Imported Upstream version 2.15
This commit is contained in:
commit
1efb03f433
|
@ -0,0 +1,349 @@
|
|||
**************
|
||||
NRPE Changelog
|
||||
**************
|
||||
|
||||
2.15 - 09/06/2013
|
||||
-----------------
|
||||
- Now compiles on HP-UX (Grant Byers)
|
||||
- Added support for IPv6 (Leo Baltus, Eric Stanley)
|
||||
|
||||
2.14 - 12/21/2012
|
||||
-----------------
|
||||
- Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
|
||||
- Patched to shutdown SSL connection completely (Jari Takkala)
|
||||
- Added SRC support on AIX (Thierry Bertaud)
|
||||
- Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
|
||||
- Updated logging to support compiling on AIX (Eric Stanley)
|
||||
|
||||
2.13 - 11/11/2011
|
||||
-----------------
|
||||
- Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
|
||||
- Fixed bug in allowed_hosts parsing (Eric Stanley)
|
||||
- Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
|
||||
|
||||
|
||||
2.12 - 03/10/2008
|
||||
-----------------
|
||||
- Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
|
||||
|
||||
|
||||
|
||||
2.11 - 12/26/2007
|
||||
-----------------
|
||||
- Added lib64 library paths to configure script for 64-bit systems (John Maag)
|
||||
- Added --with-ssl-lib configure script option
|
||||
- Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
|
||||
|
||||
|
||||
2.10 - 10/19/2007
|
||||
-----------------
|
||||
- Moved PDF docs to docs/ subdirectory, added OpenOffice source document
|
||||
- A critical result is now returned for child processed that die due to a signal (Klas Lindfors)
|
||||
|
||||
|
||||
|
||||
2.9 - 08/13/2007
|
||||
----------------
|
||||
- Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
|
||||
- Fixed bug with check_disk thresholds in sample config file (Patric Wust)
|
||||
- Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
|
||||
for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
|
||||
- Added asprintf() support for systems that are missing it (Samba team)
|
||||
|
||||
|
||||
|
||||
2.8.1 - 05/10/2007
|
||||
-----------------
|
||||
- Fixed configure script error with user-specified NRPE group
|
||||
|
||||
|
||||
|
||||
2.8 - 05/08/2007
|
||||
---------------
|
||||
- Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
|
||||
|
||||
|
||||
|
||||
2.8b1 - 03/14/2007
|
||||
-----------------
|
||||
- Changes to sample config files
|
||||
- Added ';' as an additional prohibited metachar for command arguments
|
||||
- Updated documentation and added easier installation commands
|
||||
|
||||
|
||||
|
||||
2.7.1 - 03/08/2007
|
||||
------------------
|
||||
- Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
|
||||
|
||||
|
||||
|
||||
2.7 - 02/18/2007
|
||||
----------------
|
||||
- Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
|
||||
- NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
|
||||
|
||||
|
||||
|
||||
2.6 - 12/11/2006
|
||||
----------------
|
||||
- Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
|
||||
- Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
|
||||
- Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
|
||||
|
||||
|
||||
|
||||
2.5.2 - 06/30/2006
|
||||
------------------
|
||||
- Fixed incorrect service name in sample xinetd config file
|
||||
- Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
|
||||
- Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
|
||||
- Fix to (re)allow week random seed (Gerhard Lausser)
|
||||
|
||||
|
||||
|
||||
2.5.1 - 04/09/2006
|
||||
------------------
|
||||
- Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
|
||||
|
||||
|
||||
|
||||
2.5 - 04/06/2006
|
||||
----------------
|
||||
- (Re)added allowed_hosts option for systems that don't support TCP wrappers
|
||||
- Fix for SSL errors under Solaris 8 (Niels Endres)
|
||||
- Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
|
||||
|
||||
|
||||
|
||||
2.4 - 02/22/2006
|
||||
----------------
|
||||
- Added option to allow week random seed (Gerhard Lausser)
|
||||
- Added optional command line prefix (Sean Finney)
|
||||
- Added ability to reload config file with SIGHUP
|
||||
- Fixed bug with location of dh.h include file
|
||||
- Fixed bug with disconnect message in debug mode
|
||||
|
||||
|
||||
|
||||
2.3 - 01/23/2006
|
||||
----------------
|
||||
- Spec file fixes
|
||||
- Removed errant PID file debugging code
|
||||
- Fixed problem with trimming command definitions
|
||||
|
||||
|
||||
|
||||
2.2 - 01/22/2006
|
||||
----------------
|
||||
- Spec file fix
|
||||
- Patch to add Tru64 and IRIX support (Ton Voon)
|
||||
- Updated config.sub and config.guess
|
||||
- Fixed bug with config file lines with only whitespace
|
||||
- Fixed bug with missing getopt() command line option for -V
|
||||
- Removed sample FreeBSD init script (now maintained by FreeBSD port)
|
||||
- Added config file option for writing a PID file
|
||||
|
||||
|
||||
|
||||
2.1 - 01/19/2004
|
||||
----------------
|
||||
- Replaced host access list with TCP wrapper support
|
||||
- Removed length restrictions for command names and command lines
|
||||
- Configure script patch for getopt_long on Solaris
|
||||
- Bug fixes for accept() on HP-UX 11.0
|
||||
- Init script for SUSE Linux (Subhendu Ghosh)
|
||||
- SSL protocol used is now limited to TLSv1
|
||||
- Any output from plugins after first line is now ignored before
|
||||
plugin process is closed
|
||||
|
||||
|
||||
|
||||
2.0 - 09/08/2003
|
||||
----------------
|
||||
- Added support for passing arguments to command
|
||||
- NRPE daemon can no longer be run as root user/group
|
||||
- Added getopt support
|
||||
- Added 'include' variable to config file to allow inclusion
|
||||
of external config files
|
||||
- Added 'include_dir' variable to allow inclusion of external
|
||||
config files in directories (with recursion)
|
||||
- Added native SSL support (Derrick Bennett)
|
||||
- Added my_strsep(), as Solaris doesn't have strsep()
|
||||
- Added license exemption for use with OpenSSL
|
||||
|
||||
|
||||
|
||||
1.8 - 01/16/2003
|
||||
----------------
|
||||
- Daemon now closes stdio/out/err properly (James Peterson)
|
||||
- Makefile changes (James Peterson)
|
||||
- Mode command line option bug fix in daemon
|
||||
- Fixed incorrect command line options in check_nrpe plugin
|
||||
|
||||
|
||||
|
||||
1.7 - 01/08/2003
|
||||
----------------
|
||||
- Spec file updates and minor bug fixes (James Peterson)
|
||||
- Bug fix with default nrpe port definition
|
||||
- Added sample xinetd config file (nrpe.xinetd)
|
||||
- Bug fix for command_timeout variable (James Peterson)
|
||||
|
||||
|
||||
|
||||
1.6 - 12/30/2002
|
||||
----------------
|
||||
- Updated sample commands to match new plugin argument format
|
||||
- Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
|
||||
- Syntax changes (-H option specifies host name in check_nrpe,
|
||||
-c option specifies config file in nrpe)
|
||||
- Added command_timeout directive to config file to allow user
|
||||
to specify timeout for executing plugins
|
||||
- Added spec file and misc patches for building RPMs (James Peterson)
|
||||
- Added --with-nrpe-port config directive (James Peterson)
|
||||
|
||||
|
||||
|
||||
1.5 - 06/03/2002
|
||||
----------------
|
||||
- Added setuid/setgid option to config file (suggested by Marek Cervenka)
|
||||
|
||||
|
||||
|
||||
1.4 - 06/01/2002
|
||||
----------------
|
||||
- Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
|
||||
- Minor doc and sample config file changes
|
||||
|
||||
|
||||
|
||||
1.3 - 02/21/2002
|
||||
----------------
|
||||
- Name and version change
|
||||
- Ignore SIGHUP, minor cleanup (Jon Andrews)
|
||||
|
||||
|
||||
|
||||
1.2.5 - 12/22/2001
|
||||
------------------
|
||||
- Implemented Beej's sendall() to handle partial send()s
|
||||
- Added instructions on running under xinetd to README
|
||||
- Removed some old crud
|
||||
|
||||
|
||||
|
||||
1.2.4 - 02/22/2001
|
||||
------------------
|
||||
- I forgot what changes I made. Go figure...
|
||||
|
||||
|
||||
|
||||
1.2.3 - 12/21/2000
|
||||
------------------
|
||||
- A bit more documentation on configuring command definitions for the plugin
|
||||
|
||||
|
||||
|
||||
1.2.2 - 06/05/2000
|
||||
------------------
|
||||
- Fixed error in docs for running under inetd using TCP wrappers
|
||||
- Replaced old email address in src/netutils.h with new one
|
||||
|
||||
|
||||
|
||||
1.2.1 - 05/07/2000
|
||||
------------------
|
||||
- Removed trapping of SIGCHLD
|
||||
- Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
|
||||
|
||||
|
||||
|
||||
1.2.0 - 04/18/2000
|
||||
------------------
|
||||
- Server forks twice after accepting a client connection, so as to prevent the
|
||||
creation of zombies
|
||||
|
||||
|
||||
|
||||
1.1.5 - 04/07/2000
|
||||
------------------
|
||||
- Fixed a small bug where one debug message was not getting logged properly
|
||||
|
||||
|
||||
|
||||
1.1.4 - 03/30/2000
|
||||
------------------
|
||||
- Added option to disable/enable debug messages using the debug option in the
|
||||
config file
|
||||
|
||||
|
||||
|
||||
1.1.3 - 03/11/2000
|
||||
------------------
|
||||
- Changed config file to use an absolute path
|
||||
- Changed all debug output to use syslog (Rene Klootwijk)
|
||||
- No convert all data to network order before sending it and convert it back to
|
||||
host order when receiving it. This makes it possible to mix Solaris and Linux,
|
||||
e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
|
||||
|
||||
|
||||
|
||||
1.1.2 - 03/07/2000
|
||||
------------------
|
||||
- Removed unnecessary code in signal handler routine
|
||||
- Unused signals are no longer trapper
|
||||
|
||||
|
||||
|
||||
1.1.1 - 02/28/2000 - RKL
|
||||
---------------------------
|
||||
- Modified syslog code to include string describing the error code.
|
||||
- Changed hardcoded number in signal handler to its name. This prevented nrpe
|
||||
to run on Solaris.
|
||||
- Fixed race condition in accept loop. The result of accept should also be
|
||||
checked for EINTR.
|
||||
- Modified recv and send function calls to compile without warnings on Solaris.
|
||||
- Modified configure.in,configure and Makefile.in to include nsl and socket libs
|
||||
for Solaris.
|
||||
- Modified the signal handler to reestablish itself after being called.
|
||||
|
||||
|
||||
|
||||
1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
|
||||
-----------------
|
||||
- Added ability to bind nrpe to a specific interface by specifying the address
|
||||
of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
|
||||
|
||||
|
||||
|
||||
1.0 - 02/16/2000
|
||||
------------------
|
||||
- Added ability to run as a service under inetd
|
||||
|
||||
|
||||
|
||||
1.0b6 - 02/01/2000
|
||||
------------------
|
||||
- Added configure script
|
||||
- Netutils functions from the NetSaint plugins is now used
|
||||
- Reset SIGCHLD to default behavior before calling popen() to
|
||||
prevent race condition with pclose() (Reported by Rene Klootwijk)
|
||||
- Cleaned up code
|
||||
|
||||
|
||||
|
||||
1.0b5 - 01/10/2000
|
||||
------------------
|
||||
- Added init script contributed by Jacob L
|
||||
- Incorporated syslog code and other patches contributed by Jacob L
|
||||
|
||||
|
||||
|
||||
1.0b4 - 11/04/1999
|
||||
------------------
|
||||
- Changed 'allowed_ip' option in configuration file to
|
||||
'allowed_hosts' and added support for multiple hosts
|
||||
- Minor buffer overflow protection fixes
|
||||
- main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
|
||||
- Added syslog support (jaclu@grm.se)
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
All source code, binaries, documentation, and information contained
|
||||
in this distribution are provided AS IS with NO WARRANTY OF ANY KIND,
|
||||
INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE.
|
||||
|
||||
Nagios and the Nagios logo are registered trademarks of Nagios Enterprises.
|
||||
All other trademarks, servicemarks, registered trademarks, and
|
||||
registered servicemarks are the property of their respective owner(s).
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
###############################
|
||||
# Makefile for NRPE
|
||||
#
|
||||
# Last Modified: 03-14-2007
|
||||
###############################
|
||||
|
||||
|
||||
# Source code directories
|
||||
SRC_BASE=./src/
|
||||
SRC_INCLUDE=./include/
|
||||
|
||||
CC=@CC@
|
||||
CFLAGS=@CFLAGS@ @DEFS@
|
||||
LDFLAGS=@LDFLAGS@ @LIBS@
|
||||
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
CFGDIR=@sysconfdir@
|
||||
BINDIR=@bindir@
|
||||
SBINDIR=@sbindir@
|
||||
LIBEXECDIR=@libexecdir@
|
||||
INSTALL=@INSTALL@
|
||||
NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
|
||||
NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
|
||||
|
||||
INIT_DIR=@init_dir@
|
||||
INIT_OPTS=-o root -g root
|
||||
|
||||
|
||||
all:
|
||||
cd $(SRC_BASE); $(MAKE) ; cd ..
|
||||
|
||||
@echo ""
|
||||
@echo "*** Compile finished ***"
|
||||
@echo ""
|
||||
@echo "If the NRPE daemon and client compiled without any errors, you"
|
||||
@echo "can continue with the installation or upgrade process."
|
||||
@echo ""
|
||||
@echo "Read the PDF documentation (NRPE.pdf) for information on the next"
|
||||
@echo "steps you should take to complete the installation or upgrade."
|
||||
@echo ""
|
||||
nrpe:
|
||||
cd $(SRC_BASE); $(MAKE) ; cd ..
|
||||
|
||||
check_nrpe:
|
||||
cd $(SRC_BASE); $(MAKE) ; cd ..
|
||||
|
||||
|
||||
install-plugin:
|
||||
cd $(SRC_BASE) && $(MAKE) $@
|
||||
|
||||
install-daemon:
|
||||
cd $(SRC_BASE) && $(MAKE) $@
|
||||
|
||||
install:
|
||||
cd $(SRC_BASE) && $(MAKE) $@
|
||||
|
||||
install-xinetd:
|
||||
$(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe
|
||||
|
||||
install-daemon-config:
|
||||
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
|
||||
$(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg $(DESTDIR)$(CFGDIR)
|
||||
|
||||
solaris-package:
|
||||
@if [ `uname -s` != "SunOS" ] ; then \
|
||||
echo "It is recommended you be running on Solaris to build a Solaris package"; \
|
||||
else \
|
||||
cd package/solaris; $(MAKE) build ; $(MAKE) pkg ; cd ../..; \
|
||||
fi
|
||||
|
||||
clean:
|
||||
cd $(SRC_BASE); $(MAKE) $@ ; cd ..
|
||||
cd package/solaris; $(MAKE) $@ ; cd ../..
|
||||
rm -f core
|
||||
rm -f *~ */*~
|
||||
|
||||
distclean: clean
|
||||
cd $(SRC_BASE); $(MAKE) $@ ; cd ..
|
||||
cd package/solaris; $(MAKE) $@ ; cd ../..
|
||||
rm -f config.log config.status config.cache nrpe.cfg nrpe.xinetd subst $(SRC_INCLUDE)/config.h init-script init-script.debian init-script.freebsd init-script.suse
|
||||
rm -f sample-config/*.cfg sample-config/*.xinetd
|
||||
rm -f Makefile
|
||||
|
||||
devclean: distclean
|
||||
|
|
@ -0,0 +1,234 @@
|
|||
-----------
|
||||
NRPE README
|
||||
-----------
|
||||
|
||||
|
||||
** UPDATED DOCUMENTATION!
|
||||
|
||||
For installation instructions and information on the design overview
|
||||
of the NRPE addon, please read the PDF documentation that is found in
|
||||
this directory: NRPE.pdf
|
||||
|
||||
|
||||
|
||||
|
||||
Purpose
|
||||
-------
|
||||
The purpose of this addon is to allow you to execute Nagios
|
||||
plugins on a remote host in as transparent a manner as possible.
|
||||
|
||||
|
||||
Contents
|
||||
--------
|
||||
|
||||
There are two pieces to this addon:
|
||||
|
||||
1) NRPE - This program runs as a background process on the
|
||||
remote host and processes command execution requests
|
||||
from the check_nrpe plugin on the Nagios host.
|
||||
Upon receiving a plugin request from an authorized
|
||||
host, it will execute the command line associated
|
||||
with the command name it received and send the
|
||||
program output and return code back to the
|
||||
check_nrpe plugin
|
||||
|
||||
2) check_nrpe - This is a plugin that is run on the Nagios host
|
||||
and is used to contact the NRPE process on remote
|
||||
hosts. The plugin requests that a plugin be
|
||||
executed on the remote host and wait for the NRPE
|
||||
process to execute the plugin and return the result.
|
||||
The plugin then uses the output and return code
|
||||
from the plugin execution on the remote host for
|
||||
its own output and return code.
|
||||
|
||||
|
||||
Compiling
|
||||
---------
|
||||
|
||||
The code is very basic and may not work on your particular
|
||||
system without some tweaking. I just haven't put a lot of effort
|
||||
into this addond. Most Linux users should be able to compile
|
||||
NRPE and the check_nrpe plugin with the following commands...
|
||||
|
||||
./configure
|
||||
make all
|
||||
|
||||
The binaries will be located in the src/ directory after you
|
||||
run 'make all' and will have to be installed manually somewhere
|
||||
on your system.
|
||||
|
||||
|
||||
NOTE: Since the check_nrpe plugin and nrpe daemon run on different
|
||||
machines (the plugin runs on the Nagios host and the daemon
|
||||
runs on the remote host), you will have to compile the nrpe
|
||||
daemon on the target machine.
|
||||
|
||||
|
||||
|
||||
Installing
|
||||
----------
|
||||
|
||||
The check_nrpe plugin should be placed on the Nagios host along
|
||||
with your other plugins. In most cases, this will be in the
|
||||
/usr/local/nagios/libexec directory.
|
||||
|
||||
The nrpe program and the configuration file (nrpe.cfg) should
|
||||
be placed somewhere on the remote host. Note that you will also
|
||||
have to install some plugins on the remote host if you want to
|
||||
make much use of this addon.
|
||||
|
||||
|
||||
|
||||
Configuring
|
||||
-----------
|
||||
|
||||
Sample config files for the NRPE daemon are located in the
|
||||
sample-config/ subdirectory.
|
||||
|
||||
|
||||
|
||||
Running Under INETD or XINETD
|
||||
-----------------------------
|
||||
|
||||
If you plan on running nrpe under inetd or xinetd and making use
|
||||
of TCP wrappers, you need to do the following things:
|
||||
|
||||
|
||||
|
||||
1) Add a line to your /etc/services file as follows (modify the port
|
||||
number as you see fit)
|
||||
|
||||
nrpe 5666/tcp # NRPE
|
||||
|
||||
|
||||
|
||||
2) Add entries for the NRPE daemon to either your inetd or xinetd
|
||||
configuration files. Which one your use will depend on which
|
||||
superserver is installed on your system. Both methods are described
|
||||
below. NOTE: If you run nrpe under inetd or xinetd, the server_port
|
||||
and allowed_hosts variables in the nrpe configuration file are
|
||||
ignored.
|
||||
|
||||
|
||||
***** INETD *****
|
||||
If your system uses the inetd superserver WITH tcpwrappers, add an
|
||||
entry to /etc/inetd.conf as follows:
|
||||
|
||||
nrpe stream tcp nowait <user> /usr/sbin/tcpd <nrpebin> -c <nrpecfg> --inetd
|
||||
|
||||
If your system uses the inetd superserver WITHOUT tcpwrappers, add an
|
||||
entry to /etc/inetd.conf as follows:
|
||||
|
||||
nrpe stream tcp nowait <user> <nrpebin> -c <nrpecfg> --inetd
|
||||
|
||||
|
||||
- Replace <user> with the name of the user that the nrpe server should run as.
|
||||
Example: nagios
|
||||
- Replace <nrpebin> with the path to the nrpe binary on your system.
|
||||
Example: /usr/local/nagios/nrpe
|
||||
- Replace <nrpecfg> with the path to the nrpe config file on your system.
|
||||
Example: /usr/local/nagios/nrpe.cfg
|
||||
|
||||
|
||||
***** XINETD *****
|
||||
If your system uses xinetd instead of inetd, you'll probably
|
||||
want to create a file called 'nrpe' in your /etc/xinetd.d
|
||||
directory that contains the following entries:
|
||||
|
||||
|
||||
# default: on
|
||||
# description: NRPE
|
||||
service nrpe
|
||||
{
|
||||
flags = REUSE
|
||||
socket_type = stream
|
||||
wait = no
|
||||
user = <user>
|
||||
server = <nrpebin>
|
||||
server_args = -c <nrpecfg> --inetd
|
||||
log_on_failure += USERID
|
||||
disable = no
|
||||
only_from = <ipaddress1> <ipaddress2> ...
|
||||
}
|
||||
|
||||
|
||||
- Replace <user> with the name of the user that the nrpe server should run as.
|
||||
- Replace <nrpebin> with the path to the nrpe binary on your system.
|
||||
- Replace <nrpecfg> with the path to the nrpe config file on your system.
|
||||
- Replace the <ipaddress> fields with the IP addresses of hosts which
|
||||
are allowed to connect to the NRPE daemon. This only works if xinetd was
|
||||
compiled with support for tcpwrappers.
|
||||
|
||||
|
||||
|
||||
3) Restart inetd or xinetd will the following command (pick the
|
||||
on that is appropriate for your system:
|
||||
|
||||
/etc/rc.d/init.d/inet restart
|
||||
|
||||
/etc/rc.d/init.d/xinetd restart
|
||||
|
||||
OpenBSD users can use the following command to restart inetd:
|
||||
|
||||
kill -HUP `cat /var/run/inet.pid`
|
||||
|
||||
|
||||
|
||||
4) Add entries to your /etc/hosts.allow and /etc/hosts.deny
|
||||
file to enable TCP wrapper protection for the nrpe service.
|
||||
This is optional, although highly recommended.
|
||||
|
||||
|
||||
|
||||
|
||||
Configuring Things On The Nagios Host
|
||||
---------------------------------------
|
||||
|
||||
Examples for configuring the nrpe daemon are found in the sample
|
||||
nrpe.cfg file included in this distribution. That config file
|
||||
resides on the remote host(s) along with the nrpe daemon. The
|
||||
check_nrpe plugin gets installed on the Nagios host. In order
|
||||
to use the check_nrpe plugin from within Nagios, you'll have
|
||||
to define a few things in the host config file. An example
|
||||
command definition for the check_nrpe plugin would look like this:
|
||||
|
||||
define command{
|
||||
command_name check_nrpe
|
||||
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
|
||||
}
|
||||
|
||||
In any service definitions that use the nrpe plugin/daemon to
|
||||
get their results, you would set the service check command portion
|
||||
of the definition to something like this (sample service definition
|
||||
is simplified for this example):
|
||||
|
||||
define service{
|
||||
host_name someremotehost
|
||||
service_description someremoteservice
|
||||
check_command check_nrpe!yourcommand
|
||||
... etc ...
|
||||
}
|
||||
|
||||
where "yourcommand" is a name of a command that you define in
|
||||
your nrpe.cfg file on the remote host (see the docs in the
|
||||
sample nrpe.cfg file for more information).
|
||||
|
||||
|
||||
|
||||
|
||||
Questions?
|
||||
----------
|
||||
|
||||
If you have questions about this addon, or problems getting things
|
||||
working, first try searching the nagios-users mailing list archives.
|
||||
Details on searching the list archives can be found at
|
||||
http://www.nagios.org
|
||||
|
||||
If all else fails, you can email me and I'll try and respond as
|
||||
soon as I get a chance.
|
||||
|
||||
-- Ethan Galstad (nagios@nagios.org)
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
NRPE With SSL/TLS
|
||||
|
||||
NRPE now has the option for Encrypting Network traffic using
|
||||
SSL/TLS from openssl.
|
||||
|
||||
The Encryption is done using a set encryption routine of
|
||||
AES-256 Bit Encryption using SHA and Anon-DH. This encrypts
|
||||
all traffic using the NRPE sockets from the client to the server.
|
||||
|
||||
Since we are using Anon-DH this allows for an encrypted
|
||||
SSL/TLS Connection without using pre-generated keys or
|
||||
certificates. The key generation information used by the
|
||||
program to dynaically create keys on daemon startup can be found
|
||||
in the dh.h file in the nrpe src directory. This file was created
|
||||
using the command:
|
||||
|
||||
openssl dhparam -C 512
|
||||
|
||||
which outputs the C code in dh.h. For your own security you can replace
|
||||
that file with your own dhparam generated code.
|
||||
|
||||
As of this time you will need to have the latest greatest version of
|
||||
OpenSSL (tested against version 0.9.7a) since not all versions have
|
||||
the AES algorythm in them.
|
||||
|
||||
I am not aware that at this time this code is restricted under export
|
||||
restrictions but I leave that verification process up to you.
|
||||
|
||||
Thoughts and suggestions are welcome and I can be reached on the
|
||||
Nagios and NagiosPlug Mailing Lists.
|
||||
|
||||
- Derrick
|
||||
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
Compiling on Solaris
|
||||
|
||||
Several changes may be necessary in order to compile NRPE on Solaris.
|
||||
This information is known to apply to Solaris 10 and may apply to other
|
||||
verisions of Solaris. This has been tested on Solaris 10 x86.
|
||||
|
||||
There are three things that you may need to compile NRPE on Solaris:
|
||||
|
||||
1. Add /usr/sfw/bin to your path
|
||||
$ PATH="$PATH:/usr/sfw/bin"
|
||||
2. Specify the binary to be used for make-ing
|
||||
$ MAKE=gmake ./configure
|
||||
3. Use gmake to build the code
|
||||
$ gmake all
|
||||
|
||||
Thanks to Kevin Pendleton at UtahSysAdmin.com
|
||||
(http://www.utahsysadmin.com/2008/03/14/configuring-nagios-plugins-nrpe-on-solaris-10/)
|
||||
for the instructions on finding the SSL libraries.
|
|
@ -0,0 +1,131 @@
|
|||
********************
|
||||
NRPE SECURITY README
|
||||
********************
|
||||
|
||||
|
||||
TCP WRAPPER SUPPORT
|
||||
===================
|
||||
|
||||
NRPE 2.x includes native support for TCP wrappers. The older
|
||||
host access list directive was removed from the config file.
|
||||
Make sure your system supports TCP wrappers before running NRPE.
|
||||
Once you compile NRPE you can check to see if it has wrapper
|
||||
support built in by running the daemon from the command line
|
||||
without any arguments like this:
|
||||
|
||||
./nrpe --help
|
||||
|
||||
|
||||
|
||||
|
||||
COMMAND ARGUMENTS
|
||||
=================
|
||||
|
||||
NRPE 2.0 includes the ability for clients to supply arguments to
|
||||
commands which should be run. Please note that this feature
|
||||
should be considered a security risk, and you should only use
|
||||
it if you know what you're doing!
|
||||
|
||||
|
||||
BASH COMMAND SUBSTITUTION
|
||||
-------------------------
|
||||
|
||||
Even with the metacharacter restrictions below, if command arguments
|
||||
are enabled, it is still possible to send bash command substitions
|
||||
in the form $(...) as an agrument. This is explicity disabled by
|
||||
default, but can be enabled by a configure-time option and a
|
||||
configuration file option. Enabling this option is VERY RISKY and
|
||||
its use is HIGHLY DISCOURAGED.
|
||||
|
||||
|
||||
ENABLING ARGUMENTS
|
||||
------------------
|
||||
|
||||
To enable support for command argument in the daemon, you must
|
||||
do two things:
|
||||
|
||||
1. Run the configure script with the --enable-command-args
|
||||
option
|
||||
|
||||
2. Set the 'dont_blame_nrpe' directive in the NRPE config
|
||||
file to 1.
|
||||
|
||||
|
||||
ENABLING BASH COMMAND SUBSTITUTION
|
||||
----------------------------------
|
||||
|
||||
To enable support for arguments containing bash command substitions,
|
||||
you must do two things:
|
||||
|
||||
1. Enable arguments as described above
|
||||
|
||||
2. Include the --enable-bash-command-substitution configure
|
||||
option when running the configure script
|
||||
|
||||
3. Set the 'allow_bash_command_substitutions' directive in the
|
||||
NRPE config file to 1.
|
||||
|
||||
|
||||
ILLEGAL METACHARS
|
||||
-----------------
|
||||
|
||||
To help prevent some nasty things from being done by evil
|
||||
clients, the following metacharacters are not allowed
|
||||
in client command arguments:
|
||||
|
||||
| ` & > < ' " \ [ ] { } ; !
|
||||
|
||||
Any client request which contains the abovementioned metachars
|
||||
is discarded.
|
||||
|
||||
|
||||
USER/GROUP RESTRICTIONS
|
||||
-----------------------
|
||||
|
||||
The NRPE daemon cannot be run with (effective) root user/group
|
||||
privileges. You must run the daemon with an account that does
|
||||
not have superuser rights. Use the nrpe_user and nrpe_group
|
||||
directives in the config file to specify which user/group the
|
||||
daemon should run as.
|
||||
|
||||
|
||||
ENCRYPTION
|
||||
----------
|
||||
|
||||
If you do enable support for command arguments in the NRPE daemon,
|
||||
make sure that you encrypt communications either by using:
|
||||
|
||||
1. Stunnel (see http://www.stunnel.org for more info)
|
||||
2. Native SSL support
|
||||
|
||||
Do NOT assume that just because the daemon is behind a firewall
|
||||
that you are safe! Always encrypt NRPE traffic!
|
||||
|
||||
|
||||
USING ARGUMENTS
|
||||
---------------
|
||||
|
||||
How do you use command arguments? Well, lets say you define a
|
||||
command in the NRPE config file that looks like this:
|
||||
|
||||
command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
|
||||
|
||||
You could then call the check_nrpe plugin like this:
|
||||
|
||||
./check_nrpe -H <host> -c check_users -a 5 10
|
||||
|
||||
The arguments '5' and '10' get substituted into the appropriate
|
||||
$ARGx$ macros in the command ($ARG1$ and $ARG2$, respectively).
|
||||
The command that would be executed by the NRPE daemon would look
|
||||
like this:
|
||||
|
||||
/usr/local/nagios/libexec/check_users -w 5 -c 10
|
||||
|
||||
You can supply up to 16 arguments to be passed to the command
|
||||
for substitution in $ARG$ macros ($ARG1$ - $ARG16$).
|
||||
|
||||
|
||||
|
||||
|
||||
-- Ethan Galstad (nagios@nagios.org)
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,481 @@
|
|||
dnl Process this -*-m4-*- file with autoconf to produce a configure script.
|
||||
|
||||
dnl Disable caching
|
||||
define([AC_CACHE_LOAD],)
|
||||
define([AC_CACHE_SAVE],)
|
||||
|
||||
AC_INIT([nrpe],[2.15],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org])
|
||||
AC_CONFIG_SRCDIR([src/nrpe.c])
|
||||
AC_CONFIG_HEADERS([include/config.h])
|
||||
AC_CONFIG_FILES([Makefile
|
||||
subst
|
||||
src/Makefile
|
||||
package/solaris/Makefile
|
||||
init-script
|
||||
init-script.debian
|
||||
init-script.suse
|
||||
nrpe.spec
|
||||
sample-config/nrpe.cfg
|
||||
sample-config/nrpe.xinetd])
|
||||
AC_PREFIX_DEFAULT(/usr/local/nagios)
|
||||
|
||||
PKG_NAME=nrpe
|
||||
PKG_VERSION="2.15"
|
||||
PKG_HOME_URL="http://www.nagios.org/"
|
||||
PKG_REL_DATE="09-06-2013"
|
||||
RPM_RELEASE=1
|
||||
AC_SUBST(PKG_NAME)
|
||||
AC_SUBST(PKG_VERSION)
|
||||
AC_SUBST(PKG_HOME_URL)
|
||||
AC_SUBST(PKG_REL_DATE)
|
||||
AC_SUBST(RPM_RELEASE)
|
||||
|
||||
dnl Figure out how to invoke "install" and what install options to use.
|
||||
AC_PROG_INSTALL
|
||||
AC_SUBST(INSTALL)
|
||||
|
||||
dnl What OS are we running?
|
||||
AC_CANONICAL_HOST
|
||||
|
||||
dnl Checks for programs.
|
||||
AC_PROG_CC
|
||||
AC_PROG_MAKE_SET
|
||||
|
||||
dnl Checks for header files.
|
||||
AC_HEADER_STDC
|
||||
AC_HEADER_TIME
|
||||
AC_HEADER_SYS_WAIT
|
||||
AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
AC_C_CONST
|
||||
AC_STRUCT_TM
|
||||
AC_TYPE_MODE_T
|
||||
AC_TYPE_PID_T
|
||||
AC_TYPE_SIZE_T
|
||||
AC_TYPE_SIGNAL
|
||||
AC_TYPE_GETGROUPS
|
||||
|
||||
dnl Check lengths for later tests of u_int32_t and int32_t
|
||||
AC_CHECK_SIZEOF(int)
|
||||
AC_CHECK_SIZEOF(short)
|
||||
AC_CHECK_SIZEOF(long)
|
||||
|
||||
dnl Define u_int32_t if we don't have it already (Solaris, etc.)
|
||||
AC_CHECK_TYPE(uint32_t,unsigned int)
|
||||
AC_CHECK_TYPE(u_int32_t,unsigned int)
|
||||
if test "$ac_cv_type_u_int32_t" = no ; then
|
||||
if test "$ac_cv_type_u_int32_t" = yes ; then
|
||||
AC_DEFINE(U_INT32_T_IS_UINT32_T,[1],[u_int32_t is uint32_t])
|
||||
else
|
||||
if test "$ac_cv_sizeof_int" = 4 ; then
|
||||
AC_DEFINE(U_INT32_T_IS_UINT,[1],[u_int32_t is uint])
|
||||
else
|
||||
if test "$ac_cv_sizeof_long" = 4 ; then
|
||||
AC_DEFINE(U_INT32_T_IS_ULONG,[1],[u_int32_t is ulong])
|
||||
else
|
||||
if test "$ac_cv_sizeof_short" = 4 ; then
|
||||
AC_DEFINE(U_INT32_T_IS_USHORT,[1],[u_int32_t is ushort])
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl Define int32_t if we don't have it already
|
||||
AC_CHECK_TYPE(int32_t,int)
|
||||
if test "$ac_cv_type_int32_t" = no ; then
|
||||
if test "$ac_cv_sizeof_int" = 4 ; then
|
||||
AC_DEFINE(INT32_T_IS_UINT,[1],[int32_t is uint])
|
||||
else
|
||||
if test "$ac_cv_sizeof_long" = 4 ; then
|
||||
AC_DEFINE(INT32_T_IS_ULONG,[1],[int32_t is ulong])
|
||||
else
|
||||
if test "$ac_cv_sizeof_short" = 4 ; then
|
||||
AC_DEFINE(INT32_T_IS_USHORT,[1],[int32_t is ushort])
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
dnl Check for asprintf() and friends...
|
||||
AC_CACHE_CHECK([for va_copy],ac_cv_HAVE_VA_COPY,[
|
||||
AC_TRY_LINK([#include <stdarg.h>
|
||||
va_list ap1,ap2;], [va_copy(ap1,ap2);],
|
||||
ac_cv_HAVE_VA_COPY=yes,
|
||||
ac_cv_HAVE_VA_COPY=no)])
|
||||
if test x"$ac_cv_HAVE_VA_COPY" = x"yes"; then
|
||||
AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
|
||||
else
|
||||
AC_CACHE_CHECK([for __va_copy],ac_cv_HAVE___VA_COPY,[
|
||||
AC_TRY_LINK([#include <stdarg.h>
|
||||
va_list ap1,ap2;], [__va_copy(ap1,ap2);],
|
||||
ac_cv_HAVE___VA_COPY=yes,
|
||||
ac_cv_HAVE___VA_COPY=no)])
|
||||
if test x"$ac_cv_HAVE___VA_COPY" = x"yes"; then
|
||||
AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_CHECK_FUNC(vsnprintf,,SNPRINTF_O=./snprintf.o)
|
||||
AC_CHECK_FUNC(snprintf,,SNPRINTF_O=./snprintf.o)
|
||||
AC_CHECK_FUNC(asprintf,,SNPRINTF_O=./snprintf.o)
|
||||
AC_CHECK_FUNC(vasprintf,,SNPRINTF_O=./snprintf.o)
|
||||
|
||||
AC_CACHE_CHECK([for C99 vsnprintf],ac_cv_HAVE_C99_VSNPRINTF,[
|
||||
AC_TRY_RUN([
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h>
|
||||
void foo(const char *format, ...) {
|
||||
va_list ap;
|
||||
int len;
|
||||
char buf[5];
|
||||
|
||||
va_start(ap, format);
|
||||
len = vsnprintf(buf, 0, format, ap);
|
||||
va_end(ap);
|
||||
if (len != 5) exit(1);
|
||||
|
||||
va_start(ap, format);
|
||||
len = vsnprintf(0, 0, format, ap);
|
||||
va_end(ap);
|
||||
if (len != 5) exit(1);
|
||||
|
||||
if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
main() { foo("hello"); }
|
||||
],
|
||||
ac_cv_HAVE_C99_VSNPRINTF=yes,ac_cv_HAVE_C99_VSNPRINTF=no,ac_cv_HAVE_C99_VSNPRINTF=cross)])
|
||||
if test x"$ac_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
|
||||
AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Define if system has C99 compatible vsnprintf])
|
||||
fi
|
||||
|
||||
dnl AC_CHECK_FUNC(snprintf,AC_DEFINE(HAVE_SNPRINTF),SNPRINTF_O=./snprintf.o)
|
||||
AC_SUBST(SNPRINTF_O)
|
||||
|
||||
dnl Check for getopt_long (Solaris)
|
||||
AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OTHERLIBS -liberty"))
|
||||
AC_SUBST(OTHERLIBS)
|
||||
|
||||
dnl Checks for library functions.
|
||||
AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
|
||||
AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
|
||||
AC_SUBST(SOCKETLIBS)
|
||||
AC_CHECK_LIB(wrap,main,[
|
||||
LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
|
||||
AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
|
||||
])
|
||||
AC_SUBST(LIBWRAPLIBS)
|
||||
AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
|
||||
|
||||
dnl socklen_t check - from curl
|
||||
AC_CHECK_TYPE([socklen_t], ,[
|
||||
AC_MSG_CHECKING([for socklen_t equivalent])
|
||||
AC_CACHE_VAL([curl_cv_socklen_t_equiv],
|
||||
[
|
||||
# Systems have either "struct sockaddr *" or
|
||||
# "void *" as the second argument to getpeername
|
||||
curl_cv_socklen_t_equiv=
|
||||
for arg2 in "struct sockaddr" void; do
|
||||
for t in int size_t unsigned long "unsigned long"; do
|
||||
AC_TRY_COMPILE([
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
#include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
int getpeername (int, $arg2 *, $t *);
|
||||
],[
|
||||
$t len;
|
||||
getpeername(0,0,&len);
|
||||
],[
|
||||
curl_cv_socklen_t_equiv="$t"
|
||||
break
|
||||
])
|
||||
done
|
||||
done
|
||||
|
||||
if test "x$curl_cv_socklen_t_equiv" = x; then
|
||||
AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
|
||||
fi
|
||||
])
|
||||
AC_MSG_RESULT($curl_cv_socklen_t_equiv)
|
||||
AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
|
||||
[type to use in place of socklen_t if not defined])],
|
||||
[#include <sys/types.h>
|
||||
#include <sys/socket.h>])
|
||||
|
||||
|
||||
AC_MSG_CHECKING(for type of socket size)
|
||||
AC_TRY_COMPILE([#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
],
|
||||
[int a = send(1, (const void *)0, (size_t *) 0, (int *) 0);],
|
||||
[AC_DEFINE(SOCKET_SIZE_TYPE, size_t, [Socket Size Type]) AC_MSG_RESULT(size_t)],
|
||||
[AC_DEFINE(SOCKET_SIZE_TYPE, int, [Socket Size Type]) AC_MSG_RESULT(int)])
|
||||
|
||||
dnl Stolen from Python code: loewis@users.sourceforge.net
|
||||
#AC_CHECK_TYPE(socklen_t,int,
|
||||
# AC_DEFINE(socklen_t,int,
|
||||
# Define to `int' if <sys/socket.h> does not define.),[
|
||||
# #ifdef HAVE_SYS_TYPES_H
|
||||
# #include <sys/types.h>
|
||||
# #endif
|
||||
# #ifdef HAVE_SYS_SOCKET_H
|
||||
# #include <sys/socket.h>
|
||||
# #endif
|
||||
# ])
|
||||
|
||||
dnl Does user want to check for SSL?
|
||||
AC_ARG_ENABLE([ssl],
|
||||
AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
|
||||
if test x$enableval = xyes; then
|
||||
check_for_ssl=yes
|
||||
else
|
||||
check_for_ssl=no
|
||||
fi
|
||||
],check_for_ssl=yes)
|
||||
|
||||
dnl Optional SSL library and include paths
|
||||
ssl_dir=
|
||||
ssl_inc_dir=
|
||||
ssl_lib_dir=
|
||||
AC_ARG_WITH([ssl],
|
||||
AS_HELP_STRING([--with-ssl=DIR],[sets location of the SSL installation]),
|
||||
[ssl_dir=$withval])
|
||||
AC_ARG_WITH([ssl-inc],
|
||||
AS_HELP_STRING([--with-ssl-inc=DIR],
|
||||
[sets location of the SSL include files]),
|
||||
[ ssl_inc_dir=$withval])
|
||||
AC_ARG_WITH([ssl-lib],
|
||||
AS_HELP_STRING([--with-ssl-lib=DIR],[sets location of the SSL libraries]),
|
||||
[ssl_lib_dir=$withval])
|
||||
AC_ARG_WITH([kerberos-inc],
|
||||
AS_HELP_STRING([--with-kerberos-inc=DIR],
|
||||
[sets location of the Kerberos include files]),
|
||||
[kerberos_inc_dir=$withval])
|
||||
|
||||
dnl Check for SSL support
|
||||
dnl Modified version of Mark Ethan Trostler's macro <trostler@juniper.net>
|
||||
if test x$check_for_ssl = xyes; then
|
||||
AC_MSG_CHECKING(for SSL headers)
|
||||
found_ssl=no
|
||||
for dir in $ssl_inc_dir $ssl_dir /usr/local/openssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr /usr/freeware/lib/openssl /usr/sfw/include; do
|
||||
ssldir="$dir"
|
||||
if test -f "$dir/include/openssl/ssl.h"; then
|
||||
found_ssl=yes
|
||||
CFLAGS="$CFLAGS -I$dir/include/openssl -I$ssldir/include"
|
||||
sslincdir="$dir/include/openssl"
|
||||
break
|
||||
fi
|
||||
if test -f "$dir/include/ssl.h"; then
|
||||
found_ssl=yes
|
||||
CFLAGS="$CFLAGS -I$dir/include"
|
||||
sslincdir="$dir/include"
|
||||
break
|
||||
fi
|
||||
if test -f "$dir/ssl.h"; then
|
||||
found_ssl=yes
|
||||
CFLAGS="$CFLAGS -I$dir"
|
||||
sslincdir="$dir"
|
||||
ssldir="$dir/.."
|
||||
break
|
||||
fi
|
||||
if test -f "$dir/openssl/ssl.h"; then
|
||||
found_ssl=yes
|
||||
CFLAGS="$CFLAGS -I$dir/openssl"
|
||||
sslincdir="$dir/openssl"
|
||||
ssldir="$dir/.."
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if test x_$found_ssl != x_yes; then
|
||||
AC_MSG_ERROR(Cannot find ssl headers)
|
||||
else
|
||||
|
||||
printf "SSL headers found in $ssldir\n";
|
||||
|
||||
dnl Now try and find SSL libraries
|
||||
AC_MSG_CHECKING(for SSL libraries)
|
||||
found_ssl=no
|
||||
for dir in $ssl_lib_dir $ssl_dir /usr/lib64 /usr/lib /usr/local/lib /usr/lib/ssl /usr/ssl/lib /usr/openssl/lib /usr/pkg/lib /usr/freeware/lib/openssl /usr/sfw/lib /opt/freeware/lib; do
|
||||
ssllibdir="$dir"
|
||||
if test "`uname -s`" = "Darwin" ; then
|
||||
soext="dylib"
|
||||
elif test "`uname -s`" = "HP-UX" ; then
|
||||
soext="sl"
|
||||
else
|
||||
soext="so"
|
||||
fi
|
||||
if test -f "$dir/libssl.$soext"; then
|
||||
found_ssl=yes
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if test x_$found_ssl != x_yes; then
|
||||
AC_MSG_ERROR(Cannot find ssl libraries)
|
||||
else
|
||||
printf "SSL libraries found in $ssllibdir\n";
|
||||
|
||||
LDFLAGS="$LDFLAGS -L$ssllibdir";
|
||||
LIBS="$LIBS -lssl -lcrypto";
|
||||
|
||||
AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
|
||||
AC_SUBST(HAVE_SSL)
|
||||
|
||||
dnl Generate DH parameters
|
||||
echo ""
|
||||
echo "*** Generating DH Parameters for SSL/TLS ***"
|
||||
if test -f "$ssldir/sbin/openssl"; then
|
||||
sslbin=$ssldir/sbin/openssl
|
||||
else
|
||||
sslbin=$ssldir/bin/openssl
|
||||
fi
|
||||
# awk to strip off meta data at bottom of dhparam output
|
||||
$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl RedHat 8.0 and 9.0 include openssl compiled with kerberos, so we must include header file
|
||||
AC_MSG_CHECKING(for Kerberos include files)
|
||||
found_kerberos=no
|
||||
for dir in $kerberos_inc_dir /usr/kerberos/include; do
|
||||
kerbdir="$dir"
|
||||
if test -f "$dir/krb5.h"; then
|
||||
found_kerberos=yes
|
||||
CFLAGS="$CFLAGS -I$kerbdir"
|
||||
AC_DEFINE_UNQUOTED(HAVE_KRB5_H,[1],[Have the krb5.h header file])
|
||||
dnl AC_CHECK_HEADERS(krb5.h)
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if test x_$found_kerberos != x_yes; then
|
||||
printf "could not find include files\n";
|
||||
else
|
||||
printf "found Kerberos include files in $kerbdir\n";
|
||||
fi
|
||||
|
||||
|
||||
fi
|
||||
|
||||
AC_ARG_WITH([log_facility],
|
||||
AS_HELP_STRING([--with-log-facility=<facility>],
|
||||
[sets NRPE syslog facility]),
|
||||
[log_facility=$withval],
|
||||
[log_facility=daemon])
|
||||
AC_SUBST(log_facility)
|
||||
AC_DEFINE_UNQUOTED(NRPE_LOG_FACILITY,["$log_facility"],[NRPE syslog facility])
|
||||
|
||||
AC_ARG_WITH([nrpe_user],
|
||||
AS_HELP_STRING([--with-nrpe-user=<user>],[sets user name to run NRPE]),
|
||||
[nrpe_user=$withval],
|
||||
[nrpe_user=nagios])
|
||||
|
||||
AC_ARG_WITH([nrpe_group],
|
||||
AS_HELP_STRING([--with-nrpe-group=<group>],[sets group name to run NRPE]),
|
||||
[nrpe_group=$withval],
|
||||
[nrpe_group=nagios])
|
||||
|
||||
AC_ARG_WITH([nrpe_port],
|
||||
AS_HELP_STRING([--with-nrpe-port=<port>],
|
||||
[sets port number for NRPE to listen on]),
|
||||
[nrpe_port=$withval],
|
||||
[nrpe_port=5666])
|
||||
AC_SUBST(nrpe_user)
|
||||
AC_SUBST(nrpe_group)
|
||||
NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
|
||||
AC_SUBST(NRPE_INSTALL_OPTS)
|
||||
AC_SUBST(nrpe_port)
|
||||
AC_DEFINE_UNQUOTED(DEFAULT_SERVER_PORT,$nrpe_port,[Default port for NRPE daemon])
|
||||
|
||||
AC_ARG_WITH([nagios_user],
|
||||
AS_HELP_STRING([--with-nagios-user=<user>],
|
||||
[sets user name for file permissions]),
|
||||
[nagios_user=$withval],
|
||||
[nagios_user=nagios])
|
||||
AC_ARG_WITH([nagios_group],
|
||||
AS_HELP_STRING([--with-nagios-group=<grp>],
|
||||
[sets group name file permissions]),
|
||||
[nagios_group=$withval],
|
||||
[nagios_group=nagios])
|
||||
AC_SUBST(nagios_user)
|
||||
AC_SUBST(nagios_group)
|
||||
NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
|
||||
AC_SUBST(NAGIOS_INSTALL_OPTS)
|
||||
|
||||
# Determine target OS, version and architecture for package build macros
|
||||
if test "x$target_ver" = "x" ; then
|
||||
TARGET_VER=`uname -r`
|
||||
else
|
||||
TARGET_VER=$target_ver
|
||||
fi
|
||||
AC_SUBST(TARGET_VER)
|
||||
if test "x$target_os" = "x" ; then
|
||||
TARGET_OS=`uname -s`
|
||||
else
|
||||
TARGET_OS=$target_os
|
||||
fi
|
||||
AC_SUBST(TARGET_OS)
|
||||
if test "x$target_cpu" = "x" ; then
|
||||
TARGET_ARCH=`uname -p`
|
||||
else
|
||||
TARGET_ARCH=$target_cpu
|
||||
fi
|
||||
AC_SUBST(TARGET_ARCH)
|
||||
TARGET_PLATFORM=""
|
||||
if test "x$TARGET_OS" = "xSunOS" ; then
|
||||
if test "x$TARGET_VER" = "x5.10" ; then
|
||||
TARGET_PLATFORM="sol10"
|
||||
fi
|
||||
fi
|
||||
AC_SUBST(TARGET_PLATFORM)
|
||||
|
||||
AC_ARG_ENABLE([command-args],
|
||||
AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
|
||||
AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
|
||||
|
||||
AC_ARG_ENABLE([bash-command-substitution],
|
||||
AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
|
||||
AC_DEFINE_UNQUOTED(ENABLE_BASH_COMMAND_SUBSTITUTION,[1],[Enable bash command substitution]))
|
||||
|
||||
|
||||
AC_PATH_PROG(PERL,perl)
|
||||
AC_OUTPUT()
|
||||
|
||||
perl subst init-script
|
||||
perl subst init-script.debian
|
||||
perl subst init-script.suse
|
||||
perl subst sample-config/nrpe.cfg
|
||||
perl subst sample-config/nrpe.xinetd
|
||||
|
||||
|
||||
dnl Review options
|
||||
echo ""
|
||||
echo ""
|
||||
AC_MSG_RESULT([*** Configuration summary for $PKG_NAME $PKG_VERSION $PKG_REL_DATE ***:])
|
||||
|
||||
echo ""
|
||||
echo " General Options:"
|
||||
echo " -------------------------"
|
||||
|
||||
AC_MSG_RESULT([ NRPE port: $nrpe_port])
|
||||
AC_MSG_RESULT([ NRPE user: $nrpe_user])
|
||||
AC_MSG_RESULT([ NRPE group: $nrpe_group])
|
||||
AC_MSG_RESULT([ Nagios user: $nagios_user])
|
||||
AC_MSG_RESULT([ Nagios group: $nagios_group])
|
||||
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo "Review the options above for accuracy. If they look okay,"
|
||||
echo "type 'make all' to compile the NRPE daemon and client."
|
||||
echo ""
|
|
@ -0,0 +1,64 @@
|
|||
NOTES:
|
||||
------
|
||||
|
||||
The service definition below assumes you have a command called "check_tcp" already setup
|
||||
in your config files.
|
||||
|
||||
The command definition below assumes that the $USER1$ macro is used to define the location
|
||||
of your Nagios plugins (i.e. "/usr/local/nagios/libexec") and that the nrpe_check_control
|
||||
service is located in that directory.
|
||||
|
||||
|
||||
|
||||
SAMPLE CONFIG FILE SNIPPETS:
|
||||
----------------------------
|
||||
|
||||
define service {
|
||||
host_name <host name goes here>
|
||||
description NRPE
|
||||
...
|
||||
event_handler nrpe_check_control
|
||||
check_command check_tcp!-p 5666
|
||||
}
|
||||
|
||||
define command {
|
||||
command_name nrpe_check_control
|
||||
command_line $USER1$/nrpe_check_control $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$ "$HOSTNAME$"
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
ORIGINAL EMAIL SNIPPET:
|
||||
-----------------------
|
||||
|
||||
Date sent: Fri, 30 Mar 2001 18:51:48 -0500
|
||||
From: adam.bowen@<>
|
||||
Subject: Event Handler
|
||||
To: [nagios@nagios.org]
|
||||
|
||||
I am attaching the source code for an event handler I wrote to
|
||||
control checks using nrpe. I add the following check to all remote hosts
|
||||
using nrpe:
|
||||
|
||||
<see example above>
|
||||
|
||||
I added this line to the commands.cfg file:
|
||||
|
||||
<see example above>
|
||||
|
||||
When the NRPE service check listed above has 3 failed connection
|
||||
attempts, it will run the nrpe_check_control which will search the
|
||||
services file for all services for $HOSTNAME$ that use the check_nrpe.
|
||||
|
||||
It will then request that all these services be disabled. When the
|
||||
NRPE check returns to the OK state, it will request that all services
|
||||
using check_nrpe be re-enabled. This will prevent unnecessary e-mail
|
||||
when there is a problem with the NRPE daemon. This does require
|
||||
that external commands be enabled.
|
||||
|
||||
(See attached file: nrpe_check_control.c)
|
||||
|
||||
I thought some other [Nagios] users might find this useful.
|
||||
|
||||
Adam G. Bowen
|
|
@ -0,0 +1,121 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#define MAX_CHARS 1024
|
||||
#define SERVICE_COUNT 12
|
||||
|
||||
#define COMMAND_FILE "/usr/local/nagios/var/rw/nagios.cmd"
|
||||
#define SERVICES_FILE "/usr/local/nagios/etc/services.cfg"
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
char check_name[MAX_CHARS];
|
||||
char ent_type[MAX_CHARS];
|
||||
char input_buffer[MAX_CHARS];
|
||||
char host_name[MAX_CHARS];
|
||||
char service_name[MAX_CHARS];
|
||||
char state[MAX_CHARS];
|
||||
char state_type[MAX_CHARS];
|
||||
char temp_input[MAX_CHARS];
|
||||
char temp_string[MAX_CHARS];
|
||||
char test_host[MAX_CHARS];
|
||||
|
||||
char *temp_var;
|
||||
|
||||
FILE *command_fp;
|
||||
FILE *services_fp;
|
||||
|
||||
int attempt;
|
||||
int i;
|
||||
|
||||
time_t current_time;
|
||||
|
||||
strcpy(state,argv[1]);
|
||||
strcpy(state_type,argv[2]);
|
||||
attempt=atoi(argv[3]);
|
||||
strcpy(host_name,argv[4]);
|
||||
|
||||
if(strcmp(state,"OK") == 0)
|
||||
{
|
||||
services_fp=fopen(SERVICES_FILE,"r");
|
||||
command_fp=fopen(COMMAND_FILE,"a");
|
||||
while((fgets(input_buffer,MAX_CHARS-1,services_fp)) != NULL)
|
||||
{
|
||||
if(input_buffer[0]=='#' || input_buffer[0]=='\x0' || input_buffer[0]=='\n' || input_buffer[0]=='\r')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
strcpy(temp_input,input_buffer);
|
||||
strcpy(temp_string,strtok(temp_input,"="));
|
||||
strcpy(ent_type,strtok(temp_string,"["));
|
||||
if(strcmp(ent_type,"service") == 0)
|
||||
{
|
||||
strcpy(test_host,strtok(NULL,"]"));
|
||||
if(strcmp(test_host,host_name) == 0)
|
||||
{
|
||||
temp_var=strtok(input_buffer,"=");
|
||||
strcpy(service_name,strtok(NULL,";"));
|
||||
for(i=1;i<=SERVICE_COUNT;i++)
|
||||
{
|
||||
temp_var=strtok(NULL,";");
|
||||
}
|
||||
strcpy(check_name,strtok(temp_var,"!"));
|
||||
if(strcmp(check_name,"check_nrpe") == 0)
|
||||
{
|
||||
time(¤t_time);
|
||||
fprintf(command_fp,"[%lu] ENABLE_SVC_CHECK;%s;%s\n",current_time,host_name,service_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
fclose(command_fp);
|
||||
fclose(services_fp);
|
||||
}
|
||||
else if(strcmp(state,"CRITICAL") == 0)
|
||||
{
|
||||
if(attempt == 3)
|
||||
{
|
||||
services_fp=fopen(SERVICES_FILE,"r");
|
||||
command_fp=fopen(COMMAND_FILE,"a");
|
||||
while((fgets(input_buffer,MAX_CHARS-1,services_fp)) != NULL)
|
||||
{
|
||||
if(input_buffer[0]=='#' || input_buffer[0]=='\x0' || input_buffer[0]=='\n' || input_buffer[0]=='\r')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
strcpy(temp_input,input_buffer);
|
||||
strcpy(temp_string,strtok(temp_input,"="));
|
||||
strcpy(ent_type,strtok(temp_string,"["));
|
||||
if(strcmp(ent_type,"service") == 0)
|
||||
{
|
||||
strcpy(test_host,strtok(NULL,"]"));
|
||||
if(strcmp(test_host,host_name) == 0)
|
||||
{
|
||||
temp_var=strtok(input_buffer,"=");
|
||||
strcpy(service_name,strtok(NULL,";"));
|
||||
for(i=1;i<=SERVICE_COUNT;i++)
|
||||
{
|
||||
temp_var=strtok(NULL,";");
|
||||
}
|
||||
strcpy(check_name,strtok(temp_var,"!"));
|
||||
if(strcmp(check_name,"check_nrpe") == 0)
|
||||
{
|
||||
time(¤t_time);
|
||||
fprintf(command_fp,"[%lu] DISABLE_SVC_CHECK;%s;%s\n",current_time,host_name,service_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
fclose(command_fp);
|
||||
fclose(services_fp);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,70 @@
|
|||
/*-
|
||||
* acl.c - header file for acl.c
|
||||
* Copyright (c) 2011 Kaspersky Lab ZAO
|
||||
* Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help
|
||||
*
|
||||
* License: GPL
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#ifndef ACL_H_INCLUDED
|
||||
#define ACL_H_INCLUDED 1
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <netdb.h>
|
||||
#include <syslog.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#define CHAR_TO_NUMBER(c) ((c) - '0')
|
||||
|
||||
struct ip_acl {
|
||||
int family;
|
||||
struct in_addr addr;
|
||||
struct in_addr mask;
|
||||
struct in6_addr addr6;
|
||||
struct in6_addr mask6;
|
||||
struct ip_acl *next;
|
||||
};
|
||||
|
||||
struct dns_acl {
|
||||
char domain[255];
|
||||
struct dns_acl *next;
|
||||
};
|
||||
|
||||
/* Poiters to head ACL structs */
|
||||
static struct ip_acl *ip_acl_head, *ip_acl_prev;
|
||||
static struct dns_acl *dns_acl_head, *dns_acl_prev;
|
||||
|
||||
/* Functions */
|
||||
void parse_allowed_hosts(char *allowed_hosts);
|
||||
int add_ipv4_to_acl(char *ipv4);
|
||||
int add_ipv6_to_acl(char *ipv6);
|
||||
int add_domain_to_acl(char *domain);
|
||||
//int is_an_allowed_host(struct in_addr);
|
||||
int is_an_allowed_host(int, void *);
|
||||
unsigned int prefix_from_mask(struct in_addr mask);
|
||||
void show_acl_lists(void);
|
||||
|
||||
#endif /* ACL_H_INCLUDED */
|
|
@ -0,0 +1,92 @@
|
|||
/************************************************************************
|
||||
*
|
||||
* COMMON.H - NRPE Common Include File
|
||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
||||
* Last Modified: 09-06-2013
|
||||
*
|
||||
* License:
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
************************************************************************/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#define PROGRAM_VERSION "2.15"
|
||||
#define MODIFICATION_DATE "09-06-2013"
|
||||
|
||||
#define OK 0
|
||||
#define ERROR -1
|
||||
|
||||
#define TRUE 1
|
||||
#define FALSE 0
|
||||
|
||||
#define STATE_UNKNOWN 3 /* service state return codes */
|
||||
#define STATE_CRITICAL 2
|
||||
#define STATE_WARNING 1
|
||||
#define STATE_OK 0
|
||||
|
||||
|
||||
#define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */
|
||||
#define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */
|
||||
|
||||
#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */
|
||||
#define MAX_FILENAME_LENGTH 256
|
||||
|
||||
#define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */
|
||||
|
||||
#define NRPE_HELLO_COMMAND "_NRPE_CHECK"
|
||||
|
||||
#define MAX_COMMAND_ARGUMENTS 16
|
||||
|
||||
|
||||
/**************** PACKET STRUCTURE DEFINITION **********/
|
||||
|
||||
#define QUERY_PACKET 1 /* id code for a packet containing a query */
|
||||
#define RESPONSE_PACKET 2 /* id code for a packet containing a response */
|
||||
|
||||
#define NRPE_PACKET_VERSION_3 3 /* packet version identifier */
|
||||
#define NRPE_PACKET_VERSION_2 2
|
||||
#define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */
|
||||
|
||||
#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */
|
||||
|
||||
typedef struct packet_struct{
|
||||
int16_t packet_version;
|
||||
int16_t packet_type;
|
||||
u_int32_t crc32_value;
|
||||
int16_t result_code;
|
||||
char buffer[MAX_PACKETBUFFER_LENGTH];
|
||||
}packet;
|
||||
|
||||
/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
|
||||
#if defined(__sun) || defined(__hpux)
|
||||
|
||||
# ifndef LOG_AUTHPRIV
|
||||
# define LOG_AUTHPRIV LOG_AUTH
|
||||
# endif
|
||||
|
||||
# ifndef LOG_FTP
|
||||
# define LOG_FTP LOG_DAEMON
|
||||
# endif
|
||||
|
||||
#elif _AIX
|
||||
|
||||
# include <sys/select.h>
|
||||
|
||||
# ifndef LOG_FTP
|
||||
# define LOG_FTP LOG_DAEMON
|
||||
# endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,263 @@
|
|||
/************************************************************************
|
||||
*
|
||||
* NRPE Common Header File
|
||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
||||
* Last Modified: 11-23-2007
|
||||
*
|
||||
* License:
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
************************************************************************/
|
||||
|
||||
#ifndef _CONFIG_H
|
||||
#define _CONFIG_H
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
|
||||
#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
|
||||
|
||||
#define NRPE_LOG_FACILITY @log_facility@
|
||||
|
||||
#undef ENABLE_COMMAND_ARGUMENTS
|
||||
|
||||
#undef ENABLE_BASH_COMMAND_SUBSTITUTION
|
||||
|
||||
#undef socklen_t
|
||||
|
||||
#undef HAVE_GETOPT_LONG
|
||||
|
||||
#undef HAVE_LIBWRAP
|
||||
|
||||
#undef STDC_HEADERS
|
||||
#undef HAVE_STRDUP
|
||||
#undef HAVE_STRSTR
|
||||
#undef HAVE_STRTOUL
|
||||
#undef HAVE_INITGROUPS
|
||||
#undef HAVE_CLOSESOCKET
|
||||
|
||||
#undef SIZEOF_INT
|
||||
#undef SIZEOF_SHORT
|
||||
#undef SIZEOF_LONG
|
||||
|
||||
/* stupid stuff for u_int32_t */
|
||||
#undef U_INT32_T_IS_USHORT
|
||||
#undef U_INT32_T_IS_UINT
|
||||
#undef U_INT32_T_IS_ULONG
|
||||
#undef U_INT32_T_IS_UINT32_T
|
||||
|
||||
#ifdef U_INT32_T_IS_USHORT
|
||||
typedef unsigned short u_int32_t;
|
||||
#endif
|
||||
#ifdef U_INT32_T_IS_ULONG
|
||||
typedef unsigned long u_int32_t;
|
||||
#endif
|
||||
#ifdef U_INT32_T_IS_UINT
|
||||
typedef unsigned int u_int32_t;
|
||||
#endif
|
||||
#ifdef U_INT32_T_IS_UINT32_t
|
||||
typedef uint32_t u_int32_t;
|
||||
#endif
|
||||
|
||||
/* stupid stuff for int32_t */
|
||||
#undef INT32_T_IS_SHORT
|
||||
#undef INT32_T_IS_INT
|
||||
#undef INT32_T_IS_LONG
|
||||
|
||||
#ifdef INT32_T_IS_USHORT
|
||||
typedef short int32_t;
|
||||
#endif
|
||||
#ifdef INT32_T_IS_ULONG
|
||||
typedef long int32_t;
|
||||
#endif
|
||||
#ifdef INT32_T_IS_UINT
|
||||
typedef int int32_t;
|
||||
#endif
|
||||
|
||||
|
||||
/***** ASPRINTF() AND FRIENDS *****/
|
||||
|
||||
#undef HAVE_VSNPRINTF
|
||||
#undef HAVE_SNPRINTF
|
||||
#undef HAVE_ASPRINTF
|
||||
#undef HAVE_VASPRINTF
|
||||
#undef HAVE_C99_VSNPRINTF
|
||||
#undef HAVE_VA_COPY
|
||||
#undef HAVE___VA_COPY
|
||||
|
||||
|
||||
|
||||
#define SOCKET_SIZE_TYPE ""
|
||||
#define GETGROUPS_T ""
|
||||
#define RETSIGTYPE ""
|
||||
|
||||
#undef HAVE_GETOPT_H
|
||||
#ifdef HAVE_GETOPT_H
|
||||
#include <getopt.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_STRINGS_H
|
||||
#undef HAVE_STRING_H
|
||||
#ifdef HAVE_STRINGS_H
|
||||
#include <strings.h>
|
||||
#endif
|
||||
#ifdef HAVE_STRINGS_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_UNISTD_H
|
||||
#ifdef HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
|
||||
#undef HAVE_SIGNAL_H
|
||||
#ifdef HAVE_SIGNAL_H
|
||||
#include <signal.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_SYSLOG_H
|
||||
#ifdef HAVE_SYSLOG_H
|
||||
#include <syslog.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_SYS_STAT_H
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
#include <sys/stat.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_FCNTL_H
|
||||
#ifdef HAVE_FCNTL_H
|
||||
#include <fcntl.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_SYS_TYPES_H
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_SYS_WAIT_H
|
||||
#ifdef HAVE_SYS_WAIT_H
|
||||
#include <sys/wait.h>
|
||||
#endif
|
||||
|
||||
#ifndef WEXITSTATUS
|
||||
# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
|
||||
#endif
|
||||
#ifndef WIFEXITED
|
||||
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
|
||||
#endif
|
||||
|
||||
#undef HAVE_ERRNO_H
|
||||
#ifdef HAVE_ERRNO_H
|
||||
#include <errno.h>
|
||||
#endif
|
||||
|
||||
/* needed for the time_t structures we use later... */
|
||||
#undef TIME_WITH_SYS_TIME
|
||||
#undef HAVE_SYS_TIME_H
|
||||
#if TIME_WITH_SYS_TIME
|
||||
# include <sys/time.h>
|
||||
# include <time.h>
|
||||
#else
|
||||
# if HAVE_SYS_TIME_H
|
||||
# include <sys/time.h>
|
||||
# else
|
||||
# include <time.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
|
||||
#undef HAVE_SYS_SOCKET_H
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
#include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
/* Define to 'int' if <sys/socket.h> does not define */
|
||||
#undef socklen_t
|
||||
|
||||
#undef HAVE_SOCKET_H
|
||||
#ifdef HAVE_SOCKET_H
|
||||
#include <socket.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_TCPD_H
|
||||
#ifdef HAVE_TCPD_H
|
||||
#include <tcpd.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_NETINET_IN_H
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_ARPA_INET_H
|
||||
#ifdef HAVE_ARPA_INET_H
|
||||
#include <arpa/inet.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_NETDB_H
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_CTYPE_H
|
||||
#ifdef HAVE_CTYPE_H
|
||||
#include <ctype.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_PWD_H
|
||||
#ifdef HAVE_PWD_H
|
||||
#include <pwd.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_GRP_H
|
||||
#ifdef HAVE_GRP_H
|
||||
#include <grp.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_DIRENT_H
|
||||
#ifdef HAVE_DIRENT_H
|
||||
#include <dirent.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_SSL
|
||||
#ifdef HAVE_SSL
|
||||
#include <rsa.h>
|
||||
#include <crypto.h>
|
||||
#include <dh.h>
|
||||
#include <pem.h>
|
||||
#include <ssl.h>
|
||||
#include <err.h>
|
||||
#include <rand.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_KRB5_H
|
||||
#ifdef HAVE_KRB5_H
|
||||
#include <krb5.h>
|
||||
#endif
|
||||
|
||||
#undef HAVE_INTTYPES_H
|
||||
#undef HAVE_STDINT_H
|
||||
#ifdef HAVE_INTTYPES_H
|
||||
#include <inttypes.h>
|
||||
#else
|
||||
#ifdef HAVE_STDINT_H
|
||||
#include <stdint.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,25 @@
|
|||
#ifndef HEADER_DH_H
|
||||
#include <openssl/dh.h>
|
||||
#endif
|
||||
DH *get_dh512()
|
||||
{
|
||||
static unsigned char dh512_p[]={
|
||||
0xDA,0xD8,0xF0,0xA2,0x9A,0x64,0xC2,0x9F,0x22,0x9D,0x47,0xA1,
|
||||
0xB2,0xED,0xD6,0x89,0xB5,0x46,0x6D,0x4E,0x1F,0x14,0xF4,0xF4,
|
||||
0xEB,0xCA,0x4D,0x41,0x89,0x60,0x0D,0x1F,0xB3,0x50,0xC4,0x54,
|
||||
0xE1,0x60,0xB5,0xDD,0x57,0x0C,0xF9,0xF5,0x19,0x73,0x6C,0x0C,
|
||||
0x45,0x33,0xA9,0xC1,0xD7,0xF3,0x27,0x68,0xEE,0xDA,0x8C,0x4A,
|
||||
0x1C,0x52,0xA1,0x9B,
|
||||
};
|
||||
static unsigned char dh512_g[]={
|
||||
0x02,
|
||||
};
|
||||
DH *dh;
|
||||
|
||||
if ((dh=DH_new()) == NULL) return(NULL);
|
||||
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
|
||||
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
|
||||
if ((dh->p == NULL) || (dh->g == NULL))
|
||||
{ DH_free(dh); return(NULL); }
|
||||
return(dh);
|
||||
}
|
|
@ -0,0 +1,65 @@
|
|||
/************************************************************************
|
||||
*
|
||||
* NRPE.H - NRPE Include File
|
||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
||||
* Last Modified: 08-10-2011 by Konstantin Malov
|
||||
*
|
||||
* License:
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*
|
||||
************************************************************************/
|
||||
|
||||
/*
|
||||
* 08-10-2011 IPv4 subnetworks support added.
|
||||
* Main change in nrpe.c is that is_an_allowed_host() moved to acl.c
|
||||
*
|
||||
*/
|
||||
|
||||
/**************** COMMAND STRUCTURE DEFINITION **********/
|
||||
|
||||
typedef struct command_struct{
|
||||
char *command_name;
|
||||
char *command_line;
|
||||
struct command_struct *next;
|
||||
}command;
|
||||
|
||||
int process_arguments(int,char **);
|
||||
void wait_for_connections(void);
|
||||
void handle_connection(int);
|
||||
int read_config_file(char *);
|
||||
int read_config_dir(char *);
|
||||
int get_log_facility(char *);
|
||||
int add_command(char *,char *);
|
||||
command *find_command(char *);
|
||||
void sighandler(int);
|
||||
int drop_privileges(char *,char *);
|
||||
int check_privileges(void);
|
||||
|
||||
int write_pid_file(void);
|
||||
int remove_pid_file(void);
|
||||
|
||||
void free_memory(void);
|
||||
int validate_request(packet *);
|
||||
int contains_nasty_metachars(char *);
|
||||
int process_macros(char *,char *,int);
|
||||
int my_system(char *,int,int *,char *,int); /* executes a command via popen(), but also protects against timeouts */
|
||||
void my_system_sighandler(int); /* handles timeouts when executing commands via my_system() */
|
||||
void my_connection_sighandler(int); /* handles timeouts of connection */
|
||||
|
||||
void sighandler(int);
|
||||
void child_sighandler(int);
|
||||
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
/************************************************************************************************
|
||||
*
|
||||
* UTILS.H - NRPE Utilities Include File
|
||||
*
|
||||
* License: GPL
|
||||
* Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
|
||||
*
|
||||
* Last Modified: 12-11-2006
|
||||
*
|
||||
* Description:
|
||||
*
|
||||
* This file contains common include files and function definitions used in many of the plugins.
|
||||
*
|
||||
* License Information:
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*
|
||||
************************************************************************************************/
|
||||
|
||||
#ifndef _UTILS_H
|
||||
#define _UTILS_H
|
||||
|
||||
#include "../include/config.h"
|
||||
|
||||
|
||||
void generate_crc32_table(void);
|
||||
unsigned long calculate_crc32(char *, int);
|
||||
|
||||
void randomize_buffer(char *,int);
|
||||
|
||||
int my_tcp_connect(char *,int,int *);
|
||||
int my_connect(const char *, struct sockaddr_storage *, u_short, int,
|
||||
const char *);
|
||||
|
||||
void add_listen_addr(struct addrinfo **, int, char *, int);
|
||||
|
||||
void strip(char *);
|
||||
|
||||
int sendall(int,char *,int *);
|
||||
int recvall(int,char *,int *,int);
|
||||
|
||||
char *my_strsep(char **,const char *);
|
||||
|
||||
void display_license(void);
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
#!/bin/sh
|
||||
# Start/stop the nrpe daemon.
|
||||
#
|
||||
# Contributed by Andrew Ryder 06-22-02
|
||||
# Slight mods by Ethan Galstad 07-09-02
|
||||
|
||||
NrpeBin=@bindir@/nrpe
|
||||
NrpeCfg=@sysconfdir@/nrpe.cfg
|
||||
|
||||
test -f $NrpeBin || exit 0
|
||||
|
||||
case "$1" in
|
||||
start) echo -n "Starting nagios remote plugin daemon: nrpe"
|
||||
start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
|
||||
echo "."
|
||||
;;
|
||||
stop) echo -n "Stopping nagios remote plugin daemon: nrpe"
|
||||
start-stop-daemon --stop --quiet --exec $NrpeBin
|
||||
echo "."
|
||||
;;
|
||||
restart) echo -n "Restarting nagios remote plugin daemon: nrpe"
|
||||
start-stop-daemon --stop --quiet --exec $NrpeBin
|
||||
start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
|
||||
echo "."
|
||||
;;
|
||||
reload|force-reload) echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"
|
||||
# nrpe reloads automatically
|
||||
echo "."
|
||||
;;
|
||||
*) echo "Usage: /etc/init.d/nrpe start|stop|restart|reload|force-reload"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
exit 0
|
|
@ -0,0 +1,62 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Created 2000-01-03 by jaclu@grm.se
|
||||
#
|
||||
# nrpe This shell script takes care of starting and stopping
|
||||
# nrpe.
|
||||
#
|
||||
# chkconfig: 2345 80 30
|
||||
# description: nrpe is a daemon for a remote nagios server, \
|
||||
# running nagios plugins on this host.
|
||||
# processname: nrpe
|
||||
# config: /usr/local/nagios/etc/nrpe.cfg
|
||||
|
||||
|
||||
# Source function library
|
||||
if [ -f /etc/rc.d/init.d/functions ]; then
|
||||
. /etc/rc.d/init.d/functions
|
||||
elif [ -f /etc/init.d/functions ]; then
|
||||
. /etc/init.d/functions
|
||||
elif [ -f /etc/rc.d/functions ]; then
|
||||
. /etc/rc.d/functions
|
||||
fi
|
||||
|
||||
# Source networking configuration.
|
||||
. /etc/sysconfig/network
|
||||
|
||||
# Check that networking is up.
|
||||
[ ${NETWORKING} = "no" ] && exit 0
|
||||
|
||||
NrpeBin=@bindir@/nrpe
|
||||
NrpeCfg=@sysconfdir@/nrpe.cfg
|
||||
LockFile=/var/lock/subsys/nrpe
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
# Start daemons.
|
||||
echo -n "Starting nrpe: "
|
||||
daemon $NrpeBin -c $NrpeCfg -d
|
||||
echo
|
||||
touch $LockFile
|
||||
;;
|
||||
stop)
|
||||
# Stop daemons.
|
||||
echo -n "Shutting down nrpe: "
|
||||
killproc nrpe
|
||||
echo
|
||||
rm -f $LockFile
|
||||
;;
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
status)
|
||||
status nrpe
|
||||
;;
|
||||
*)
|
||||
echo "Usage: nrpe {start|stop|restart|status}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,84 @@
|
|||
#! /bin/sh
|
||||
# Copyright (c) 1996-2002 SuSE GmbH Nuernberg, Germany. All rights reserved.
|
||||
# Modifications for NRPE Copyright (c) 2003 Subhendu Ghosh
|
||||
# Author: Christopher Mahmood <ckm+snmp@suse.de>, Remo Behn <ray+snmp@suse.de>
|
||||
# Modifications for NRPE: Subhendu Ghosh <sghosh@users.sourceforge.net>
|
||||
#
|
||||
# /etc/init.d/nrpe
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: nrpe
|
||||
# Required-Start: $network
|
||||
# Required-Stop:
|
||||
# Default-Start: 2 3 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Description: start nrpe
|
||||
### END INIT INFO
|
||||
|
||||
NRPEBIN=@bindir@/nrpe
|
||||
NRPECFG=@sysconfdir@/nrpe.cfg
|
||||
|
||||
test -x $NRPEBIN || exit 5
|
||||
|
||||
# Shell functions sourced from /etc/rc.status:
|
||||
# rc_check check and set local and overall rc status
|
||||
# rc_status check and set local and overall rc status
|
||||
# rc_status -v ditto but be verbose in local rc status
|
||||
# rc_status -v -r ditto and clear the local rc status
|
||||
# rc_failed set local and overall rc status to failed
|
||||
# rc_failed <num> set local and overall rc status to <num><num>
|
||||
# rc_reset clear local rc status (overall remains)
|
||||
# rc_exit exit appropriate to overall rc status
|
||||
. /etc/rc.status
|
||||
|
||||
# First reset status of this service
|
||||
rc_reset
|
||||
|
||||
# Return values acc. to LSB for all commands but status:
|
||||
# 0 - success
|
||||
# 1 - generic or unspecified error
|
||||
# 2 - invalid or excess argument(s)
|
||||
# 3 - unimplemented feature (e.g. "reload")
|
||||
# 4 - insufficient privilege
|
||||
# 5 - program is not installed
|
||||
# 6 - program is not configured
|
||||
# 7 - program is not running
|
||||
#
|
||||
# Note that starting an already running service, stopping
|
||||
# or restarting a not-running service as well as the restart
|
||||
# with force-reload (in case signalling is not supported) are
|
||||
# considered a success.
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting nrpe:"
|
||||
startproc $NRPEBIN -c $NRPECFG -d
|
||||
rc_status -v
|
||||
rc_reset
|
||||
|
||||
;;
|
||||
stop)
|
||||
echo -n "Shutting down nrpe:"
|
||||
killproc -TERM $NRPEBIN
|
||||
rc_status -v ; rc_reset
|
||||
;;
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
rc_status
|
||||
;;
|
||||
status)
|
||||
echo -n "Checking for service nrpe:"
|
||||
checkproc $NRPEBIN
|
||||
rc_status -v
|
||||
rc_reset
|
||||
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|status}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
rc_exit
|
||||
|
|
@ -0,0 +1,250 @@
|
|||
#! /bin/sh
|
||||
#
|
||||
# install - install a program, script, or datafile
|
||||
# This comes from X11R5 (mit/util/scripts/install.sh).
|
||||
#
|
||||
# Copyright 1991 by the Massachusetts Institute of Technology
|
||||
#
|
||||
# Permission to use, copy, modify, distribute, and sell this software and its
|
||||
# documentation for any purpose is hereby granted without fee, provided that
|
||||
# the above copyright notice appear in all copies and that both that
|
||||
# copyright notice and this permission notice appear in supporting
|
||||
# documentation, and that the name of M.I.T. not be used in advertising or
|
||||
# publicity pertaining to distribution of the software without specific,
|
||||
# written prior permission. M.I.T. makes no representations about the
|
||||
# suitability of this software for any purpose. It is provided "as is"
|
||||
# without express or implied warranty.
|
||||
#
|
||||
# Calling this script install-sh is preferred over install.sh, to prevent
|
||||
# `make' implicit rules from creating a file called install from it
|
||||
# when there is no Makefile.
|
||||
#
|
||||
# This script is compatible with the BSD install script, but was written
|
||||
# from scratch. It can only install one file at a time, a restriction
|
||||
# shared with many OS's install programs.
|
||||
|
||||
|
||||
# set DOITPROG to echo to test this script
|
||||
|
||||
# Don't use :- since 4.3BSD and earlier shells don't like it.
|
||||
doit="${DOITPROG-}"
|
||||
|
||||
|
||||
# put in absolute paths if you don't have them in your path; or use env. vars.
|
||||
|
||||
mvprog="${MVPROG-mv}"
|
||||
cpprog="${CPPROG-cp}"
|
||||
chmodprog="${CHMODPROG-chmod}"
|
||||
chownprog="${CHOWNPROG-chown}"
|
||||
chgrpprog="${CHGRPPROG-chgrp}"
|
||||
stripprog="${STRIPPROG-strip}"
|
||||
rmprog="${RMPROG-rm}"
|
||||
mkdirprog="${MKDIRPROG-mkdir}"
|
||||
|
||||
transformbasename=""
|
||||
transform_arg=""
|
||||
instcmd="$mvprog"
|
||||
chmodcmd="$chmodprog 0755"
|
||||
chowncmd=""
|
||||
chgrpcmd=""
|
||||
stripcmd=""
|
||||
rmcmd="$rmprog -f"
|
||||
mvcmd="$mvprog"
|
||||
src=""
|
||||
dst=""
|
||||
dir_arg=""
|
||||
|
||||
while [ x"$1" != x ]; do
|
||||
case $1 in
|
||||
-c) instcmd="$cpprog"
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-d) dir_arg=true
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-m) chmodcmd="$chmodprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-o) chowncmd="$chownprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-g) chgrpcmd="$chgrpprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-s) stripcmd="$stripprog"
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
|
||||
shift
|
||||
continue;;
|
||||
|
||||
*) if [ x"$src" = x ]
|
||||
then
|
||||
src=$1
|
||||
else
|
||||
# this colon is to work around a 386BSD /bin/sh bug
|
||||
:
|
||||
dst=$1
|
||||
fi
|
||||
shift
|
||||
continue;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ x"$src" = x ]
|
||||
then
|
||||
echo "install: no input file specified"
|
||||
exit 1
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
if [ x"$dir_arg" != x ]; then
|
||||
dst=$src
|
||||
src=""
|
||||
|
||||
if [ -d $dst ]; then
|
||||
instcmd=:
|
||||
else
|
||||
instcmd=mkdir
|
||||
fi
|
||||
else
|
||||
|
||||
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
|
||||
# might cause directories to be created, which would be especially bad
|
||||
# if $src (and thus $dsttmp) contains '*'.
|
||||
|
||||
if [ -f $src -o -d $src ]
|
||||
then
|
||||
true
|
||||
else
|
||||
echo "install: $src does not exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x"$dst" = x ]
|
||||
then
|
||||
echo "install: no destination specified"
|
||||
exit 1
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
# If destination is a directory, append the input filename; if your system
|
||||
# does not like double slashes in filenames, you may need to add some logic
|
||||
|
||||
if [ -d $dst ]
|
||||
then
|
||||
dst="$dst"/`basename $src`
|
||||
else
|
||||
true
|
||||
fi
|
||||
fi
|
||||
|
||||
## this sed command emulates the dirname command
|
||||
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
|
||||
|
||||
# Make sure that the destination directory exists.
|
||||
# this part is taken from Noah Friedman's mkinstalldirs script
|
||||
|
||||
# Skip lots of stat calls in the usual case.
|
||||
if [ ! -d "$dstdir" ]; then
|
||||
defaultIFS='
|
||||
'
|
||||
IFS="${IFS-${defaultIFS}}"
|
||||
|
||||
oIFS="${IFS}"
|
||||
# Some sh's can't handle IFS=/ for some reason.
|
||||
IFS='%'
|
||||
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
|
||||
IFS="${oIFS}"
|
||||
|
||||
pathcomp=''
|
||||
|
||||
while [ $# -ne 0 ] ; do
|
||||
pathcomp="${pathcomp}${1}"
|
||||
shift
|
||||
|
||||
if [ ! -d "${pathcomp}" ] ;
|
||||
then
|
||||
$mkdirprog "${pathcomp}"
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
pathcomp="${pathcomp}/"
|
||||
done
|
||||
fi
|
||||
|
||||
if [ x"$dir_arg" != x ]
|
||||
then
|
||||
$doit $instcmd $dst &&
|
||||
|
||||
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
|
||||
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
|
||||
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
|
||||
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
|
||||
else
|
||||
|
||||
# If we're going to rename the final executable, determine the name now.
|
||||
|
||||
if [ x"$transformarg" = x ]
|
||||
then
|
||||
dstfile=`basename $dst`
|
||||
else
|
||||
dstfile=`basename $dst $transformbasename |
|
||||
sed $transformarg`$transformbasename
|
||||
fi
|
||||
|
||||
# don't allow the sed command to completely eliminate the filename
|
||||
|
||||
if [ x"$dstfile" = x ]
|
||||
then
|
||||
dstfile=`basename $dst`
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
# Make a temp file name in the proper directory.
|
||||
|
||||
dsttmp=$dstdir/#inst.$$#
|
||||
|
||||
# Move or copy the file name to the temp name
|
||||
|
||||
$doit $instcmd $src $dsttmp &&
|
||||
|
||||
trap "rm -f ${dsttmp}" 0 &&
|
||||
|
||||
# and set any options; do chmod last to preserve setuid bits
|
||||
|
||||
# If any of these fail, we abort the whole thing. If we want to
|
||||
# ignore errors from any of these, just make sure not to ignore
|
||||
# errors from the above "$doit $instcmd $src $dsttmp" command.
|
||||
|
||||
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
|
||||
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
|
||||
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
|
||||
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
|
||||
|
||||
# Now rename the file to the real destination.
|
||||
|
||||
$doit $rmcmd -f $dstdir/$dstfile &&
|
||||
$doit $mvcmd $dsttmp $dstdir/$dstfile
|
||||
|
||||
fi &&
|
||||
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,252 @@
|
|||
%define isaix %(test "`uname -s`" = "AIX" && echo "1" || echo "0")
|
||||
%define islinux %(test "`uname -s`" = "Linux" && echo "1" || echo "0")
|
||||
|
||||
%if %{isaix}
|
||||
%define _prefix /opt/nagios
|
||||
%define _docdir %{_prefix}/doc/nrpe-2.15
|
||||
%define nshome /opt/nagios
|
||||
%define _make gmake
|
||||
%endif
|
||||
%if %{islinux}
|
||||
%define _init_dir /etc/init.d
|
||||
%define _exec_prefix %{_prefix}/sbin
|
||||
%define _bindir %{_prefix}/sbin
|
||||
%define _sbindir %{_prefix}/lib/nagios/cgi
|
||||
%define _libexecdir %{_prefix}/lib/nagios/plugins
|
||||
%define _datadir %{_prefix}/share/nagios
|
||||
%define _localstatedir /var/log/nagios
|
||||
%define nshome /var/log/nagios
|
||||
%define _make make
|
||||
%endif
|
||||
%define _sysconfdir /etc/nagios
|
||||
|
||||
%define name nrpe
|
||||
%define version 2.15
|
||||
%define release 1
|
||||
%define nsusr nagios
|
||||
%define nsgrp nagios
|
||||
%define nsport 5666
|
||||
|
||||
# Reserve option to override port setting with:
|
||||
# rpm -ba|--rebuild --define 'nsport 5666'
|
||||
%{?port:%define nsport %{port}}
|
||||
|
||||
# Macro that print mesages to syslog at package (un)install time
|
||||
%define nnmmsg logger -t %{name}/rpm
|
||||
|
||||
Summary: Host/service/network monitoring agent for Nagios
|
||||
URL: http://www.nagios.org
|
||||
Name: %{name}
|
||||
Version: %{version}
|
||||
Release: %{release}
|
||||
License: GPL
|
||||
Group: Application/System
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||
Prefix: %{_prefix}
|
||||
Prefix: /etc/init.d
|
||||
Prefix: /etc/nagios
|
||||
%if %{isaix}
|
||||
Requires: nagios-plugins
|
||||
%endif
|
||||
%if %{islinux}
|
||||
Requires: bash, grep, nagios-plugins, util-linux, chkconfig, shadow-utils, sed, initscripts, mktemp
|
||||
%endif
|
||||
|
||||
%description
|
||||
NPRE (Nagios Remote Plugin Executor) is a system daemon that
|
||||
will execute various Nagios plugins locally on behalf of a
|
||||
remote (monitoring) host that uses the check_nrpe plugin.
|
||||
Various plugins that can be executed by the daemon are available
|
||||
at: http://sourceforge.net/projects/nagiosplug
|
||||
|
||||
This package provides the client-side NRPE agent (daemon).
|
||||
|
||||
%package plugin
|
||||
Group: Application/System
|
||||
Summary: Provides nrpe plugin for Nagios.
|
||||
Requires: nagios-plugins
|
||||
|
||||
%description plugin
|
||||
NPRE (Nagios Remote Plugin Executor) is a system daemon that
|
||||
will execute various Nagios plugins locally on behalf of a
|
||||
remote (monitoring) host that uses the check_nrpe plugin.
|
||||
Various plugins that can be executed by the daemon are available
|
||||
at: http://sourceforge.net/projects/nagiosplug
|
||||
|
||||
This package provides the server-side NRPE plugin for
|
||||
Nagios-related applications.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
|
||||
%pre
|
||||
# Create `nagios' group on the system if necessary
|
||||
%if %{isaix}
|
||||
lsgroup %{nsgrp} > /dev/null 2> /dev/null
|
||||
if [ $? -eq 2 ] ; then
|
||||
mkgroup %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
%if %{islinux}
|
||||
getent group %{nsgrp} > /dev/null 2> /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
groupadd %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
|
||||
# Create `nagios' user on the system if necessary
|
||||
%if %{isaix}
|
||||
lsuser %{nsusr} > /dev/null 2> /dev/null
|
||||
if [ $? -eq 2 ] ; then
|
||||
useradd -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
|
||||
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
%if %{islinux}
|
||||
getent passwd %{nsusr} > /dev/null 2> /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
useradd -r -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
|
||||
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{isaix}
|
||||
# Check to see if the nrpe service is running and, if so, stop it.
|
||||
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
|
||||
if [ $? -eq 0 ] ; then
|
||||
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
|
||||
if [ "$status" = "active" ] ; then
|
||||
/usr/bin/stopsrc -s nrpe
|
||||
fi
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{islinux}
|
||||
# if LSB standard /etc/init.d does not exist,
|
||||
# create it as a symlink to the first match we find
|
||||
if [ -d /etc/init.d -o -L /etc/init.d ]; then
|
||||
: # we're done
|
||||
elif [ -d /etc/rc.d/init.d ]; then
|
||||
ln -s /etc/rc.d/init.d /etc/init.d
|
||||
elif [ -d /usr/local/etc/rc.d ]; then
|
||||
ln -s /usr/local/etc/rc.d /etc/init.d
|
||||
elif [ -d /sbin/init.d ]; then
|
||||
ln -s /sbin/init.d /etc/init.d
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{isaix}
|
||||
%post
|
||||
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
|
||||
if [ $? -eq 1 ] ; then
|
||||
/usr/bin/mkssys -p %{_bindir}/nrpe -s nrpe -u 0 -a "-c %{_sysconfdir}/nrpe.cfg -d -s" -Q -R -S -n 15 -f 9
|
||||
fi
|
||||
/usr/bin/startsrc -s nrpe
|
||||
%endif
|
||||
|
||||
%preun
|
||||
%if %{isaix}
|
||||
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
|
||||
if [ "$status" = "active" ] ; then
|
||||
/usr/bin/stopsrc -s nrpe
|
||||
fi
|
||||
/usr/bin/rmssys -s nrpe
|
||||
%endif
|
||||
%if %{islinux}
|
||||
if [ "$1" = 0 ]; then
|
||||
/sbin/service nrpe stop > /dev/null 2>&1
|
||||
/sbin/chkconfig --del nrpe
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{islinux}
|
||||
%postun
|
||||
if [ "$1" -ge "1" ]; then
|
||||
/sbin/service nrpe condrestart >/dev/null 2>&1 || :
|
||||
fi
|
||||
%endif
|
||||
|
||||
%build
|
||||
export PATH=$PATH:/usr/sbin
|
||||
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
|
||||
MAKE=%{_make} ./configure \
|
||||
--with-init-dir=/etc/init.d \
|
||||
--with-nrpe-port=%{nsport} \
|
||||
--with-nrpe-user=%{nsusr} \
|
||||
--with-nrpe-group=%{nsgrp} \
|
||||
--prefix=%{_prefix} \
|
||||
--exec-prefix=%{_exec_prefix} \
|
||||
--bindir=%{_bindir} \
|
||||
--sbindir=%{_sbindir} \
|
||||
--libexecdir=%{_libexecdir} \
|
||||
--datadir=%{_datadir} \
|
||||
--sysconfdir=%{_sysconfdir} \
|
||||
--localstatedir=%{_localstatedir} \
|
||||
--enable-command-args
|
||||
%{_make} all
|
||||
|
||||
%install
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||
%if %{islinux}
|
||||
install -d -m 0755 ${RPM_BUILD_ROOT}%{_init_dir}
|
||||
%endif
|
||||
DESTDIR=${RPM_BUILD_ROOT} %{_make} install install-daemon-config
|
||||
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}
|
||||
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
|
||||
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}
|
||||
|
||||
# install templated configuration files
|
||||
#cp sample-config/nrpe.cfg ${RPM_BUILD_ROOT}%{_sysconfdir}/nrpe.cfg
|
||||
#%if %{isaix}
|
||||
#cp init-script ${RPM_BUILD_ROOT}%{_init_dir}/nrpe
|
||||
#%endif
|
||||
#cp src/nrpe ${RPM_BUILD_ROOT}%{_bindir}
|
||||
#cp src/check_nrpe ${RPM_BUILD_ROOT}%{_libexecdir}
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%files
|
||||
%if %{islinux}
|
||||
%defattr(755,root,root)
|
||||
/etc/init.d/nrpe
|
||||
%endif
|
||||
%{_bindir}/nrpe
|
||||
%dir %{_sysconfdir}
|
||||
%defattr(600,%{nsusr},%{nsgrp})
|
||||
%config(noreplace) %{_sysconfdir}/*.cfg
|
||||
%defattr(755,%{nsusr},%{nsgrp})
|
||||
%doc Changelog LEGAL README
|
||||
|
||||
%files plugin
|
||||
%defattr(755,%{nsusr},%{nsgrp})
|
||||
%{_libexecdir}
|
||||
%defattr(644,%{nsusr},%{nsgrp})
|
||||
%doc Changelog LEGAL README
|
||||
|
||||
%changelog
|
||||
* Mon Mar 12 2012 Eric Stanley estanley<@>nagios.com
|
||||
- Created autoconf input file
|
||||
- Updated to support building on AIX
|
||||
- Updated install to use make install*
|
||||
* Mon Jan 23 2006 Andreas Kasenides ank<@>cs.ucy.ac.cy
|
||||
- fixed nrpe.cfg relocation to sample-config
|
||||
- replaced Copyright label with License
|
||||
- added --enable-command-args to enable remote arg passing (if desired can be disabled by commenting out)
|
||||
|
||||
* Wed Nov 12 2003 Ingimar Robertsson <iar@skyrr.is>
|
||||
- Added adding of nagios group if it does not exist.
|
||||
|
||||
* Tue Jan 07 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
|
||||
- Removed the lines which removed the nagios user and group from the system
|
||||
- changed the patch release version from 3 to 1
|
||||
|
||||
* Mon Jan 06 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
|
||||
- Removed patch files required for nrpe 1.5
|
||||
- Update spec file for version 1.6 (1.6-1)
|
||||
|
||||
* Sat Dec 28 2002 James 'Showkilr' Peterson <showkilr@showkilr.com>
|
||||
- First RPM build (1.5-1)
|
|
@ -0,0 +1,252 @@
|
|||
%define isaix %(test "`uname -s`" = "AIX" && echo "1" || echo "0")
|
||||
%define islinux %(test "`uname -s`" = "Linux" && echo "1" || echo "0")
|
||||
|
||||
%if %{isaix}
|
||||
%define _prefix /opt/nagios
|
||||
%define _docdir %{_prefix}/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@
|
||||
%define nshome /opt/nagios
|
||||
%define _make gmake
|
||||
%endif
|
||||
%if %{islinux}
|
||||
%define _init_dir /etc/init.d
|
||||
%define _exec_prefix %{_prefix}/sbin
|
||||
%define _bindir %{_prefix}/sbin
|
||||
%define _sbindir %{_prefix}/lib/nagios/cgi
|
||||
%define _libexecdir %{_prefix}/lib/nagios/plugins
|
||||
%define _datadir %{_prefix}/share/nagios
|
||||
%define _localstatedir /var/log/nagios
|
||||
%define nshome /var/log/nagios
|
||||
%define _make make
|
||||
%endif
|
||||
%define _sysconfdir /etc/nagios
|
||||
|
||||
%define name @PACKAGE_NAME@
|
||||
%define version @PACKAGE_VERSION@
|
||||
%define release @RPM_RELEASE@
|
||||
%define nsusr @nrpe_user@
|
||||
%define nsgrp @nrpe_group@
|
||||
%define nsport @nrpe_port@
|
||||
|
||||
# Reserve option to override port setting with:
|
||||
# rpm -ba|--rebuild --define 'nsport 5666'
|
||||
%{?port:%define nsport %{port}}
|
||||
|
||||
# Macro that print mesages to syslog at package (un)install time
|
||||
%define nnmmsg logger -t %{name}/rpm
|
||||
|
||||
Summary: Host/service/network monitoring agent for Nagios
|
||||
URL: http://www.nagios.org
|
||||
Name: %{name}
|
||||
Version: %{version}
|
||||
Release: %{release}
|
||||
License: GPL
|
||||
Group: Application/System
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||
Prefix: %{_prefix}
|
||||
Prefix: /etc/init.d
|
||||
Prefix: /etc/nagios
|
||||
%if %{isaix}
|
||||
Requires: nagios-plugins
|
||||
%endif
|
||||
%if %{islinux}
|
||||
Requires: bash, grep, nagios-plugins, util-linux, chkconfig, shadow-utils, sed, initscripts, mktemp
|
||||
%endif
|
||||
|
||||
%description
|
||||
NPRE (Nagios Remote Plugin Executor) is a system daemon that
|
||||
will execute various Nagios plugins locally on behalf of a
|
||||
remote (monitoring) host that uses the check_nrpe plugin.
|
||||
Various plugins that can be executed by the daemon are available
|
||||
at: http://sourceforge.net/projects/nagiosplug
|
||||
|
||||
This package provides the client-side NRPE agent (daemon).
|
||||
|
||||
%package plugin
|
||||
Group: Application/System
|
||||
Summary: Provides nrpe plugin for Nagios.
|
||||
Requires: nagios-plugins
|
||||
|
||||
%description plugin
|
||||
NPRE (Nagios Remote Plugin Executor) is a system daemon that
|
||||
will execute various Nagios plugins locally on behalf of a
|
||||
remote (monitoring) host that uses the check_nrpe plugin.
|
||||
Various plugins that can be executed by the daemon are available
|
||||
at: http://sourceforge.net/projects/nagiosplug
|
||||
|
||||
This package provides the server-side NRPE plugin for
|
||||
Nagios-related applications.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
|
||||
%pre
|
||||
# Create `nagios' group on the system if necessary
|
||||
%if %{isaix}
|
||||
lsgroup %{nsgrp} > /dev/null 2> /dev/null
|
||||
if [ $? -eq 2 ] ; then
|
||||
mkgroup %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
%if %{islinux}
|
||||
getent group %{nsgrp} > /dev/null 2> /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
groupadd %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
|
||||
# Create `nagios' user on the system if necessary
|
||||
%if %{isaix}
|
||||
lsuser %{nsusr} > /dev/null 2> /dev/null
|
||||
if [ $? -eq 2 ] ; then
|
||||
useradd -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
|
||||
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
%if %{islinux}
|
||||
getent passwd %{nsusr} > /dev/null 2> /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
useradd -r -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
|
||||
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{isaix}
|
||||
# Check to see if the nrpe service is running and, if so, stop it.
|
||||
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
|
||||
if [ $? -eq 0 ] ; then
|
||||
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
|
||||
if [ "$status" = "active" ] ; then
|
||||
/usr/bin/stopsrc -s nrpe
|
||||
fi
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{islinux}
|
||||
# if LSB standard /etc/init.d does not exist,
|
||||
# create it as a symlink to the first match we find
|
||||
if [ -d /etc/init.d -o -L /etc/init.d ]; then
|
||||
: # we're done
|
||||
elif [ -d /etc/rc.d/init.d ]; then
|
||||
ln -s /etc/rc.d/init.d /etc/init.d
|
||||
elif [ -d /usr/local/etc/rc.d ]; then
|
||||
ln -s /usr/local/etc/rc.d /etc/init.d
|
||||
elif [ -d /sbin/init.d ]; then
|
||||
ln -s /sbin/init.d /etc/init.d
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{isaix}
|
||||
%post
|
||||
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
|
||||
if [ $? -eq 1 ] ; then
|
||||
/usr/bin/mkssys -p %{_bindir}/nrpe -s nrpe -u 0 -a "-c %{_sysconfdir}/nrpe.cfg -d -s" -Q -R -S -n 15 -f 9
|
||||
fi
|
||||
/usr/bin/startsrc -s nrpe
|
||||
%endif
|
||||
|
||||
%preun
|
||||
%if %{isaix}
|
||||
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
|
||||
if [ "$status" = "active" ] ; then
|
||||
/usr/bin/stopsrc -s nrpe
|
||||
fi
|
||||
/usr/bin/rmssys -s nrpe
|
||||
%endif
|
||||
%if %{islinux}
|
||||
if [ "$1" = 0 ]; then
|
||||
/sbin/service nrpe stop > /dev/null 2>&1
|
||||
/sbin/chkconfig --del nrpe
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{islinux}
|
||||
%postun
|
||||
if [ "$1" -ge "1" ]; then
|
||||
/sbin/service nrpe condrestart >/dev/null 2>&1 || :
|
||||
fi
|
||||
%endif
|
||||
|
||||
%build
|
||||
export PATH=$PATH:/usr/sbin
|
||||
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
|
||||
MAKE=%{_make} ./configure \
|
||||
--with-init-dir=/etc/init.d \
|
||||
--with-nrpe-port=%{nsport} \
|
||||
--with-nrpe-user=%{nsusr} \
|
||||
--with-nrpe-group=%{nsgrp} \
|
||||
--prefix=%{_prefix} \
|
||||
--exec-prefix=%{_exec_prefix} \
|
||||
--bindir=%{_bindir} \
|
||||
--sbindir=%{_sbindir} \
|
||||
--libexecdir=%{_libexecdir} \
|
||||
--datadir=%{_datadir} \
|
||||
--sysconfdir=%{_sysconfdir} \
|
||||
--localstatedir=%{_localstatedir} \
|
||||
--enable-command-args
|
||||
%{_make} all
|
||||
|
||||
%install
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||
%if %{islinux}
|
||||
install -d -m 0755 ${RPM_BUILD_ROOT}%{_init_dir}
|
||||
%endif
|
||||
DESTDIR=${RPM_BUILD_ROOT} %{_make} install install-daemon-config
|
||||
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}
|
||||
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
|
||||
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}
|
||||
|
||||
# install templated configuration files
|
||||
#cp sample-config/nrpe.cfg ${RPM_BUILD_ROOT}%{_sysconfdir}/nrpe.cfg
|
||||
#%if %{isaix}
|
||||
#cp init-script ${RPM_BUILD_ROOT}%{_init_dir}/nrpe
|
||||
#%endif
|
||||
#cp src/nrpe ${RPM_BUILD_ROOT}%{_bindir}
|
||||
#cp src/check_nrpe ${RPM_BUILD_ROOT}%{_libexecdir}
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%files
|
||||
%if %{islinux}
|
||||
%defattr(755,root,root)
|
||||
/etc/init.d/nrpe
|
||||
%endif
|
||||
%{_bindir}/nrpe
|
||||
%dir %{_sysconfdir}
|
||||
%defattr(600,%{nsusr},%{nsgrp})
|
||||
%config(noreplace) %{_sysconfdir}/*.cfg
|
||||
%defattr(755,%{nsusr},%{nsgrp})
|
||||
%doc Changelog LEGAL README
|
||||
|
||||
%files plugin
|
||||
%defattr(755,%{nsusr},%{nsgrp})
|
||||
%{_libexecdir}
|
||||
%defattr(644,%{nsusr},%{nsgrp})
|
||||
%doc Changelog LEGAL README
|
||||
|
||||
%changelog
|
||||
* Mon Mar 12 2012 Eric Stanley estanley<@>nagios.com
|
||||
- Created autoconf input file
|
||||
- Updated to support building on AIX
|
||||
- Updated install to use make install*
|
||||
* Mon Jan 23 2006 Andreas Kasenides ank<@>cs.ucy.ac.cy
|
||||
- fixed nrpe.cfg relocation to sample-config
|
||||
- replaced Copyright label with License
|
||||
- added --enable-command-args to enable remote arg passing (if desired can be disabled by commenting out)
|
||||
|
||||
* Wed Nov 12 2003 Ingimar Robertsson <iar@skyrr.is>
|
||||
- Added adding of nagios group if it does not exist.
|
||||
|
||||
* Tue Jan 07 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
|
||||
- Removed the lines which removed the nagios user and group from the system
|
||||
- changed the patch release version from 3 to 1
|
||||
|
||||
* Mon Jan 06 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
|
||||
- Removed patch files required for nrpe 1.5
|
||||
- Update spec file for version 1.6 (1.6-1)
|
||||
|
||||
* Sat Dec 28 2002 James 'Showkilr' Peterson <showkilr@showkilr.com>
|
||||
- First RPM build (1.5-1)
|
|
@ -0,0 +1,81 @@
|
|||
###################################
|
||||
# Makefile for NRPE Solaris Package
|
||||
#
|
||||
# Last Modified: 2 Dec 2011
|
||||
###################################
|
||||
|
||||
TARGET_OS=@TARGET_OS@
|
||||
TARGET_VER=@TARGET_VER@
|
||||
TARGET_ARCH=@TARGET_ARCH@
|
||||
TARGET_PLATFORM=@TARGET_PLATFORM@
|
||||
|
||||
SOLARIS_CONFIG_OPTS=--prefix=/opt/nagios --sysconfdir=/etc/nagios --enable-command-args
|
||||
|
||||
PKG_NAME=NGOSnrpe
|
||||
PKG_VERSION=@PKG_VERSION@
|
||||
PKG_FILE=@PACKAGE_NAME@-$(PKG_VERSION)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-local
|
||||
|
||||
TOPDIR=@top_builddir@
|
||||
PKGDIR=@builddir@/pkg
|
||||
SRCDIR=@builddir@/build/src
|
||||
INSTALLDIR=@builddir@/install
|
||||
ABSINSTALLDIR=@abs_builddir@/install
|
||||
|
||||
build:
|
||||
if [ ! -d build ] ; then mkdir build ; fi
|
||||
if [ ! -d install ] ; then mkdir install ; fi
|
||||
cd build; ../../../configure $(SOLARIS_CONFIG_OPTS); $(MAKE) all; DESTDIR=$(ABSINSTALLDIR) $(MAKE) install install-daemon-config
|
||||
|
||||
prototype: $(PKGDIR)
|
||||
@echo "i pkginfo" > $(PKGDIR)/prototype
|
||||
@echo "i copyright=../$(TOPDIR)/LEGAL" >> $(PKGDIR)/prototype
|
||||
@echo "i preinstall" >> $(PKGDIR)/prototype
|
||||
@echo "i i.config" >> $(PKGDIR)/prototype
|
||||
@echo "i r.config" >> $(PKGDIR)/prototype
|
||||
@echo "i i.manifest=/usr/sadm/install/scripts/i.manifest" >> $(PKGDIR)/prototype
|
||||
@echo "i r.manifest=/usr/sadm/install/scripts/r.manifest" >> $(PKGDIR)/prototype
|
||||
@echo "d none /etc/nagios 0755 nagios nagios" >> $(PKGDIR)/prototype
|
||||
@echo "f config /etc/nagios/nrpe.cfg=$(INSTALLDIR)/etc/nagios/nrpe.cfg 0600 nagios nagios" >> $(PKGDIR)/prototype
|
||||
@echo "d none /opt/nagios/bin 0755 nagios bin" >> $(PKGDIR)/prototype
|
||||
@echo "f none /opt/nagios/bin/nrpe=$(SRCDIR)/nrpe 0755 nagios bin" >> $(PKGDIR)/prototype
|
||||
@echo "d none /opt/nagios/libexec 0755 nagios bin" >> $(PKGDIR)/prototype
|
||||
@echo "f none /opt/nagios/libexec/check_nrpe=$(SRCDIR)/check_nrpe 0755 nagios bin" >> $(PKGDIR)/prototype
|
||||
@echo "f none /lib/svc/method/nrpe=$(PKGDIR)/nrpe 0555 root bin" >> $(PKGDIR)/prototype
|
||||
@echo "d none /var/svc/manifest/application/nagios 0755 root sys" >> $(PKGDIR)/prototype
|
||||
@echo "f manifest /var/svc/manifest/application/nagios/nrpe.xml=$(PKGDIR)/nrpe.xml 0444 root sys" >> $(PKGDIR)/prototype
|
||||
|
||||
pkginfo: $(PKGDIR)
|
||||
@echo PKG="$(PKG_NAME)" > $(PKGDIR)/pkginfo
|
||||
@echo NAME="Nagios Remote Plugin Executor $(PKG_VERSION)" >> $(PKGDIR)/pkginfo
|
||||
@echo VERSION="$(PKG_VERSION)" >> $(PKGDIR)/pkginfo
|
||||
@echo ARCH="$(TARGET_ARCH)" >> $(PKGDIR)/pkginfo
|
||||
@echo CATEGORY="utility" >> $(PKGDIR)/pkginfo
|
||||
@echo CLASSES="none config manifest" >> $(PKGDIR)/pkginfo
|
||||
@echo VENDOR="www.nagios.org" >> $(PKGDIR)/pkginfo
|
||||
@echo EMAIL="nagios-users@lists.sourceforge.net" >> $(PKGDIR)/pkginfo
|
||||
@echo ISTATES="S s 1 2 3" >> $(PKGDIR)/pkginfo
|
||||
@echo RSTATES="S s 1 2 3" >> $(PKGDIR)/pkginfo
|
||||
@echo BASEDIR="/" >> $(PKGDIR)/pkginfo
|
||||
|
||||
$(PKG_FILE): pkginfo prototype
|
||||
pkgmk -o -d $(PKGDIR) -f $(PKGDIR)/prototype -r .
|
||||
pkgtrans ./pkg $(PKG_FILE) $(PKG_NAME)
|
||||
|
||||
pkg: $(PKG_FILE)
|
||||
|
||||
all: pkg
|
||||
|
||||
clean:
|
||||
rm -rf build install package
|
||||
rm -rf $(PKGDIR)/$(PKG_NAME)
|
||||
rm -f $(PKGDIR)/prototype $(PKGDIR)/pkginfo
|
||||
rm -f $(PKGDIR)/$(PKG_FILE)
|
||||
rm -f core
|
||||
rm -f *~ */*~
|
||||
|
||||
distclean: clean
|
||||
rm -f Makefile
|
||||
rm -f config.log
|
||||
|
||||
devclean: distclean
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
#!/usr/bin/sh
|
||||
|
||||
create_cksum_file() {
|
||||
srcfile=$1
|
||||
destfile=$2
|
||||
cksumfile=$3
|
||||
|
||||
echo "# DO NOT EDIT OR REMOVE THIS FILE - It is used to determine whether to" > $cksumfile
|
||||
echo "# overwrite $destfile on package update or to remove" >> $cksumfile
|
||||
echo "# it on package deletion." >> $cksumfile
|
||||
/usr/bin/cat $srcfile | /usr/bin/cksum >> $cksumfile
|
||||
/usr/bin/chmod 400 $cksumfile
|
||||
}
|
||||
|
||||
compare_cksum() {
|
||||
destfile=$1
|
||||
cksumfile=$2
|
||||
|
||||
installed_cksum=`/usr/bin/tail -1 $cksumfile | /usr/bin/awk '{print $1}'`
|
||||
current_cksum=`/usr/bin/cksum $destfile | /usr/bin/awk '{print $1}'`
|
||||
test $installed_cksum = $current_cksum
|
||||
}
|
||||
|
||||
while read src dest ; do
|
||||
destpath=`echo $dest | /usr/bin/sed -e 's/\/[^/]*$//'`
|
||||
destbase=`/usr/bin/basename $dest`
|
||||
cksumfile="${destpath}/.${destbase}.cksum"
|
||||
if [ -f $dest ] ; then
|
||||
if [ -f $cksumfile ] ; then
|
||||
compare_cksum $dest $cksumfile
|
||||
if [ $? -eq 0 ] ; then
|
||||
/usr/bin/cp $src $dest
|
||||
/usr/bin/chmod 600 $dest
|
||||
/usr/bin/chown nagios:nagios $dest
|
||||
else
|
||||
echo "Existing $dest has been found --"
|
||||
echo " installing $destbase as $dest.pkgnew"
|
||||
/usr/bin/cp $src $dest.pkgnew
|
||||
/usr/bin/chmod 600 $dest.pkgnew
|
||||
/usr/bin/chown nagios:nagios $dest.pkgnew
|
||||
fi
|
||||
else
|
||||
echo "Existing $dest has been found --"
|
||||
echo " installing $destbase as $dest.pkgnew"
|
||||
/usr/bin/cp $src $dest.pkgnew
|
||||
/usr/bin/chmod 600 $dest.pkgnew
|
||||
/usr/bin/chown nagios:nagios $dest.pkgnew
|
||||
fi
|
||||
else
|
||||
create_cksum_file $src $dest $cksumfile
|
||||
/usr/bin/cp $src $dest
|
||||
/usr/bin/chmod 600 $dest
|
||||
/usr/bin/chown nagios:nagios $dest
|
||||
fi
|
||||
done
|
||||
if [ "$1" = "ENDOFCLASS" ] ; then
|
||||
exit 0
|
||||
fi
|
|
@ -0,0 +1,32 @@
|
|||
#!/sbin/sh
|
||||
#
|
||||
|
||||
NRPE=/opt/nagios/bin/nrpe
|
||||
CFGFILE=/etc/nagios/nrpe.cfg
|
||||
PIDFILE=/var/run/nrpe.pid
|
||||
|
||||
case $1 in
|
||||
'start')
|
||||
$NRPE -c $CFGFILE -d
|
||||
;;
|
||||
|
||||
'restart')
|
||||
if [ -f "$PIDFILE" ]; then
|
||||
/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
|
||||
fi
|
||||
;;
|
||||
|
||||
'stop')
|
||||
if [ -f "$PIDFILE" ]; then
|
||||
/usr/bin/kill `/usr/bin/cat $PIDFILE`
|
||||
/bin/rm -f $PIDFILE
|
||||
fi
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 { start | restart | stop }"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit $?
|
|
@ -0,0 +1,131 @@
|
|||
<?xml version="1.0"?>
|
||||
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
|
||||
<!--
|
||||
|
||||
All source code, binaries, documentation, and information contained
|
||||
in this distribution are provided AS IS with NO WARRANTY OF ANY KIND,
|
||||
INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE.
|
||||
|
||||
Nagios and the Nagios logo are registered trademarks of Nagios Enterprises.
|
||||
All other trademarks, servicemarks, registered trademarks, and
|
||||
registered servicemarks are the property of their respective owner(s).
|
||||
|
||||
-->
|
||||
|
||||
<service_bundle type='manifest' name='NGOS:nrpe'>
|
||||
|
||||
<service
|
||||
name='application/nagios/nrpe'
|
||||
type='service'
|
||||
version='1'>
|
||||
|
||||
<create_default_instance enabled='false' />
|
||||
|
||||
<single_instance />
|
||||
|
||||
<dependency name='fs-local'
|
||||
grouping='require_all'
|
||||
restart_on='none'
|
||||
type='service'>
|
||||
<service_fmri
|
||||
value='svc:/system/filesystem/local' />
|
||||
</dependency>
|
||||
|
||||
<dependency name='fs-autofs'
|
||||
grouping='optional_all'
|
||||
restart_on='none'
|
||||
type='service'>
|
||||
<service_fmri value='svc:/system/filesystem/autofs' />
|
||||
</dependency>
|
||||
|
||||
<dependency name='net-loopback'
|
||||
grouping='require_all'
|
||||
restart_on='none'
|
||||
type='service'>
|
||||
<service_fmri value='svc:/network/loopback' />
|
||||
</dependency>
|
||||
|
||||
<dependency name='net-physical'
|
||||
grouping='require_all'
|
||||
restart_on='none'
|
||||
type='service'>
|
||||
<service_fmri value='svc:/network/physical' />
|
||||
</dependency>
|
||||
|
||||
<dependency name='cryptosvc'
|
||||
grouping='require_all'
|
||||
restart_on='none'
|
||||
type='service'>
|
||||
<service_fmri value='svc:/system/cryptosvc' />
|
||||
</dependency>
|
||||
|
||||
<dependency name='utmp'
|
||||
grouping='require_all'
|
||||
restart_on='none'
|
||||
type='service'>
|
||||
<service_fmri value='svc:/system/utmp' />
|
||||
</dependency>
|
||||
|
||||
<dependency name='config_data'
|
||||
grouping='require_all'
|
||||
restart_on='restart'
|
||||
type='path'>
|
||||
<service_fmri
|
||||
value='file://localhost/etc/nagios/nrpe.cfg' />
|
||||
</dependency>
|
||||
|
||||
<dependent
|
||||
name='nrpe_multi-user-server'
|
||||
grouping='optional_all'
|
||||
restart_on='none'>
|
||||
<service_fmri
|
||||
value='svc:/milestone/multi-user-server' />
|
||||
</dependent>
|
||||
|
||||
<exec_method
|
||||
type='method'
|
||||
name='start'
|
||||
exec='/lib/svc/method/nrpe start'
|
||||
timeout_seconds='60'/>
|
||||
|
||||
<exec_method
|
||||
type='method'
|
||||
name='stop'
|
||||
exec='/lib/svc/method/nrpe stop'
|
||||
timeout_seconds='60' />
|
||||
|
||||
<exec_method
|
||||
type='method'
|
||||
name='refresh'
|
||||
exec='/lib/svc/method/nrpe restart'
|
||||
timeout_seconds='60' />
|
||||
|
||||
<property_group name='startd'
|
||||
type='framework'>
|
||||
<!-- sub-process core dumps shouldn't restart session -->
|
||||
<propval name='ignore_error'
|
||||
type='astring' value='core,signal' />
|
||||
</property_group>
|
||||
|
||||
<stability value='Unstable' />
|
||||
|
||||
<template>
|
||||
<common_name>
|
||||
<loctext xml:lang='C'>
|
||||
NRPE daemon
|
||||
</loctext>
|
||||
</common_name>
|
||||
<description>
|
||||
<loctext xml:lang='C'>
|
||||
Nagios Remote Plugin Executor Daemon
|
||||
</loctext>
|
||||
</description>
|
||||
<!--documentation-->
|
||||
<!--manpage title='sshd' section='1M' manpath='/usr/share/man' /-->
|
||||
<!--/documentation-->
|
||||
</template>
|
||||
|
||||
</service>
|
||||
|
||||
</service_bundle>
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/sh
|
||||
|
||||
echo "To begin using NRPE, first edit /etc/nagios/nrpe.cfg, update the"
|
||||
echo "allowed_hosts line and any command lines. Then start the nrpe service"
|
||||
echo "by running the command 'svcadm enable nrpe' as root."
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/sh
|
||||
|
||||
user="nagios"
|
||||
uid=-1
|
||||
group="nagios"
|
||||
gid=-1
|
||||
|
||||
/usr/bin/getent group $group > /dev/null 2> /dev/null
|
||||
result=$?
|
||||
if [ $result -eq 2 ] ; then
|
||||
echo "Group $group does not exist. Creating..."
|
||||
if [ $gid -ne -1 ] ; then
|
||||
/usr/sbin/groupadd -g $gid $group
|
||||
else
|
||||
/usr/sbin/groupadd $group
|
||||
fi
|
||||
elif [ $result -ne 0 ] ; then
|
||||
echo "An error occurred determining the existence of the groug $group. Terminating."
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
/usr/bin/getent passwd $user > /dev/null 2> /dev/null
|
||||
result=$?
|
||||
if [ $result -eq 2 ] ; then
|
||||
echo "User $user does not exist. Creating..."
|
||||
if [ $uid -ne -1 ] ; then
|
||||
/usr/sbin/useradd -u $uid -g $group $user
|
||||
else
|
||||
/usr/sbin/useradd -g $group $user
|
||||
fi
|
||||
elif [ $result -ne 0 ] ; then
|
||||
echo "An error occurred determining the existence of the user $user. Terminating."
|
||||
exit 1;
|
||||
fi
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
#!/usr/bin/sh
|
||||
|
||||
compare_cksum() {
|
||||
destfile=$1
|
||||
cksumfile=$2
|
||||
|
||||
installed_cksum=`/usr/bin/tail -1 $cksumfile | /usr/bin/awk '{print $1}'`
|
||||
current_cksum=`/usr/bin/cksum $destfile | /usr/bin/awk '{print $1}'`
|
||||
test $installed_cksum = $current_cksum
|
||||
}
|
||||
|
||||
while read path ; do
|
||||
destpath=`echo $path | /usr/bin/sed -e 's/\/[^/]*$//'`
|
||||
destbase=`/usr/bin/basename $path`
|
||||
cksumfile="${destpath}/.${destbase}.cksum"
|
||||
if [ -f $path ] ; then
|
||||
if [ -f $cksumfile ] ; then
|
||||
compare_cksum $path $cksumfile
|
||||
if [ $? -eq 0 ] ; then
|
||||
/usr/bin/rm -f $path $cksumfile
|
||||
else
|
||||
echo "$path has been modified since it was installed -- "
|
||||
echo " leaving it in place."
|
||||
fi
|
||||
else
|
||||
echo "$path may have been modified since it was installed -- "
|
||||
echo " leaving it in place."
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ "$1" = "ENDOFCLASS" ] ; then
|
||||
exit 0
|
||||
fi
|
|
@ -0,0 +1,235 @@
|
|||
#############################################################################
|
||||
# Sample NRPE Config File
|
||||
# Written by: Ethan Galstad (nagios@nagios.org)
|
||||
#
|
||||
# Last Modified: 11-23-2007
|
||||
#
|
||||
# NOTES:
|
||||
# This is a sample configuration file for the NRPE daemon. It needs to be
|
||||
# located on the remote host that is running the NRPE daemon, not the host
|
||||
# from which the check_nrpe client is being executed.
|
||||
#############################################################################
|
||||
|
||||
|
||||
# LOG FACILITY
|
||||
# The syslog facility that should be used for logging purposes.
|
||||
|
||||
log_facility=@log_facility@
|
||||
|
||||
|
||||
|
||||
# PID FILE
|
||||
# The name of the file in which the NRPE daemon should write it's process ID
|
||||
# number. The file is only written if the NRPE daemon is started by the root
|
||||
# user and is running in standalone mode.
|
||||
|
||||
pid_file=/var/run/nrpe.pid
|
||||
|
||||
|
||||
|
||||
# PORT NUMBER
|
||||
# Port number we should wait for connections on.
|
||||
# NOTE: This must be a non-priviledged port (i.e. > 1024).
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
server_port=@nrpe_port@
|
||||
|
||||
|
||||
|
||||
# SERVER ADDRESS
|
||||
# Address that nrpe should bind to in case there are more than one interface
|
||||
# and you do not want nrpe to bind on all interfaces.
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
#server_address=127.0.0.1
|
||||
|
||||
|
||||
|
||||
# NRPE USER
|
||||
# This determines the effective user that the NRPE daemon should run as.
|
||||
# You can either supply a username or a UID.
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
nrpe_user=@nrpe_user@
|
||||
|
||||
|
||||
|
||||
# NRPE GROUP
|
||||
# This determines the effective group that the NRPE daemon should run as.
|
||||
# You can either supply a group name or a GID.
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
nrpe_group=@nrpe_group@
|
||||
|
||||
|
||||
|
||||
# ALLOWED HOST ADDRESSES
|
||||
# This is an optional comma-delimited list of IP address or hostnames
|
||||
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
|
||||
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
|
||||
# supported.
|
||||
#
|
||||
# Note: The daemon only does rudimentary checking of the client's IP
|
||||
# address. I would highly recommend adding entries in your /etc/hosts.allow
|
||||
# file to allow only the specified host to connect to the port
|
||||
# you are running this daemon on.
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
allowed_hosts=127.0.0.1
|
||||
|
||||
|
||||
|
||||
# COMMAND ARGUMENT PROCESSING
|
||||
# This option determines whether or not the NRPE daemon will allow clients
|
||||
# to specify arguments to commands that are executed. This option only works
|
||||
# if the daemon was configured with the --enable-command-args configure script
|
||||
# option.
|
||||
#
|
||||
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
|
||||
# Read the SECURITY file for information on some of the security implications
|
||||
# of enabling this variable.
|
||||
#
|
||||
# Values: 0=do not allow arguments, 1=allow command arguments
|
||||
|
||||
dont_blame_nrpe=0
|
||||
|
||||
|
||||
|
||||
# BASH COMMAND SUBTITUTION
|
||||
# This option determines whether or not the NRPE daemon will allow clients
|
||||
# to specify arguments that contain bash command substitutions of the form
|
||||
# $(...). This option only works if the daemon was configured with both
|
||||
# the --enable-command-args and --enable-bash-command-substitution configure
|
||||
# script options.
|
||||
#
|
||||
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
|
||||
# Read the SECURITY file for information on some of the security implications
|
||||
# of enabling this variable.
|
||||
#
|
||||
# Values: 0=do not allow bash command substitutions,
|
||||
# 1=allow bash command substitutions
|
||||
|
||||
allow_bash_command_substitution=0
|
||||
|
||||
|
||||
|
||||
# COMMAND PREFIX
|
||||
# This option allows you to prefix all commands with a user-defined string.
|
||||
# A space is automatically added between the specified prefix string and the
|
||||
# command line from the command definition.
|
||||
#
|
||||
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
|
||||
# Usage scenario:
|
||||
# Execute restricted commmands using sudo. For this to work, you need to add
|
||||
# the nagios user to your /etc/sudoers. An example entry for alllowing
|
||||
# execution of the plugins from might be:
|
||||
#
|
||||
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
|
||||
#
|
||||
# This lets the nagios user run all commands in that directory (and only them)
|
||||
# without asking for a password. If you do this, make sure you don't give
|
||||
# random users write access to that directory or its contents!
|
||||
|
||||
# command_prefix=/usr/bin/sudo
|
||||
|
||||
|
||||
|
||||
# DEBUGGING OPTION
|
||||
# This option determines whether or not debugging messages are logged to the
|
||||
# syslog facility.
|
||||
# Values: 0=debugging off, 1=debugging on
|
||||
|
||||
debug=0
|
||||
|
||||
|
||||
|
||||
# COMMAND TIMEOUT
|
||||
# This specifies the maximum number of seconds that the NRPE daemon will
|
||||
# allow plugins to finish executing before killing them off.
|
||||
|
||||
command_timeout=60
|
||||
|
||||
|
||||
|
||||
# CONNECTION TIMEOUT
|
||||
# This specifies the maximum number of seconds that the NRPE daemon will
|
||||
# wait for a connection to be established before exiting. This is sometimes
|
||||
# seen where a network problem stops the SSL being established even though
|
||||
# all network sessions are connected. This causes the nrpe daemons to
|
||||
# accumulate, eating system resources. Do not set this too low.
|
||||
|
||||
connection_timeout=300
|
||||
|
||||
|
||||
|
||||
# WEEK RANDOM SEED OPTION
|
||||
# This directive allows you to use SSL even if your system does not have
|
||||
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
|
||||
# were not applied). The random number generator will be seeded from a file
|
||||
# which is either a file pointed to by the environment valiable $RANDFILE
|
||||
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
|
||||
# be initialized and a warning will be issued.
|
||||
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
|
||||
|
||||
#allow_weak_random_seed=1
|
||||
|
||||
|
||||
|
||||
# INCLUDE CONFIG FILE
|
||||
# This directive allows you to include definitions from an external config file.
|
||||
|
||||
#include=<somefile.cfg>
|
||||
|
||||
|
||||
|
||||
# INCLUDE CONFIG DIRECTORY
|
||||
# This directive allows you to include definitions from config files (with a
|
||||
# .cfg extension) in one or more directories (with recursion).
|
||||
|
||||
#include_dir=<somedirectory>
|
||||
#include_dir=<someotherdirectory>
|
||||
|
||||
|
||||
|
||||
# COMMAND DEFINITIONS
|
||||
# Command definitions that this daemon will run. Definitions
|
||||
# are in the following format:
|
||||
#
|
||||
# command[<command_name>]=<command_line>
|
||||
#
|
||||
# When the daemon receives a request to return the results of <command_name>
|
||||
# it will execute the command specified by the <command_line> argument.
|
||||
#
|
||||
# Unlike Nagios, the command line cannot contain macros - it must be
|
||||
# typed exactly as it should be executed.
|
||||
#
|
||||
# Note: Any plugins that are used in the command lines must reside
|
||||
# on the machine that this daemon is running on! The examples below
|
||||
# assume that you have plugins installed in a /usr/local/nagios/libexec
|
||||
# directory. Also note that you will have to modify the definitions below
|
||||
# to match the argument format the plugins expect. Remember, these are
|
||||
# examples only!
|
||||
|
||||
|
||||
# The following examples use hardcoded command arguments...
|
||||
|
||||
command[check_users]=@libexecdir@/check_users -w 5 -c 10
|
||||
command[check_load]=@libexecdir@/check_load -w 15,10,5 -c 30,25,20
|
||||
command[check_hda1]=@libexecdir@/check_disk -w 20% -c 10% -p /dev/hda1
|
||||
command[check_zombie_procs]=@libexecdir@/check_procs -w 5 -c 10 -s Z
|
||||
command[check_total_procs]=@libexecdir@/check_procs -w 150 -c 200
|
||||
|
||||
|
||||
# The following examples allow user-supplied arguments and can
|
||||
# only be used if the NRPE daemon was compiled with support for
|
||||
# command arguments *AND* the dont_blame_nrpe directive in this
|
||||
# config file is set to '1'. This poses a potential security risk, so
|
||||
# make sure you read the SECURITY file before doing this.
|
||||
|
||||
#command[check_users]=@libexecdir@/check_users -w $ARG1$ -c $ARG2$
|
||||
#command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$
|
||||
#command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
|
||||
#command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
|
|
@ -0,0 +1,16 @@
|
|||
# default: on
|
||||
# description: NRPE (Nagios Remote Plugin Executor)
|
||||
service nrpe
|
||||
{
|
||||
flags = REUSE
|
||||
socket_type = stream
|
||||
port = @nrpe_port@
|
||||
wait = no
|
||||
user = @nrpe_user@
|
||||
group = @nrpe_group@
|
||||
server = @bindir@/nrpe
|
||||
server_args = -c @sysconfdir@/nrpe.cfg --inetd
|
||||
log_on_failure += USERID
|
||||
disable = no
|
||||
only_from = 127.0.0.1
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
###############################
|
||||
# Makefile for NRPE
|
||||
#
|
||||
# Last Modified: 08-13-2007
|
||||
###############################
|
||||
|
||||
srcdir=@srcdir@
|
||||
|
||||
# Source code directories
|
||||
SRC_INCLUDE=@srcdir@/../include
|
||||
CFG_INCLUDE=../include
|
||||
|
||||
CC=@CC@
|
||||
CFLAGS=@CFLAGS@ @DEFS@ -I $(CFG_INCLUDE) -I $(SRC_INCLUDE)
|
||||
LDFLAGS=@LDFLAGS@ @LIBS@
|
||||
SOCKETLIBS=@SOCKETLIBS@
|
||||
LIBWRAPLIBS=@LIBWRAPLIBS@
|
||||
OTHERLIBS=@OTHERLIBS@
|
||||
|
||||
CP=@CP@
|
||||
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
CFGDIR=@sysconfdir@
|
||||
BINDIR=@bindir@
|
||||
SBINDIR=@sbindir@
|
||||
LIBEXECDIR=@libexecdir@
|
||||
INSTALL=@INSTALL@
|
||||
NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
|
||||
NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
|
||||
|
||||
# Generated automatically from configure script
|
||||
SNPRINTF_O=@SNPRINTF_O@
|
||||
|
||||
|
||||
all: nrpe check_nrpe
|
||||
|
||||
nrpe: $(srcdir)/nrpe.c $(srcdir)/utils.c $(srcdir)/acl.c $(SRC_INCLUDE)/nrpe.h $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)/common.h $(CFG_INCLUDE)/config.h $(SRC_INCLUDE)/acl.h $(SNPRINTF_O)
|
||||
$(CC) $(CFLAGS) -o $@ $(srcdir)/nrpe.c $(srcdir)/utils.c $(srcdir)/acl.c $(LDFLAGS) $(SOCKETLIBS) $(LIBWRAPLIBS) $(SNPRINTF_O) $(OTHERLIBS)
|
||||
|
||||
check_nrpe: $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)/common.h $(CFG_INCLUDE)/config.h
|
||||
$(CC) $(CFLAGS) -o $@ $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(LDFLAGS) $(SOCKETLIBS) $(OTHERLIBS)
|
||||
|
||||
install:
|
||||
$(MAKE) install-plugin
|
||||
$(MAKE) install-daemon
|
||||
|
||||
install-plugin:
|
||||
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
|
||||
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR)
|
||||
|
||||
install-daemon:
|
||||
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
|
||||
$(INSTALL) -m 775 $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR)
|
||||
|
||||
clean:
|
||||
rm -f core nrpe check_nrpe $(SNPRINTF_O)
|
||||
rm -f *~ */*~
|
||||
rm -rf nrpe.dSYM check_nrpe.dSYM
|
||||
|
||||
distclean: clean
|
||||
rm -f Makefile
|
||||
|
||||
devclean: distclean
|
|
@ -0,0 +1,613 @@
|
|||
/*-
|
||||
* acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
|
||||
* Copyright (c) 2011 Kaspersky Lab ZAO
|
||||
* Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help
|
||||
*
|
||||
* Description:
|
||||
* acl.c creates two linked lists. One is for IPv4 hosts and networks, another is for domain names.
|
||||
* All connecting hosts (if allowed_hosts is defined) are checked in these two lists.
|
||||
*
|
||||
* Some notes:
|
||||
* 1) IPv6 isn't supported in ACL.
|
||||
* 2) Only ANCII names are supported in ACL.
|
||||
*
|
||||
* License: GPL
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <netdb.h>
|
||||
#include <syslog.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "../include/acl.h"
|
||||
|
||||
/* This function checks if a char argumnet from valid char range.
|
||||
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
|
||||
*
|
||||
* Returns:
|
||||
* 0 - char isn't from valid group
|
||||
* 1 - char is a number
|
||||
* 2 - char is a letter
|
||||
* 3 - char is a space(' ')
|
||||
* 4 - char is a dot('.')
|
||||
* 5 - char is a slash('/')
|
||||
* 6 - char is a dash('-')
|
||||
* 7 - char is a comma(',')
|
||||
*/
|
||||
|
||||
int isvalidchar(int c) {
|
||||
if (!isascii(c))
|
||||
return 0;
|
||||
|
||||
if (isdigit(c))
|
||||
return 1;
|
||||
|
||||
if (isalpha(c))
|
||||
return 2;
|
||||
|
||||
if (isspace(c))
|
||||
return 3;
|
||||
|
||||
switch (c) {
|
||||
case '.':
|
||||
return 4;
|
||||
break;
|
||||
case '/':
|
||||
return 5;
|
||||
break;
|
||||
case '-':
|
||||
return 6;
|
||||
break;
|
||||
case ',':
|
||||
return 7;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Get substring from allowed_hosts from s position to e position.
|
||||
*/
|
||||
|
||||
char * acl_substring(char *string, int s, int e) {
|
||||
char *substring;
|
||||
int len = e - s;
|
||||
|
||||
if (len < 0)
|
||||
return NULL;
|
||||
|
||||
if ( (substring = malloc(len + 1)) == NULL)
|
||||
return NULL;
|
||||
|
||||
memmove(substring, string + s, len + 1);
|
||||
return substring;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add IPv4 host or network to IP ACL. IPv4 format is X.X.X.X[/X].
|
||||
* Host will be added to ACL only if it has passed IPv4 format check.
|
||||
*
|
||||
* Returns:
|
||||
* 1 - on success
|
||||
* 0 - on failure
|
||||
*
|
||||
* States for IPv4 format check:
|
||||
* 0 - numbers(-> 1), dot(-> -1), slash(-> -1), other(-> -1)
|
||||
* 1 - numbers(-> 1), dot(-> 2), slash(-> -1), other(-> -1)
|
||||
* 2 - numbers(-> 3), dot(-> -1), slash(-> -1), other(-> -1)
|
||||
* 3 - numbers(-> 3), dot(-> 4), slash(-> -1), other(-> -1)
|
||||
* 4 - numbers(-> 5), dot(-> -1), slash(-> -1), other(-> -1)
|
||||
* 5 - numbers(-> 5), dot(-> 6), slash(-> -1), other(-> -1)
|
||||
* 6 - numbers(-> 7), dot(-> -1), slash(-> -1), other(-> -1)
|
||||
* 7 - numbers(-> 7), dor(-> -1), slash(-> 8), other(-> -1)
|
||||
* 8 - numbers(-> 9), dor(-> -1), slash(-> -1), other(-> -1)
|
||||
* 9 - numbers(-> 9), dot(-> -1), slash(-> -1), other(-> -1)
|
||||
*
|
||||
* Good states are 7(IPv4 host) and 9(IPv4 network)
|
||||
*/
|
||||
|
||||
int add_ipv4_to_acl(char *ipv4) {
|
||||
int state = 0;
|
||||
int octet = 0;
|
||||
int index = 0; /* position in data array */
|
||||
int data[5]; /* array to store ip octets and mask */
|
||||
int len = strlen(ipv4);
|
||||
int i, c;
|
||||
unsigned long ip, mask;
|
||||
struct ip_acl *ip_acl_curr;
|
||||
|
||||
/* Check for min and max IPv4 valid length */
|
||||
if (len < 7 || len > 18)
|
||||
return 0;
|
||||
|
||||
/* default mask for ipv4 */
|
||||
data[4] = 32;
|
||||
|
||||
/* Basic IPv4 format check */
|
||||
for (i = 0; i < len; i++) {
|
||||
/* Return 0 on error state */
|
||||
if (state == -1)
|
||||
return 0;
|
||||
|
||||
c = ipv4[i];
|
||||
|
||||
switch (c) {
|
||||
case '0': case '1': case '2': case '3': case '4':
|
||||
case '5': case '6': case '7': case '8': case '9':
|
||||
octet = octet * 10 + CHAR_TO_NUMBER(c);
|
||||
switch (state) {
|
||||
case 0: case 2: case 4: case 6: case 8:
|
||||
state++;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case '.':
|
||||
switch (state) {
|
||||
case 1: case 3: case 5:
|
||||
data[index++] = octet;
|
||||
octet = 0;
|
||||
state++;
|
||||
break;
|
||||
default:
|
||||
state = -1;
|
||||
}
|
||||
break;
|
||||
case '/':
|
||||
switch (state) {
|
||||
case 7:
|
||||
data[index++] = octet;
|
||||
octet = 0;
|
||||
state++;
|
||||
break;
|
||||
default:
|
||||
state = -1;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
state = -1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Exit state handling */
|
||||
switch (state) {
|
||||
case 7: case 9:
|
||||
data[index] = octet;
|
||||
break;
|
||||
default:
|
||||
/* Bad states */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Final IPv4 format check.
|
||||
*/
|
||||
for (i=0; i < 4; i++) {
|
||||
if (data[i] < 0 || data[i] > 255) {
|
||||
syslog(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (data[4] < 0 || data[4] > 32) {
|
||||
syslog(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Conver ip and mask to unsigned long */
|
||||
ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
|
||||
mask = htonl(-1 << (32 - data[4]));
|
||||
|
||||
/* Wrong network address */
|
||||
if ( (ip & mask) != ip) {
|
||||
syslog(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Add addr to ip_acl list */
|
||||
if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
|
||||
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Save result in ACL ip list */
|
||||
ip_acl_curr->family = AF_INET;
|
||||
ip_acl_curr->addr.s_addr = ip;
|
||||
ip_acl_curr->mask.s_addr = mask;
|
||||
ip_acl_curr->next = NULL;
|
||||
|
||||
if (ip_acl_head == NULL) {
|
||||
ip_acl_head = ip_acl_curr;
|
||||
} else {
|
||||
ip_acl_prev->next = ip_acl_curr;
|
||||
}
|
||||
ip_acl_prev = ip_acl_curr;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add IPv6 host or network to IP ACL. Host will be added to ACL only if
|
||||
* it has passed IPv6 format check.
|
||||
*
|
||||
*/
|
||||
|
||||
int add_ipv6_to_acl(char *ipv6) {
|
||||
char *ipv6tmp;
|
||||
char *addrtok;
|
||||
char *addrsave;
|
||||
struct in6_addr addr;
|
||||
struct in6_addr mask;
|
||||
int maskval;
|
||||
int byte, bit;
|
||||
int nbytes = sizeof(mask.s6_addr) / sizeof(mask.s6_addr[0]);
|
||||
int x;
|
||||
struct ip_acl *ip_acl_curr;
|
||||
|
||||
/* Save temporary copy of ipv6 so we can use the original in error
|
||||
messages if needed */
|
||||
ipv6tmp = strdup(ipv6);
|
||||
if(NULL == ipv6tmp) {
|
||||
syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
|
||||
ipv6);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Parse the address itself */
|
||||
addrtok = strtok_r(ipv6tmp, "/", &addrsave);
|
||||
if(inet_pton(AF_INET6, addrtok, &addr) <= 0) {
|
||||
syslog(LOG_ERR, "Invalid IPv6 address in ACL: %s\n", ipv6);
|
||||
free(ipv6tmp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Check whether there is a netmask */
|
||||
addrtok = strtok_r(NULL, "/", &addrsave);
|
||||
if(NULL != addrtok) {
|
||||
/* If so, build a netmask */
|
||||
|
||||
/* Get the number of bits in the mask */
|
||||
maskval = atoi(addrtok);
|
||||
if(maskval < 0 || maskval > 128) {
|
||||
syslog(LOG_ERR, "Invalid IPv6 netmask in ACL: %s\n", ipv6);
|
||||
free(ipv6tmp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Initialize to zero */
|
||||
for(x = 0; x < nbytes; x++) {
|
||||
mask.s6_addr[x] = 0;
|
||||
}
|
||||
|
||||
/* Set mask based on mask bits */
|
||||
byte = 0;
|
||||
bit = 7;
|
||||
while(maskval > 0) {
|
||||
mask.s6_addr[byte] |= 1 << bit;
|
||||
bit -= 1;
|
||||
if(bit < 0) {
|
||||
bit = 7;
|
||||
byte++;
|
||||
}
|
||||
maskval--;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* Otherwise, this is a single address */
|
||||
for(x = 0; x < nbytes; x++) {
|
||||
mask.s6_addr[x] = 0xFF;
|
||||
}
|
||||
}
|
||||
|
||||
/* Add address to ip_acl list */
|
||||
ip_acl_curr = malloc(sizeof(*ip_acl_curr));
|
||||
if(NULL == ip_acl_curr) {
|
||||
syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Save result in ACL ip list */
|
||||
ip_acl_curr->family = AF_INET6;
|
||||
for(x = 0; x < nbytes; x++) {
|
||||
ip_acl_curr->addr6.s6_addr[x] =
|
||||
addr.s6_addr[x] & mask.s6_addr[x];
|
||||
ip_acl_curr->mask6.s6_addr[x] = mask.s6_addr[x];
|
||||
}
|
||||
ip_acl_curr->next = NULL;
|
||||
|
||||
if(NULL == ip_acl_head) {
|
||||
ip_acl_head = ip_acl_curr;
|
||||
}
|
||||
else {
|
||||
ip_acl_prev->next = ip_acl_curr;
|
||||
}
|
||||
ip_acl_prev = ip_acl_curr;
|
||||
|
||||
free(ipv6tmp);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add domain to DNS ACL list
|
||||
* Domain will be added only if it has passed domain name check.
|
||||
*
|
||||
* In this case domain valid format is:
|
||||
* 1) Domain names must use only alphanumeric characters and dashes (-).
|
||||
* 2) Domain names mustn't begin or end with dashes (-).
|
||||
* 3) Domain names mustn't have more than 63 characters.
|
||||
*
|
||||
* Return:
|
||||
* 1 - for success
|
||||
* 0 - for failure
|
||||
*
|
||||
* 0 - alpha(-> 1), number(-> 1), dot(-> -1), dash(-> -1), all other(-> -1)
|
||||
* 1 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
|
||||
* 2 - alpha(-> 3), number(-> 1), dot(-> -1), dash(-> -1), all other(-> -1)
|
||||
* 3 - alpha(-> 4), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
|
||||
* 4 - alpha(-> 5), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
|
||||
* 5 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
|
||||
* 6 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
|
||||
|
||||
* For real FQDN only 4 and 5 states are good for exit.
|
||||
* I don't check if top domain exists (com, ru and etc.)
|
||||
* But in real life NRPE could work in LAN,
|
||||
* with local domain zones like .local or with names like 'mars' added to /etc/hosts.
|
||||
* So 1 is good state too. And maybe this check is not necessary at all...
|
||||
*/
|
||||
|
||||
int add_domain_to_acl(char *domain) {
|
||||
int state = 0;
|
||||
int len = strlen(domain);
|
||||
int i, c;
|
||||
|
||||
struct dns_acl *dns_acl_curr;
|
||||
|
||||
if (len > 63)
|
||||
return 0;
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
c = domain[i];
|
||||
switch (isvalidchar(c)) {
|
||||
case 1:
|
||||
state = 1;
|
||||
break;
|
||||
case 2:
|
||||
switch (state) {
|
||||
case 0: case 1: case 5: case 6:
|
||||
state = 1;
|
||||
break;
|
||||
case 2: case 3: case 4:
|
||||
state++;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case 4:
|
||||
switch (state) {
|
||||
case 0: case 2:
|
||||
state = -1;
|
||||
break;
|
||||
default:
|
||||
state = 2;
|
||||
}
|
||||
break;
|
||||
case 6:
|
||||
switch (state) {
|
||||
case 0: case 2:
|
||||
state = -1;
|
||||
break;
|
||||
default:
|
||||
state = 6;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
/* Not valid chars */
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Check exit code */
|
||||
switch (state) {
|
||||
case 1: case 4: case 5:
|
||||
/* Add name to domain ACL list */
|
||||
if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
|
||||
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
|
||||
return 0;
|
||||
}
|
||||
strcpy(dns_acl_curr->domain, domain);
|
||||
dns_acl_curr->next = NULL;
|
||||
|
||||
if (dns_acl_head == NULL)
|
||||
dns_acl_head = dns_acl_curr;
|
||||
else
|
||||
dns_acl_prev->next = dns_acl_curr;
|
||||
|
||||
dns_acl_prev = dns_acl_curr;
|
||||
return 1;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Checks connectiong host in ACL
|
||||
*
|
||||
* Returns:
|
||||
* 1 - on success
|
||||
* 0 - on failure
|
||||
*/
|
||||
|
||||
int is_an_allowed_host(int family, void *host) {
|
||||
struct ip_acl *ip_acl_curr = ip_acl_head;
|
||||
int nbytes;
|
||||
int x;
|
||||
struct dns_acl *dns_acl_curr = dns_acl_head;
|
||||
struct in_addr addr;
|
||||
struct in6_addr addr6;
|
||||
struct hostent *he;
|
||||
|
||||
while (ip_acl_curr != NULL) {
|
||||
if(ip_acl_curr->family == family) {
|
||||
switch(ip_acl_curr->family) {
|
||||
case AF_INET:
|
||||
if((((struct in_addr *)host)->s_addr &
|
||||
ip_acl_curr->mask.s_addr) ==
|
||||
ip_acl_curr->addr.s_addr) {
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
case AF_INET6:
|
||||
nbytes = sizeof(ip_acl_curr->mask6.s6_addr) /
|
||||
sizeof(ip_acl_curr->mask6.s6_addr[0]);
|
||||
for(x = 0; x < nbytes; x++) {
|
||||
if((((struct in6_addr *)host)->s6_addr[x] &
|
||||
ip_acl_curr->mask6.s6_addr[x]) !=
|
||||
ip_acl_curr->addr6.s6_addr[x]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(x == nbytes) {
|
||||
/* All bytes in host's address pass the netmask mask */
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
ip_acl_curr = ip_acl_curr->next;
|
||||
}
|
||||
|
||||
while(dns_acl_curr != NULL) {
|
||||
he = gethostbyname(dns_acl_curr->domain);
|
||||
if (he == NULL) return 0;
|
||||
|
||||
while (*he->h_addr_list) {
|
||||
switch(he->h_addrtype) {
|
||||
case AF_INET:
|
||||
memmove((char *)&addr,*he->h_addr_list++, sizeof(addr));
|
||||
if (addr.s_addr == ((struct in_addr *)host)->s_addr) return 1;
|
||||
break;
|
||||
case AF_INET6:
|
||||
memcpy((char *)&addr6, *he->h_addr_list++, sizeof(addr6));
|
||||
for(x = 0; x < nbytes; x++) {
|
||||
if(addr6.s6_addr[x] !=
|
||||
((struct in6_addr *)host)->s6_addr[x]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(x == nbytes) {
|
||||
/* All bytes in host's address match the ACL */
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* The trim() function takes a source string and copies it to the destination string,
|
||||
* stripped of leading and training whitespace. The destination string must be
|
||||
* allocated at least as large as the source string.
|
||||
*/
|
||||
|
||||
void trim( char *src, char *dest) {
|
||||
char *sptr, *dptr;
|
||||
|
||||
for( sptr = src; isblank( *sptr) && *sptr; sptr++); /* Jump past leading spaces */
|
||||
for( dptr = dest; !isblank( *sptr) && *sptr; ) {
|
||||
*dptr = *sptr;
|
||||
sptr++;
|
||||
dptr++;
|
||||
}
|
||||
*dptr = '\0';
|
||||
return;
|
||||
}
|
||||
|
||||
/* This function splits allowed_hosts to substrings with comma(,) as a delimeter.
|
||||
* It doesn't check validness of ACL record (add_ipv4_to_acl() and add_domain_to_acl() do),
|
||||
* just trims spaces from ACL records.
|
||||
* After this it sends ACL records to add_ipv4_to_acl() or add_domain_to_acl().
|
||||
*/
|
||||
|
||||
void parse_allowed_hosts(char *allowed_hosts) {
|
||||
char *hosts = strdup( allowed_hosts); /* Copy since strtok* modifes original */
|
||||
char *saveptr;
|
||||
char *tok;
|
||||
const char *delim = ",";
|
||||
char *trimmed_tok;
|
||||
|
||||
tok = strtok_r( hosts, delim, &saveptr);
|
||||
while( tok) {
|
||||
trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
|
||||
trim( tok, trimmed_tok);
|
||||
if( strlen( trimmed_tok) > 0) {
|
||||
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
|
||||
&& !add_domain_to_acl(trimmed_tok)) {
|
||||
syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
|
||||
}
|
||||
}
|
||||
free( trimmed_tok);
|
||||
tok = strtok_r(( char *)0, delim, &saveptr);
|
||||
}
|
||||
|
||||
free( hosts);
|
||||
}
|
||||
|
||||
/*
|
||||
* Converts mask in unsigned long format to two digit prefix
|
||||
*/
|
||||
|
||||
unsigned int prefix_from_mask(struct in_addr mask) {
|
||||
int prefix = 0;
|
||||
unsigned long bit = 1;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 32; i++) {
|
||||
if (mask.s_addr & bit)
|
||||
prefix++;
|
||||
|
||||
bit = bit << 1;
|
||||
}
|
||||
return (prefix);
|
||||
}
|
||||
|
||||
/*
|
||||
* It shows all hosts in ACL lists
|
||||
*/
|
||||
|
||||
void show_acl_lists(void) {
|
||||
struct ip_acl *ip_acl_curr = ip_acl_head;
|
||||
struct dns_acl *dns_acl_curr = dns_acl_head;
|
||||
|
||||
while (ip_acl_curr != NULL) {
|
||||
printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
|
||||
ip_acl_curr = ip_acl_curr->next;
|
||||
}
|
||||
|
||||
while (dns_acl_curr != NULL) {
|
||||
printf("DNS ACL: %s\n", dns_acl_curr->domain);
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,490 @@
|
|||
/********************************************************************************************
|
||||
*
|
||||
* CHECK_NRPE.C - NRPE Plugin For Nagios
|
||||
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||
* License: GPL
|
||||
*
|
||||
* Last Modified: 09-06-2013
|
||||
*
|
||||
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
|
||||
*
|
||||
* Description:
|
||||
*
|
||||
* This plugin will attempt to connect to the NRPE daemon on the specified server and port.
|
||||
* The daemon will attempt to run the command defined as [command]. Program output and
|
||||
* return code are sent back from the daemon and displayed as this plugin's own output and
|
||||
* return code.
|
||||
*
|
||||
********************************************************************************************/
|
||||
|
||||
#include "config.h"
|
||||
#include "common.h"
|
||||
#include "utils.h"
|
||||
|
||||
|
||||
#define DEFAULT_NRPE_COMMAND "_NRPE_CHECK" /* check version of NRPE daemon */
|
||||
|
||||
u_short server_port=DEFAULT_SERVER_PORT;
|
||||
char *server_name=NULL;
|
||||
char *bind_address=NULL;
|
||||
struct sockaddr_storage hostaddr;
|
||||
int address_family=AF_UNSPEC;
|
||||
char *command_name=NULL;
|
||||
int socket_timeout=DEFAULT_SOCKET_TIMEOUT;
|
||||
int timeout_return_code=STATE_CRITICAL;
|
||||
int sd;
|
||||
|
||||
char query[MAX_INPUT_BUFFER]="";
|
||||
|
||||
int show_help=FALSE;
|
||||
int show_license=FALSE;
|
||||
int show_version=FALSE;
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
#ifdef __sun
|
||||
SSL_METHOD *meth;
|
||||
#else
|
||||
const SSL_METHOD *meth;
|
||||
#endif
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
int use_ssl=TRUE;
|
||||
#else
|
||||
int use_ssl=FALSE;
|
||||
#endif
|
||||
|
||||
|
||||
int process_arguments(int,char **);
|
||||
void alarm_handler(int);
|
||||
int graceful_close(int,int);
|
||||
|
||||
|
||||
|
||||
|
||||
int main(int argc, char **argv){
|
||||
u_int32_t packet_crc32;
|
||||
u_int32_t calculated_crc32;
|
||||
int16_t result;
|
||||
int rc;
|
||||
packet send_packet;
|
||||
packet receive_packet;
|
||||
int bytes_to_send;
|
||||
int bytes_to_recv;
|
||||
|
||||
result=process_arguments(argc,argv);
|
||||
|
||||
if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE){
|
||||
|
||||
if(result!=OK)
|
||||
printf("Incorrect command line arguments supplied\n");
|
||||
printf("\n");
|
||||
printf("NRPE Plugin for Nagios\n");
|
||||
printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
|
||||
printf("Version: %s\n",PROGRAM_VERSION);
|
||||
printf("Last Modified: %s\n",MODIFICATION_DATE);
|
||||
printf("License: GPL v2 with exemptions (-l for more info)\n");
|
||||
#ifdef HAVE_SSL
|
||||
printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n");
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
if(result!=OK || show_help==TRUE){
|
||||
|
||||
printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
|
||||
printf("\n");
|
||||
printf("Options:\n");
|
||||
printf(" -n = Do no use SSL\n");
|
||||
printf(" -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL\n");
|
||||
printf(" <host> = The address of the host running the NRPE daemon\n");
|
||||
printf(" <bindaddr> = bind to local address\n");
|
||||
printf(" -4 = user ipv4 only\n");
|
||||
printf(" -6 = user ipv6 only\n");
|
||||
printf(" [port] = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT);
|
||||
printf(" [timeout] = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
|
||||
printf(" [command] = The name of the command that the remote daemon should run\n");
|
||||
printf(" [arglist] = Optional arguments that should be passed to the command. Multiple\n");
|
||||
printf(" arguments should be separated by a space. If provided, this must be\n");
|
||||
printf(" the last option supplied on the command line.\n");
|
||||
printf("\n");
|
||||
printf("Note:\n");
|
||||
printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
|
||||
printf("You must also have configured the daemon to associate a specific plugin command\n");
|
||||
printf("with the [command] option you are specifying here. Upon receipt of the\n");
|
||||
printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
|
||||
printf("send the plugin output and return code back to *this* plugin. This allows you\n");
|
||||
printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
|
||||
printf("the plugin is being run locally.\n");
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
if(show_license==TRUE)
|
||||
display_license();
|
||||
|
||||
if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE)
|
||||
exit(STATE_UNKNOWN);
|
||||
|
||||
|
||||
/* generate the CRC 32 table */
|
||||
generate_crc32_table();
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
/* initialize SSL */
|
||||
if(use_ssl==TRUE){
|
||||
SSL_library_init();
|
||||
SSLeay_add_ssl_algorithms();
|
||||
meth=SSLv23_client_method();
|
||||
SSL_load_error_strings();
|
||||
if((ctx=SSL_CTX_new(meth))==NULL){
|
||||
printf("CHECK_NRPE: Error - could not create SSL context.\n");
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
|
||||
/* ADDED 01/19/2004 */
|
||||
/* use only TLSv1 protocol */
|
||||
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* initialize alarm signal handling */
|
||||
signal(SIGALRM,alarm_handler);
|
||||
|
||||
/* set socket timeout */
|
||||
alarm(socket_timeout);
|
||||
|
||||
/* try to connect to the host at the given port number */
|
||||
if((sd=my_connect(server_name, &hostaddr, server_port, address_family,
|
||||
bind_address)) < 0 ) {
|
||||
exit (255);
|
||||
}
|
||||
else {
|
||||
result=STATE_OK;
|
||||
}
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
/* do SSL handshake */
|
||||
if(result==STATE_OK && use_ssl==TRUE){
|
||||
if((ssl=SSL_new(ctx))!=NULL){
|
||||
SSL_CTX_set_cipher_list(ctx,"ADH");
|
||||
SSL_set_fd(ssl,sd);
|
||||
if((rc=SSL_connect(ssl))!=1){
|
||||
printf("CHECK_NRPE: Error - Could not complete SSL handshake.\n");
|
||||
#ifdef DEBUG
|
||||
printf("SSL_connect=%d\n",rc);
|
||||
/*
|
||||
rc=SSL_get_error(ssl,rc);
|
||||
printf("SSL_get_error=%d\n",rc);
|
||||
printf("ERR_get_error=%lu\n",ERR_get_error());
|
||||
printf("%s\n",ERR_error_string(rc,NULL));
|
||||
*/
|
||||
ERR_print_errors_fp(stdout);
|
||||
#endif
|
||||
result=STATE_CRITICAL;
|
||||
}
|
||||
}
|
||||
else{
|
||||
printf("CHECK_NRPE: Error - Could not create SSL connection structure.\n");
|
||||
result=STATE_CRITICAL;
|
||||
}
|
||||
|
||||
/* bail if we had errors */
|
||||
if(result!=STATE_OK){
|
||||
SSL_CTX_free(ctx);
|
||||
close(sd);
|
||||
exit(result);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* we're connected and ready to go */
|
||||
if(result==STATE_OK){
|
||||
|
||||
/* clear the packet buffer */
|
||||
bzero(&send_packet,sizeof(send_packet));
|
||||
|
||||
/* fill the packet with semi-random data */
|
||||
randomize_buffer((char *)&send_packet,sizeof(send_packet));
|
||||
|
||||
/* initialize packet data */
|
||||
send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
|
||||
send_packet.packet_type=(int16_t)htons(QUERY_PACKET);
|
||||
strncpy(&send_packet.buffer[0],query,MAX_PACKETBUFFER_LENGTH);
|
||||
send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
|
||||
|
||||
/* calculate the crc 32 value of the packet */
|
||||
send_packet.crc32_value=(u_int32_t)0L;
|
||||
calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
|
||||
send_packet.crc32_value=(u_int32_t)htonl(calculated_crc32);
|
||||
|
||||
|
||||
/***** ENCRYPT REQUEST *****/
|
||||
|
||||
|
||||
/* send the packet */
|
||||
bytes_to_send=sizeof(send_packet);
|
||||
if(use_ssl==FALSE)
|
||||
rc=sendall(sd,(char *)&send_packet,&bytes_to_send);
|
||||
#ifdef HAVE_SSL
|
||||
else{
|
||||
rc=SSL_write(ssl,&send_packet,bytes_to_send);
|
||||
if(rc<0)
|
||||
rc=-1;
|
||||
}
|
||||
#endif
|
||||
if(rc==-1){
|
||||
printf("CHECK_NRPE: Error sending query to host.\n");
|
||||
close(sd);
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
/* wait for the response packet */
|
||||
bytes_to_recv=sizeof(receive_packet);
|
||||
if(use_ssl==FALSE)
|
||||
rc=recvall(sd,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
|
||||
#ifdef HAVE_SSL
|
||||
else
|
||||
rc=SSL_read(ssl,&receive_packet,bytes_to_recv);
|
||||
#endif
|
||||
|
||||
/* reset timeout */
|
||||
alarm(0);
|
||||
|
||||
/* close the connection */
|
||||
#ifdef HAVE_SSL
|
||||
if(use_ssl==TRUE){
|
||||
SSL_shutdown(ssl);
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
}
|
||||
#endif
|
||||
graceful_close(sd,1000);
|
||||
|
||||
/* recv() error */
|
||||
if(rc<0){
|
||||
printf("CHECK_NRPE: Error receiving data from daemon.\n");
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
/* server disconnected */
|
||||
else if(rc==0){
|
||||
printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n");
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
/* receive underflow */
|
||||
else if(bytes_to_recv<sizeof(receive_packet)){
|
||||
printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
|
||||
/***** DECRYPT RESPONSE *****/
|
||||
|
||||
|
||||
/* check the crc 32 value */
|
||||
packet_crc32=ntohl(receive_packet.crc32_value);
|
||||
receive_packet.crc32_value=0L;
|
||||
calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
|
||||
if(packet_crc32!=calculated_crc32){
|
||||
printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
|
||||
close(sd);
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
/* check packet version */
|
||||
if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
|
||||
printf("CHECK_NRPE: Invalid packet version received from server.\n");
|
||||
close(sd);
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
/* check packet type */
|
||||
if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
|
||||
printf("CHECK_NRPE: Invalid packet type received from server.\n");
|
||||
close(sd);
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
|
||||
/* get the return code from the remote plugin */
|
||||
result=(int16_t)ntohs(receive_packet.result_code);
|
||||
|
||||
/* print the output returned by the daemon */
|
||||
receive_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
|
||||
if(!strcmp(receive_packet.buffer,""))
|
||||
printf("CHECK_NRPE: No output returned from daemon.\n");
|
||||
else
|
||||
printf("%s\n",receive_packet.buffer);
|
||||
}
|
||||
|
||||
/* reset the alarm */
|
||||
else
|
||||
alarm(0);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* process command line arguments */
|
||||
int process_arguments(int argc, char **argv){
|
||||
char optchars[MAX_INPUT_BUFFER];
|
||||
int argindex=0;
|
||||
int c=1;
|
||||
int i=1;
|
||||
|
||||
#ifdef HAVE_GETOPT_LONG
|
||||
int option_index=0;
|
||||
static struct option long_options[]={
|
||||
{"host", required_argument, 0, 'H'},
|
||||
{"bind", required_argument, 0, 'b'},
|
||||
{"command", required_argument, 0, 'c'},
|
||||
{"args", required_argument, 0, 'a'},
|
||||
{"no-ssl", no_argument, 0, 'n'},
|
||||
{"unknown-timeout", no_argument, 0, 'u'},
|
||||
{"ipv4", no_argument, 0, '4'},
|
||||
{"ipv6", no_argument, 0, '6'},
|
||||
{"timeout", required_argument, 0, 't'},
|
||||
{"port", required_argument, 0, 'p'},
|
||||
{"help", no_argument, 0, 'h'},
|
||||
{"license", no_argument, 0, 'l'},
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
#endif
|
||||
|
||||
/* no options were supplied */
|
||||
if(argc<2)
|
||||
return ERROR;
|
||||
|
||||
snprintf(optchars,MAX_INPUT_BUFFER,"H:b:c:a:t:p:nu46hl");
|
||||
|
||||
while(1){
|
||||
#ifdef HAVE_GETOPT_LONG
|
||||
c=getopt_long(argc,argv,optchars,long_options,&option_index);
|
||||
#else
|
||||
c=getopt(argc,argv,optchars);
|
||||
#endif
|
||||
if(c==-1 || c==EOF)
|
||||
break;
|
||||
|
||||
/* process all arguments */
|
||||
switch(c){
|
||||
|
||||
case '?':
|
||||
case 'h':
|
||||
show_help=TRUE;
|
||||
break;
|
||||
case 'b':
|
||||
bind_address=strdup(optarg);
|
||||
break;
|
||||
case 'V':
|
||||
show_version=TRUE;
|
||||
break;
|
||||
case 'l':
|
||||
show_license=TRUE;
|
||||
break;
|
||||
case 't':
|
||||
socket_timeout=atoi(optarg);
|
||||
if(socket_timeout<=0)
|
||||
return ERROR;
|
||||
break;
|
||||
case 'p':
|
||||
server_port=atoi(optarg);
|
||||
if(server_port<=0)
|
||||
return ERROR;
|
||||
break;
|
||||
case 'H':
|
||||
server_name=strdup(optarg);
|
||||
break;
|
||||
case 'c':
|
||||
command_name=strdup(optarg);
|
||||
break;
|
||||
case 'a':
|
||||
argindex=optind;
|
||||
break;
|
||||
case 'n':
|
||||
use_ssl=FALSE;
|
||||
break;
|
||||
case 'u':
|
||||
timeout_return_code=STATE_UNKNOWN;
|
||||
break;
|
||||
case '4':
|
||||
address_family=AF_INET;
|
||||
break;
|
||||
case '6':
|
||||
address_family=AF_INET6;
|
||||
break;
|
||||
default:
|
||||
return ERROR;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* determine (base) command query */
|
||||
snprintf(query,sizeof(query),"%s",(command_name==NULL)?DEFAULT_NRPE_COMMAND:command_name);
|
||||
query[sizeof(query)-1]='\x0';
|
||||
|
||||
/* get the command args */
|
||||
if(argindex>0){
|
||||
|
||||
for(c=argindex-1;c<argc;c++){
|
||||
|
||||
i=sizeof(query)-strlen(query)-2;
|
||||
if(i<=0)
|
||||
break;
|
||||
|
||||
strcat(query,"!");
|
||||
strncat(query,argv[c],i);
|
||||
query[sizeof(query)-1]='\x0';
|
||||
}
|
||||
}
|
||||
|
||||
/* make sure required args were supplied */
|
||||
if(server_name==NULL && show_help==FALSE && show_version==FALSE && show_license==FALSE)
|
||||
return ERROR;
|
||||
|
||||
|
||||
return OK;
|
||||
}
|
||||
|
||||
|
||||
|
||||
void alarm_handler(int sig){
|
||||
|
||||
printf("CHECK_NRPE: Socket timeout after %d seconds.\n",socket_timeout);
|
||||
|
||||
exit(timeout_return_code);
|
||||
}
|
||||
|
||||
|
||||
/* submitted by Mark Plaksin 08/31/2006 */
|
||||
int graceful_close(int sd, int timeout){
|
||||
fd_set in;
|
||||
struct timeval tv;
|
||||
char buf[1000];
|
||||
|
||||
/* send FIN packet */
|
||||
shutdown(sd,SHUT_WR);
|
||||
for(;;){
|
||||
|
||||
FD_ZERO(&in);
|
||||
FD_SET(sd,&in);
|
||||
tv.tv_sec=timeout/1000;
|
||||
tv.tv_usec=(timeout % 1000)*1000;
|
||||
|
||||
/* timeout or error */
|
||||
if(1!=select(sd+1,&in,NULL,NULL,&tv))
|
||||
break;
|
||||
|
||||
/* no more data (FIN or RST) */
|
||||
if(0>=recv(sd,buf,sizeof(buf),0))
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CLOSESOCKET
|
||||
closesocket(sd);
|
||||
#else
|
||||
close(sd);
|
||||
#endif
|
||||
|
||||
return OK;
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,390 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* UTILS.C - NRPE Utility Functions
|
||||
*
|
||||
* License: GPL
|
||||
* Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
|
||||
*
|
||||
* Last Modified: 12-11-2006
|
||||
*
|
||||
* Description:
|
||||
*
|
||||
* This file contains common network functions used in nrpe and check_nrpe.
|
||||
*
|
||||
* License Information:
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#include "../include/common.h"
|
||||
#include "../include/utils.h"
|
||||
|
||||
#ifndef NI_MAXSERV
|
||||
#define NI_MAXSERV 32
|
||||
#endif
|
||||
|
||||
#ifndef NI_MAXHOST
|
||||
#define NI_MAXHOST 1025
|
||||
#endif
|
||||
|
||||
static unsigned long crc32_table[256];
|
||||
|
||||
|
||||
|
||||
/* build the crc table - must be called before calculating the crc value */
|
||||
void generate_crc32_table(void){
|
||||
unsigned long crc, poly;
|
||||
int i, j;
|
||||
|
||||
poly=0xEDB88320L;
|
||||
for(i=0;i<256;i++){
|
||||
crc=i;
|
||||
for(j=8;j>0;j--){
|
||||
if(crc & 1)
|
||||
crc=(crc>>1)^poly;
|
||||
else
|
||||
crc>>=1;
|
||||
}
|
||||
crc32_table[i]=crc;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/* calculates the CRC 32 value for a buffer */
|
||||
unsigned long calculate_crc32(char *buffer, int buffer_size){
|
||||
register unsigned long crc;
|
||||
int this_char;
|
||||
int current_index;
|
||||
|
||||
crc=0xFFFFFFFF;
|
||||
|
||||
for(current_index=0;current_index<buffer_size;current_index++){
|
||||
this_char=(int)buffer[current_index];
|
||||
crc=((crc>>8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
|
||||
}
|
||||
|
||||
return (crc ^ 0xFFFFFFFF);
|
||||
}
|
||||
|
||||
|
||||
/* fill a buffer with semi-random data */
|
||||
void randomize_buffer(char *buffer,int buffer_size){
|
||||
FILE *fp;
|
||||
int x;
|
||||
int seed;
|
||||
|
||||
/**** FILL BUFFER WITH RANDOM ALPHA-NUMERIC CHARACTERS ****/
|
||||
|
||||
/***************************************************************
|
||||
Only use alpha-numeric characters becase plugins usually
|
||||
only generate numbers and letters in their output. We
|
||||
want the buffer to contain the same set of characters as
|
||||
plugins, so its harder to distinguish where the real output
|
||||
ends and the rest of the buffer (padded randomly) starts.
|
||||
***************************************************************/
|
||||
|
||||
/* try to get seed value from /dev/urandom, as its a better source of entropy */
|
||||
fp=fopen("/dev/urandom","r");
|
||||
if(fp!=NULL){
|
||||
seed=fgetc(fp);
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
/* else fallback to using the current time as the seed */
|
||||
else
|
||||
seed=(int)time(NULL);
|
||||
|
||||
srand(seed);
|
||||
for(x=0;x<buffer_size;x++)
|
||||
buffer[x]=(int)'0'+(int)(72.0*rand()/(RAND_MAX+1.0));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/* opens a connection to a remote host */
|
||||
int my_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port,
|
||||
int address_family, const char *bind_address){
|
||||
int gaierr;
|
||||
int sock = -1;
|
||||
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
||||
struct addrinfo hints, *ai, *aitop;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = address_family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
|
||||
fprintf(stderr,"Could not resolve hostname %.100s: %s\n", host,
|
||||
gai_strerror(gaierr));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Loop through addresses for this host, and try each one in
|
||||
* sequence until the connection succeeds.
|
||||
*/
|
||||
for (ai = aitop; ai; ai = ai->ai_next) {
|
||||
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue;
|
||||
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
|
||||
strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
|
||||
fprintf(stderr, "my_connect: getnameinfo failed\n");
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Create a socket for connecting. */
|
||||
sock = my_create_socket(ai, bind_address);
|
||||
if (sock < 0) {
|
||||
/* Any error is already output */
|
||||
continue;
|
||||
}
|
||||
|
||||
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
|
||||
/* Successful connection. */
|
||||
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
|
||||
break;
|
||||
}
|
||||
else {
|
||||
fprintf(stderr,"connect to address %s port %s: %s\n", ntop, strport,
|
||||
strerror(errno));
|
||||
close(sock);
|
||||
sock = -1;
|
||||
}
|
||||
}
|
||||
|
||||
freeaddrinfo(aitop);
|
||||
|
||||
/* Return failure if we didn't get a successful connection. */
|
||||
if (sock == -1) {
|
||||
fprintf(stderr, "connect to host %s port %s: %s", host, strport,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
return sock;
|
||||
}
|
||||
|
||||
/* Creates a socket for the connection. */
|
||||
int my_create_socket(struct addrinfo *ai, const char *bind_address) {
|
||||
int sock, gaierr;
|
||||
struct addrinfo hints, *res;
|
||||
|
||||
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
||||
if (sock < 0) fprintf(stderr,"socket: %.100s\n", strerror(errno));
|
||||
|
||||
/* Bind the socket to an alternative local IP address */
|
||||
if (bind_address == NULL) return sock;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = ai->ai_family;
|
||||
hints.ai_socktype = ai->ai_socktype;
|
||||
hints.ai_protocol = ai->ai_protocol;
|
||||
hints.ai_flags = AI_PASSIVE;
|
||||
gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
|
||||
if(gaierr) {
|
||||
fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address,
|
||||
gai_strerror(gaierr));
|
||||
close(sock);
|
||||
return -1;
|
||||
}
|
||||
if(bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
|
||||
fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
|
||||
close(sock);
|
||||
freeaddrinfo(res);
|
||||
return -1;
|
||||
}
|
||||
freeaddrinfo(res);
|
||||
return sock;
|
||||
}
|
||||
|
||||
void add_listen_addr(struct addrinfo **listen_addrs, int address_family,
|
||||
char *addr, int port) {
|
||||
struct addrinfo hints, *ai, *aitop;
|
||||
char strport[NI_MAXSERV];
|
||||
int gaierr;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = address_family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
if((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
|
||||
syslog(LOG_ERR,"bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
|
||||
gai_strerror(gaierr));
|
||||
exit(1);
|
||||
}
|
||||
for(ai = aitop; ai->ai_next; ai = ai->ai_next);
|
||||
ai->ai_next = *listen_addrs;
|
||||
*listen_addrs = aitop;
|
||||
}
|
||||
|
||||
void strip(char *buffer){
|
||||
int x;
|
||||
int index;
|
||||
|
||||
for(x=strlen(buffer);x>=1;x--){
|
||||
index=x-1;
|
||||
if(buffer[index]==' ' || buffer[index]=='\r' || buffer[index]=='\n' || buffer[index]=='\t')
|
||||
buffer[index]='\x0';
|
||||
else
|
||||
break;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/* sends all data - thanks to Beej's Guide to Network Programming */
|
||||
int sendall(int s, char *buf, int *len){
|
||||
int total=0;
|
||||
int bytesleft=*len;
|
||||
int n=0;
|
||||
|
||||
/* send all the data */
|
||||
while(total<*len){
|
||||
|
||||
/* send some data */
|
||||
n=send(s,buf+total,bytesleft,0);
|
||||
|
||||
/* break on error */
|
||||
if(n==-1)
|
||||
break;
|
||||
|
||||
/* apply bytes we sent */
|
||||
total+=n;
|
||||
bytesleft-=n;
|
||||
}
|
||||
|
||||
/* return number of bytes actually send here */
|
||||
*len=total;
|
||||
|
||||
/* return -1 on failure, 0 on success */
|
||||
return n==-1?-1:0;
|
||||
}
|
||||
|
||||
|
||||
/* receives all data - modelled after sendall() */
|
||||
int recvall(int s, char *buf, int *len, int timeout){
|
||||
int total=0;
|
||||
int bytesleft=*len;
|
||||
int n=0;
|
||||
time_t start_time;
|
||||
time_t current_time;
|
||||
|
||||
/* clear the receive buffer */
|
||||
bzero(buf,*len);
|
||||
|
||||
time(&start_time);
|
||||
|
||||
/* receive all data */
|
||||
while(total<*len){
|
||||
|
||||
/* receive some data */
|
||||
n=recv(s,buf+total,bytesleft,0);
|
||||
|
||||
/* no data has arrived yet (non-blocking socket) */
|
||||
if(n==-1 && errno==EAGAIN){
|
||||
time(¤t_time);
|
||||
if(current_time-start_time>timeout)
|
||||
break;
|
||||
sleep(1);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* receive error or client disconnect */
|
||||
else if(n<=0)
|
||||
break;
|
||||
|
||||
/* apply bytes we received */
|
||||
total+=n;
|
||||
bytesleft-=n;
|
||||
}
|
||||
|
||||
/* return number of bytes actually received here */
|
||||
*len=total;
|
||||
|
||||
/* return <=0 on failure, bytes received on success */
|
||||
return (n<=0)?n:total;
|
||||
}
|
||||
|
||||
|
||||
/* fixes compiler problems under Solaris, since strsep() isn't included */
|
||||
/* this code is taken from the glibc source */
|
||||
char *my_strsep (char **stringp, const char *delim){
|
||||
char *begin, *end;
|
||||
|
||||
begin = *stringp;
|
||||
if (begin == NULL)
|
||||
return NULL;
|
||||
|
||||
/* A frequent case is when the delimiter string contains only one
|
||||
character. Here we don't need to call the expensive `strpbrk'
|
||||
function and instead work using `strchr'. */
|
||||
if(delim[0]=='\0' || delim[1]=='\0'){
|
||||
char ch = delim[0];
|
||||
|
||||
if(ch=='\0')
|
||||
end=NULL;
|
||||
else{
|
||||
if(*begin==ch)
|
||||
end=begin;
|
||||
else
|
||||
end=strchr(begin+1,ch);
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
/* Find the end of the token. */
|
||||
end = strpbrk (begin, delim);
|
||||
|
||||
if(end){
|
||||
|
||||
/* Terminate the token and set *STRINGP past NUL character. */
|
||||
*end++='\0';
|
||||
*stringp=end;
|
||||
}
|
||||
else
|
||||
/* No more delimiters; this is the last token. */
|
||||
*stringp=NULL;
|
||||
|
||||
return begin;
|
||||
}
|
||||
|
||||
|
||||
/* show license */
|
||||
void display_license(void){
|
||||
|
||||
printf("This program is released under the GPL (see below) with the additional\n");
|
||||
printf("exemption that compiling, linking, and/or using OpenSSL is allowed.\n\n");
|
||||
|
||||
printf("This program is free software; you can redistribute it and/or modify\n");
|
||||
printf("it under the terms of the GNU General Public License as published by\n");
|
||||
printf("the Free Software Foundation; either version 2 of the License, or\n");
|
||||
printf("(at your option) any later version.\n\n");
|
||||
printf("This program is distributed in the hope that it will be useful,\n");
|
||||
printf("but WITHOUT ANY WARRANTY; without even the implied warranty of\n");
|
||||
printf("MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n");
|
||||
printf("GNU General Public License for more details.\n\n");
|
||||
printf("You should have received a copy of the GNU General Public License\n");
|
||||
printf("along with this program; if not, write to the Free Software\n");
|
||||
printf("Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
#!/usr/bin/perl -w
|
||||
|
||||
# This script finishes the job started by config.status by replacing the variables
|
||||
# of the form ${...} which were inserted into the file(s) by config.status.
|
||||
|
||||
# Read all files with a single read statement
|
||||
$/ = undef;
|
||||
|
||||
# List of variables to replace
|
||||
my %configvars = (
|
||||
"prefix" => { "value" => '@prefix@'},
|
||||
"exec_prefix" => { "value" => '@exec_prefix@'},
|
||||
);
|
||||
|
||||
sub replace_var {
|
||||
my $filep = shift;
|
||||
my $cvp = shift;
|
||||
my $varname = shift;
|
||||
|
||||
return if( $cvp->{ $varname}->{ "replaced"});
|
||||
if( defined( $cvp->{ $varname}->{ "dependency"})) {
|
||||
if( !$cvp->{ $cvp->{ $varname}->{ "dependency"}}->{ "replaced"}) {
|
||||
# If a dependency exists and it is not already replaced, replace it
|
||||
replace_var( $filep, $cvp, $cvp->{ $varname}->{ "dependency"});
|
||||
}
|
||||
}
|
||||
my $replacement = $cvp->{ $varname}->{ "value"};
|
||||
$$filep =~ s/\${$varname}/$replacement/g;
|
||||
$cvp->{ $varname}->{ "replaced"} = 1;
|
||||
}
|
||||
|
||||
# Figure out the dependencies.
|
||||
foreach my $cv ( keys %configvars ) {
|
||||
if( $configvars{ $cv}->{ "value"} =~ /\${([^}]+)}/) {
|
||||
my $dependency = $1;
|
||||
if( exists( $configvars{ $dependency})) {
|
||||
$configvars{ $dependency}->{ "dependency"} = $cv;
|
||||
}
|
||||
$configvars{ $cv}->{ "replaced"} = 0;
|
||||
}
|
||||
}
|
||||
|
||||
# Process each file
|
||||
while ($f = shift @ARGV) {
|
||||
|
||||
# Read in the file
|
||||
open( FILE, $f) || die "Unable to open $f for reading";
|
||||
my $file = <FILE>;
|
||||
close( FILE) || die "Unable to close $f after reading";
|
||||
|
||||
# Replace each of the variables we know about
|
||||
foreach $cv ( keys %configvars ) {
|
||||
replace_var( \$file, \%configvars, $cv);
|
||||
}
|
||||
|
||||
# Write out the replacements
|
||||
open( FILE, ">$f") || die "Unable to open $f for writing";
|
||||
print FILE $file;
|
||||
close( FILE) || die "Unable to close $f after writing";
|
||||
|
||||
}
|
|
@ -0,0 +1,81 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Make sure autoconf is installed and is the correct version
|
||||
min_autoconf_major=2
|
||||
min_autoconf_minor=59
|
||||
autoconf_error="Autoconf version $min_autoconf_major.$min_autoconf_minor or later must be installed to run this script."
|
||||
autoconf_version=`(autoconf -V 2> /dev/null) |\
|
||||
grep "^autoconf (GNU Autoconf)" | gawk '{print $NF}'`
|
||||
if [ "$autoconf_version" != "" ] ; then
|
||||
autoconf_major=`echo $autoconf_version | gawk -F '.' '{print $1}'`
|
||||
autoconf_minor=`echo $autoconf_version | gawk -F '.' '{print $2}'`
|
||||
if [ $autoconf_major -lt $min_autoconf_major -o $autoconf_minor -lt $min_autoconf_minor ] ; then
|
||||
echo $autoconf_error
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo $autoconf_error
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Get date (two formats)
|
||||
if [ -n "$2" ]; then
|
||||
LONGDATE=`date -d "$2" "+%B %d, %Y"`
|
||||
SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
|
||||
else
|
||||
LONGDATE=`date "+%B %d, %Y"`
|
||||
SHORTDATE=`date "+%m-%d-%Y"`
|
||||
fi
|
||||
|
||||
# Current version number
|
||||
CURRENTVERSION=2.15
|
||||
|
||||
# Last date
|
||||
LASTDATE=09-06-2013
|
||||
|
||||
if [ "x$1" = "x" ]
|
||||
then
|
||||
echo "Usage: $0 <version number | \"newdate\"> [revision date]"
|
||||
echo ""
|
||||
echo "Run this script with the name of the new version (i.e \"2.6\") to"
|
||||
echo "update version number and modification date in files."
|
||||
echo "Use the \"newdate\" argument if you want to keep the current version"
|
||||
echo "number and just update the modification date."
|
||||
echo ""
|
||||
echo "Current version=$CURRENTVERSION"
|
||||
echo "Current Modification date=$LASTDATE"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
newversion=$1
|
||||
if [ "x$newversion" = "xnewdate" ]
|
||||
then
|
||||
newversion=$CURRENTVERSION
|
||||
fi
|
||||
|
||||
# Update version number and release date in common code
|
||||
perl -i -p -e "s/VERSION \".*\"/VERSION \"$1\"/;" include/common.h
|
||||
perl -i -p -e "s/MODIFICATION_DATE \".*\"/MODIFICATION_DATE \"$SHORTDATE\"/;" include/common.h
|
||||
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" include/common.h
|
||||
|
||||
# Update version number and release date in main code
|
||||
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/nrpe.c
|
||||
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/check_nrpe.c
|
||||
|
||||
# Update version number and release date in configure.in
|
||||
perl -i -p -e "if( /^AC_INIT/) { s/$CURRENTVERSION/$1/; }" configure.in
|
||||
perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.in
|
||||
perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.in
|
||||
|
||||
# Run autoconf to update configure (this is easier than updating every instance
|
||||
# of the version number in configure)
|
||||
autoconf
|
||||
|
||||
# Update RPM spec file with version number
|
||||
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec
|
||||
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec
|
||||
|
||||
# Update this file with version number and last date
|
||||
perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version
|
||||
perl -i -p -e "s/^LASTDATE=.*/LASTDATE=$SHORTDATE/;" update-version
|
Loading…
Reference in New Issue