diff --git a/manifests/nagios.pp b/manifests/nagios.pp
index 9ac837b..94f0146 100644
--- a/manifests/nagios.pp
+++ b/manifests/nagios.pp
@@ -4,12 +4,16 @@
 #
 #
 class sentry::nagios (
-  $web_port
+  $web_port = 9100
 ) {
-    nagios::service { "sentry_${::hostname}":
-    server        => "${::hostname}",
-    check_command => 'check_http!-p 9100 localhost',
+  sentry::nrpe_service { "sentry_${web_port}":
+    plugin => 'check_http',
+    args   => "-p ${web_port} localhost"
+  }
+
+  # FIXME: how do we make this conditional ?
+  selinux::audit2allow { "nrpe_sentry_${web_port}":
+    content => "type=AVC msg=audit(1383607078.429:934172): avc:  denied  { name_connect } for  pid=10171 comm=\"check_http\" dest=${web_port} scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:hplip_port_t:s0 tclass=tcp_socket"
   }
 
-  
 }
diff --git a/manifests/nrpe_service.pp b/manifests/nrpe_service.pp
new file mode 100644
index 0000000..84064bb
--- /dev/null
+++ b/manifests/nrpe_service.pp
@@ -0,0 +1,40 @@
+# = Define: sentry::nrpe_service
+#
+# This define deploys checks run through nagios.
+#
+# == Parameters
+#
+# [* plugin *]
+#   What plugin to use.
+#
+define sentry::nrpe_service (
+  $plugin,
+  $args
+) {
+
+  if (' ' in $name) {
+    fail("name ${name} cannot contain spaces")
+  }
+
+  include nagios::server
+
+  # definition of nrpe check in client's /etc/nagios/nrpe.d/nrpe-$name.cfg
+  nagios::client::nrpe_file { "check_${name}":
+    plugin => $plugin,
+    args   => $args,
+  }
+
+  # definition of server-side nagios command to use nrpe client-side
+  nagios_command { "check_nrpe_${name}":
+    # -u turns socket timeout into unknowns
+    command_line => "${nagios::server::nrpe} -u -c check_${name}"
+  }
+
+  # defition of server-side service name; needs to be unique by client name
+  nagios::service { "${name}_nrpe_from_${::hostname}":
+    check_command => "check_nrpe_${name}",
+    use => "nrpe-service",
+
+  }
+
+}