You are here

Check_HTTP not working with TLSv1.2

6 posts / 0 new
Last post
Jesse Rubio
rubio's picture
Check_HTTP not working with TLSv1.2

Due to PCI requirements we have turned off the use of TLS version 1 and 2.. Only allowing TLS V1.2 but now all my service checks using the check_http are failing. Anyone have an updated plugin file to be able to support TLSv1.2? I searched and found the below link but doesn't seem to work with my Opsview version of Nagios. I've been told I would need the binary version of the file below. Any help is appreciated.

https://www.monitoring-plugins.org/archive/devel/2015-September/010076.html

 

Duncan Ferguson
dferguson's picture
I can see in the project

I can see in the project source on github that is has been done in a slightly different way (https://github.com/monitoring-plugins/monitoring-plugins/commit/f43083c6...).

If you let me know your OS and arch then I will compile up a new verison and make it available for you.  I'll also ask Engineering to look at upgrading the version of monitoring-plugins we ship to v2.1.2 so this change (and logs of others) are included.

  Duncs

Jesse Rubio
rubio's picture
Thanks for helping out.. Here

Thanks for helping out.. Here's what I know about our implementation.

Opsview Core 3.20131016.0

Duncan Ferguson
dferguson's picture
Can you provide the output

Can you provide the output from 'lsb_release -a'?

  Duncs

Jesse Rubio
rubio's picture
Here you go.

Here you go.

 

Distributor ID: Ubuntu
Description:    Ubuntu 10.04.4 LTS
Release:        10.04
Codename:       lucid

 

Duncan Ferguson
dferguson's picture
Lucid is now end of life

Lucid is now end of life (https://wiki.ubuntu.com/Releases) so this will be a struggle for me to build - we dropped our build servers for lucid some time ago. 

You may be able to build this yourself on your server, however, by downloading the plugins tarball and compiling it yourself.

Either download the ZIP or clone the repository from https://github.com/monitoring-plugins/monitoring-plugins, ensure you have the prereq's installed for a build as per the README on that page, run configure, then make and then copy just the new plugin under a new name into /usr/local/nagios/libexec. 

It shouldn't matter what configure options you use as you are only using the one plugin, but we use:

$ ./configure --prefix=/usr/local/nagios --with-mysql --with-nagios-user=nagios --with-nagios-group=nagios --with-rpcinfo-command=/usr/sbin/rpcinfo --enable-perl-modules --localstatedir=/usr/local/nagios/var/plugins --enable-extra-opts=no
$ make

The new plugin should be at plugins/check_http.

  Duncs