[Pkg-nagios-devel] Bug#764603: Bug#764603: nagios-plugins-basic: The nagios plugin rgrep does not recognize KoD packages from the ntpserver

leo weppelman leoweppelman at gmail.com
Fri Oct 10 12:14:37 UTC 2014 

On Thu, Oct 9, 2014 at 10:58 PM, Jan Wagner <waja at cyconet.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> tags 764603 + unreproducible moreinfo
> thanks
>
> Hi Leo,
>
> thanks for reporting the issue.
>
> Am 09.10.2014 um 16:21 schrieb leo weppelman:
> > After hardening the ntp configuration, I noticed that the nagios
> > check was no longer functioning. The line I added to ntp.conf was:
> > restrict default limited kod nomodify notrap nopeer noquery
> >
> > The culprit turned out to be the 'kod' option in the restrict
> > line.
>
> The default in /etc/ntp.conf on wheezy is:
>
> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery
>
> > The nagios check does not understand the contents of the 'KoD'
> > package and only reports that the server stratum is 0. Which is
> > part of the KoD packet.
>
> On wheezy I adjusted the ntp.conf like you said:
>
> $ grep limit /etc/ntp.conf | grep -v ^#
> restrict -4 default kod notrap nomodify nopeer noquery limited
> restrict -6 default kod notrap nomodify nopeer noquery limited
>
> Checking with check_ntp_time binary from the soon to be released next
> upstream:
>
> $ /usr/lib/nagios/plugins/check_ntp_time -H localhost
> NTP OK: Offset -0,0002338594495
> secs|offset=-0,000234s;60,000000;120,000000;
> $ dpkg -l | grep monitoring-plugins-basic
> ii  monitoring-plugins-basic
> 2.0+git20141006-1~2~bpo70+1     i386         Plugins for nagios
> compatible monitoring systems (basic)
>
> Even with the check_ntp_time binary from the 1.4.16-1 it seems to work:
>
> $ /tmp/check_ntp_time -H localhost
> NTP OK: Offset 4,751665983e-06 secs|offset=0,000005s;60,000000;120,000000;
> $ /tmp/check_ntp_time -V
> check_ntp_time v1.4.16 (nagios-plugins 1.4.16)
>
> Unfortunately I can reproduce your problem. Maybe you can test my
> latest packages for wheezy (see http://ftp.cyconet.org/instructions
> for installing experimental monitoring-plugins packages from my
> wheezy-backports repository). Even you can describe a bit more
> specific your environment to reproduce this issue.
>

OK. To keep things simple I start with  1.4.16 too...

$ grep limit /etc/ntp.conf | grep -v ^#
restrict default limited kod nomodify notrap nopeer noquery

$ COLUMNS=255 dpkg -l ntp
ii  ntp 1:4.2.6.p5+dfsg-2  i386  Network Time Protocol daemon and utility
programs

$ /usr/lib/nagios/plugins/check_ntp_time -V
check_ntp_time v1.4.16 (nagios-plugins 1.4.16)

$ /usr/lib/nagios/plugins/check_ntp_time -H localhost -vv
Found 1 peers to check
sending request to peer 0
response from peer 0: packet contents:
    flags: 0x24
      li=0 (0x00)
      vn=4 (0x20)
      mode=4 (0x04)
    stratum = 3
    poll = 16
    precision = 9.53674e-07
    rtdelay = 0.107757568359375
    rtdisp = 0.155517578125
    refid = 1009e0a
    refts = 1412942304.275869
    origts = 1412942888.355381
    rxts = 1412942888.355422
    txts = 1412942888.355525
offset 2.30409205e-06
sending request to peer 0
response from peer 0: packet contents:
    flags: 0xe4
      li=3 (0xc0)
      vn=4 (0x20)
      mode=4 (0x04)
    stratum = 0
    poll = 16
    precision = 9.53674e-07
    rtdelay = 0.107757568359375
    rtdisp = 0.155517578125
    refid = 45544152
    refts = 1412942304.275869
    origts = 1412942888.356483
    rxts = 1412942888.356483
    txts = 1412942888.356483
offset -7.599743549e-05
sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
discarding peer 0: stratum=0
no peers meeting synchronization criteria :(
overall average offset: 0
NTP CRITICAL: Offset unknown|

As you can clearly see, the first response packet is a 'normal' response
packet. The second response packet however is a KoD packet (li == 3,
stratum == 0 and refid == 'RATE').

It looks like my ntpd is more eager to send a KoD than yours :-) It can
also be that your nagios check has more time between the requests (I
believe 2secs. is the threshold). But why this differs between our configs
is a mystery to me.

Hope this helps,

Leo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20141010/f06d4d55/attachment.html>

More information about the Pkg-nagios-devel mailing list