nrpe | installation instructions and information on the design | Continuous Deployment library

systemd service file, maybe this var is set to true :)

PrivateTmp= Takes a boolean argument. If true, sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it that is not shared by processes outside of the namespace.

This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp or /var/tmp impossible. If this is enabled, all temporary files created by a service in these directories will be removed after the service is stopped. Defaults to false. It is possible to run two or more units within the same private /tmp and /var/tmp namespace by using the JoinsNamespaceOf= directive, see systemd.unit(5) for details.

This setting is implied if DynamicUser= is set. For this setting the same restrictions regarding mount propagation and privileges apply as for ReadOnlyPaths= and related calls, see above. Enabling this setting has the side effect of adding Requires= and After= dependencies on all mount units necessary to access /tmp and /var/tmp.

Moreover an implicitly After= ordering on systemd-tmpfiles-setup.service(8) is added. Note that the implementation of this setting might be impossible (for example if mount namespaces are not available), and the unit should be written in a way that does not solely rely on this setting for security.

You have an error in your definition.
Replace check_bruteforce_attack in nrpe.cfg with check_bruteforce_ssh and it will work ;-)

Okay, similar to cron jobs, it may be that NRPE (the server) runs with a different environment to your shell, and that distinct environment is somehow not running systemctl properly.

An easy way to see this is to modify the:

Maybe you should:

Use jq for parsing JSON, for example:

You can do that putting that on an inline-script ("Script" step) or call an external script with the command content ("Script file or URL" step).

Another way is to use cat tool to print the file and capture the output using log filter (Click on the tiny Gear icon at the left of the step > Click on "Add Log Filter" > Select "Key/value data" and in pattern use with this regex: .*(-w .*%).*, put a name of the data - eg: diskdata - and click on "Log data" checkbox) and you get the output that you want, you can print that value using echo ${data.diskdata} in next step. Check.

The log shows the following:

Oct 13 14:06:55 client nrpe[4027]: Server listening on 127.0.0.1 port 5666.

If the server is listening on the localhost IP address (127.0.0.1), it will only be able to accept connections on port 5666 which originate on the same server. If you try to connect from a different server, the connection will fail.

make sure that you state your cookbook dependencies within your cookbook metadata.rb, such as

These are not open ports. The STATE column shows filtered, which means "prevented from communicating." This state often means a firewall is blocking traffic using those port numbers, but it can also mean that a probe or response was dropped and no response was received at all. This is most likely the case for you: the Nmap scan was too fast for your system at the moment you ran it and a probe was dropped. Since localhost scans are usually very reliable and fast, Nmap gets very aggressive in terms of short timeouts and few to no reattempts to determine a port's status.

Nmap is a great tool, but for checking listening ports on your local system it is usually better to use netstat (or ss on modern Linux systems). This queries the kernel directly to determine what processes are registered to receive traffic on each port, so unless you have been thoroughly hacked (rootkitted), it will always be more accurate than Nmap for local results. If you are going to use Nmap as a 2nd opinion, be sure to use the -p - option to check all 65535 ports, not only the 1000 most-frequently-used ones that it scans by default.