CentOS - May 2015 - Could not complete SSL handshake to Amazon EC2 host

Hi Brian,

Does "iptables -L" show anything of note?


 I'm leaving iptables off in this host. Because it's an AWS EC2 host
I'm
managing the firewall ports using the AWS security groups.

[root at ops:~] #service iptables status
Firewall is stopped.

But still, there's this...

[root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com
CHECK_NRPE: Error - Could not complete SSL handshake.

Sadly.... :(

Thanks for your input tho!

On Fri, May 1, 2015 at 3:18 PM, Brian Miller <centos at fullnote.com>
wrote:
> On Fri, 2015-05-01 at 01:32 -0400, Tim Dunphy wrote:
> > And I made sure the local firewall was stopped, because I am blocking
> > ports
> > with the security groups instead.
> >
> > [root at ops:~] #service iptables status
> > Firewall is stopped.
>
> Does "iptables -L" show anything of note?
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

On Fri, 2015-05-01 at 15:28 -0400, Tim Dunphy wrote:
> Hi Brian,
> 
> Does "iptables -L" show anything of note?
> 
> 
>  I'm leaving iptables off in this host. Because it's an AWS EC2
host I'm
> managing the firewall ports using the AWS security groups.
> 
> [root at ops:~] #service iptables status
> Firewall is stopped.
> 
> But still, there's this...
> 
> [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
ops.jokefire.com
> CHECK_NRPE: Error - Could not complete SSL handshake.
> 
> Sadly.... :(
> 
> Thanks for your input tho!
Does 'ldd /usr/local/nagios/bin/nrpe' show any missing libs?

Hi Brian,

Does 'ldd /usr/local/nagios/bin/nrpe' show any missing
libs?
>
Well, the NRPE binary looks good both on the client and the server from
what I can tell:


Client:

[root at ops:~] #ldd /usr/local/nagios/bin/nrpe
        libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaaaaba000)
        libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaaad08000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00002aaaab05a000)
        libwrap.so.0 => /lib64/libwrap.so.0 (0x00002aaaab273000)
        libc.so.6 => /lib64/libc.so.6 (0x00002aaaab47c000)
        libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x00002aaaab7d5000)
        libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaaba04000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaabc99000)
        libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaabe9b000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaac0c1000)
        libz.so.1 => /lib64/libz.so.1 (0x00002aaaac2c5000)
        /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
        libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
(0x00002aaaac4d9000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaac6e2000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac8e4000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaacafa000)
        libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaacd12000)


And server:

[root at monitor1:~] #ldd /usr/local/nagios/bin/nrpe
        linux-vdso.so.1 =>  (0x00007fffffffd000)
        libssl.so.10 => /lib64/libssl.so.10 (0x00007fdd51590000)
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007fdd511a9000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fdd50f8f000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fdd50bce000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
(0x00007fdd50982000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fdd5069e000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fdd5049a000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fdd50268000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fdd50063000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fdd4fe4d000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fdd51806000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0
(0x00007fdd4fc3e000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fdd4fa39000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fdd4f81f000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdd4f603000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdd4f3dd000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fdd4f17c000)
        liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fdd4ef57000)

Both look completely fine! No missing libs. But thanks for the suggestion
tho! Definitely not a bad idea to rule that out!


Thanks,
Tim

On Fri, May 1, 2015 at 4:58 PM, Brian Miller <centos at fullnote.com>
wrote:
> On Fri, 2015-05-01 at 15:28 -0400, Tim Dunphy wrote:
> > Hi Brian,
> >
> > Does "iptables -L" show anything of note?
> >
> >
> >  I'm leaving iptables off in this host. Because it's an AWS
EC2 host I'm
> > managing the firewall ports using the AWS security groups.
> >
> > [root at ops:~] #service iptables status
> > Firewall is stopped.
> >
> > But still, there's this...
> >
> > [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
> ops.jokefire.com
> > CHECK_NRPE: Error - Could not complete SSL handshake.
> >
> > Sadly.... :(
> >
> > Thanks for your input tho!
>
> Does 'ldd /usr/local/nagios/bin/nrpe' show any missing libs?
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B