Bug#1019718: nrpe-ng: remote check_dns fails - change in nslookup behavior

Tue, 13 Sep 2022 18:27:19 -0700 

Package: nrpe-ng
Version: 0.2.0-1
Severity: normal

Dear Maintainer,

I have a setup in which nrpe-ng is used to remotely check DNS
connectivity using check_dns.  That is:

Host A (monitoring):
- Installed: nagios4, nrpe-ng
- IP address: 192.0.2.1

Host B (monitored):
- Installed: nrpe-ng, monitoring-plugins-standard, bind9-dnsutils
- IP address: 192.0.2.2

Host C (monitored through host B):
- Installed: bind9
- IP address: 192.0.2.3
- Configured to answer authoritatively for example.com on port 53.

              nrpe
           over HTTPS                   DNS
Host A ------------------> Host B -------------> Host C

When nrpe-ng is running on host B, and host A runs the following, this
is the result:

$ /usr/lib/nagios/plugins/check_nrpe_ng -H 192.0.2.2 -c check_dns -a 
example.com 192.0.2.3 0.1 1.0
DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no address

With some help over at the bind-users mailing list [1], I discovered
that nrpe-ng closes stdin when launching the command [2], and the new
version of nslookup (invoked by check_dns) has issues when stdin is
closed [3].

Redirecting stdin to /dev/null fixes the issue:

$ diff -u /usr/lib/python3/dist-packages/nrpe_ng/commands.py{.old,}
--- /usr/lib/python3/dist-packages/nrpe_ng/commands.py.old      2017-08-08 
13:05:02.000000000 -0600
+++ /usr/lib/python3/dist-packages/nrpe_ng/commands.py  2022-09-13 
17:00:36.767239885 -0600
@@ -85,6 +85,7 @@

         proc = tornado.process.Subprocess(
             run_args,
+            stdin=subprocess.DEVNULL,
             stdout=tornado.process.Subprocess.STREAM,
             close_fds=True,
             env=env)

Thanks,
Casey

[1] https://lists.isc.org/pipermail/bind-users/2022-September/106666.html
[2] https://github.com/bootc/nrpe-ng/blob/master/nrpe_ng/commands.py#L86
[3] https://github.com/libuv/libuv/blob/v1.x/src/unix/core.c#L602


-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nrpe-ng depends on:
ii  adduser                3.118
ii  init-system-helpers    1.60
ii  lsb-base               11.1.0
ii  python3                3.9.2-3
ii  python3-daemon         2.2.4-1.1
ii  python3-pkg-resources  52.0.0-4
ii  python3-requests       2.25.1+dfsg-2
ii  python3-tornado        6.1.0-1+b1
ii  ssl-cert               1.1.0+nmu1

nrpe-ng recommends no packages.

nrpe-ng suggests no packages.

-- Configuration Files:
/etc/nagios/nrpe-ng.cfg changed [not included]

-- no debconf information

Reply via email to