IP ACL messages with unexpected IPv4 subnets due to ::1

[cherdt]

I am running NRPE under xinetd.

With debugging messages enabled (debug=1 in /etc/nagios/nrpe.cfg) I get a number of unusual IP ACL syslog messages:

Aug 28 11:46:11 redacted-hostname nrpe[525]:   IP ACL: 229.127.0.0/15 32741
Aug 28 11:46:54 redacted-hostname nrpe[759]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:46:54 redacted-hostname nrpe[759]:   IP ACL: 144.127.0.0/12 32656
Aug 28 11:47:08 redacted-hostname nrpe[972]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:47:08 redacted-hostname nrpe[972]:   IP ACL: 64.127.0.0/15 32576
Aug 28 11:47:48 redacted-hostname nrpe[1021]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:47:48 redacted-hostname nrpe[1021]:   IP ACL: 37.127.0.0/16 32549
Aug 28 11:48:10 redacted-hostname nrpe[1378]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:48:10 redacted-hostname nrpe[1378]:   IP ACL: 26.127.0.0/15 32538
Aug 28 11:48:30 redacted-hostname nrpe[1404]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:48:30 redacted-hostname nrpe[1404]:   IP ACL: 192.127.0.0/13 32704
Aug 28 11:50:36 redacted-hostname nrpe[1925]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:50:36 redacted-hostname nrpe[1925]:   IP ACL: 236.127.0.0/16 32748
Aug 28 11:51:11 redacted-hostname nrpe[2279]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:51:11 redacted-hostname nrpe[2279]:   IP ACL: 246.127.0.0/17 32758
Aug 28 11:51:54 redacted-hostname nrpe[2457]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:51:54 redacted-hostname nrpe[2457]:   IP ACL: 112.127.0.0/17 32624
Aug 28 11:52:08 redacted-hostname nrpe[2664]:   IP ACL: 127.0.0.1/32 16777343
Aug 28 11:52:08 redacted-hostname nrpe[2664]:   IP ACL: 250.127.0.0/14 32762

127.0.0.1/32 is expected, but the other subnets are not. I noted that all the other subnets contain the digits 127 0 0 1 within them, for example 144.127.0.0/12.

If I change the allowed_hosts line from:

allowed_hosts=127.0.0.1,::1

to:

allowed_hosts=127.0.0.1

The unusual IP ACL messages stop, and the only IP ACL message is for 127.0.0.1/32

This also suggests that the comment above allowed_hosts is not strictly true:

 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd

This issue may be related to an older issue, issue #128

Environment details:

Host OS: CentOS Linux release 7.8.2003

Output of nrpe -V:

NRPE - Nagios Remote Plugin Executor
Version: 4.0.3

Output of yum list -q nrpe:

Installed Packages
nrpe.x86_64                          4.0.3-1.el7                           @epel

[sawolf]

Thanks for reporting this. I haven't tried to reproduce but I agree that at least the configuration behavior is wrong. I'll also look into the weird subnet expansion if/when we do another bugfix release

[jbeaujour]

Hello
I have the same messages in daemon mode
Package EPEL 7 nrpe 4.0.3-2 RedHat 7.6 maipo
I will want to run nrpe with xinetd but we get an error message on every call by check_nrpe:

Apr 1 18:15:35 xinetd[139880]: START: nrpe pid=141817 from=::ffff:@ip
Apr 1 18:15:35 kernel: nrpe[141817]: segfault at 7ffe73acce28 ip 00007f69f3cda4a7 sp 00007ffe73accd10 error 6 in libc-2.17.so[7f69f3c92000+1c2000]
Apr 1 18:15:35 abrt-hook-ccpp: Process 141817 (nrpe) of user 666 killed by SIGSEGV - dumping core
Apr 1 18:15:35 xinetd[139880]: EXIT: nrpe signal=11 pid=141817 duration=0(sec)
Apr 1 18:15:35 abrt-server: Package 'nrpe' isn't signed with proper key
Apr 1 18:15:35 abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2021-04-01-18:15:35-141817' exited with 1
Apr 1 18:15:35 abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2021-04-01-18:15:35-141817'

Have you ever encountered this problem in 4.0.x-x?
What is your installation method (source or rpm)
What is your /etc/xinetd.d/nrpe file
Thank you