Setting allowed client hosts for NRPE
In this recipe, we'll learn how to configure the NRPE daemon to answer requests from a particular IP address, typically the designated Nagios Core server or servers monitoring your network. This means that nrpe
will not run plugins or return results for any check_nrpe
request made from IP addresses not in this list.
This is an elementary security step in running an NRPE server. This should be done in concert with a hardware or software firewall and security policy. If your target host has interfaces or routes into untrusted networks, there is a risk of attackers making spurious requests for information about the system, clogging up your disk with logs from excessive check requests, or even possibly exploiting the nrpe
daemon or the Nagios Plugins.
Getting ready
You should have a target host configured for checking in a Nagios Core 3.0 or later monitoring server. The target host should be running the nrpe
daemon. You can verify that nrpe
is running with...