How to Install and Configure the Nagios NRPE Agent on Ubuntu 22.04 & 20.04
Effective server monitoring is a cornerstone of reliable IT infrastructure. Nagios Core is a powerful open-source tool for this, but to monitor the internal metrics of remote Linux machines—like CPU load, memory usage, and disk space—you need a secure agent. This is where the Nagios Remote Plugin Executor (NRPE) comes in. NRPE acts as a bridge, allowing the main Nagios server to request and receive performance data from your remote Ubuntu systems.
This guide provides a comprehensive, step-by-step walkthrough for installing and configuring the Nagios NRPE agent on Ubuntu 22.04 (Jammy Jellyfish) and Ubuntu 20.04 (Focal Fossa).
Prerequisites
Before you begin, ensure you have the following:
- An Ubuntu 22.04 or 20.04 server that needs to be monitored.
- A user account with
sudoor root privileges. - A fully operational Nagios monitoring server.
- The IP address of your Nagios server.
Step 1: Update System Repositories
First, it’s always best practice to update your server’s package list to ensure you are installing the latest and most secure versions of the required software.
Open your terminal and run the following commands:
sudo apt update
sudo apt upgrade -y
Step 2: Install the NRPE Agent and Nagios Plugins
The necessary NRPE components are available directly from Ubuntu’s default repositories. The installation includes two key packages:
nagios-nrpe-server: The agent (or daemon) that listens for requests from the Nagios server.nagios-plugins: A collection of essential scripts that perform the actual checks (e.g., checking disk space, CPU load).
Install both with a single command:
sudo apt install nagios-nrpe-server nagios-plugins
Once the installation is complete, the NRPE service will be started automatically. However, we still need to configure it to accept connections from our Nagios server.
Step 3: Configure the NRPE Agent
The main configuration file for NRPE is located at /etc/nagios/nrpe.cfg. You will need to edit this file to define which monitoring servers are allowed to connect and to enable specific commands.
Open the file with your preferred text editor, such as nano:
sudo nano /etc/nagios/nrpe.cfg
Inside this file, you need to modify two critical lines:
1. Configure allowed_hosts
This is the most important security setting in the NRPE configuration. It defines a comma-separated list of IP addresses that are permitted to communicate with the NRPE agent.
Find the allowed_hosts directive. By default, it may only allow connections from the local machine. You must add the IP address of your Nagios monitoring server.
For example, if your Nagios server’s IP is 192.168.1.100, the line should look like this:
allowed_hosts=127.0.0.1,::1,192.168.1.100
Warning: Never leave this value open to the world (e.g., 0.0.0.0/0). Restricting access to only your trusted Nagios server is essential for security.
2. Enable Command Arguments (Optional but Recommended)
By default, NRPE does not allow commands to include arguments for security reasons. However, many useful checks require arguments (e.g., specifying warning and critical thresholds). To enable this, find the dont_blame_nrpe directive and change its value to 1.
dont_blame_nrpe=1
Save the file and exit the editor (in nano, press Ctrl+X, then Y, then Enter).
Step 4: Add Custom Monitoring Commands
Now you can define the specific commands that your Nagios server can execute. These commands map a simple name to a plugin script located in /usr/lib/nagios/plugins/.
While you can add them to nrpe.cfg, the best practice is to place them in a separate file inside the /etc/nagios/nrpe.d/ directory.
Let’s add a few common checks. You can add these lines directly at the end of your /etc/nagios/nrpe.cfg file or in a new file like /etc/nagios/nrpe.d/custom.cfg.
Here are some practical examples:
# Checks the number of logged-in users
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
# Checks the system load average
command[check_load]=/usr/lib/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
# Checks free space on the root partition (/)
command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
# Checks the number of total running processes
command[check_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
command[check_name]: Defines the command name that Nagios will call.-wand-c: Set the Warning and Critical thresholds, respectively.
Step 5: Restart and Enable the NRPE Service
For your configuration changes to take effect, you must restart the NRPE service. It’s also wise to enable it so it starts automatically on boot.
sudo systemctl restart nagios-nrpe-server
sudo systemctl enable nagios-nrpe-server
You can verify that the service is running and listening on its default port (5666) with this command:
sudo systemctl status nagios-nrpe-server
Step 6: Adjust Firewall Rules
If you are using a firewall like UFW (Uncomplicated Firewall), you must create a rule to allow incoming traffic on TCP port 5666 from your Nagios server.
Run the following command, replacing 192.168.1.100 with your Nagios server’s IP:
sudo ufw allow from 192.168.1.100 to any port 5666 proto tcp
This command creates a specific rule that only allows access to port 5666 from your trusted server, maintaining a secure posture.
Step 7: Test the Connection from Your Nagios Server
The final step is to verify that your Nagios server can successfully communicate with the newly configured NRPE agent. Log in to your Nagios server and run the check_nrpe command. The path to this plugin may vary, but it is often in /usr/local/nagios/libexec/.
First, perform a basic connection test. Replace <your_ubuntu_client_ip> with the IP address of the Ubuntu server you just configured.
/usr/local/nagios/libexec/check_nrpe -H <your_ubuntu_client_ip>
A successful response will show the NRPE version running on the client, for example: NRPE v4.0.3
Next, test one of the custom commands you defined, like check_load:
/usr/local/nagios/libexec/check_nrpe -H <your_ubuntu_client_ip> -c check_load
If successful, you will receive output detailing the system load, such as: OK - load average: 0.01, 0.02, 0.00|load1=0.010;...
Conclusion
You have now successfully installed and configured the Nagios NRPE agent on your Ubuntu server. Your system is ready to be added to your Nagios monitoring configuration, allowing you to track its health and performance proactively. By properly restricting access via the allowed_hosts directive and your firewall, you ensure that this powerful monitoring capability remains secure.
Source: https://kifarunix.com/install-nagios-nrpe-agents-on-ubuntu-22-04-ubuntu-20-04/
