tail -f /var/log/audit/audit.log while you try zabbix_get and you'll see the denials in real-time.
Then you'll need to devise an selinux policy that enables access as needed.
Scenario...
WiFi Network home = Can connect with my Digital Ocean servers fine via SSH;
WiFi Network work = Can't connect with my Digital Ocean servers via SSH;
WiFi Network work SSH debug:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Connection timed out
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection timed out
Anyone?
Try to check with nc
nc -zvw4 your_host 22
If not open - probably 22 port not allowed in your network, you can ask your network administrator about it
on your server make forward from 443 to 22 via iptables, for example:
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 22
i just installed the nmap network scanner,
and when i try to use it whith the "-script" parameter, it doesn't work:
example:
soufiane#soufiane-cvc:/usr/local$ nmap -p143,993 -Pn –script imap-capabilities 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-09-03 10:07 WEST
Failed to resolve "–script".
Failed to resolve "imap-capabilities".
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000025s latency).
PORT STATE SERVICE
143/tcp closed imap
993/tcp closed imaps
Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
i'm using ElementaryOS Freya (ubuntu 12.04 i guess).
any ideas ??
thanks.
It should be –-script (with two dashes), not -script.
EDIT: (following your comment)
No problem here. My output:
$ nmap -p143,993 -Pn --script imap-capabilities 127.0.0.1
Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-03 16:36 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000040s latency).
PORT STATE SERVICE
143/tcp closed imap
993/tcp closed imaps
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
The following command worked for me:
nmap -sV --script ssl-enum-ciphers -p 8086 localhost