debmon
/
nagios-nrpe
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 2.15

This commit is contained in:
Mario Fetka 2016-06-24 12:21:25 +02:00
commit 1efb03f433
44 changed files with 20140 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

349
Changelog Normal file
View File

@ -0,0 +1,349 @@
**************
NRPE Changelog
**************
2.15 - 09/06/2013
-----------------
- Now compiles on HP-UX (Grant Byers)
- Added support for IPv6 (Leo Baltus, Eric Stanley)
2.14 - 12/21/2012
-----------------
- Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
- Patched to shutdown SSL connection completely (Jari Takkala)
- Added SRC support on AIX (Thierry Bertaud)
- Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
- Updated logging to support compiling on AIX (Eric Stanley)
2.13 - 11/11/2011
-----------------
- Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
- Fixed bug in allowed_hosts parsing (Eric Stanley)
- Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
2.12 - 03/10/2008
-----------------
- Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
2.11 - 12/26/2007
-----------------
- Added lib64 library paths to configure script for 64-bit systems (John Maag)
- Added --with-ssl-lib configure script option
- Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
2.10 - 10/19/2007
-----------------
- Moved PDF docs to docs/ subdirectory, added OpenOffice source document
- A critical result is now returned for child processed that die due to a signal (Klas Lindfors)
2.9 - 08/13/2007
----------------
- Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
- Fixed bug with check_disk thresholds in sample config file (Patric Wust)
- Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
- Added asprintf() support for systems that are missing it (Samba team)
2.8.1 - 05/10/2007
-----------------
- Fixed configure script error with user-specified NRPE group
2.8 - 05/08/2007
---------------
- Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
2.8b1 - 03/14/2007
-----------------
- Changes to sample config files
- Added ';' as an additional prohibited metachar for command arguments
- Updated documentation and added easier installation commands
2.7.1 - 03/08/2007
------------------
- Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
2.7 - 02/18/2007
----------------
- Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
- NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
2.6 - 12/11/2006
----------------
- Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
- Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
- Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
2.5.2 - 06/30/2006
------------------
- Fixed incorrect service name in sample xinetd config file
- Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
- Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
- Fix to (re)allow week random seed (Gerhard Lausser)
2.5.1 - 04/09/2006
------------------
- Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
2.5 - 04/06/2006
----------------
- (Re)added allowed_hosts option for systems that don't support TCP wrappers
- Fix for SSL errors under Solaris 8 (Niels Endres)
- Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
2.4 - 02/22/2006
----------------
- Added option to allow week random seed (Gerhard Lausser)
- Added optional command line prefix (Sean Finney)
- Added ability to reload config file with SIGHUP
- Fixed bug with location of dh.h include file
- Fixed bug with disconnect message in debug mode
2.3 - 01/23/2006
----------------
- Spec file fixes
- Removed errant PID file debugging code
- Fixed problem with trimming command definitions
2.2 - 01/22/2006
----------------
- Spec file fix
- Patch to add Tru64 and IRIX support (Ton Voon)
- Updated config.sub and config.guess
- Fixed bug with config file lines with only whitespace
- Fixed bug with missing getopt() command line option for -V
- Removed sample FreeBSD init script (now maintained by FreeBSD port)
- Added config file option for writing a PID file
2.1 - 01/19/2004
----------------
- Replaced host access list with TCP wrapper support
- Removed length restrictions for command names and command lines
- Configure script patch for getopt_long on Solaris
- Bug fixes for accept() on HP-UX 11.0
- Init script for SUSE Linux (Subhendu Ghosh)
- SSL protocol used is now limited to TLSv1
- Any output from plugins after first line is now ignored before
plugin process is closed
2.0 - 09/08/2003
----------------
- Added support for passing arguments to command
- NRPE daemon can no longer be run as root user/group
- Added getopt support
- Added 'include' variable to config file to allow inclusion
of external config files
- Added 'include_dir' variable to allow inclusion of external
config files in directories (with recursion)
- Added native SSL support (Derrick Bennett)
- Added my_strsep(), as Solaris doesn't have strsep()
- Added license exemption for use with OpenSSL
1.8 - 01/16/2003
----------------
- Daemon now closes stdio/out/err properly (James Peterson)
- Makefile changes (James Peterson)
- Mode command line option bug fix in daemon
- Fixed incorrect command line options in check_nrpe plugin
1.7 - 01/08/2003
----------------
- Spec file updates and minor bug fixes (James Peterson)
- Bug fix with default nrpe port definition
- Added sample xinetd config file (nrpe.xinetd)
- Bug fix for command_timeout variable (James Peterson)
1.6 - 12/30/2002
----------------
- Updated sample commands to match new plugin argument format
- Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
- Syntax changes (-H option specifies host name in check_nrpe,
-c option specifies config file in nrpe)
- Added command_timeout directive to config file to allow user
to specify timeout for executing plugins
- Added spec file and misc patches for building RPMs (James Peterson)
- Added --with-nrpe-port config directive (James Peterson)
1.5 - 06/03/2002
----------------
- Added setuid/setgid option to config file (suggested by Marek Cervenka)
1.4 - 06/01/2002
----------------
- Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
- Minor doc and sample config file changes
1.3 - 02/21/2002
----------------
- Name and version change
- Ignore SIGHUP, minor cleanup (Jon Andrews)
1.2.5 - 12/22/2001
------------------
- Implemented Beej's sendall() to handle partial send()s
- Added instructions on running under xinetd to README
- Removed some old crud
1.2.4 - 02/22/2001
------------------
- I forgot what changes I made. Go figure...
1.2.3 - 12/21/2000
------------------
- A bit more documentation on configuring command definitions for the plugin
1.2.2 - 06/05/2000
------------------
- Fixed error in docs for running under inetd using TCP wrappers
- Replaced old email address in src/netutils.h with new one
1.2.1 - 05/07/2000
------------------
- Removed trapping of SIGCHLD
- Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
1.2.0 - 04/18/2000
------------------
- Server forks twice after accepting a client connection, so as to prevent the
creation of zombies
1.1.5 - 04/07/2000
------------------
- Fixed a small bug where one debug message was not getting logged properly
1.1.4 - 03/30/2000
------------------
- Added option to disable/enable debug messages using the debug option in the
config file
1.1.3 - 03/11/2000
------------------
- Changed config file to use an absolute path
- Changed all debug output to use syslog (Rene Klootwijk)
- No convert all data to network order before sending it and convert it back to
host order when receiving it. This makes it possible to mix Solaris and Linux,
e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
1.1.2 - 03/07/2000
------------------
- Removed unnecessary code in signal handler routine
- Unused signals are no longer trapper
1.1.1 - 02/28/2000 - RKL
---------------------------
- Modified syslog code to include string describing the error code.
- Changed hardcoded number in signal handler to its name. This prevented nrpe
to run on Solaris.
- Fixed race condition in accept loop. The result of accept should also be
checked for EINTR.
- Modified recv and send function calls to compile without warnings on Solaris.
- Modified configure.in,configure and Makefile.in to include nsl and socket libs
for Solaris.
- Modified the signal handler to reestablish itself after being called.
1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
-----------------
- Added ability to bind nrpe to a specific interface by specifying the address
of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
1.0 - 02/16/2000
------------------
- Added ability to run as a service under inetd
1.0b6 - 02/01/2000
------------------
- Added configure script
- Netutils functions from the NetSaint plugins is now used
- Reset SIGCHLD to default behavior before calling popen() to
prevent race condition with pclose() (Reported by Rene Klootwijk)
- Cleaned up code
1.0b5 - 01/10/2000
------------------
- Added init script contributed by Jacob L
- Incorporated syslog code and other patches contributed by Jacob L
1.0b4 - 11/04/1999
------------------
- Changed 'allowed_ip' option in configuration file to
'allowed_hosts' and added support for multiple hosts
- Minor buffer overflow protection fixes
- main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
- Added syslog support (jaclu@grm.se)

10
LEGAL Normal file
View File

@ -0,0 +1,10 @@
All source code, binaries, documentation, and information contained
in this distribution are provided AS IS with NO WARRANTY OF ANY KIND,
INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR
A PARTICULAR PURPOSE.
Nagios and the Nagios logo are registered trademarks of Nagios Enterprises.
All other trademarks, servicemarks, registered trademarks, and
registered servicemarks are the property of their respective owner(s).

86
Makefile.in Normal file
View File

@ -0,0 +1,86 @@
###############################
# Makefile for NRPE
#
# Last Modified: 03-14-2007
###############################
# Source code directories
SRC_BASE=./src/
SRC_INCLUDE=./include/
CC=@CC@
CFLAGS=@CFLAGS@ @DEFS@
LDFLAGS=@LDFLAGS@ @LIBS@
prefix=@prefix@
exec_prefix=@exec_prefix@
CFGDIR=@sysconfdir@
BINDIR=@bindir@
SBINDIR=@sbindir@
LIBEXECDIR=@libexecdir@
INSTALL=@INSTALL@
NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
INIT_DIR=@init_dir@
INIT_OPTS=-o root -g root
all:
cd $(SRC_BASE); $(MAKE) ; cd ..
@echo ""
@echo "*** Compile finished ***"
@echo ""
@echo "If the NRPE daemon and client compiled without any errors, you"
@echo "can continue with the installation or upgrade process."
@echo ""
@echo "Read the PDF documentation (NRPE.pdf) for information on the next"
@echo "steps you should take to complete the installation or upgrade."
@echo ""
nrpe:
cd $(SRC_BASE); $(MAKE) ; cd ..
check_nrpe:
cd $(SRC_BASE); $(MAKE) ; cd ..
install-plugin:
cd $(SRC_BASE) && $(MAKE) $@
install-daemon:
cd $(SRC_BASE) && $(MAKE) $@
install:
cd $(SRC_BASE) && $(MAKE) $@
install-xinetd:
$(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe
install-daemon-config:
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
$(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg $(DESTDIR)$(CFGDIR)
solaris-package:
@if [ `uname -s` != "SunOS" ] ; then \
echo "It is recommended you be running on Solaris to build a Solaris package"; \
else \
cd package/solaris; $(MAKE) build ; $(MAKE) pkg ; cd ../..; \
fi
clean:
cd $(SRC_BASE); $(MAKE) $@ ; cd ..
cd package/solaris; $(MAKE) $@ ; cd ../..
rm -f core
rm -f *~ */*~
distclean: clean
cd $(SRC_BASE); $(MAKE) $@ ; cd ..
cd package/solaris; $(MAKE) $@ ; cd ../..
rm -f config.log config.status config.cache nrpe.cfg nrpe.xinetd subst $(SRC_INCLUDE)/config.h init-script init-script.debian init-script.freebsd init-script.suse
rm -f sample-config/*.cfg sample-config/*.xinetd
rm -f Makefile
devclean: distclean

234
README Normal file
View File

@ -0,0 +1,234 @@
-----------
NRPE README
-----------
** UPDATED DOCUMENTATION!
For installation instructions and information on the design overview
of the NRPE addon, please read the PDF documentation that is found in
this directory: NRPE.pdf
Purpose
-------
The purpose of this addon is to allow you to execute Nagios
plugins on a remote host in as transparent a manner as possible.
Contents
--------
There are two pieces to this addon:
1) NRPE - This program runs as a background process on the
remote host and processes command execution requests
from the check_nrpe plugin on the Nagios host.
Upon receiving a plugin request from an authorized
host, it will execute the command line associated
with the command name it received and send the
program output and return code back to the
check_nrpe plugin
2) check_nrpe - This is a plugin that is run on the Nagios host
and is used to contact the NRPE process on remote
hosts. The plugin requests that a plugin be
executed on the remote host and wait for the NRPE
process to execute the plugin and return the result.
The plugin then uses the output and return code
from the plugin execution on the remote host for
its own output and return code.
Compiling
---------
The code is very basic and may not work on your particular
system without some tweaking. I just haven't put a lot of effort
into this addond. Most Linux users should be able to compile
NRPE and the check_nrpe plugin with the following commands...
./configure
make all
The binaries will be located in the src/ directory after you
run 'make all' and will have to be installed manually somewhere
on your system.
NOTE: Since the check_nrpe plugin and nrpe daemon run on different
machines (the plugin runs on the Nagios host and the daemon
runs on the remote host), you will have to compile the nrpe
daemon on the target machine.
Installing
----------
The check_nrpe plugin should be placed on the Nagios host along
with your other plugins. In most cases, this will be in the
/usr/local/nagios/libexec directory.
The nrpe program and the configuration file (nrpe.cfg) should
be placed somewhere on the remote host. Note that you will also
have to install some plugins on the remote host if you want to
make much use of this addon.
Configuring
-----------
Sample config files for the NRPE daemon are located in the
sample-config/ subdirectory.
Running Under INETD or XINETD
-----------------------------
If you plan on running nrpe under inetd or xinetd and making use
of TCP wrappers, you need to do the following things:
1) Add a line to your /etc/services file as follows (modify the port
number as you see fit)
nrpe 5666/tcp # NRPE
2) Add entries for the NRPE daemon to either your inetd or xinetd
configuration files. Which one your use will depend on which
superserver is installed on your system. Both methods are described
below. NOTE: If you run nrpe under inetd or xinetd, the server_port
and allowed_hosts variables in the nrpe configuration file are
ignored.
***** INETD *****
If your system uses the inetd superserver WITH tcpwrappers, add an
entry to /etc/inetd.conf as follows:
nrpe stream tcp nowait <user> /usr/sbin/tcpd <nrpebin> -c <nrpecfg> --inetd
If your system uses the inetd superserver WITHOUT tcpwrappers, add an
entry to /etc/inetd.conf as follows:
nrpe stream tcp nowait <user> <nrpebin> -c <nrpecfg> --inetd
- Replace <user> with the name of the user that the nrpe server should run as.
Example: nagios
- Replace <nrpebin> with the path to the nrpe binary on your system.
Example: /usr/local/nagios/nrpe
- Replace <nrpecfg> with the path to the nrpe config file on your system.
Example: /usr/local/nagios/nrpe.cfg
***** XINETD *****
If your system uses xinetd instead of inetd, you'll probably
want to create a file called 'nrpe' in your /etc/xinetd.d
directory that contains the following entries:
# default: on
# description: NRPE
service nrpe
{
flags = REUSE
socket_type = stream
wait = no
user = <user>
server = <nrpebin>
server_args = -c <nrpecfg> --inetd
log_on_failure += USERID
disable = no
only_from = <ipaddress1> <ipaddress2> ...
}
- Replace <user> with the name of the user that the nrpe server should run as.
- Replace <nrpebin> with the path to the nrpe binary on your system.
- Replace <nrpecfg> with the path to the nrpe config file on your system.
- Replace the <ipaddress> fields with the IP addresses of hosts which
are allowed to connect to the NRPE daemon. This only works if xinetd was
compiled with support for tcpwrappers.
3) Restart inetd or xinetd will the following command (pick the
on that is appropriate for your system:
/etc/rc.d/init.d/inet restart
/etc/rc.d/init.d/xinetd restart
OpenBSD users can use the following command to restart inetd:
kill -HUP `cat /var/run/inet.pid`
4) Add entries to your /etc/hosts.allow and /etc/hosts.deny
file to enable TCP wrapper protection for the nrpe service.
This is optional, although highly recommended.
Configuring Things On The Nagios Host
---------------------------------------
Examples for configuring the nrpe daemon are found in the sample
nrpe.cfg file included in this distribution. That config file
resides on the remote host(s) along with the nrpe daemon. The
check_nrpe plugin gets installed on the Nagios host. In order
to use the check_nrpe plugin from within Nagios, you'll have
to define a few things in the host config file. An example
command definition for the check_nrpe plugin would look like this:
define command{
command_name check_nrpe
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
In any service definitions that use the nrpe plugin/daemon to
get their results, you would set the service check command portion
of the definition to something like this (sample service definition
is simplified for this example):
define service{
host_name someremotehost
service_description someremoteservice
check_command check_nrpe!yourcommand
... etc ...
}
where "yourcommand" is a name of a command that you define in
your nrpe.cfg file on the remote host (see the docs in the
sample nrpe.cfg file for more information).
Questions?
----------
If you have questions about this addon, or problems getting things
working, first try searching the nagios-users mailing list archives.
Details on searching the list archives can be found at
http://www.nagios.org
If all else fails, you can email me and I'll try and respond as
soon as I get a chance.
-- Ethan Galstad (nagios@nagios.org)

34
README.SSL Normal file
View File

@ -0,0 +1,34 @@
NRPE With SSL/TLS
NRPE now has the option for Encrypting Network traffic using
SSL/TLS from openssl.
The Encryption is done using a set encryption routine of
AES-256 Bit Encryption using SHA and Anon-DH. This encrypts
all traffic using the NRPE sockets from the client to the server.
Since we are using Anon-DH this allows for an encrypted
SSL/TLS Connection without using pre-generated keys or
certificates. The key generation information used by the
program to dynaically create keys on daemon startup can be found
in the dh.h file in the nrpe src directory. This file was created
using the command:
openssl dhparam -C 512
which outputs the C code in dh.h. For your own security you can replace
that file with your own dhparam generated code.
As of this time you will need to have the latest greatest version of
OpenSSL (tested against version 0.9.7a) since not all versions have
the AES algorythm in them.
I am not aware that at this time this code is restricted under export
restrictions but I leave that verification process up to you.
Thoughts and suggestions are welcome and I can be reached on the
Nagios and NagiosPlug Mailing Lists.
- Derrick

18
README.Solaris Normal file
View File

@ -0,0 +1,18 @@
Compiling on Solaris
Several changes may be necessary in order to compile NRPE on Solaris.
This information is known to apply to Solaris 10 and may apply to other
verisions of Solaris. This has been tested on Solaris 10 x86.
There are three things that you may need to compile NRPE on Solaris:
1. Add /usr/sfw/bin to your path
$ PATH="$PATH:/usr/sfw/bin"
2. Specify the binary to be used for make-ing
$ MAKE=gmake ./configure
3. Use gmake to build the code
$ gmake all
Thanks to Kevin Pendleton at UtahSysAdmin.com
(http://www.utahsysadmin.com/2008/03/14/configuring-nagios-plugins-nrpe-on-solaris-10/)
for the instructions on finding the SSL libraries.

131
SECURITY Normal file
View File

@ -0,0 +1,131 @@
********************
NRPE SECURITY README
********************
TCP WRAPPER SUPPORT
===================
NRPE 2.x includes native support for TCP wrappers. The older
host access list directive was removed from the config file.
Make sure your system supports TCP wrappers before running NRPE.
Once you compile NRPE you can check to see if it has wrapper
support built in by running the daemon from the command line
without any arguments like this:
./nrpe --help
COMMAND ARGUMENTS
=================
NRPE 2.0 includes the ability for clients to supply arguments to
commands which should be run. Please note that this feature
should be considered a security risk, and you should only use
it if you know what you're doing!
BASH COMMAND SUBSTITUTION
-------------------------
Even with the metacharacter restrictions below, if command arguments
are enabled, it is still possible to send bash command substitions
in the form $(...) as an agrument. This is explicity disabled by
default, but can be enabled by a configure-time option and a
configuration file option. Enabling this option is VERY RISKY and
its use is HIGHLY DISCOURAGED.
ENABLING ARGUMENTS
------------------
To enable support for command argument in the daemon, you must
do two things:
1. Run the configure script with the --enable-command-args
option
2. Set the 'dont_blame_nrpe' directive in the NRPE config
file to 1.
ENABLING BASH COMMAND SUBSTITUTION
----------------------------------
To enable support for arguments containing bash command substitions,
you must do two things:
1. Enable arguments as described above
2. Include the --enable-bash-command-substitution configure
option when running the configure script
3. Set the 'allow_bash_command_substitutions' directive in the
NRPE config file to 1.
ILLEGAL METACHARS
-----------------
To help prevent some nasty things from being done by evil
clients, the following metacharacters are not allowed
in client command arguments:
| ` & > < ' " \ [ ] { } ; !
Any client request which contains the abovementioned metachars
is discarded.
USER/GROUP RESTRICTIONS
-----------------------
The NRPE daemon cannot be run with (effective) root user/group
privileges. You must run the daemon with an account that does
not have superuser rights. Use the nrpe_user and nrpe_group
directives in the config file to specify which user/group the
daemon should run as.
ENCRYPTION
----------
If you do enable support for command arguments in the NRPE daemon,
make sure that you encrypt communications either by using:
1. Stunnel (see http://www.stunnel.org for more info)
2. Native SSL support
Do NOT assume that just because the daemon is behind a firewall
that you are safe! Always encrypt NRPE traffic!
USING ARGUMENTS
---------------
How do you use command arguments? Well, lets say you define a
command in the NRPE config file that looks like this:
command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
You could then call the check_nrpe plugin like this:
./check_nrpe -H <host> -c check_users -a 5 10
The arguments '5' and '10' get substituted into the appropriate
$ARGx$ macros in the command ($ARG1$ and $ARG2$, respectively).
The command that would be executed by the NRPE daemon would look
like this:
/usr/local/nagios/libexec/check_users -w 5 -c 10
You can supply up to 16 arguments to be passed to the command
for substitution in $ARG$ macros ($ARG1$ - $ARG16$).
-- Ethan Galstad (nagios@nagios.org)

1479
config.guess vendored Executable file
View File

File diff suppressed because it is too large Load Diff

1606
config.sub vendored Executable file
View File

File diff suppressed because it is too large Load Diff

8076
configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

481
configure.in Normal file
View File

@ -0,0 +1,481 @@
dnl Process this -*-m4-*- file with autoconf to produce a configure script.
dnl Disable caching
define([AC_CACHE_LOAD],)
define([AC_CACHE_SAVE],)
AC_INIT([nrpe],[2.15],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org])
AC_CONFIG_SRCDIR([src/nrpe.c])
AC_CONFIG_HEADERS([include/config.h])
AC_CONFIG_FILES([Makefile
subst
src/Makefile
package/solaris/Makefile
init-script
init-script.debian
init-script.suse
nrpe.spec
sample-config/nrpe.cfg
sample-config/nrpe.xinetd])
AC_PREFIX_DEFAULT(/usr/local/nagios)
PKG_NAME=nrpe
PKG_VERSION="2.15"
PKG_HOME_URL="http://www.nagios.org/"
PKG_REL_DATE="09-06-2013"
RPM_RELEASE=1
AC_SUBST(PKG_NAME)
AC_SUBST(PKG_VERSION)
AC_SUBST(PKG_HOME_URL)
AC_SUBST(PKG_REL_DATE)
AC_SUBST(RPM_RELEASE)
dnl Figure out how to invoke "install" and what install options to use.
AC_PROG_INSTALL
AC_SUBST(INSTALL)
dnl What OS are we running?
AC_CANONICAL_HOST
dnl Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
dnl Checks for header files.
AC_HEADER_STDC
AC_HEADER_TIME
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_STRUCT_TM
AC_TYPE_MODE_T
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_TYPE_SIGNAL
AC_TYPE_GETGROUPS
dnl Check lengths for later tests of u_int32_t and int32_t
AC_CHECK_SIZEOF(int)
AC_CHECK_SIZEOF(short)
AC_CHECK_SIZEOF(long)
dnl Define u_int32_t if we don't have it already (Solaris, etc.)
AC_CHECK_TYPE(uint32_t,unsigned int)
AC_CHECK_TYPE(u_int32_t,unsigned int)
if test "$ac_cv_type_u_int32_t" = no ; then
if test "$ac_cv_type_u_int32_t" = yes ; then
AC_DEFINE(U_INT32_T_IS_UINT32_T,[1],[u_int32_t is uint32_t])
else
if test "$ac_cv_sizeof_int" = 4 ; then
AC_DEFINE(U_INT32_T_IS_UINT,[1],[u_int32_t is uint])
else
if test "$ac_cv_sizeof_long" = 4 ; then
AC_DEFINE(U_INT32_T_IS_ULONG,[1],[u_int32_t is ulong])
else
if test "$ac_cv_sizeof_short" = 4 ; then
AC_DEFINE(U_INT32_T_IS_USHORT,[1],[u_int32_t is ushort])
fi
fi
fi
fi
fi
dnl Define int32_t if we don't have it already
AC_CHECK_TYPE(int32_t,int)
if test "$ac_cv_type_int32_t" = no ; then
if test "$ac_cv_sizeof_int" = 4 ; then
AC_DEFINE(INT32_T_IS_UINT,[1],[int32_t is uint])
else
if test "$ac_cv_sizeof_long" = 4 ; then
AC_DEFINE(INT32_T_IS_ULONG,[1],[int32_t is ulong])
else
if test "$ac_cv_sizeof_short" = 4 ; then
AC_DEFINE(INT32_T_IS_USHORT,[1],[int32_t is ushort])
fi
fi
fi
fi
dnl Check for asprintf() and friends...
AC_CACHE_CHECK([for va_copy],ac_cv_HAVE_VA_COPY,[
AC_TRY_LINK([#include <stdarg.h>
va_list ap1,ap2;], [va_copy(ap1,ap2);],
ac_cv_HAVE_VA_COPY=yes,
ac_cv_HAVE_VA_COPY=no)])
if test x"$ac_cv_HAVE_VA_COPY" = x"yes"; then
AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
else
AC_CACHE_CHECK([for __va_copy],ac_cv_HAVE___VA_COPY,[
AC_TRY_LINK([#include <stdarg.h>
va_list ap1,ap2;], [__va_copy(ap1,ap2);],
ac_cv_HAVE___VA_COPY=yes,
ac_cv_HAVE___VA_COPY=no)])
if test x"$ac_cv_HAVE___VA_COPY" = x"yes"; then
AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
fi
fi
AC_CHECK_FUNC(vsnprintf,,SNPRINTF_O=./snprintf.o)
AC_CHECK_FUNC(snprintf,,SNPRINTF_O=./snprintf.o)
AC_CHECK_FUNC(asprintf,,SNPRINTF_O=./snprintf.o)
AC_CHECK_FUNC(vasprintf,,SNPRINTF_O=./snprintf.o)
AC_CACHE_CHECK([for C99 vsnprintf],ac_cv_HAVE_C99_VSNPRINTF,[
AC_TRY_RUN([
#include <sys/types.h>
#include <stdarg.h>
void foo(const char *format, ...) {
va_list ap;
int len;
char buf[5];
va_start(ap, format);
len = vsnprintf(buf, 0, format, ap);
va_end(ap);
if (len != 5) exit(1);
va_start(ap, format);
len = vsnprintf(0, 0, format, ap);
va_end(ap);
if (len != 5) exit(1);
if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
exit(0);
}
main() { foo("hello"); }
],
ac_cv_HAVE_C99_VSNPRINTF=yes,ac_cv_HAVE_C99_VSNPRINTF=no,ac_cv_HAVE_C99_VSNPRINTF=cross)])
if test x"$ac_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Define if system has C99 compatible vsnprintf])
fi
dnl AC_CHECK_FUNC(snprintf,AC_DEFINE(HAVE_SNPRINTF),SNPRINTF_O=./snprintf.o)
AC_SUBST(SNPRINTF_O)
dnl Check for getopt_long (Solaris)
AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OTHERLIBS -liberty"))
AC_SUBST(OTHERLIBS)
dnl Checks for library functions.
AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
AC_SUBST(SOCKETLIBS)
AC_CHECK_LIB(wrap,main,[
LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
])
AC_SUBST(LIBWRAPLIBS)
AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
dnl socklen_t check - from curl
AC_CHECK_TYPE([socklen_t], ,[
AC_MSG_CHECKING([for socklen_t equivalent])
AC_CACHE_VAL([curl_cv_socklen_t_equiv],
[
# Systems have either "struct sockaddr *" or
# "void *" as the second argument to getpeername
curl_cv_socklen_t_equiv=
for arg2 in "struct sockaddr" void; do
for t in int size_t unsigned long "unsigned long"; do
AC_TRY_COMPILE([
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
int getpeername (int, $arg2 *, $t *);
],[
$t len;
getpeername(0,0,&len);
],[
curl_cv_socklen_t_equiv="$t"
break
])
done
done
if test "x$curl_cv_socklen_t_equiv" = x; then
AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
fi
])
AC_MSG_RESULT($curl_cv_socklen_t_equiv)
AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
[type to use in place of socklen_t if not defined])],
[#include <sys/types.h>
#include <sys/socket.h>])
AC_MSG_CHECKING(for type of socket size)
AC_TRY_COMPILE([#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
],
[int a = send(1, (const void *)0, (size_t *) 0, (int *) 0);],
[AC_DEFINE(SOCKET_SIZE_TYPE, size_t, [Socket Size Type]) AC_MSG_RESULT(size_t)],
[AC_DEFINE(SOCKET_SIZE_TYPE, int, [Socket Size Type]) AC_MSG_RESULT(int)])
dnl Stolen from Python code: loewis@users.sourceforge.net
#AC_CHECK_TYPE(socklen_t,int,
# AC_DEFINE(socklen_t,int,
# Define to `int' if <sys/socket.h> does not define.),[
# #ifdef HAVE_SYS_TYPES_H
# #include <sys/types.h>
# #endif
# #ifdef HAVE_SYS_SOCKET_H
# #include <sys/socket.h>
# #endif
# ])
dnl Does user want to check for SSL?
AC_ARG_ENABLE([ssl],
AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
if test x$enableval = xyes; then
check_for_ssl=yes
else
check_for_ssl=no
fi
],check_for_ssl=yes)
dnl Optional SSL library and include paths
ssl_dir=
ssl_inc_dir=
ssl_lib_dir=
AC_ARG_WITH([ssl],
AS_HELP_STRING([--with-ssl=DIR],[sets location of the SSL installation]),
[ssl_dir=$withval])
AC_ARG_WITH([ssl-inc],
AS_HELP_STRING([--with-ssl-inc=DIR],
[sets location of the SSL include files]),
[ ssl_inc_dir=$withval])
AC_ARG_WITH([ssl-lib],
AS_HELP_STRING([--with-ssl-lib=DIR],[sets location of the SSL libraries]),
[ssl_lib_dir=$withval])
AC_ARG_WITH([kerberos-inc],
AS_HELP_STRING([--with-kerberos-inc=DIR],
[sets location of the Kerberos include files]),
[kerberos_inc_dir=$withval])
dnl Check for SSL support
dnl Modified version of Mark Ethan Trostler's macro <trostler@juniper.net>
if test x$check_for_ssl = xyes; then
AC_MSG_CHECKING(for SSL headers)
found_ssl=no
for dir in $ssl_inc_dir $ssl_dir /usr/local/openssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr /usr/freeware/lib/openssl /usr/sfw/include; do
ssldir="$dir"
if test -f "$dir/include/openssl/ssl.h"; then
found_ssl=yes
CFLAGS="$CFLAGS -I$dir/include/openssl -I$ssldir/include"
sslincdir="$dir/include/openssl"
break
fi
if test -f "$dir/include/ssl.h"; then
found_ssl=yes
CFLAGS="$CFLAGS -I$dir/include"
sslincdir="$dir/include"
break
fi
if test -f "$dir/ssl.h"; then
found_ssl=yes
CFLAGS="$CFLAGS -I$dir"
sslincdir="$dir"
ssldir="$dir/.."
break
fi
if test -f "$dir/openssl/ssl.h"; then
found_ssl=yes
CFLAGS="$CFLAGS -I$dir/openssl"
sslincdir="$dir/openssl"
ssldir="$dir/.."
break
fi
done
if test x_$found_ssl != x_yes; then
AC_MSG_ERROR(Cannot find ssl headers)
else
printf "SSL headers found in $ssldir\n";
dnl Now try and find SSL libraries
AC_MSG_CHECKING(for SSL libraries)
found_ssl=no
for dir in $ssl_lib_dir $ssl_dir /usr/lib64 /usr/lib /usr/local/lib /usr/lib/ssl /usr/ssl/lib /usr/openssl/lib /usr/pkg/lib /usr/freeware/lib/openssl /usr/sfw/lib /opt/freeware/lib; do
ssllibdir="$dir"
if test "`uname -s`" = "Darwin" ; then
soext="dylib"
elif test "`uname -s`" = "HP-UX" ; then
soext="sl"
else
soext="so"
fi
if test -f "$dir/libssl.$soext"; then
found_ssl=yes
break
fi
done
if test x_$found_ssl != x_yes; then
AC_MSG_ERROR(Cannot find ssl libraries)
else
printf "SSL libraries found in $ssllibdir\n";
LDFLAGS="$LDFLAGS -L$ssllibdir";
LIBS="$LIBS -lssl -lcrypto";
AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
AC_SUBST(HAVE_SSL)
dnl Generate DH parameters
echo ""
echo "*** Generating DH Parameters for SSL/TLS ***"
if test -f "$ssldir/sbin/openssl"; then
sslbin=$ssldir/sbin/openssl
else
sslbin=$ssldir/bin/openssl
fi
# awk to strip off meta data at bottom of dhparam output
$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
fi
fi
dnl RedHat 8.0 and 9.0 include openssl compiled with kerberos, so we must include header file
AC_MSG_CHECKING(for Kerberos include files)
found_kerberos=no
for dir in $kerberos_inc_dir /usr/kerberos/include; do
kerbdir="$dir"
if test -f "$dir/krb5.h"; then
found_kerberos=yes
CFLAGS="$CFLAGS -I$kerbdir"
AC_DEFINE_UNQUOTED(HAVE_KRB5_H,[1],[Have the krb5.h header file])
dnl AC_CHECK_HEADERS(krb5.h)
break
fi
done
if test x_$found_kerberos != x_yes; then
printf "could not find include files\n";
else
printf "found Kerberos include files in $kerbdir\n";
fi
fi
AC_ARG_WITH([log_facility],
AS_HELP_STRING([--with-log-facility=<facility>],
[sets NRPE syslog facility]),
[log_facility=$withval],
[log_facility=daemon])
AC_SUBST(log_facility)
AC_DEFINE_UNQUOTED(NRPE_LOG_FACILITY,["$log_facility"],[NRPE syslog facility])
AC_ARG_WITH([nrpe_user],
AS_HELP_STRING([--with-nrpe-user=<user>],[sets user name to run NRPE]),
[nrpe_user=$withval],
[nrpe_user=nagios])
AC_ARG_WITH([nrpe_group],
AS_HELP_STRING([--with-nrpe-group=<group>],[sets group name to run NRPE]),
[nrpe_group=$withval],
[nrpe_group=nagios])
AC_ARG_WITH([nrpe_port],
AS_HELP_STRING([--with-nrpe-port=<port>],
[sets port number for NRPE to listen on]),
[nrpe_port=$withval],
[nrpe_port=5666])
AC_SUBST(nrpe_user)
AC_SUBST(nrpe_group)
NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
AC_SUBST(NRPE_INSTALL_OPTS)
AC_SUBST(nrpe_port)
AC_DEFINE_UNQUOTED(DEFAULT_SERVER_PORT,$nrpe_port,[Default port for NRPE daemon])
AC_ARG_WITH([nagios_user],
AS_HELP_STRING([--with-nagios-user=<user>],
[sets user name for file permissions]),
[nagios_user=$withval],
[nagios_user=nagios])
AC_ARG_WITH([nagios_group],
AS_HELP_STRING([--with-nagios-group=<grp>],
[sets group name file permissions]),
[nagios_group=$withval],
[nagios_group=nagios])
AC_SUBST(nagios_user)
AC_SUBST(nagios_group)
NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
AC_SUBST(NAGIOS_INSTALL_OPTS)
# Determine target OS, version and architecture for package build macros
if test "x$target_ver" = "x" ; then
TARGET_VER=`uname -r`
else
TARGET_VER=$target_ver
fi
AC_SUBST(TARGET_VER)
if test "x$target_os" = "x" ; then
TARGET_OS=`uname -s`
else
TARGET_OS=$target_os
fi
AC_SUBST(TARGET_OS)
if test "x$target_cpu" = "x" ; then
TARGET_ARCH=`uname -p`
else
TARGET_ARCH=$target_cpu
fi
AC_SUBST(TARGET_ARCH)
TARGET_PLATFORM=""
if test "x$TARGET_OS" = "xSunOS" ; then
if test "x$TARGET_VER" = "x5.10" ; then
TARGET_PLATFORM="sol10"
fi
fi
AC_SUBST(TARGET_PLATFORM)
AC_ARG_ENABLE([command-args],
AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
AC_ARG_ENABLE([bash-command-substitution],
AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
AC_DEFINE_UNQUOTED(ENABLE_BASH_COMMAND_SUBSTITUTION,[1],[Enable bash command substitution]))
AC_PATH_PROG(PERL,perl)
AC_OUTPUT()
perl subst init-script
perl subst init-script.debian
perl subst init-script.suse
perl subst sample-config/nrpe.cfg
perl subst sample-config/nrpe.xinetd
dnl Review options
echo ""
echo ""
AC_MSG_RESULT([*** Configuration summary for $PKG_NAME $PKG_VERSION $PKG_REL_DATE ***:])
echo ""
echo " General Options:"
echo " -------------------------"
AC_MSG_RESULT([ NRPE port: $nrpe_port])
AC_MSG_RESULT([ NRPE user: $nrpe_user])
AC_MSG_RESULT([ NRPE group: $nrpe_group])
AC_MSG_RESULT([ Nagios user: $nagios_user])
AC_MSG_RESULT([ Nagios group: $nagios_group])
echo ""
echo ""
echo "Review the options above for accuracy. If they look okay,"
echo "type 'make all' to compile the NRPE daemon and client."
echo ""

64
contrib/README.nrpe_check_control Normal file
View File

@ -0,0 +1,64 @@
NOTES:
------
The service definition below assumes you have a command called "check_tcp" already setup
in your config files.
The command definition below assumes that the $USER1$ macro is used to define the location
of your Nagios plugins (i.e. "/usr/local/nagios/libexec") and that the nrpe_check_control
service is located in that directory.
SAMPLE CONFIG FILE SNIPPETS:
----------------------------
define service {
host_name <host name goes here>
description NRPE
...
event_handler nrpe_check_control
check_command check_tcp!-p 5666
}
define command {
command_name nrpe_check_control
command_line $USER1$/nrpe_check_control $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$ "$HOSTNAME$"
}
ORIGINAL EMAIL SNIPPET:
-----------------------
Date sent: Fri, 30 Mar 2001 18:51:48 -0500
From: adam.bowen@<>
Subject: Event Handler
To: [nagios@nagios.org]
I am attaching the source code for an event handler I wrote to
control checks using nrpe. I add the following check to all remote hosts
using nrpe:
<see example above>
I added this line to the commands.cfg file:
<see example above>
When the NRPE service check listed above has 3 failed connection
attempts, it will run the nrpe_check_control which will search the
services file for all services for $HOSTNAME$ that use the check_nrpe.
It will then request that all these services be disabled. When the
NRPE check returns to the OK state, it will request that all services
using check_nrpe be re-enabled. This will prevent unnecessary e-mail
when there is a problem with the NRPE daemon. This does require
that external commands be enabled.
(See attached file: nrpe_check_control.c)
I thought some other [Nagios] users might find this useful.
Adam G. Bowen

121
contrib/nrpe_check_control.c Normal file
View File

@ -0,0 +1,121 @@
#include <stdio.h>
#include <string.h>
#include <time.h>
#define MAX_CHARS 1024
#define SERVICE_COUNT 12
#define COMMAND_FILE "/usr/local/nagios/var/rw/nagios.cmd"
#define SERVICES_FILE "/usr/local/nagios/etc/services.cfg"
int main(int argc, char *argv[])
{
char check_name[MAX_CHARS];
char ent_type[MAX_CHARS];
char input_buffer[MAX_CHARS];
char host_name[MAX_CHARS];
char service_name[MAX_CHARS];
char state[MAX_CHARS];
char state_type[MAX_CHARS];
char temp_input[MAX_CHARS];
char temp_string[MAX_CHARS];
char test_host[MAX_CHARS];
char *temp_var;
FILE *command_fp;
FILE *services_fp;
int attempt;
int i;
time_t current_time;
strcpy(state,argv[1]);
strcpy(state_type,argv[2]);
attempt=atoi(argv[3]);
strcpy(host_name,argv[4]);
if(strcmp(state,"OK") == 0)
{
services_fp=fopen(SERVICES_FILE,"r");
command_fp=fopen(COMMAND_FILE,"a");
while((fgets(input_buffer,MAX_CHARS-1,services_fp)) != NULL)
{
if(input_buffer[0]=='#' || input_buffer[0]=='\x0' || input_buffer[0]=='\n' || input_buffer[0]=='\r')
{
continue;
}
else
{
strcpy(temp_input,input_buffer);
strcpy(temp_string,strtok(temp_input,"="));
strcpy(ent_type,strtok(temp_string,"["));
if(strcmp(ent_type,"service") == 0)
{
strcpy(test_host,strtok(NULL,"]"));
if(strcmp(test_host,host_name) == 0)
{
temp_var=strtok(input_buffer,"=");
strcpy(service_name,strtok(NULL,";"));
for(i=1;i<=SERVICE_COUNT;i++)
{
temp_var=strtok(NULL,";");
}
strcpy(check_name,strtok(temp_var,"!"));
if(strcmp(check_name,"check_nrpe") == 0)
{
time(&current_time);
fprintf(command_fp,"[%lu] ENABLE_SVC_CHECK;%s;%s\n",current_time,host_name,service_name);
}
}
}
}
}
fclose(command_fp);
fclose(services_fp);
}
else if(strcmp(state,"CRITICAL") == 0)
{
if(attempt == 3)
{
services_fp=fopen(SERVICES_FILE,"r");
command_fp=fopen(COMMAND_FILE,"a");
while((fgets(input_buffer,MAX_CHARS-1,services_fp)) != NULL)
{
if(input_buffer[0]=='#' || input_buffer[0]=='\x0' || input_buffer[0]=='\n' || input_buffer[0]=='\r')
{
continue;
}
else
{
strcpy(temp_input,input_buffer);
strcpy(temp_string,strtok(temp_input,"="));
strcpy(ent_type,strtok(temp_string,"["));
if(strcmp(ent_type,"service") == 0)
{
strcpy(test_host,strtok(NULL,"]"));
if(strcmp(test_host,host_name) == 0)
{
temp_var=strtok(input_buffer,"=");
strcpy(service_name,strtok(NULL,";"));
for(i=1;i<=SERVICE_COUNT;i++)
{
temp_var=strtok(NULL,";");
}
strcpy(check_name,strtok(temp_var,"!"));
if(strcmp(check_name,"check_nrpe") == 0)
{
time(&current_time);
fprintf(command_fp,"[%lu] DISABLE_SVC_CHECK;%s;%s\n",current_time,host_name,service_name);
}
}
}
}
}
fclose(command_fp);
fclose(services_fp);
}
}
return 0;
}

BIN
docs/NRPE.odt Normal file
View File

Binary file not shown.

BIN
docs/NRPE.pdf Normal file
View File

Binary file not shown.

70
include/acl.h Normal file
View File

@ -0,0 +1,70 @@
/*-
* acl.c - header file for acl.c
* Copyright (c) 2011 Kaspersky Lab ZAO
* Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help
*
* License: GPL
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef ACL_H_INCLUDED
#define ACL_H_INCLUDED 1
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <syslog.h>
#include <stdarg.h>
#define CHAR_TO_NUMBER(c) ((c) - '0')
struct ip_acl {
int family;
struct in_addr addr;
struct in_addr mask;
struct in6_addr addr6;
struct in6_addr mask6;
struct ip_acl *next;
};
struct dns_acl {
char domain[255];
struct dns_acl *next;
};
/* Poiters to head ACL structs */
static struct ip_acl *ip_acl_head, *ip_acl_prev;
static struct dns_acl *dns_acl_head, *dns_acl_prev;
/* Functions */
void parse_allowed_hosts(char *allowed_hosts);
int add_ipv4_to_acl(char *ipv4);
int add_ipv6_to_acl(char *ipv6);
int add_domain_to_acl(char *domain);
//int is_an_allowed_host(struct in_addr);
int is_an_allowed_host(int, void *);
unsigned int prefix_from_mask(struct in_addr mask);
void show_acl_lists(void);
#endif /* ACL_H_INCLUDED */

92
include/common.h Normal file
View File

@ -0,0 +1,92 @@
/************************************************************************
*
* COMMON.H - NRPE Common Include File
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
* Last Modified: 09-06-2013
*
* License:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
************************************************************************/
#include "config.h"
#define PROGRAM_VERSION "2.15"
#define MODIFICATION_DATE "09-06-2013"
#define OK 0
#define ERROR -1
#define TRUE 1
#define FALSE 0
#define STATE_UNKNOWN 3 /* service state return codes */
#define STATE_CRITICAL 2
#define STATE_WARNING 1
#define STATE_OK 0
#define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */
#define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */
#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */
#define MAX_FILENAME_LENGTH 256
#define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */
#define NRPE_HELLO_COMMAND "_NRPE_CHECK"
#define MAX_COMMAND_ARGUMENTS 16
/**************** PACKET STRUCTURE DEFINITION **********/
#define QUERY_PACKET 1 /* id code for a packet containing a query */
#define RESPONSE_PACKET 2 /* id code for a packet containing a response */
#define NRPE_PACKET_VERSION_3 3 /* packet version identifier */
#define NRPE_PACKET_VERSION_2 2
#define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */
#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */
typedef struct packet_struct{
int16_t packet_version;
int16_t packet_type;
u_int32_t crc32_value;
int16_t result_code;
char buffer[MAX_PACKETBUFFER_LENGTH];
}packet;
/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
#if defined(__sun) || defined(__hpux)
# ifndef LOG_AUTHPRIV
# define LOG_AUTHPRIV LOG_AUTH
# endif
# ifndef LOG_FTP
# define LOG_FTP LOG_DAEMON
# endif
#elif _AIX
# include <sys/select.h>
# ifndef LOG_FTP
# define LOG_FTP LOG_DAEMON
# endif
#endif

263
include/config.h.in Normal file
View File

@ -0,0 +1,263 @@
/************************************************************************
*
* NRPE Common Header File
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
* Last Modified: 11-23-2007
*
* License:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
************************************************************************/
#ifndef _CONFIG_H
#define _CONFIG_H
#include <stdio.h>
#include <stdlib.h>
#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
#define NRPE_LOG_FACILITY @log_facility@
#undef ENABLE_COMMAND_ARGUMENTS
#undef ENABLE_BASH_COMMAND_SUBSTITUTION
#undef socklen_t
#undef HAVE_GETOPT_LONG
#undef HAVE_LIBWRAP
#undef STDC_HEADERS
#undef HAVE_STRDUP
#undef HAVE_STRSTR
#undef HAVE_STRTOUL
#undef HAVE_INITGROUPS
#undef HAVE_CLOSESOCKET
#undef SIZEOF_INT
#undef SIZEOF_SHORT
#undef SIZEOF_LONG
/* stupid stuff for u_int32_t */
#undef U_INT32_T_IS_USHORT
#undef U_INT32_T_IS_UINT
#undef U_INT32_T_IS_ULONG
#undef U_INT32_T_IS_UINT32_T
#ifdef U_INT32_T_IS_USHORT
typedef unsigned short u_int32_t;
#endif
#ifdef U_INT32_T_IS_ULONG
typedef unsigned long u_int32_t;
#endif
#ifdef U_INT32_T_IS_UINT
typedef unsigned int u_int32_t;
#endif
#ifdef U_INT32_T_IS_UINT32_t
typedef uint32_t u_int32_t;
#endif
/* stupid stuff for int32_t */
#undef INT32_T_IS_SHORT
#undef INT32_T_IS_INT
#undef INT32_T_IS_LONG
#ifdef INT32_T_IS_USHORT
typedef short int32_t;
#endif
#ifdef INT32_T_IS_ULONG
typedef long int32_t;
#endif
#ifdef INT32_T_IS_UINT
typedef int int32_t;
#endif
/***** ASPRINTF() AND FRIENDS *****/
#undef HAVE_VSNPRINTF
#undef HAVE_SNPRINTF
#undef HAVE_ASPRINTF
#undef HAVE_VASPRINTF
#undef HAVE_C99_VSNPRINTF
#undef HAVE_VA_COPY
#undef HAVE___VA_COPY
#define SOCKET_SIZE_TYPE ""
#define GETGROUPS_T ""
#define RETSIGTYPE ""
#undef HAVE_GETOPT_H
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#undef HAVE_STRINGS_H
#undef HAVE_STRING_H
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
#ifdef HAVE_STRINGS_H
#include <string.h>
#endif
#undef HAVE_UNISTD_H
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#undef HAVE_SIGNAL_H
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#undef HAVE_SYSLOG_H
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
#undef HAVE_SYS_STAT_H
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#undef HAVE_FCNTL_H
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#undef HAVE_SYS_TYPES_H
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#undef HAVE_SYS_WAIT_H
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifndef WEXITSTATUS
# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
#endif
#ifndef WIFEXITED
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
#endif
#undef HAVE_ERRNO_H
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
/* needed for the time_t structures we use later... */
#undef TIME_WITH_SYS_TIME
#undef HAVE_SYS_TIME_H
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
# endif
#endif
#undef HAVE_SYS_SOCKET_H
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
/* Define to 'int' if <sys/socket.h> does not define */
#undef socklen_t
#undef HAVE_SOCKET_H
#ifdef HAVE_SOCKET_H
#include <socket.h>
#endif
#undef HAVE_TCPD_H
#ifdef HAVE_TCPD_H
#include <tcpd.h>
#endif
#undef HAVE_NETINET_IN_H
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#undef HAVE_ARPA_INET_H
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#undef HAVE_NETDB_H
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#undef HAVE_CTYPE_H
#ifdef HAVE_CTYPE_H
#include <ctype.h>
#endif
#undef HAVE_PWD_H
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#undef HAVE_GRP_H
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
#undef HAVE_DIRENT_H
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
#undef HAVE_SSL
#ifdef HAVE_SSL
#include <rsa.h>
#include <crypto.h>
#include <dh.h>
#include <pem.h>
#include <ssl.h>
#include <err.h>
#include <rand.h>
#endif
#undef HAVE_KRB5_H
#ifdef HAVE_KRB5_H
#include <krb5.h>
#endif
#undef HAVE_INTTYPES_H
#undef HAVE_STDINT_H
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#else
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#endif
#endif

25
include/dh.h Normal file
View File

@ -0,0 +1,25 @@
#ifndef HEADER_DH_H
#include <openssl/dh.h>
#endif
DH *get_dh512()
{
static unsigned char dh512_p[]={
0xDA,0xD8,0xF0,0xA2,0x9A,0x64,0xC2,0x9F,0x22,0x9D,0x47,0xA1,
0xB2,0xED,0xD6,0x89,0xB5,0x46,0x6D,0x4E,0x1F,0x14,0xF4,0xF4,
0xEB,0xCA,0x4D,0x41,0x89,0x60,0x0D,0x1F,0xB3,0x50,0xC4,0x54,
0xE1,0x60,0xB5,0xDD,0x57,0x0C,0xF9,0xF5,0x19,0x73,0x6C,0x0C,
0x45,0x33,0xA9,0xC1,0xD7,0xF3,0x27,0x68,0xEE,0xDA,0x8C,0x4A,
0x1C,0x52,0xA1,0x9B,
};
static unsigned char dh512_g[]={
0x02,
};
DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
{ DH_free(dh); return(NULL); }
return(dh);
}

65
include/nrpe.h Normal file
View File

@ -0,0 +1,65 @@
/************************************************************************
*
* NRPE.H - NRPE Include File
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
* Last Modified: 08-10-2011 by Konstantin Malov
*
* License:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
************************************************************************/
/*
* 08-10-2011 IPv4 subnetworks support added.
* Main change in nrpe.c is that is_an_allowed_host() moved to acl.c
*
*/
/**************** COMMAND STRUCTURE DEFINITION **********/
typedef struct command_struct{
char *command_name;
char *command_line;
struct command_struct *next;
}command;
int process_arguments(int,char **);
void wait_for_connections(void);
void handle_connection(int);
int read_config_file(char *);
int read_config_dir(char *);
int get_log_facility(char *);
int add_command(char *,char *);
command *find_command(char *);
void sighandler(int);
int drop_privileges(char *,char *);
int check_privileges(void);
int write_pid_file(void);
int remove_pid_file(void);
void free_memory(void);
int validate_request(packet *);
int contains_nasty_metachars(char *);
int process_macros(char *,char *,int);
int my_system(char *,int,int *,char *,int); /* executes a command via popen(), but also protects against timeouts */
void my_system_sighandler(int); /* handles timeouts when executing commands via my_system() */
void my_connection_sighandler(int); /* handles timeouts of connection */
void sighandler(int);
void child_sighandler(int);

63
include/utils.h Normal file
View File

@ -0,0 +1,63 @@
/************************************************************************************************
*
* UTILS.H - NRPE Utilities Include File
*
* License: GPL
* Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
*
* Last Modified: 12-11-2006
*
* Description:
*
* This file contains common include files and function definitions used in many of the plugins.
*
* License Information:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
************************************************************************************************/
#ifndef _UTILS_H
#define _UTILS_H
#include "../include/config.h"
void generate_crc32_table(void);
unsigned long calculate_crc32(char *, int);
void randomize_buffer(char *,int);
int my_tcp_connect(char *,int,int *);
int my_connect(const char *, struct sockaddr_storage *, u_short, int,
const char *);
void add_listen_addr(struct addrinfo **, int, char *, int);
void strip(char *);
int sendall(int,char *,int *);
int recvall(int,char *,int *,int);
char *my_strsep(char **,const char *);
void display_license(void);
#endif

34
init-script.debian.in Normal file
View File

@ -0,0 +1,34 @@
#!/bin/sh
# Start/stop the nrpe daemon.
#
# Contributed by Andrew Ryder 06-22-02
# Slight mods by Ethan Galstad 07-09-02
NrpeBin=@bindir@/nrpe
NrpeCfg=@sysconfdir@/nrpe.cfg
test -f $NrpeBin || exit 0
case "$1" in
start) echo -n "Starting nagios remote plugin daemon: nrpe"
start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
echo "."
;;
stop) echo -n "Stopping nagios remote plugin daemon: nrpe"
start-stop-daemon --stop --quiet --exec $NrpeBin
echo "."
;;
restart) echo -n "Restarting nagios remote plugin daemon: nrpe"
start-stop-daemon --stop --quiet --exec $NrpeBin
start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
echo "."
;;
reload|force-reload) echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"
# nrpe reloads automatically
echo "."
;;
*) echo "Usage: /etc/init.d/nrpe start|stop|restart|reload|force-reload"
exit 1
;;
esac
exit 0

62
init-script.in Normal file
View File

@ -0,0 +1,62 @@
#!/bin/sh
#
# Created 2000-01-03 by jaclu@grm.se
#
# nrpe This shell script takes care of starting and stopping
# nrpe.
#
# chkconfig: 2345 80 30
# description: nrpe is a daemon for a remote nagios server, \
# running nagios plugins on this host.
# processname: nrpe
# config: /usr/local/nagios/etc/nrpe.cfg
# Source function library
if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
elif [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/functions ]; then
. /etc/rc.d/functions
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
NrpeBin=@bindir@/nrpe
NrpeCfg=@sysconfdir@/nrpe.cfg
LockFile=/var/lock/subsys/nrpe
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting nrpe: "
daemon $NrpeBin -c $NrpeCfg -d
echo
touch $LockFile
;;
stop)
# Stop daemons.
echo -n "Shutting down nrpe: "
killproc nrpe
echo
rm -f $LockFile
;;
restart)
$0 stop
$0 start
;;
status)
status nrpe
;;
*)
echo "Usage: nrpe {start|stop|restart|status}"
exit 1
esac
exit 0

84
init-script.suse.in Normal file
View File

@ -0,0 +1,84 @@
#! /bin/sh
# Copyright (c) 1996-2002 SuSE GmbH Nuernberg, Germany. All rights reserved.
# Modifications for NRPE Copyright (c) 2003 Subhendu Ghosh
# Author: Christopher Mahmood <ckm+snmp@suse.de>, Remo Behn <ray+snmp@suse.de>
# Modifications for NRPE: Subhendu Ghosh <sghosh@users.sourceforge.net>
#
# /etc/init.d/nrpe
#
### BEGIN INIT INFO
# Provides: nrpe
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: start nrpe
### END INIT INFO
NRPEBIN=@bindir@/nrpe
NRPECFG=@sysconfdir@/nrpe.cfg
test -x $NRPEBIN || exit 5
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num><num>
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status
# First reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting nrpe:"
startproc $NRPEBIN -c $NRPECFG -d
rc_status -v
rc_reset
;;
stop)
echo -n "Shutting down nrpe:"
killproc -TERM $NRPEBIN
rc_status -v ; rc_reset
;;
restart)
$0 stop
$0 start
rc_status
;;
status)
echo -n "Checking for service nrpe:"
checkproc $NRPEBIN
rc_status -v
rc_reset
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
rc_exit

250
install-sh Executable file
View File

@ -0,0 +1,250 @@
#! /bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5 (mit/util/scripts/install.sh).
#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission. M.I.T. makes no representations about the
# suitability of this software for any purpose. It is provided "as is"
# without express or implied warranty.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch. It can only install one file at a time, a restriction
# shared with many OS's install programs.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

252
nrpe.spec Normal file
View File

@ -0,0 +1,252 @@
%define isaix %(test "`uname -s`" = "AIX" && echo "1" || echo "0")
%define islinux %(test "`uname -s`" = "Linux" && echo "1" || echo "0")
%if %{isaix}
%define _prefix /opt/nagios
%define _docdir %{_prefix}/doc/nrpe-2.15
%define nshome /opt/nagios
%define _make gmake
%endif
%if %{islinux}
%define _init_dir /etc/init.d
%define _exec_prefix %{_prefix}/sbin
%define _bindir %{_prefix}/sbin
%define _sbindir %{_prefix}/lib/nagios/cgi
%define _libexecdir %{_prefix}/lib/nagios/plugins
%define _datadir %{_prefix}/share/nagios
%define _localstatedir /var/log/nagios
%define nshome /var/log/nagios
%define _make make
%endif
%define _sysconfdir /etc/nagios
%define name nrpe
%define version 2.15
%define release 1
%define nsusr nagios
%define nsgrp nagios
%define nsport 5666
# Reserve option to override port setting with:
# rpm -ba|--rebuild --define 'nsport 5666'
%{?port:%define nsport %{port}}
# Macro that print mesages to syslog at package (un)install time
%define nnmmsg logger -t %{name}/rpm
Summary: Host/service/network monitoring agent for Nagios
URL: http://www.nagios.org
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Group: Application/System
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-buildroot
Prefix: %{_prefix}
Prefix: /etc/init.d
Prefix: /etc/nagios
%if %{isaix}
Requires: nagios-plugins
%endif
%if %{islinux}
Requires: bash, grep, nagios-plugins, util-linux, chkconfig, shadow-utils, sed, initscripts, mktemp
%endif
%description
NPRE (Nagios Remote Plugin Executor) is a system daemon that
will execute various Nagios plugins locally on behalf of a
remote (monitoring) host that uses the check_nrpe plugin.
Various plugins that can be executed by the daemon are available
at: http://sourceforge.net/projects/nagiosplug
This package provides the client-side NRPE agent (daemon).
%package plugin
Group: Application/System
Summary: Provides nrpe plugin for Nagios.
Requires: nagios-plugins
%description plugin
NPRE (Nagios Remote Plugin Executor) is a system daemon that
will execute various Nagios plugins locally on behalf of a
remote (monitoring) host that uses the check_nrpe plugin.
Various plugins that can be executed by the daemon are available
at: http://sourceforge.net/projects/nagiosplug
This package provides the server-side NRPE plugin for
Nagios-related applications.
%prep
%setup -q
%pre
# Create `nagios' group on the system if necessary
%if %{isaix}
lsgroup %{nsgrp} > /dev/null 2> /dev/null
if [ $? -eq 2 ] ; then
mkgroup %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
fi
%endif
%if %{islinux}
getent group %{nsgrp} > /dev/null 2> /dev/null
if [ $? -ne 0 ] ; then
groupadd %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
fi
%endif
# Create `nagios' user on the system if necessary
%if %{isaix}
lsuser %{nsusr} > /dev/null 2> /dev/null
if [ $? -eq 2 ] ; then
useradd -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
fi
%endif
%if %{islinux}
getent passwd %{nsusr} > /dev/null 2> /dev/null
if [ $? -ne 0 ] ; then
useradd -r -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
fi
%endif
%if %{isaix}
# Check to see if the nrpe service is running and, if so, stop it.
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
if [ $? -eq 0 ] ; then
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
if [ "$status" = "active" ] ; then
/usr/bin/stopsrc -s nrpe
fi
fi
%endif
%if %{islinux}
# if LSB standard /etc/init.d does not exist,
# create it as a symlink to the first match we find
if [ -d /etc/init.d -o -L /etc/init.d ]; then
: # we're done
elif [ -d /etc/rc.d/init.d ]; then
ln -s /etc/rc.d/init.d /etc/init.d
elif [ -d /usr/local/etc/rc.d ]; then
ln -s /usr/local/etc/rc.d /etc/init.d
elif [ -d /sbin/init.d ]; then
ln -s /sbin/init.d /etc/init.d
fi
%endif
%if %{isaix}
%post
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
if [ $? -eq 1 ] ; then
/usr/bin/mkssys -p %{_bindir}/nrpe -s nrpe -u 0 -a "-c %{_sysconfdir}/nrpe.cfg -d -s" -Q -R -S -n 15 -f 9
fi
/usr/bin/startsrc -s nrpe
%endif
%preun
%if %{isaix}
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
if [ "$status" = "active" ] ; then
/usr/bin/stopsrc -s nrpe
fi
/usr/bin/rmssys -s nrpe
%endif
%if %{islinux}
if [ "$1" = 0 ]; then
/sbin/service nrpe stop > /dev/null 2>&1
/sbin/chkconfig --del nrpe
fi
%endif
%if %{islinux}
%postun
if [ "$1" -ge "1" ]; then
/sbin/service nrpe condrestart >/dev/null 2>&1 || :
fi
%endif
%build
export PATH=$PATH:/usr/sbin
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
MAKE=%{_make} ./configure \
--with-init-dir=/etc/init.d \
--with-nrpe-port=%{nsport} \
--with-nrpe-user=%{nsusr} \
--with-nrpe-group=%{nsgrp} \
--prefix=%{_prefix} \
--exec-prefix=%{_exec_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--libexecdir=%{_libexecdir} \
--datadir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_localstatedir} \
--enable-command-args
%{_make} all
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%if %{islinux}
install -d -m 0755 ${RPM_BUILD_ROOT}%{_init_dir}
%endif
DESTDIR=${RPM_BUILD_ROOT} %{_make} install install-daemon-config
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}
# install templated configuration files
#cp sample-config/nrpe.cfg ${RPM_BUILD_ROOT}%{_sysconfdir}/nrpe.cfg
#%if %{isaix}
#cp init-script ${RPM_BUILD_ROOT}%{_init_dir}/nrpe
#%endif
#cp src/nrpe ${RPM_BUILD_ROOT}%{_bindir}
#cp src/check_nrpe ${RPM_BUILD_ROOT}%{_libexecdir}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%if %{islinux}
%defattr(755,root,root)
/etc/init.d/nrpe
%endif
%{_bindir}/nrpe
%dir %{_sysconfdir}
%defattr(600,%{nsusr},%{nsgrp})
%config(noreplace) %{_sysconfdir}/*.cfg
%defattr(755,%{nsusr},%{nsgrp})
%doc Changelog LEGAL README
%files plugin
%defattr(755,%{nsusr},%{nsgrp})
%{_libexecdir}
%defattr(644,%{nsusr},%{nsgrp})
%doc Changelog LEGAL README
%changelog
* Mon Mar 12 2012 Eric Stanley estanley<@>nagios.com
- Created autoconf input file
- Updated to support building on AIX
- Updated install to use make install*
* Mon Jan 23 2006 Andreas Kasenides ank<@>cs.ucy.ac.cy
- fixed nrpe.cfg relocation to sample-config
- replaced Copyright label with License
- added --enable-command-args to enable remote arg passing (if desired can be disabled by commenting out)
* Wed Nov 12 2003 Ingimar Robertsson <iar@skyrr.is>
- Added adding of nagios group if it does not exist.
* Tue Jan 07 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
- Removed the lines which removed the nagios user and group from the system
- changed the patch release version from 3 to 1
* Mon Jan 06 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
- Removed patch files required for nrpe 1.5
- Update spec file for version 1.6 (1.6-1)
* Sat Dec 28 2002 James 'Showkilr' Peterson <showkilr@showkilr.com>
- First RPM build (1.5-1)

252
nrpe.spec.in Normal file
View File

@ -0,0 +1,252 @@
%define isaix %(test "`uname -s`" = "AIX" && echo "1" || echo "0")
%define islinux %(test "`uname -s`" = "Linux" && echo "1" || echo "0")
%if %{isaix}
%define _prefix /opt/nagios
%define _docdir %{_prefix}/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@
%define nshome /opt/nagios
%define _make gmake
%endif
%if %{islinux}
%define _init_dir /etc/init.d
%define _exec_prefix %{_prefix}/sbin
%define _bindir %{_prefix}/sbin
%define _sbindir %{_prefix}/lib/nagios/cgi
%define _libexecdir %{_prefix}/lib/nagios/plugins
%define _datadir %{_prefix}/share/nagios
%define _localstatedir /var/log/nagios
%define nshome /var/log/nagios
%define _make make
%endif
%define _sysconfdir /etc/nagios
%define name @PACKAGE_NAME@
%define version @PACKAGE_VERSION@
%define release @RPM_RELEASE@
%define nsusr @nrpe_user@
%define nsgrp @nrpe_group@
%define nsport @nrpe_port@
# Reserve option to override port setting with:
# rpm -ba|--rebuild --define 'nsport 5666'
%{?port:%define nsport %{port}}
# Macro that print mesages to syslog at package (un)install time
%define nnmmsg logger -t %{name}/rpm
Summary: Host/service/network monitoring agent for Nagios
URL: http://www.nagios.org
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Group: Application/System
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-buildroot
Prefix: %{_prefix}
Prefix: /etc/init.d
Prefix: /etc/nagios
%if %{isaix}
Requires: nagios-plugins
%endif
%if %{islinux}
Requires: bash, grep, nagios-plugins, util-linux, chkconfig, shadow-utils, sed, initscripts, mktemp
%endif
%description
NPRE (Nagios Remote Plugin Executor) is a system daemon that
will execute various Nagios plugins locally on behalf of a
remote (monitoring) host that uses the check_nrpe plugin.
Various plugins that can be executed by the daemon are available
at: http://sourceforge.net/projects/nagiosplug
This package provides the client-side NRPE agent (daemon).
%package plugin
Group: Application/System
Summary: Provides nrpe plugin for Nagios.
Requires: nagios-plugins
%description plugin
NPRE (Nagios Remote Plugin Executor) is a system daemon that
will execute various Nagios plugins locally on behalf of a
remote (monitoring) host that uses the check_nrpe plugin.
Various plugins that can be executed by the daemon are available
at: http://sourceforge.net/projects/nagiosplug
This package provides the server-side NRPE plugin for
Nagios-related applications.
%prep
%setup -q
%pre
# Create `nagios' group on the system if necessary
%if %{isaix}
lsgroup %{nsgrp} > /dev/null 2> /dev/null
if [ $? -eq 2 ] ; then
mkgroup %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
fi
%endif
%if %{islinux}
getent group %{nsgrp} > /dev/null 2> /dev/null
if [ $? -ne 0 ] ; then
groupadd %{nsgrp} || %nnmmsg Unexpected error adding group "%{nsgrp}". Aborting install process.
fi
%endif
# Create `nagios' user on the system if necessary
%if %{isaix}
lsuser %{nsusr} > /dev/null 2> /dev/null
if [ $? -eq 2 ] ; then
useradd -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
fi
%endif
%if %{islinux}
getent passwd %{nsusr} > /dev/null 2> /dev/null
if [ $? -ne 0 ] ; then
useradd -r -d %{nshome} -c "%{nsusr}" -g %{nsgrp} %{nsusr} || \
%nnmmsg Unexpected error adding user "%{nsusr}". Aborting install process.
fi
%endif
%if %{isaix}
# Check to see if the nrpe service is running and, if so, stop it.
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
if [ $? -eq 0 ] ; then
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
if [ "$status" = "active" ] ; then
/usr/bin/stopsrc -s nrpe
fi
fi
%endif
%if %{islinux}
# if LSB standard /etc/init.d does not exist,
# create it as a symlink to the first match we find
if [ -d /etc/init.d -o -L /etc/init.d ]; then
: # we're done
elif [ -d /etc/rc.d/init.d ]; then
ln -s /etc/rc.d/init.d /etc/init.d
elif [ -d /usr/local/etc/rc.d ]; then
ln -s /usr/local/etc/rc.d /etc/init.d
elif [ -d /sbin/init.d ]; then
ln -s /sbin/init.d /etc/init.d
fi
%endif
%if %{isaix}
%post
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
if [ $? -eq 1 ] ; then
/usr/bin/mkssys -p %{_bindir}/nrpe -s nrpe -u 0 -a "-c %{_sysconfdir}/nrpe.cfg -d -s" -Q -R -S -n 15 -f 9
fi
/usr/bin/startsrc -s nrpe
%endif
%preun
%if %{isaix}
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
if [ "$status" = "active" ] ; then
/usr/bin/stopsrc -s nrpe
fi
/usr/bin/rmssys -s nrpe
%endif
%if %{islinux}
if [ "$1" = 0 ]; then
/sbin/service nrpe stop > /dev/null 2>&1
/sbin/chkconfig --del nrpe
fi
%endif
%if %{islinux}
%postun
if [ "$1" -ge "1" ]; then
/sbin/service nrpe condrestart >/dev/null 2>&1 || :
fi
%endif
%build
export PATH=$PATH:/usr/sbin
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
MAKE=%{_make} ./configure \
--with-init-dir=/etc/init.d \
--with-nrpe-port=%{nsport} \
--with-nrpe-user=%{nsusr} \
--with-nrpe-group=%{nsgrp} \
--prefix=%{_prefix} \
--exec-prefix=%{_exec_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--libexecdir=%{_libexecdir} \
--datadir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_localstatedir} \
--enable-command-args
%{_make} all
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%if %{islinux}
install -d -m 0755 ${RPM_BUILD_ROOT}%{_init_dir}
%endif
DESTDIR=${RPM_BUILD_ROOT} %{_make} install install-daemon-config
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
#install -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}
# install templated configuration files
#cp sample-config/nrpe.cfg ${RPM_BUILD_ROOT}%{_sysconfdir}/nrpe.cfg
#%if %{isaix}
#cp init-script ${RPM_BUILD_ROOT}%{_init_dir}/nrpe
#%endif
#cp src/nrpe ${RPM_BUILD_ROOT}%{_bindir}
#cp src/check_nrpe ${RPM_BUILD_ROOT}%{_libexecdir}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%if %{islinux}
%defattr(755,root,root)
/etc/init.d/nrpe
%endif
%{_bindir}/nrpe
%dir %{_sysconfdir}
%defattr(600,%{nsusr},%{nsgrp})
%config(noreplace) %{_sysconfdir}/*.cfg
%defattr(755,%{nsusr},%{nsgrp})
%doc Changelog LEGAL README
%files plugin
%defattr(755,%{nsusr},%{nsgrp})
%{_libexecdir}
%defattr(644,%{nsusr},%{nsgrp})
%doc Changelog LEGAL README
%changelog
* Mon Mar 12 2012 Eric Stanley estanley<@>nagios.com
- Created autoconf input file
- Updated to support building on AIX
- Updated install to use make install*
* Mon Jan 23 2006 Andreas Kasenides ank<@>cs.ucy.ac.cy
- fixed nrpe.cfg relocation to sample-config
- replaced Copyright label with License
- added --enable-command-args to enable remote arg passing (if desired can be disabled by commenting out)
* Wed Nov 12 2003 Ingimar Robertsson <iar@skyrr.is>
- Added adding of nagios group if it does not exist.
* Tue Jan 07 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
- Removed the lines which removed the nagios user and group from the system
- changed the patch release version from 3 to 1
* Mon Jan 06 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
- Removed patch files required for nrpe 1.5
- Update spec file for version 1.6 (1.6-1)
* Sat Dec 28 2002 James 'Showkilr' Peterson <showkilr@showkilr.com>
- First RPM build (1.5-1)

81
package/solaris/Makefile.in Normal file
View File

@ -0,0 +1,81 @@
###################################
# Makefile for NRPE Solaris Package
#
# Last Modified: 2 Dec 2011
###################################
TARGET_OS=@TARGET_OS@
TARGET_VER=@TARGET_VER@
TARGET_ARCH=@TARGET_ARCH@
TARGET_PLATFORM=@TARGET_PLATFORM@
SOLARIS_CONFIG_OPTS=--prefix=/opt/nagios --sysconfdir=/etc/nagios --enable-command-args
PKG_NAME=NGOSnrpe
PKG_VERSION=@PKG_VERSION@
PKG_FILE=@PACKAGE_NAME@-$(PKG_VERSION)-$(TARGET_PLATFORM)-$(TARGET_ARCH)-local
TOPDIR=@top_builddir@
PKGDIR=@builddir@/pkg
SRCDIR=@builddir@/build/src
INSTALLDIR=@builddir@/install
ABSINSTALLDIR=@abs_builddir@/install
build:
if [ ! -d build ] ; then mkdir build ; fi
if [ ! -d install ] ; then mkdir install ; fi
cd build; ../../../configure $(SOLARIS_CONFIG_OPTS); $(MAKE) all; DESTDIR=$(ABSINSTALLDIR) $(MAKE) install install-daemon-config
prototype: $(PKGDIR)
@echo "i pkginfo" > $(PKGDIR)/prototype
@echo "i copyright=../$(TOPDIR)/LEGAL" >> $(PKGDIR)/prototype
@echo "i preinstall" >> $(PKGDIR)/prototype
@echo "i i.config" >> $(PKGDIR)/prototype
@echo "i r.config" >> $(PKGDIR)/prototype
@echo "i i.manifest=/usr/sadm/install/scripts/i.manifest" >> $(PKGDIR)/prototype
@echo "i r.manifest=/usr/sadm/install/scripts/r.manifest" >> $(PKGDIR)/prototype
@echo "d none /etc/nagios 0755 nagios nagios" >> $(PKGDIR)/prototype
@echo "f config /etc/nagios/nrpe.cfg=$(INSTALLDIR)/etc/nagios/nrpe.cfg 0600 nagios nagios" >> $(PKGDIR)/prototype
@echo "d none /opt/nagios/bin 0755 nagios bin" >> $(PKGDIR)/prototype
@echo "f none /opt/nagios/bin/nrpe=$(SRCDIR)/nrpe 0755 nagios bin" >> $(PKGDIR)/prototype
@echo "d none /opt/nagios/libexec 0755 nagios bin" >> $(PKGDIR)/prototype
@echo "f none /opt/nagios/libexec/check_nrpe=$(SRCDIR)/check_nrpe 0755 nagios bin" >> $(PKGDIR)/prototype
@echo "f none /lib/svc/method/nrpe=$(PKGDIR)/nrpe 0555 root bin" >> $(PKGDIR)/prototype
@echo "d none /var/svc/manifest/application/nagios 0755 root sys" >> $(PKGDIR)/prototype
@echo "f manifest /var/svc/manifest/application/nagios/nrpe.xml=$(PKGDIR)/nrpe.xml 0444 root sys" >> $(PKGDIR)/prototype
pkginfo: $(PKGDIR)
@echo PKG="$(PKG_NAME)" > $(PKGDIR)/pkginfo
@echo NAME="Nagios Remote Plugin Executor $(PKG_VERSION)" >> $(PKGDIR)/pkginfo
@echo VERSION="$(PKG_VERSION)" >> $(PKGDIR)/pkginfo
@echo ARCH="$(TARGET_ARCH)" >> $(PKGDIR)/pkginfo
@echo CATEGORY="utility" >> $(PKGDIR)/pkginfo
@echo CLASSES="none config manifest" >> $(PKGDIR)/pkginfo
@echo VENDOR="www.nagios.org" >> $(PKGDIR)/pkginfo
@echo EMAIL="nagios-users@lists.sourceforge.net" >> $(PKGDIR)/pkginfo
@echo ISTATES="S s 1 2 3" >> $(PKGDIR)/pkginfo
@echo RSTATES="S s 1 2 3" >> $(PKGDIR)/pkginfo
@echo BASEDIR="/" >> $(PKGDIR)/pkginfo
$(PKG_FILE): pkginfo prototype
pkgmk -o -d $(PKGDIR) -f $(PKGDIR)/prototype -r .
pkgtrans ./pkg $(PKG_FILE) $(PKG_NAME)
pkg: $(PKG_FILE)
all: pkg
clean:
rm -rf build install package
rm -rf $(PKGDIR)/$(PKG_NAME)
rm -f $(PKGDIR)/prototype $(PKGDIR)/pkginfo
rm -f $(PKGDIR)/$(PKG_FILE)
rm -f core
rm -f *~ */*~
distclean: clean
rm -f Makefile
rm -f config.log
devclean: distclean

58
package/solaris/pkg/i.config Normal file
View File

@ -0,0 +1,58 @@
#!/usr/bin/sh
create_cksum_file() {
srcfile=$1
destfile=$2
cksumfile=$3
echo "# DO NOT EDIT OR REMOVE THIS FILE - It is used to determine whether to" > $cksumfile
echo "# overwrite $destfile on package update or to remove" >> $cksumfile
echo "# it on package deletion." >> $cksumfile
/usr/bin/cat $srcfile | /usr/bin/cksum >> $cksumfile
/usr/bin/chmod 400 $cksumfile
}
compare_cksum() {
destfile=$1
cksumfile=$2
installed_cksum=`/usr/bin/tail -1 $cksumfile | /usr/bin/awk '{print $1}'`
current_cksum=`/usr/bin/cksum $destfile | /usr/bin/awk '{print $1}'`
test $installed_cksum = $current_cksum
}
while read src dest ; do
destpath=`echo $dest | /usr/bin/sed -e 's/\/[^/]*$//'`
destbase=`/usr/bin/basename $dest`
cksumfile="${destpath}/.${destbase}.cksum"
if [ -f $dest ] ; then
if [ -f $cksumfile ] ; then
compare_cksum $dest $cksumfile
if [ $? -eq 0 ] ; then
/usr/bin/cp $src $dest
/usr/bin/chmod 600 $dest
/usr/bin/chown nagios:nagios $dest
else
echo "Existing $dest has been found --"
echo " installing $destbase as $dest.pkgnew"
/usr/bin/cp $src $dest.pkgnew
/usr/bin/chmod 600 $dest.pkgnew
/usr/bin/chown nagios:nagios $dest.pkgnew
fi
else
echo "Existing $dest has been found --"
echo " installing $destbase as $dest.pkgnew"
/usr/bin/cp $src $dest.pkgnew
/usr/bin/chmod 600 $dest.pkgnew
/usr/bin/chown nagios:nagios $dest.pkgnew
fi
else
create_cksum_file $src $dest $cksumfile
/usr/bin/cp $src $dest
/usr/bin/chmod 600 $dest
/usr/bin/chown nagios:nagios $dest
fi
done
if [ "$1" = "ENDOFCLASS" ] ; then
exit 0
fi

32
package/solaris/pkg/nrpe Normal file
View File

@ -0,0 +1,32 @@
#!/sbin/sh
#
NRPE=/opt/nagios/bin/nrpe
CFGFILE=/etc/nagios/nrpe.cfg
PIDFILE=/var/run/nrpe.pid
case $1 in
'start')
$NRPE -c $CFGFILE -d
;;
'restart')
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
fi
;;
'stop')
if [ -f "$PIDFILE" ]; then
/usr/bin/kill `/usr/bin/cat $PIDFILE`
/bin/rm -f $PIDFILE
fi
;;
*)
echo "Usage: $0 { start | restart | stop }"
exit 1
;;
esac
exit $?

131
package/solaris/pkg/nrpe.xml Normal file
View File

@ -0,0 +1,131 @@
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
All source code, binaries, documentation, and information contained
in this distribution are provided AS IS with NO WARRANTY OF ANY KIND,
INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR
A PARTICULAR PURPOSE.
Nagios and the Nagios logo are registered trademarks of Nagios Enterprises.
All other trademarks, servicemarks, registered trademarks, and
registered servicemarks are the property of their respective owner(s).
-->
<service_bundle type='manifest' name='NGOS:nrpe'>
<service
name='application/nagios/nrpe'
type='service'
version='1'>
<create_default_instance enabled='false' />
<single_instance />
<dependency name='fs-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/system/filesystem/local' />
</dependency>
<dependency name='fs-autofs'
grouping='optional_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/autofs' />
</dependency>
<dependency name='net-loopback'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/loopback' />
</dependency>
<dependency name='net-physical'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/physical' />
</dependency>
<dependency name='cryptosvc'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/cryptosvc' />
</dependency>
<dependency name='utmp'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/utmp' />
</dependency>
<dependency name='config_data'
grouping='require_all'
restart_on='restart'
type='path'>
<service_fmri
value='file://localhost/etc/nagios/nrpe.cfg' />
</dependency>
<dependent
name='nrpe_multi-user-server'
grouping='optional_all'
restart_on='none'>
<service_fmri
value='svc:/milestone/multi-user-server' />
</dependent>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/nrpe start'
timeout_seconds='60'/>
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/nrpe stop'
timeout_seconds='60' />
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/nrpe restart'
timeout_seconds='60' />
<property_group name='startd'
type='framework'>
<!-- sub-process core dumps shouldn't restart session -->
<propval name='ignore_error'
type='astring' value='core,signal' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>
NRPE daemon
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
Nagios Remote Plugin Executor Daemon
</loctext>
</description>
<!--documentation-->
<!--manpage title='sshd' section='1M' manpath='/usr/share/man' /-->
<!--/documentation-->
</template>
</service>
</service_bundle>

5
package/solaris/pkg/postinstall Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/sh
echo "To begin using NRPE, first edit /etc/nagios/nrpe.cfg, update the"
echo "allowed_hosts line and any command lines. Then start the nrpe service"
echo "by running the command 'svcadm enable nrpe' as root."

35
package/solaris/pkg/preinstall Normal file
View File

@ -0,0 +1,35 @@
#!/usr/bin/sh
user="nagios"
uid=-1
group="nagios"
gid=-1
/usr/bin/getent group $group > /dev/null 2> /dev/null
result=$?
if [ $result -eq 2 ] ; then
echo "Group $group does not exist. Creating..."
if [ $gid -ne -1 ] ; then
/usr/sbin/groupadd -g $gid $group
else
/usr/sbin/groupadd $group
fi
elif [ $result -ne 0 ] ; then
echo "An error occurred determining the existence of the groug $group. Terminating."
exit 1;
fi
/usr/bin/getent passwd $user > /dev/null 2> /dev/null
result=$?
if [ $result -eq 2 ] ; then
echo "User $user does not exist. Creating..."
if [ $uid -ne -1 ] ; then
/usr/sbin/useradd -u $uid -g $group $user
else
/usr/sbin/useradd -g $group $user
fi
elif [ $result -ne 0 ] ; then
echo "An error occurred determining the existence of the user $user. Terminating."
exit 1;
fi

33
package/solaris/pkg/r.config Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/sh
compare_cksum() {
destfile=$1
cksumfile=$2
installed_cksum=`/usr/bin/tail -1 $cksumfile | /usr/bin/awk '{print $1}'`
current_cksum=`/usr/bin/cksum $destfile | /usr/bin/awk '{print $1}'`
test $installed_cksum = $current_cksum
}
while read path ; do
destpath=`echo $path | /usr/bin/sed -e 's/\/[^/]*$//'`
destbase=`/usr/bin/basename $path`
cksumfile="${destpath}/.${destbase}.cksum"
if [ -f $path ] ; then
if [ -f $cksumfile ] ; then
compare_cksum $path $cksumfile
if [ $? -eq 0 ] ; then
/usr/bin/rm -f $path $cksumfile
else
echo "$path has been modified since it was installed -- "
echo " leaving it in place."
fi
else
echo "$path may have been modified since it was installed -- "
echo " leaving it in place."
fi
fi
done
if [ "$1" = "ENDOFCLASS" ] ; then
exit 0
fi

235
sample-config/nrpe.cfg.in Normal file
View File

@ -0,0 +1,235 @@
#############################################################################
# Sample NRPE Config File
# Written by: Ethan Galstad (nagios@nagios.org)
#
# Last Modified: 11-23-2007
#
# NOTES:
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#############################################################################
# LOG FACILITY
# The syslog facility that should be used for logging purposes.
log_facility=@log_facility@
# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.
pid_file=/var/run/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=@nrpe_port@
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#server_address=127.0.0.1
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=@nrpe_user@
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=@nrpe_group@
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=0
# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions
allow_bash_command_substitution=0
# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
debug=0
# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.
command_timeout=60
# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.
connection_timeout=300
# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
#allow_weak_random_seed=1
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!
# The following examples use hardcoded command arguments...
command[check_users]=@libexecdir@/check_users -w 5 -c 10
command[check_load]=@libexecdir@/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=@libexecdir@/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=@libexecdir@/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=@libexecdir@/check_procs -w 150 -c 200
# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.
#command[check_users]=@libexecdir@/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$

16
sample-config/nrpe.xinetd.in Normal file
View File

@ -0,0 +1,16 @@
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = @nrpe_port@
wait = no
user = @nrpe_user@
group = @nrpe_group@
server = @bindir@/nrpe
server_args = -c @sysconfdir@/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1
}

64
src/Makefile.in Normal file
View File

@ -0,0 +1,64 @@
###############################
# Makefile for NRPE
#
# Last Modified: 08-13-2007
###############################
srcdir=@srcdir@
# Source code directories
SRC_INCLUDE=@srcdir@/../include
CFG_INCLUDE=../include
CC=@CC@
CFLAGS=@CFLAGS@ @DEFS@ -I $(CFG_INCLUDE) -I $(SRC_INCLUDE)
LDFLAGS=@LDFLAGS@ @LIBS@
SOCKETLIBS=@SOCKETLIBS@
LIBWRAPLIBS=@LIBWRAPLIBS@
OTHERLIBS=@OTHERLIBS@
CP=@CP@
prefix=@prefix@
exec_prefix=@exec_prefix@
CFGDIR=@sysconfdir@
BINDIR=@bindir@
SBINDIR=@sbindir@
LIBEXECDIR=@libexecdir@
INSTALL=@INSTALL@
NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
# Generated automatically from configure script
SNPRINTF_O=@SNPRINTF_O@
all: nrpe check_nrpe
nrpe: $(srcdir)/nrpe.c $(srcdir)/utils.c $(srcdir)/acl.c $(SRC_INCLUDE)/nrpe.h $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)/common.h $(CFG_INCLUDE)/config.h $(SRC_INCLUDE)/acl.h $(SNPRINTF_O)
$(CC) $(CFLAGS) -o $@ $(srcdir)/nrpe.c $(srcdir)/utils.c $(srcdir)/acl.c $(LDFLAGS) $(SOCKETLIBS) $(LIBWRAPLIBS) $(SNPRINTF_O) $(OTHERLIBS)
check_nrpe: $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)/common.h $(CFG_INCLUDE)/config.h
$(CC) $(CFLAGS) -o $@ $(srcdir)/check_nrpe.c $(srcdir)/utils.c $(LDFLAGS) $(SOCKETLIBS) $(OTHERLIBS)
install:
$(MAKE) install-plugin
$(MAKE) install-daemon
install-plugin:
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR)
install-daemon:
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
$(INSTALL) -m 775 $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR)
clean:
rm -f core nrpe check_nrpe $(SNPRINTF_O)
rm -f *~ */*~
rm -rf nrpe.dSYM check_nrpe.dSYM
distclean: clean
rm -f Makefile
devclean: distclean

613
src/acl.c Normal file
View File

@ -0,0 +1,613 @@
/*-
* acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
* Copyright (c) 2011 Kaspersky Lab ZAO
* Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help
*
* Description:
* acl.c creates two linked lists. One is for IPv4 hosts and networks, another is for domain names.
* All connecting hosts (if allowed_hosts is defined) are checked in these two lists.
*
* Some notes:
* 1) IPv6 isn't supported in ACL.
* 2) Only ANCII names are supported in ACL.
*
* License: GPL
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <syslog.h>
#include <stdarg.h>
#include "../include/acl.h"
/* This function checks if a char argumnet from valid char range.
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
*
* Returns:
* 0 - char isn't from valid group
* 1 - char is a number
* 2 - char is a letter
* 3 - char is a space(' ')
* 4 - char is a dot('.')
* 5 - char is a slash('/')
* 6 - char is a dash('-')
* 7 - char is a comma(',')
*/
int isvalidchar(int c) {
if (!isascii(c))
return 0;
if (isdigit(c))
return 1;
if (isalpha(c))
return 2;
if (isspace(c))
return 3;
switch (c) {
case '.':
return 4;
break;
case '/':
return 5;
break;
case '-':
return 6;
break;
case ',':
return 7;
break;
default:
return 0;
}
}
/*
* Get substring from allowed_hosts from s position to e position.
*/
char * acl_substring(char *string, int s, int e) {
char *substring;
int len = e - s;
if (len < 0)
return NULL;
if ( (substring = malloc(len + 1)) == NULL)
return NULL;
memmove(substring, string + s, len + 1);
return substring;
}
/*
* Add IPv4 host or network to IP ACL. IPv4 format is X.X.X.X[/X].
* Host will be added to ACL only if it has passed IPv4 format check.
*
* Returns:
* 1 - on success
* 0 - on failure
*
* States for IPv4 format check:
* 0 - numbers(-> 1), dot(-> -1), slash(-> -1), other(-> -1)
* 1 - numbers(-> 1), dot(-> 2), slash(-> -1), other(-> -1)
* 2 - numbers(-> 3), dot(-> -1), slash(-> -1), other(-> -1)
* 3 - numbers(-> 3), dot(-> 4), slash(-> -1), other(-> -1)
* 4 - numbers(-> 5), dot(-> -1), slash(-> -1), other(-> -1)
* 5 - numbers(-> 5), dot(-> 6), slash(-> -1), other(-> -1)
* 6 - numbers(-> 7), dot(-> -1), slash(-> -1), other(-> -1)
* 7 - numbers(-> 7), dor(-> -1), slash(-> 8), other(-> -1)
* 8 - numbers(-> 9), dor(-> -1), slash(-> -1), other(-> -1)
* 9 - numbers(-> 9), dot(-> -1), slash(-> -1), other(-> -1)
*
* Good states are 7(IPv4 host) and 9(IPv4 network)
*/
int add_ipv4_to_acl(char *ipv4) {
int state = 0;
int octet = 0;
int index = 0; /* position in data array */
int data[5]; /* array to store ip octets and mask */
int len = strlen(ipv4);
int i, c;
unsigned long ip, mask;
struct ip_acl *ip_acl_curr;
/* Check for min and max IPv4 valid length */
if (len < 7 || len > 18)
return 0;
/* default mask for ipv4 */
data[4] = 32;
/* Basic IPv4 format check */
for (i = 0; i < len; i++) {
/* Return 0 on error state */
if (state == -1)
return 0;
c = ipv4[i];
switch (c) {
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
octet = octet * 10 + CHAR_TO_NUMBER(c);
switch (state) {
case 0: case 2: case 4: case 6: case 8:
state++;
break;
}
break;
case '.':
switch (state) {
case 1: case 3: case 5:
data[index++] = octet;
octet = 0;
state++;
break;
default:
state = -1;
}
break;
case '/':
switch (state) {
case 7:
data[index++] = octet;
octet = 0;
state++;
break;
default:
state = -1;
}
break;
default:
state = -1;
}
}
/* Exit state handling */
switch (state) {
case 7: case 9:
data[index] = octet;
break;
default:
/* Bad states */
return 0;
}
/*
* Final IPv4 format check.
*/
for (i=0; i < 4; i++) {
if (data[i] < 0 || data[i] > 255) {
syslog(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
}
if (data[4] < 0 || data[4] > 32) {
syslog(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
/* Conver ip and mask to unsigned long */
ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
mask = htonl(-1 << (32 - data[4]));
/* Wrong network address */
if ( (ip & mask) != ip) {
syslog(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
return 0;
}
/* Add addr to ip_acl list */
if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
/* Save result in ACL ip list */
ip_acl_curr->family = AF_INET;
ip_acl_curr->addr.s_addr = ip;
ip_acl_curr->mask.s_addr = mask;
ip_acl_curr->next = NULL;
if (ip_acl_head == NULL) {
ip_acl_head = ip_acl_curr;
} else {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
return 1;
}
/*
* Add IPv6 host or network to IP ACL. Host will be added to ACL only if
* it has passed IPv6 format check.
*
*/
int add_ipv6_to_acl(char *ipv6) {
char *ipv6tmp;
char *addrtok;
char *addrsave;
struct in6_addr addr;
struct in6_addr mask;
int maskval;
int byte, bit;
int nbytes = sizeof(mask.s6_addr) / sizeof(mask.s6_addr[0]);
int x;
struct ip_acl *ip_acl_curr;
/* Save temporary copy of ipv6 so we can use the original in error
messages if needed */
ipv6tmp = strdup(ipv6);
if(NULL == ipv6tmp) {
syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
ipv6);
return 0;
}
/* Parse the address itself */
addrtok = strtok_r(ipv6tmp, "/", &addrsave);
if(inet_pton(AF_INET6, addrtok, &addr) <= 0) {
syslog(LOG_ERR, "Invalid IPv6 address in ACL: %s\n", ipv6);
free(ipv6tmp);
return 0;
}
/* Check whether there is a netmask */
addrtok = strtok_r(NULL, "/", &addrsave);
if(NULL != addrtok) {
/* If so, build a netmask */
/* Get the number of bits in the mask */
maskval = atoi(addrtok);
if(maskval < 0 || maskval > 128) {
syslog(LOG_ERR, "Invalid IPv6 netmask in ACL: %s\n", ipv6);
free(ipv6tmp);
return 0;
}
/* Initialize to zero */
for(x = 0; x < nbytes; x++) {
mask.s6_addr[x] = 0;
}
/* Set mask based on mask bits */
byte = 0;
bit = 7;
while(maskval > 0) {
mask.s6_addr[byte] |= 1 << bit;
bit -= 1;
if(bit < 0) {
bit = 7;
byte++;
}
maskval--;
}
}
else {
/* Otherwise, this is a single address */
for(x = 0; x < nbytes; x++) {
mask.s6_addr[x] = 0xFF;
}
}
/* Add address to ip_acl list */
ip_acl_curr = malloc(sizeof(*ip_acl_curr));
if(NULL == ip_acl_curr) {
syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
return 0;
}
/* Save result in ACL ip list */
ip_acl_curr->family = AF_INET6;
for(x = 0; x < nbytes; x++) {
ip_acl_curr->addr6.s6_addr[x] =
addr.s6_addr[x] & mask.s6_addr[x];
ip_acl_curr->mask6.s6_addr[x] = mask.s6_addr[x];
}
ip_acl_curr->next = NULL;
if(NULL == ip_acl_head) {
ip_acl_head = ip_acl_curr;
}
else {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
free(ipv6tmp);
return 1;
}
/*
* Add domain to DNS ACL list
* Domain will be added only if it has passed domain name check.
*
* In this case domain valid format is:
* 1) Domain names must use only alphanumeric characters and dashes (-).
* 2) Domain names mustn't begin or end with dashes (-).
* 3) Domain names mustn't have more than 63 characters.
*
* Return:
* 1 - for success
* 0 - for failure
*
* 0 - alpha(-> 1), number(-> 1), dot(-> -1), dash(-> -1), all other(-> -1)
* 1 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 2 - alpha(-> 3), number(-> 1), dot(-> -1), dash(-> -1), all other(-> -1)
* 3 - alpha(-> 4), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 4 - alpha(-> 5), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 5 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 6 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* For real FQDN only 4 and 5 states are good for exit.
* I don't check if top domain exists (com, ru and etc.)
* But in real life NRPE could work in LAN,
* with local domain zones like .local or with names like 'mars' added to /etc/hosts.
* So 1 is good state too. And maybe this check is not necessary at all...
*/
int add_domain_to_acl(char *domain) {
int state = 0;
int len = strlen(domain);
int i, c;
struct dns_acl *dns_acl_curr;
if (len > 63)
return 0;
for (i = 0; i < len; i++) {
c = domain[i];
switch (isvalidchar(c)) {
case 1:
state = 1;
break;
case 2:
switch (state) {
case 0: case 1: case 5: case 6:
state = 1;
break;
case 2: case 3: case 4:
state++;
break;
}
break;
case 4:
switch (state) {
case 0: case 2:
state = -1;
break;
default:
state = 2;
}
break;
case 6:
switch (state) {
case 0: case 2:
state = -1;
break;
default:
state = 6;
}
break;
default:
/* Not valid chars */
return 0;
}
}
/* Check exit code */
switch (state) {
case 1: case 4: case 5:
/* Add name to domain ACL list */
if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
strcpy(dns_acl_curr->domain, domain);
dns_acl_curr->next = NULL;
if (dns_acl_head == NULL)
dns_acl_head = dns_acl_curr;
else
dns_acl_prev->next = dns_acl_curr;
dns_acl_prev = dns_acl_curr;
return 1;
default:
return 0;
}
}
/* Checks connectiong host in ACL
*
* Returns:
* 1 - on success
* 0 - on failure
*/
int is_an_allowed_host(int family, void *host) {
struct ip_acl *ip_acl_curr = ip_acl_head;
int nbytes;
int x;
struct dns_acl *dns_acl_curr = dns_acl_head;
struct in_addr addr;
struct in6_addr addr6;
struct hostent *he;
while (ip_acl_curr != NULL) {
if(ip_acl_curr->family == family) {
switch(ip_acl_curr->family) {
case AF_INET:
if((((struct in_addr *)host)->s_addr &
ip_acl_curr->mask.s_addr) ==
ip_acl_curr->addr.s_addr) {
return 1;
}
break;
case AF_INET6:
nbytes = sizeof(ip_acl_curr->mask6.s6_addr) /
sizeof(ip_acl_curr->mask6.s6_addr[0]);
for(x = 0; x < nbytes; x++) {
if((((struct in6_addr *)host)->s6_addr[x] &
ip_acl_curr->mask6.s6_addr[x]) !=
ip_acl_curr->addr6.s6_addr[x]) {
break;
}
}
if(x == nbytes) {
/* All bytes in host's address pass the netmask mask */
return 1;
}
break;
}
}
ip_acl_curr = ip_acl_curr->next;
}
while(dns_acl_curr != NULL) {
he = gethostbyname(dns_acl_curr->domain);
if (he == NULL) return 0;
while (*he->h_addr_list) {
switch(he->h_addrtype) {
case AF_INET:
memmove((char *)&addr,*he->h_addr_list++, sizeof(addr));
if (addr.s_addr == ((struct in_addr *)host)->s_addr) return 1;
break;
case AF_INET6:
memcpy((char *)&addr6, *he->h_addr_list++, sizeof(addr6));
for(x = 0; x < nbytes; x++) {
if(addr6.s6_addr[x] !=
((struct in6_addr *)host)->s6_addr[x]) {
break;
}
}
if(x == nbytes) {
/* All bytes in host's address match the ACL */
return 1;
}
break;
}
}
dns_acl_curr = dns_acl_curr->next;
}
return 0;
}
/* The trim() function takes a source string and copies it to the destination string,
* stripped of leading and training whitespace. The destination string must be
* allocated at least as large as the source string.
*/
void trim( char *src, char *dest) {
char *sptr, *dptr;
for( sptr = src; isblank( *sptr) && *sptr; sptr++); /* Jump past leading spaces */
for( dptr = dest; !isblank( *sptr) && *sptr; ) {
*dptr = *sptr;
sptr++;
dptr++;
}
*dptr = '\0';
return;
}
/* This function splits allowed_hosts to substrings with comma(,) as a delimeter.
* It doesn't check validness of ACL record (add_ipv4_to_acl() and add_domain_to_acl() do),
* just trims spaces from ACL records.
* After this it sends ACL records to add_ipv4_to_acl() or add_domain_to_acl().
*/
void parse_allowed_hosts(char *allowed_hosts) {
char *hosts = strdup( allowed_hosts); /* Copy since strtok* modifes original */
char *saveptr;
char *tok;
const char *delim = ",";
char *trimmed_tok;
tok = strtok_r( hosts, delim, &saveptr);
while( tok) {
trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
trim( tok, trimmed_tok);
if( strlen( trimmed_tok) > 0) {
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
&& !add_domain_to_acl(trimmed_tok)) {
syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
}
}
free( trimmed_tok);
tok = strtok_r(( char *)0, delim, &saveptr);
}
free( hosts);
}
/*
* Converts mask in unsigned long format to two digit prefix
*/
unsigned int prefix_from_mask(struct in_addr mask) {
int prefix = 0;
unsigned long bit = 1;
int i;
for (i = 0; i < 32; i++) {
if (mask.s_addr & bit)
prefix++;
bit = bit << 1;
}
return (prefix);
}
/*
* It shows all hosts in ACL lists
*/
void show_acl_lists(void) {
struct ip_acl *ip_acl_curr = ip_acl_head;
struct dns_acl *dns_acl_curr = dns_acl_head;
while (ip_acl_curr != NULL) {
printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
ip_acl_curr = ip_acl_curr->next;
}
while (dns_acl_curr != NULL) {
printf("DNS ACL: %s\n", dns_acl_curr->domain);
dns_acl_curr = dns_acl_curr->next;
}
}

490
src/check_nrpe.c Normal file
View File

@ -0,0 +1,490 @@
/********************************************************************************************
*
* CHECK_NRPE.C - NRPE Plugin For Nagios
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
* License: GPL
*
* Last Modified: 09-06-2013
*
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
*
* Description:
*
* This plugin will attempt to connect to the NRPE daemon on the specified server and port.
* The daemon will attempt to run the command defined as [command]. Program output and
* return code are sent back from the daemon and displayed as this plugin's own output and
* return code.
*
********************************************************************************************/
#include "config.h"
#include "common.h"
#include "utils.h"
#define DEFAULT_NRPE_COMMAND "_NRPE_CHECK" /* check version of NRPE daemon */
u_short server_port=DEFAULT_SERVER_PORT;
char *server_name=NULL;
char *bind_address=NULL;
struct sockaddr_storage hostaddr;
int address_family=AF_UNSPEC;
char *command_name=NULL;
int socket_timeout=DEFAULT_SOCKET_TIMEOUT;
int timeout_return_code=STATE_CRITICAL;
int sd;
char query[MAX_INPUT_BUFFER]="";
int show_help=FALSE;
int show_license=FALSE;
int show_version=FALSE;
#ifdef HAVE_SSL
#ifdef __sun
SSL_METHOD *meth;
#else
const SSL_METHOD *meth;
#endif
SSL_CTX *ctx;
SSL *ssl;
int use_ssl=TRUE;
#else
int use_ssl=FALSE;
#endif
int process_arguments(int,char **);
void alarm_handler(int);
int graceful_close(int,int);
int main(int argc, char **argv){
u_int32_t packet_crc32;
u_int32_t calculated_crc32;
int16_t result;
int rc;
packet send_packet;
packet receive_packet;
int bytes_to_send;
int bytes_to_recv;
result=process_arguments(argc,argv);
if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE){
if(result!=OK)
printf("Incorrect command line arguments supplied\n");
printf("\n");
printf("NRPE Plugin for Nagios\n");
printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
printf("Version: %s\n",PROGRAM_VERSION);
printf("Last Modified: %s\n",MODIFICATION_DATE);
printf("License: GPL v2 with exemptions (-l for more info)\n");
#ifdef HAVE_SSL
printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n");
#endif
printf("\n");
}
if(result!=OK || show_help==TRUE){
printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
printf("\n");
printf("Options:\n");
printf(" -n = Do no use SSL\n");
printf(" -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL\n");
printf(" <host> = The address of the host running the NRPE daemon\n");
printf(" <bindaddr> = bind to local address\n");
printf(" -4 = user ipv4 only\n");
printf(" -6 = user ipv6 only\n");
printf(" [port] = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT);
printf(" [timeout] = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
printf(" [command] = The name of the command that the remote daemon should run\n");
printf(" [arglist] = Optional arguments that should be passed to the command. Multiple\n");
printf(" arguments should be separated by a space. If provided, this must be\n");
printf(" the last option supplied on the command line.\n");
printf("\n");
printf("Note:\n");
printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
printf("You must also have configured the daemon to associate a specific plugin command\n");
printf("with the [command] option you are specifying here. Upon receipt of the\n");
printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
printf("send the plugin output and return code back to *this* plugin. This allows you\n");
printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
printf("the plugin is being run locally.\n");
printf("\n");
}
if(show_license==TRUE)
display_license();
if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE)
exit(STATE_UNKNOWN);
/* generate the CRC 32 table */
generate_crc32_table();
#ifdef HAVE_SSL
/* initialize SSL */
if(use_ssl==TRUE){
SSL_library_init();
SSLeay_add_ssl_algorithms();
meth=SSLv23_client_method();
SSL_load_error_strings();
if((ctx=SSL_CTX_new(meth))==NULL){
printf("CHECK_NRPE: Error - could not create SSL context.\n");
exit(STATE_CRITICAL);
}
/* ADDED 01/19/2004 */
/* use only TLSv1 protocol */
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
}
#endif
/* initialize alarm signal handling */
signal(SIGALRM,alarm_handler);
/* set socket timeout */
alarm(socket_timeout);
/* try to connect to the host at the given port number */
if((sd=my_connect(server_name, &hostaddr, server_port, address_family,
bind_address)) < 0 ) {
exit (255);
}
else {
result=STATE_OK;
}
#ifdef HAVE_SSL
/* do SSL handshake */
if(result==STATE_OK && use_ssl==TRUE){
if((ssl=SSL_new(ctx))!=NULL){
SSL_CTX_set_cipher_list(ctx,"ADH");
SSL_set_fd(ssl,sd);
if((rc=SSL_connect(ssl))!=1){
printf("CHECK_NRPE: Error - Could not complete SSL handshake.\n");
#ifdef DEBUG
printf("SSL_connect=%d\n",rc);
/*
rc=SSL_get_error(ssl,rc);
printf("SSL_get_error=%d\n",rc);
printf("ERR_get_error=%lu\n",ERR_get_error());
printf("%s\n",ERR_error_string(rc,NULL));
*/
ERR_print_errors_fp(stdout);
#endif
result=STATE_CRITICAL;
}
}
else{
printf("CHECK_NRPE: Error - Could not create SSL connection structure.\n");
result=STATE_CRITICAL;
}
/* bail if we had errors */
if(result!=STATE_OK){
SSL_CTX_free(ctx);
close(sd);
exit(result);
}
}
#endif
/* we're connected and ready to go */
if(result==STATE_OK){
/* clear the packet buffer */
bzero(&send_packet,sizeof(send_packet));
/* fill the packet with semi-random data */
randomize_buffer((char *)&send_packet,sizeof(send_packet));
/* initialize packet data */
send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
send_packet.packet_type=(int16_t)htons(QUERY_PACKET);
strncpy(&send_packet.buffer[0],query,MAX_PACKETBUFFER_LENGTH);
send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
/* calculate the crc 32 value of the packet */
send_packet.crc32_value=(u_int32_t)0L;
calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
send_packet.crc32_value=(u_int32_t)htonl(calculated_crc32);
/***** ENCRYPT REQUEST *****/
/* send the packet */
bytes_to_send=sizeof(send_packet);
if(use_ssl==FALSE)
rc=sendall(sd,(char *)&send_packet,&bytes_to_send);
#ifdef HAVE_SSL
else{
rc=SSL_write(ssl,&send_packet,bytes_to_send);
if(rc<0)
rc=-1;
}
#endif
if(rc==-1){
printf("CHECK_NRPE: Error sending query to host.\n");
close(sd);
return STATE_UNKNOWN;
}
/* wait for the response packet */
bytes_to_recv=sizeof(receive_packet);
if(use_ssl==FALSE)
rc=recvall(sd,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
#ifdef HAVE_SSL
else
rc=SSL_read(ssl,&receive_packet,bytes_to_recv);
#endif
/* reset timeout */
alarm(0);
/* close the connection */
#ifdef HAVE_SSL
if(use_ssl==TRUE){
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
}
#endif
graceful_close(sd,1000);
/* recv() error */
if(rc<0){
printf("CHECK_NRPE: Error receiving data from daemon.\n");
return STATE_UNKNOWN;
}
/* server disconnected */
else if(rc==0){
printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n");
return STATE_UNKNOWN;
}
/* receive underflow */
else if(bytes_to_recv<sizeof(receive_packet)){
printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
return STATE_UNKNOWN;
}
/***** DECRYPT RESPONSE *****/
/* check the crc 32 value */
packet_crc32=ntohl(receive_packet.crc32_value);
receive_packet.crc32_value=0L;
calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
if(packet_crc32!=calculated_crc32){
printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
close(sd);
return STATE_UNKNOWN;
}
/* check packet version */
if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
printf("CHECK_NRPE: Invalid packet version received from server.\n");
close(sd);
return STATE_UNKNOWN;
}
/* check packet type */
if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
printf("CHECK_NRPE: Invalid packet type received from server.\n");
close(sd);
return STATE_UNKNOWN;
}
/* get the return code from the remote plugin */
result=(int16_t)ntohs(receive_packet.result_code);
/* print the output returned by the daemon */
receive_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
if(!strcmp(receive_packet.buffer,""))
printf("CHECK_NRPE: No output returned from daemon.\n");
else
printf("%s\n",receive_packet.buffer);
}
/* reset the alarm */
else
alarm(0);
return result;
}
/* process command line arguments */
int process_arguments(int argc, char **argv){
char optchars[MAX_INPUT_BUFFER];
int argindex=0;
int c=1;
int i=1;
#ifdef HAVE_GETOPT_LONG
int option_index=0;
static struct option long_options[]={
{"host", required_argument, 0, 'H'},
{"bind", required_argument, 0, 'b'},
{"command", required_argument, 0, 'c'},
{"args", required_argument, 0, 'a'},
{"no-ssl", no_argument, 0, 'n'},
{"unknown-timeout", no_argument, 0, 'u'},
{"ipv4", no_argument, 0, '4'},
{"ipv6", no_argument, 0, '6'},
{"timeout", required_argument, 0, 't'},
{"port", required_argument, 0, 'p'},
{"help", no_argument, 0, 'h'},
{"license", no_argument, 0, 'l'},
{0, 0, 0, 0}
};
#endif
/* no options were supplied */
if(argc<2)
return ERROR;
snprintf(optchars,MAX_INPUT_BUFFER,"H:b:c:a:t:p:nu46hl");
while(1){
#ifdef HAVE_GETOPT_LONG
c=getopt_long(argc,argv,optchars,long_options,&option_index);
#else
c=getopt(argc,argv,optchars);
#endif
if(c==-1 || c==EOF)
break;
/* process all arguments */
switch(c){
case '?':
case 'h':
show_help=TRUE;
break;
case 'b':
bind_address=strdup(optarg);
break;
case 'V':
show_version=TRUE;
break;
case 'l':
show_license=TRUE;
break;
case 't':
socket_timeout=atoi(optarg);
if(socket_timeout<=0)
return ERROR;
break;
case 'p':
server_port=atoi(optarg);
if(server_port<=0)
return ERROR;
break;
case 'H':
server_name=strdup(optarg);
break;
case 'c':
command_name=strdup(optarg);
break;
case 'a':
argindex=optind;
break;
case 'n':
use_ssl=FALSE;
break;
case 'u':
timeout_return_code=STATE_UNKNOWN;
break;
case '4':
address_family=AF_INET;
break;
case '6':
address_family=AF_INET6;
break;
default:
return ERROR;
break;
}
}
/* determine (base) command query */
snprintf(query,sizeof(query),"%s",(command_name==NULL)?DEFAULT_NRPE_COMMAND:command_name);
query[sizeof(query)-1]='\x0';
/* get the command args */
if(argindex>0){
for(c=argindex-1;c<argc;c++){
i=sizeof(query)-strlen(query)-2;
if(i<=0)
break;
strcat(query,"!");
strncat(query,argv[c],i);
query[sizeof(query)-1]='\x0';
}
}
/* make sure required args were supplied */
if(server_name==NULL && show_help==FALSE && show_version==FALSE && show_license==FALSE)
return ERROR;
return OK;
}
void alarm_handler(int sig){
printf("CHECK_NRPE: Socket timeout after %d seconds.\n",socket_timeout);
exit(timeout_return_code);
}
/* submitted by Mark Plaksin 08/31/2006 */
int graceful_close(int sd, int timeout){
fd_set in;
struct timeval tv;
char buf[1000];
/* send FIN packet */
shutdown(sd,SHUT_WR);
for(;;){
FD_ZERO(&in);
FD_SET(sd,&in);
tv.tv_sec=timeout/1000;
tv.tv_usec=(timeout % 1000)*1000;
/* timeout or error */
if(1!=select(sd+1,&in,NULL,NULL,&tv))
break;
/* no more data (FIN or RST) */
if(0>=recv(sd,buf,sizeof(buf),0))
break;
}
#ifdef HAVE_CLOSESOCKET
closesocket(sd);
#else
close(sd);
#endif
return OK;
}

2162
src/nrpe.c Normal file
View File

File diff suppressed because it is too large Load Diff

1452
src/snprintf.c Normal file
View File

File diff suppressed because it is too large Load Diff

390
src/utils.c Normal file
View File

@ -0,0 +1,390 @@
/****************************************************************************
*
* UTILS.C - NRPE Utility Functions
*
* License: GPL
* Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
*
* Last Modified: 12-11-2006
*
* Description:
*
* This file contains common network functions used in nrpe and check_nrpe.
*
* License Information:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#include "../include/common.h"
#include "../include/utils.h"
#ifndef NI_MAXSERV
#define NI_MAXSERV 32
#endif
#ifndef NI_MAXHOST
#define NI_MAXHOST 1025
#endif
static unsigned long crc32_table[256];
/* build the crc table - must be called before calculating the crc value */
void generate_crc32_table(void){
unsigned long crc, poly;
int i, j;
poly=0xEDB88320L;
for(i=0;i<256;i++){
crc=i;
for(j=8;j>0;j--){
if(crc & 1)
crc=(crc>>1)^poly;
else
crc>>=1;
}
crc32_table[i]=crc;
}
return;
}
/* calculates the CRC 32 value for a buffer */
unsigned long calculate_crc32(char *buffer, int buffer_size){
register unsigned long crc;
int this_char;
int current_index;
crc=0xFFFFFFFF;
for(current_index=0;current_index<buffer_size;current_index++){
this_char=(int)buffer[current_index];
crc=((crc>>8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
}
return (crc ^ 0xFFFFFFFF);
}
/* fill a buffer with semi-random data */
void randomize_buffer(char *buffer,int buffer_size){
FILE *fp;
int x;
int seed;
/**** FILL BUFFER WITH RANDOM ALPHA-NUMERIC CHARACTERS ****/
/***************************************************************
Only use alpha-numeric characters becase plugins usually
only generate numbers and letters in their output. We
want the buffer to contain the same set of characters as
plugins, so its harder to distinguish where the real output
ends and the rest of the buffer (padded randomly) starts.
***************************************************************/
/* try to get seed value from /dev/urandom, as its a better source of entropy */
fp=fopen("/dev/urandom","r");
if(fp!=NULL){
seed=fgetc(fp);
fclose(fp);
}
/* else fallback to using the current time as the seed */
else
seed=(int)time(NULL);
srand(seed);
for(x=0;x<buffer_size;x++)
buffer[x]=(int)'0'+(int)(72.0*rand()/(RAND_MAX+1.0));
return;
}
/* opens a connection to a remote host */
int my_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port,
int address_family, const char *bind_address){
int gaierr;
int sock = -1;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
struct addrinfo hints, *ai, *aitop;
memset(&hints, 0, sizeof(hints));
hints.ai_family = address_family;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
fprintf(stderr,"Could not resolve hostname %.100s: %s\n", host,
gai_strerror(gaierr));
exit(1);
}
/*
* Loop through addresses for this host, and try each one in
* sequence until the connection succeeds.
*/
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue;
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
fprintf(stderr, "my_connect: getnameinfo failed\n");
continue;
}
/* Create a socket for connecting. */
sock = my_create_socket(ai, bind_address);
if (sock < 0) {
/* Any error is already output */
continue;
}
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
/* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
break;
}
else {
fprintf(stderr,"connect to address %s port %s: %s\n", ntop, strport,
strerror(errno));
close(sock);
sock = -1;
}
}
freeaddrinfo(aitop);
/* Return failure if we didn't get a successful connection. */
if (sock == -1) {
fprintf(stderr, "connect to host %s port %s: %s", host, strport,
strerror(errno));
return -1;
}
return sock;
}
/* Creates a socket for the connection. */
int my_create_socket(struct addrinfo *ai, const char *bind_address) {
int sock, gaierr;
struct addrinfo hints, *res;
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) fprintf(stderr,"socket: %.100s\n", strerror(errno));
/* Bind the socket to an alternative local IP address */
if (bind_address == NULL) return sock;
memset(&hints, 0, sizeof(hints));
hints.ai_family = ai->ai_family;
hints.ai_socktype = ai->ai_socktype;
hints.ai_protocol = ai->ai_protocol;
hints.ai_flags = AI_PASSIVE;
gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
if(gaierr) {
fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address,
gai_strerror(gaierr));
close(sock);
return -1;
}
if(bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
close(sock);
freeaddrinfo(res);
return -1;
}
freeaddrinfo(res);
return sock;
}
void add_listen_addr(struct addrinfo **listen_addrs, int address_family,
char *addr, int port) {
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr;
memset(&hints, 0, sizeof(hints));
hints.ai_family = address_family;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
snprintf(strport, sizeof strport, "%d", port);
if((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
syslog(LOG_ERR,"bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
gai_strerror(gaierr));
exit(1);
}
for(ai = aitop; ai->ai_next; ai = ai->ai_next);
ai->ai_next = *listen_addrs;
*listen_addrs = aitop;
}
void strip(char *buffer){
int x;
int index;
for(x=strlen(buffer);x>=1;x--){
index=x-1;
if(buffer[index]==' ' || buffer[index]=='\r' || buffer[index]=='\n' || buffer[index]=='\t')
buffer[index]='\x0';
else
break;
}
return;
}
/* sends all data - thanks to Beej's Guide to Network Programming */
int sendall(int s, char *buf, int *len){
int total=0;
int bytesleft=*len;
int n=0;
/* send all the data */
while(total<*len){
/* send some data */
n=send(s,buf+total,bytesleft,0);
/* break on error */
if(n==-1)
break;
/* apply bytes we sent */
total+=n;
bytesleft-=n;
}
/* return number of bytes actually send here */
*len=total;
/* return -1 on failure, 0 on success */
return n==-1?-1:0;
}
/* receives all data - modelled after sendall() */
int recvall(int s, char *buf, int *len, int timeout){
int total=0;
int bytesleft=*len;
int n=0;
time_t start_time;
time_t current_time;
/* clear the receive buffer */
bzero(buf,*len);
time(&start_time);
/* receive all data */
while(total<*len){
/* receive some data */
n=recv(s,buf+total,bytesleft,0);
/* no data has arrived yet (non-blocking socket) */
if(n==-1 && errno==EAGAIN){
time(&current_time);
if(current_time-start_time>timeout)
break;
sleep(1);
continue;
}
/* receive error or client disconnect */
else if(n<=0)
break;
/* apply bytes we received */
total+=n;
bytesleft-=n;
}
/* return number of bytes actually received here */
*len=total;
/* return <=0 on failure, bytes received on success */
return (n<=0)?n:total;
}
/* fixes compiler problems under Solaris, since strsep() isn't included */
/* this code is taken from the glibc source */
char *my_strsep (char **stringp, const char *delim){
char *begin, *end;
begin = *stringp;
if (begin == NULL)
return NULL;
/* A frequent case is when the delimiter string contains only one
character. Here we don't need to call the expensive `strpbrk'
function and instead work using `strchr'. */
if(delim[0]=='\0' || delim[1]=='\0'){
char ch = delim[0];
if(ch=='\0')
end=NULL;
else{
if(*begin==ch)
end=begin;
else
end=strchr(begin+1,ch);
}
}
else
/* Find the end of the token. */
end = strpbrk (begin, delim);
if(end){
/* Terminate the token and set *STRINGP past NUL character. */
*end++='\0';
*stringp=end;
}
else
/* No more delimiters; this is the last token. */
*stringp=NULL;
return begin;
}
/* show license */
void display_license(void){
printf("This program is released under the GPL (see below) with the additional\n");
printf("exemption that compiling, linking, and/or using OpenSSL is allowed.\n\n");
printf("This program is free software; you can redistribute it and/or modify\n");
printf("it under the terms of the GNU General Public License as published by\n");
printf("the Free Software Foundation; either version 2 of the License, or\n");
printf("(at your option) any later version.\n\n");
printf("This program is distributed in the hope that it will be useful,\n");
printf("but WITHOUT ANY WARRANTY; without even the implied warranty of\n");
printf("MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n");
printf("GNU General Public License for more details.\n\n");
printf("You should have received a copy of the GNU General Public License\n");
printf("along with this program; if not, write to the Free Software\n");
printf("Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
return;
}

61
subst.in Executable file
View File

@ -0,0 +1,61 @@
#!/usr/bin/perl -w
# This script finishes the job started by config.status by replacing the variables
# of the form ${...} which were inserted into the file(s) by config.status.
# Read all files with a single read statement
$/ = undef;
# List of variables to replace
my %configvars = (
"prefix" => { "value" => '@prefix@'},
"exec_prefix" => { "value" => '@exec_prefix@'},
);
sub replace_var {
my $filep = shift;
my $cvp = shift;
my $varname = shift;
return if( $cvp->{ $varname}->{ "replaced"});
if( defined( $cvp->{ $varname}->{ "dependency"})) {
if( !$cvp->{ $cvp->{ $varname}->{ "dependency"}}->{ "replaced"}) {
# If a dependency exists and it is not already replaced, replace it
replace_var( $filep, $cvp, $cvp->{ $varname}->{ "dependency"});
}
}
my $replacement = $cvp->{ $varname}->{ "value"};
$$filep =~ s/\${$varname}/$replacement/g;
$cvp->{ $varname}->{ "replaced"} = 1;
}
# Figure out the dependencies.
foreach my $cv ( keys %configvars ) {
if( $configvars{ $cv}->{ "value"} =~ /\${([^}]+)}/) {
my $dependency = $1;
if( exists( $configvars{ $dependency})) {
$configvars{ $dependency}->{ "dependency"} = $cv;
}
$configvars{ $cv}->{ "replaced"} = 0;
}
}
# Process each file
while ($f = shift @ARGV) {
# Read in the file
open( FILE, $f) || die "Unable to open $f for reading";
my $file = <FILE>;
close( FILE) || die "Unable to close $f after reading";
# Replace each of the variables we know about
foreach $cv ( keys %configvars ) {
replace_var( \$file, \%configvars, $cv);
}
# Write out the replacements
open( FILE, ">$f") || die "Unable to open $f for writing";
print FILE $file;
close( FILE) || die "Unable to close $f after writing";
}

81
update-version Executable file
View File

@ -0,0 +1,81 @@
#!/bin/sh
# Make sure autoconf is installed and is the correct version
min_autoconf_major=2
min_autoconf_minor=59
autoconf_error="Autoconf version $min_autoconf_major.$min_autoconf_minor or later must be installed to run this script."
autoconf_version=`(autoconf -V 2> /dev/null) |\
grep "^autoconf (GNU Autoconf)" | gawk '{print $NF}'`
if [ "$autoconf_version" != "" ] ; then
autoconf_major=`echo $autoconf_version | gawk -F '.' '{print $1}'`
autoconf_minor=`echo $autoconf_version | gawk -F '.' '{print $2}'`
if [ $autoconf_major -lt $min_autoconf_major -o $autoconf_minor -lt $min_autoconf_minor ] ; then
echo $autoconf_error
exit 1
fi
else
echo $autoconf_error
exit 1
fi
# Get date (two formats)
if [ -n "$2" ]; then
LONGDATE=`date -d "$2" "+%B %d, %Y"`
SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
else
LONGDATE=`date "+%B %d, %Y"`
SHORTDATE=`date "+%m-%d-%Y"`
fi
# Current version number
CURRENTVERSION=2.15
# Last date
LASTDATE=09-06-2013
if [ "x$1" = "x" ]
then
echo "Usage: $0 <version number | \"newdate\"> [revision date]"
echo ""
echo "Run this script with the name of the new version (i.e \"2.6\") to"
echo "update version number and modification date in files."
echo "Use the \"newdate\" argument if you want to keep the current version"
echo "number and just update the modification date."
echo ""
echo "Current version=$CURRENTVERSION"
echo "Current Modification date=$LASTDATE"
echo ""
exit 1
fi
newversion=$1
if [ "x$newversion" = "xnewdate" ]
then
newversion=$CURRENTVERSION
fi
# Update version number and release date in common code
perl -i -p -e "s/VERSION \".*\"/VERSION \"$1\"/;" include/common.h
perl -i -p -e "s/MODIFICATION_DATE \".*\"/MODIFICATION_DATE \"$SHORTDATE\"/;" include/common.h
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" include/common.h
# Update version number and release date in main code
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/nrpe.c
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/check_nrpe.c
# Update version number and release date in configure.in
perl -i -p -e "if( /^AC_INIT/) { s/$CURRENTVERSION/$1/; }" configure.in
perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.in
perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.in
# Run autoconf to update configure (this is easier than updating every instance
# of the version number in configure)
autoconf
# Update RPM spec file with version number
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec
# Update this file with version number and last date
perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version
perl -i -p -e "s/^LASTDATE=.*/LASTDATE=$SHORTDATE/;" update-version