From 3864e8204a829d909692fad3596a3db2142920d9 Mon Sep 17 00:00:00 2001 From: Alexander Wirt Date: Tue, 15 Jul 2014 18:30:36 +0200 Subject: [PATCH] Imported Debian patch 2.15-1 --- debian/NEWS | 38 +++ debian/README.Debian | 23 ++ debian/README.source | 3 + debian/TODO | 5 + debian/changelog | 314 ++++++++++++++++++ debian/check_nrpe.cfg | 11 + debian/compat | 1 + debian/control | 36 ++ debian/copyright | 37 +++ debian/dirs | 1 + debian/docs | 3 + debian/nagios-nrpe-plugin.install | 2 + debian/nagios-nrpe-plugin.postrm | 9 + debian/nagios-nrpe-server.default | 12 + debian/nagios-nrpe-server.init | 85 +++++ debian/nagios-nrpe-server.install | 3 + debian/nagios-nrpe-server.manpages | 1 + debian/nagios-nrpe-server.preinst | 55 +++ debian/nrpe.8 | 52 +++ debian/nrpe_local.cfg | 3 + debian/patches/00list | 6 + .../patches/02_nrpe.cfg_local-include.dpatch | 19 ++ debian/patches/03_support_nrpe.d.dpatch | 21 ++ debian/patches/04_weird_output.dpatch | 20 ++ debian/patches/05_pid_privileges.dpatch | 27 ++ debian/patches/06_pid_directory.dpatch | 19 ++ debian/patches/07_warn_ssloption.dpatch | 30 ++ debian/patches/09_noremove_pid.dpatch | 34 ++ debian/rules | 22 ++ debian/watch | 3 + 30 files changed, 895 insertions(+) create mode 100644 debian/NEWS create mode 100644 debian/README.Debian create mode 100644 debian/README.source create mode 100644 debian/TODO create mode 100644 debian/changelog create mode 100644 debian/check_nrpe.cfg create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/dirs create mode 100644 debian/docs create mode 100644 debian/nagios-nrpe-plugin.install create mode 100644 debian/nagios-nrpe-plugin.postrm create mode 100644 debian/nagios-nrpe-server.default create mode 100644 debian/nagios-nrpe-server.init create mode 100644 debian/nagios-nrpe-server.install create mode 100644 debian/nagios-nrpe-server.manpages create mode 100644 debian/nagios-nrpe-server.preinst create mode 100644 debian/nrpe.8 create mode 100644 debian/nrpe_local.cfg create mode 100644 debian/patches/00list create mode 100644 debian/patches/02_nrpe.cfg_local-include.dpatch create mode 100644 debian/patches/03_support_nrpe.d.dpatch create mode 100644 debian/patches/04_weird_output.dpatch create mode 100644 debian/patches/05_pid_privileges.dpatch create mode 100644 debian/patches/06_pid_directory.dpatch create mode 100644 debian/patches/07_warn_ssloption.dpatch create mode 100644 debian/patches/09_noremove_pid.dpatch create mode 100755 debian/rules create mode 100644 debian/watch diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..04c44b1 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,38 @@ +nagios-nrpe (2.15-1) unstable; urgency=high + + This update disables the command-args support in nrpe. The feature + has several security problems and is often used wrong. If you have to + use this feature recompile the package with --enable-command-args + in debian/rules. + + -- Alexander Wirt Tue, 15 Jul 2014 09:52:48 +0200 + +nagios-nrpe (2.12-4) unstable; urgency=low + + The pidfile creation mechanism changed with this update. If you do not + add "pid_file=/var/run/nagios/nrpe.pid" to you nrpe config take care that + the user "nagios" is able to write to your pidfile location. You can also + change the initscript to create the pid directory on your own. + + -- Alexander Wirt Tue, 07 Jul 2009 07:42:13 +0200 + +nagios-nrpe (2.12-3) unstable; urgency=low + + The homedirectory of the nagios user moved to /var/lib/nagios + which is now common on all nagios related packages. Its recommended + that you migrate an already existing nagios user to use /var/lib/nagios + as homedirectory. + + -- Alexander Wirt Sat, 21 Mar 2009 09:08:58 +0100 + +nagios-nrpe (2.4-1) unstable; urgency=low + + the nagios-nrpe-doc package is no longer provided. the documentation + can now be found in /usr/share/doc/nagios-nrpe-{server|plugins}. new + versions of the plugin and server packages conflict with the doc + package to prevent the old (and possibly incorrect in the future) + documentation from remaining. to fully purge all information about + the package you should run: + dpkg -P nagios-nrpe-doc + + -- sean finney Mon, 13 Mar 2006 15:47:47 +0100 diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..1fbe5b7 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,23 @@ +nrpe +---- + +Put any local check command you need into /etc/nagios/nrpe_local.cfg or +as a *.cfg file in /etc/nagios/nrpe.d/ +This files are included from the /etc/nagios/nrpe.cfg + +This package is built without support for command argument processing. If you +want to enable it, you will have to rebuild this package with +--enable-command-args in debian/rules. +The feature has several security problems and should not be used. If you +really need some dynamic argument processing try check_by_ssh or something +similar. + +Do not rely on SSL mode for security +------------------------------------ + +NRPE contains an SSL mode which encrypts the data over the NRPE channel. +The current implementation does not verify client or server and uses +pregenerated key data by default. It cannot be fixed right away because +it would break the existing NRPE protocol. + +Please refer to the file SECURITY in this directory for more information. diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..98c5ea4 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,3 @@ +This package uses dpatch for its patch management, see +/usr/share/doc/dpatch/README.source.gz if you are unfamiliar with it. + diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..a0a0586 --- /dev/null +++ b/debian/TODO @@ -0,0 +1,5 @@ +TODO +==== + + +Add a nagios-common package which ships a user and homedir diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..4bb0989 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,314 @@ +nagios-nrpe (2.15-1) unstable; urgency=high + + * [f2cea9f] Imported Upstream version 2.15 + * [023e909] Disable command-args in nrpe. (Closes: #745272) + * [6369220] Use restorecon to set SE Linux context on $PIDDIR + (Closes: #679241) + * [a484e7d] Switch order of nagios-plugins recommends to prefer -basic. + (Closes: #752243) + * [b1ef043] Don't recommend a core implementation for the plugin + * [16dbf01] Remove obsolete patch + * [694b804] Remove luk from uploaders. (Closes: #719636) + * [28d9004] Remove obsolete patch + * [86ea67e] 08_CVE-2013-1362.dpatch is now obsolete + * [74e3b07] Refresh patches + * [1258ab2] Reword NEWS entry + * [744eec6] configure is buggy: --disable- in fact enables a feautre. + * [eec54b6] Adjust README.Debian for the removal or argument processing + + -- Alexander Wirt Tue, 15 Jul 2014 18:30:36 +0200 + +nagios-nrpe (2.13-4) unstable; urgency=low + + * [dcffec6] Do not remove the PID file after a connection error. + Original patch from Hiren Patel. (Closes: #716949) + + -- Bernd Zeimetz Mon, 15 Jul 2013 16:07:54 +0200 + +nagios-nrpe (2.13-3) unstable; urgency=high + + * [e55afd1] Add 08_CVE-2013-1362.dpatch patch. + If command arguments are enabled in the NRPE configuration, it was + possible to pass $() as arguments as the checking for nasty caracters + was not strict enough to catch $(). This allowed executing shell + commands under a subprocess and pass the output as a parameter to the + called script (if run under bash). CVE-2013-1362 (Closes: #701227) + + -- Alexander Wirt Sat, 09 Mar 2013 08:42:05 +0100 + +nagios-nrpe (2.13-2) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Add warning about the inadequateness of the 'ssl' option. + + -- Alexander Wirt Mon, 11 Feb 2013 17:45:20 +0100 + +nagios-nrpe (2.13-1) unstable; urgency=low + + * [3e113b5] Imported Upstream version 2.13 + * [acc152b] Bump standards version + * [c707bce] Use dh9 for hardening + * Updated patches + + -- Alexander Wirt Sat, 30 Jun 2012 11:08:22 +0200 + +nagios-nrpe (2.12-6) unstable; urgency=low + + * [36b1062] Add add icinga to the list of recommends + * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845) + * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe + (Closes: #650464) + + -- Alexander Wirt Mon, 30 Apr 2012 09:25:45 +0200 + +nagios-nrpe (2.12-5) unstable; urgency=low + + [ Alexander Wirt ] + * [e3af3bd] Bump compat to 8 + * [4f9e892] Add versioned depends to dpatch for sequence support + * [5ec5a3b] Install example nrpe_local.cfg + * [69ea7b9] Move rules file to dh + * [298f725] Use autotools_dev dh sequence helper + * [10da37d] Bump debhelper dependency to 8 + * [2b009ae] Bump standards version + * [4d093e3] Ignore usermod failure (Closes: #538894) + * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion + (Closes: #548157, #639523) + * [8050c97] Support multiarch in rulesfile (Closes: #642790) + * [027274f] Use pidfile for start-stop-daemon in start() + * [1f69c63] Support status in nrpe initscript + * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg + (Closes: #641933) + + [ Jan Wagner ] + * [0a80fdb] Update debian/README.Debian about conf.d/ + + -- Alexander Wirt Sun, 25 Sep 2011 08:35:48 +0200 + +nagios-nrpe (2.12-4) unstable; urgency=low + + * Build against libwrap0-dev (Closes: #412705) + * Remove 'last modified header' from nrpe config (Closes: #499280) + * Create /etc/nagios/nrpe.d (Closes: #505700, #474333) + * Fix pidfile handling (Closes: #411046) + * Add newer config.{guess,sub} (Closes: #535737) + - Build-depend on autotools-dev + * Delete /var/lib/nagios if empty after purge (Closes: #527069) + * Bump standards version (add README.source) + * Bump dh_compat version (remove -k from dh_clean) + + -- Alexander Wirt Mon, 06 Jul 2009 07:08:26 +0200 + +nagios-nrpe (2.12-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix bashism (Closes: #530149). + + -- Raphael Geissert Sat, 04 Jul 2009 20:23:23 -0500 + +nagios-nrpe (2.12-3) unstable; urgency=low + + * Sync homedirectory of the nagios user with the nagios3 package + (Closes: #479051) + * Removed now empty nagios-nrpe-plugins.post* scripts + + -- Alexander Wirt Sat, 21 Mar 2009 09:33:39 +0100 + +nagios-nrpe (2.12-2) unstable; urgency=low + + * Add myself to uploaders. + * Clean buffer before use (Closes: #498749). + * Remove pid file before creating a new ones (Closes: #411046). + * Include inetd support (Closes: #409772). + + -- Luk Claes Sun, 14 Sep 2008 16:04:17 +0200 + +nagios-nrpe (2.12-1) unstable; urgency=low + + * Support an nrpe.d config directory in addition to nrpe_local.cfg + (Closes: #474333) + * Add myself to uploaders + * Add watch file + * New upstream version (Closes: #475081) + * Acknowledge NMU from Chris Lamb (Closes: #484412) + * Recommend Nagios 3 instead of Nagios 2 + * Update copyright file + * Use the same homedir as nagios3 (Closes: #479051) + + -- Alexander Wirt Wed, 06 Aug 2008 20:33:57 +0200 + +nagios-nrpe (2.8.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix bashism in debian/rules (Closes: #484412) + * Bump Standards-Version to 3.8.0. + + -- Chris Lamb Sat, 12 Jul 2008 01:09:21 +0100 + +nagios-nrpe (2.8.1-1) unstable; urgency=low + + * New upstream release + * bump Recommends to nagios2, thanks to Henning Sprang + for suggesting this (closes: #399856). + * fix typo in package description, thanks to Tilman Koschnick for + noticing this (closes: #419130). + + -- sean finney Sat, 12 May 2007 12:27:30 +0200 + +nagios-nrpe (2.5.1-3) unstable; urgency=high + + * apparently we were already including another default file + without installing it, and some people were using it. so + now we include this one as well as the new default, with this + one taking precedence since it was there first. thanks to + Peter Palfrader for catching this (closes: #398914). + + -- sean finney Fri, 17 Nov 2006 09:17:55 +0100 + +nagios-nrpe (2.5.1-2) unstable; urgency=low + + * include a /etc/default/nagios-nrpe-server where variables + such as DAEMON_OPTS can be set (closes: #396709). + * bump standards version to 3.7.2 + * add pre-depends on adduser + * LSB-ize init script, and add dependency on lsb-base + + -- sean finney Sat, 04 Nov 2006 17:38:34 +0100 + +nagios-nrpe (2.5.1-1) unstable; urgency=low + + * new upstream release. includes fix from Peter Palfrader to catch + invalid free()'s when nrpe is called with --no-ssl (closes: #361233). + + -- sean finney Sun, 14 May 2006 21:38:48 -0500 + +nagios-nrpe (2.4-2) unstable; urgency=low + + [sean finney] + * removing nrpe_local.cfg caused trouble for some people, so + i've added it back in (closes: #360093). + + -- sean finney Fri, 31 Mar 2006 07:02:31 +0200 + +nagios-nrpe (2.4-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * (NEEDS TESTING) move away from cdbs for my own sanity. + * add build-dependency on dpatch. + * no longer create nrpe_local.cfg. no reason to have it. + * remove postinst script for nagios-nrpe-server, as all it + did was touch the previously mentioned file. + * upstream has incorporated the following patches: + - 02_global-cmd-prefix.dpatch + - 03_nrpe-trailing-whitespace.dpatch + * check_nrpe -h provides what "-a" does, but i've gone ahead and + added a comment in check_nrpe.cfg too, because it can't hurt + to do so :) (closes: #351714). + * no longer generate the nagios-nrpe-doc package, and move copies of + the documentation into the plugin and server packages. add a + Conflicts: nagios-nrpe-doc to the remaining packages to ensure + that the stale package doesn't remain. NEWS.Debian also mentions + this and instructs the admin to purge the package too. + + -- sean finney Tue, 24 Jan 2006 18:16:54 +0100 + +nagios-nrpe (2.2-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * debian packaging source repository is now migrated to svn. + * updated 01_nodevrandom-and-docoptions.dpatch and + 02_global-cmd-prefix.dpatch to apply against the latest + upstream version. + * nrpe.cfg has moved location in the upstream tarball. + * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression + in config file parsing until upstream incorporates it. + + -- sean finney Tue, 24 Jan 2006 17:52:54 +0100 + +nagios-nrpe (2.0-9) unstable; urgency=low + + * Sean Finney: + - nagios-nrpe has now joined forces with the debian pkg-nagios + project, updated Maintainer and Uploaders field accordingly. + - provide check_nrpe_1arg command definition so that one can call + check_nrpe both with and without arguments to the cmds + (closes: #248424). + - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect + the upcoming new nagios-plugins layout. + - changed nagios-nrpe-plugin's Depends on nagios to a Recommends. + - building issues seem to be resolved on arm now (closes: #259442). + - updated Standards-Version to 3.6.2 + - included patch from joerg and weasel to document some cmdline options + and provide a better alternative to reading a random byte from + /dev/random (closes: #333552). + - included "global command prefix" patch from joerg jaspert + (closes: #332253). + + -- sean finney Tue, 25 Oct 2005 10:04:59 -0400 + +nagios-nrpe (2.0-8) unstable; urgency=low + + * debian/control: change depends on nagios-plugins, to recommends. + (closes: #327199) + + -- Jason Thomas Mon, 10 Oct 2005 08:07:57 +1000 + +nagios-nrpe (2.0-7) unstable; urgency=high + + * The previous upload fixes a bug that breaks the install of this package so + this is a new upload with a high urgency to try and get it into sarge. + + -- Jason Thomas Thu, 19 Aug 2004 22:47:40 +1000 + +nagios-nrpe (2.0-6) unstable; urgency=low + + * nagios plugin config dir changed to etc/nagios-plugins/configs/ + (closes: #266826) + + -- Jason Thomas Thu, 19 Aug 2004 21:17:28 +1000 + +nagios-nrpe (2.0-5) unstable; urgency=low + + * debian/nagios-nrpe-server.preinst: added code to create nagios user and + group. + (closes: #248995, #241168) + + -- Jason Thomas Sat, 15 May 2004 12:02:35 +1000 + +nagios-nrpe (2.0-4) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added missing -d to restart. + (closes: #248797) + * debian/nrpe.1: renamed to nrpe.8 + * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8 + * debian/dirs: deleted it as its not needed. + + -- Jason Thomas Fri, 14 May 2004 14:05:03 +1000 + +nagios-nrpe (2.0-3) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which + will make upgrades and purges clean. + + -- Jason Thomas Wed, 24 Mar 2004 13:09:00 +1100 + +nagios-nrpe (2.0-2) unstable; urgency=low + + * debian/control: added build-depends cdbs + (closes: #230943) + * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server + (closes: #230303) + + -- Jason Thomas Wed, 11 Feb 2004 09:27:01 +1100 + +nagios-nrpe (2.0-1) unstable; urgency=low + + * Initial Release. + (closes: #209124) + + -- Jason Thomas Wed, 14 Jan 2004 16:13:36 +1100 + diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg new file mode 100644 index 0000000..0b98fa3 --- /dev/null +++ b/debian/check_nrpe.cfg @@ -0,0 +1,11 @@ +# this command runs a program $ARG1$ with arguments $ARG2$ +define command { + command_name check_nrpe + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ +} + +# this command runs a program $ARG1$ with no arguments +define command { + command_name check_nrpe_1arg + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ +} diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..2b651ee --- /dev/null +++ b/debian/control @@ -0,0 +1,36 @@ +Source: nagios-nrpe +Section: net +Priority: optional +Maintainer: Debian Nagios Maintainer Group +Uploaders: sean finney , Jason Thomas , Alexander Wirt +Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1) +Standards-Version: 3.9.5 + +Package: nagios-nrpe-server +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-3) +Pre-Depends: adduser +Conflicts: nagios-nrpe-doc +Recommends: nagios-plugins-basic | nagios-plugins +Description: Nagios Remote Plugin Executor Server + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This program runs as a background process on the remote host and processes + command execution requests from the check_nrpe plugin on the Nagios host. + +Package: nagios-nrpe-plugin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: nagios-nrpe-doc +Description: Nagios Remote Plugin Executor Plugin + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This is a plugin that is run on the Nagios host and is used to contact the + NRPE process on remote hosts. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..757e990 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,37 @@ +This package was debianized by Jason Thomas on +Wed, 14 Jan 2004 16:13:36 +1100. + +It was downloaded from http://www.nagios.org/download/extras.php + +Current Debian Maintainers: The nagios packaging team + http://alioth.debian.org/projects/pkg-nagios/ + +Mailing-List: + pkg-nagios-devel@lists.alioth.debian.org + +Upstream Author: Ethan Galstad (nagios@nagios.org) + +Copyright (c) 1999-2009 Ethan Galstad (nagios@nagios.org) + +License: + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL. + +There is an exception in the sourcecode for linking against openssl: + + This program is released under the GPL (see below) with the additional + exemption that compiling, linking, and/or using OpenSSL is allowed. + +The file src/snprintf.c is Copyright 1995 by Patrick Powell + +This code is based on code written by Patrick Powell (papowell@astart.com) +It may be used for any purpose as long as this notice remains intact +on all source code distributions + + diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..91d0516 --- /dev/null +++ b/debian/dirs @@ -0,0 +1 @@ +/etc/nagios/nrpe.d diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..6662772 --- /dev/null +++ b/debian/docs @@ -0,0 +1,3 @@ +README +LEGAL +SECURITY diff --git a/debian/nagios-nrpe-plugin.install b/debian/nagios-nrpe-plugin.install new file mode 100644 index 0000000..83318b8 --- /dev/null +++ b/debian/nagios-nrpe-plugin.install @@ -0,0 +1,2 @@ +src/check_nrpe usr/lib/nagios/plugins/ +debian/check_nrpe.cfg etc/nagios-plugins/config/ diff --git a/debian/nagios-nrpe-plugin.postrm b/debian/nagios-nrpe-plugin.postrm new file mode 100644 index 0000000..a77d21a --- /dev/null +++ b/debian/nagios-nrpe-plugin.postrm @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$1" = purge ]; then + test -d /var/lib/nagios && rmdir /var/lib/nagios || true #ignore non-failure errors +fi + +#DEBHELPER# + diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default new file mode 100644 index 0000000..a146d31 --- /dev/null +++ b/debian/nagios-nrpe-server.default @@ -0,0 +1,12 @@ +# defaults file for nagios-nrpe-server +# (this file is a /bin/sh compatible fragment) + +# DAEMON_OPTS are any extra cmdline parameters you'd like to +# pass along to the nrpe daemon +#DAEMON_OPTS="--no-ssl" + +# NICENESS is if you want to run the server at a different nice() priority +#NICENESS=5 + +# INETD is if you want to run the server via inetd (default=0, run as daemon) +#INETD=0 diff --git a/debian/nagios-nrpe-server.init b/debian/nagios-nrpe-server.init new file mode 100644 index 0000000..e0ca5c7 --- /dev/null +++ b/debian/nagios-nrpe-server.init @@ -0,0 +1,85 @@ +#! /bin/sh +# + +### BEGIN INIT INFO +# Provides: nagios-nrpe-server +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop the Nagios remote plugin execution daemon +### END INIT INFO + + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nrpe +NAME=nagios-nrpe +DESC=nagios-nrpe +CONFIG=/etc/nagios/nrpe.cfg +PIDDIR=/var/run/nagios + +test -x $DAEMON || exit 0 + +if ! [ -x "/lib/lsb/init-functions" ]; then + . /lib/lsb/init-functions +else + echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed" + exit 1 +fi + +# Include nagios-nrpe defaults if available +if [ -f /etc/default/nagios-nrpe-server ] ; then + . /etc/default/nagios-nrpe-server +fi +# we also used to include this file, so if it's there +# we include it as well +if [ -f /etc/default/nagios-nrpe ]; then + . /etc/default/nagios-nrpe +fi +if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi + +#since /var/run can be wiped completly we create our run directory here +if [ ! -d "$PIDDIR" ]; then + mkdir "$PIDDIR" + chown nagios "$PIDDIR" + [ -x /sbin/restorecon ] && /sbin/restorecon "$PIDDIR" +fi + +set -e + +case "$1" in + start) + if [ "$INETD" = 1 ]; then + exit 1 + fi + log_daemon_msg "Starting $DESC" "$NAME" + start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $DAEMON_OPTS + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDDIR/nrpe.pid --retry 15 + log_end_msg $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDDIR/nrpe.pid + log_end_msg $? + ;; + status) + status_of_proc -p $PIDDIR/nrpe.pid "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + log_failure_msg "Usage: $N {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/debian/nagios-nrpe-server.install b/debian/nagios-nrpe-server.install new file mode 100644 index 0000000..2da4764 --- /dev/null +++ b/debian/nagios-nrpe-server.install @@ -0,0 +1,3 @@ +src/nrpe usr/sbin +sample-config/nrpe.cfg etc/nagios +debian/nrpe_local.cfg etc/nagios diff --git a/debian/nagios-nrpe-server.manpages b/debian/nagios-nrpe-server.manpages new file mode 100644 index 0000000..d6530c4 --- /dev/null +++ b/debian/nagios-nrpe-server.manpages @@ -0,0 +1 @@ +debian/nrpe.8 diff --git a/debian/nagios-nrpe-server.preinst b/debian/nagios-nrpe-server.preinst new file mode 100644 index 0000000..08b348c --- /dev/null +++ b/debian/nagios-nrpe-server.preinst @@ -0,0 +1,55 @@ +#! /bin/sh +# preinst script for nagios-nrpe-server +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + if id nagios >/dev/null 2>&1 ; then + # We have a nagios user. + if [ `id nagios -g -n` != "nagios" ] ; then + addgroup --system nagios || true + #this can fail sometimes (i.e. with LDAP) so ignore it + usermod -g nagios nagios || true + fi + else + adduser --system --group --home /var/lib/nagios --quiet nagios + fi + +# if [ "$1" = "upgrade" ] +# then +# start-stop-daemon --stop --quiet --oknodo \ +# --pidfile /var/run/bud.pid \ +# --exec /usr/sbin/bud 2>/dev/null || true +# fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/nrpe.8 b/debian/nrpe.8 new file mode 100644 index 0000000..ccc9fb1 --- /dev/null +++ b/debian/nrpe.8 @@ -0,0 +1,52 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH NAGIOS-NRPE 8 "January 14, 2004" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +nrpe \- Nagios Remote Plugin Executor - Server +.SH SYNOPSIS +.B nagios-nrpe +\fI-c \fR +.SH DESCRIPTION +.PP +The purpose of this addon is to allow you to execute Nagios plugins on a +remote host in as transparent a manner as possible. +.PP +This program runs as a background process on the remote host and processes +command execution requests from the check_nrpe plugin on the Nagios host. +.SH OPTIONS +.IP + = Name of config file to use +.IP + = One of the following two operating modes: +.TP +\fB\-i\fR += Run as a service under inetd or xinetd +.TP +\fB\-d\fR += Run as a standalone daemon +.PP +Notes: +This program is designed to process requests from the check_nrpe +plugin on the host(s) running Nagios. It can run as a service +under inetd or xinetd (read the docs for info on this), or as a +standalone daemon. Once a request is received from an authorized +host, NRPE will execute the command/plugin (as defined in the +config file) and return the plugin output and return code to the +check_nrpe plugin. +.SH AUTHOR +This manual page was written by Jason Thomas , +for the Debian project (but may be used by others). diff --git a/debian/nrpe_local.cfg b/debian/nrpe_local.cfg new file mode 100644 index 0000000..9660438 --- /dev/null +++ b/debian/nrpe_local.cfg @@ -0,0 +1,3 @@ +###################################### +# Do any local nrpe configuration here +###################################### diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 0000000..bb9c4e6 --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1,6 @@ +02_nrpe.cfg_local-include.dpatch +03_support_nrpe.d.dpatch +05_pid_privileges.dpatch +06_pid_directory.dpatch +07_warn_ssloption.dpatch +09_noremove_pid.dpatch diff --git a/debian/patches/02_nrpe.cfg_local-include.dpatch b/debian/patches/02_nrpe.cfg_local-include.dpatch new file mode 100644 index 0000000..1b3252a --- /dev/null +++ b/debian/patches/02_nrpe.cfg_local-include.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_nrpe.cfg_local-include.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support nrpe_local.cfg + +@DPATCH@ +diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in 2006-02-03 23:02:32.000000000 +0100 ++++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in 2006-03-31 07:07:16.000000000 +0200 +@@ -178,3 +178,8 @@ + #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$ + #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ + #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ ++ ++# ++# local configuration: ++# if you'd prefer, you can instead place directives here ++include=/etc/nagios/nrpe_local.cfg diff --git a/debian/patches/03_support_nrpe.d.dpatch b/debian/patches/03_support_nrpe.d.dpatch new file mode 100644 index 0000000..2cdb171 --- /dev/null +++ b/debian/patches/03_support_nrpe.d.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_support_nrpe.d.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support an nrpe.d directory + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2008-04-15 23:53:48.000000000 +0200 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2008-04-15 23:54:48.000000000 +0200 +@@ -211,3 +211,9 @@ + # local configuration: + # if you'd prefer, you can instead place directives here + include=/etc/nagios/nrpe_local.cfg ++ ++# ++# you can place your config snipplets into nrpe.d/ ++# only snipplets ending in .cfg will get included ++include_dir=/etc/nagios/nrpe.d/ ++ ++ diff --git a/debian/patches/04_weird_output.dpatch b/debian/patches/04_weird_output.dpatch new file mode 100644 index 0000000..85faea1 --- /dev/null +++ b/debian/patches/04_weird_output.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_weird_output.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Clean buffer before use + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2012-04-30 09:52:47.890535825 +0200 +@@ -1107,6 +1107,9 @@ + /* disable connection alarm - a new alarm will be setup during my_system */ + alarm(0); + ++ // null buffer before using it! ++ memset(buffer,0,sizeof(buffer)); ++ + /* if this is the version check command, just spew it out */ + if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ + diff --git a/debian/patches/05_pid_privileges.dpatch b/debian/patches/05_pid_privileges.dpatch new file mode 100644 index 0000000..cfec725 --- /dev/null +++ b/debian/patches/05_pid_privileges.dpatch @@ -0,0 +1,27 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_pid_privileges.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2014-05-23 20:42:27.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2014-07-15 14:09:45.027422047 +0200 +@@ -317,13 +317,13 @@ + /* log info to syslog facility */ + syslog(LOG_NOTICE,"Starting up daemon"); + ++ /* drop privileges */ ++ drop_privileges(nrpe_user,nrpe_group); ++ + /* write pid file */ + if(write_pid_file()==ERROR) + return STATE_CRITICAL; + +- /* drop privileges */ +- drop_privileges(nrpe_user,nrpe_group); +- + /* make sure we're not root */ + check_privileges(); + diff --git a/debian/patches/06_pid_directory.dpatch b/debian/patches/06_pid_directory.dpatch new file mode 100644 index 0000000..a3b7e52 --- /dev/null +++ b/debian/patches/06_pid_directory.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_pid_directory.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2007-03-09 19:08:58.000000000 +0100 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2009-07-06 07:43:09.000000000 +0200 +@@ -16,7 +16,7 @@ + # number. The file is only written if the NRPE daemon is started by the root + # user and is running in standalone mode. + +-pid_file=/var/run/nrpe.pid ++pid_file=/var/run/nagios/nrpe.pid + + + diff --git a/debian/patches/07_warn_ssloption.dpatch b/debian/patches/07_warn_ssloption.dpatch new file mode 100644 index 0000000..5964ccc --- /dev/null +++ b/debian/patches/07_warn_ssloption.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_warn_ssloption.dpatch by Thijs Kinkhorst +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Warn against inadequateness of NRPE's own SSL option. + +--- a/SECURITY 2013-02-10 15:07:18.000000000 +0100 ++++ b/SECURITY 2013-02-10 15:08:50.000000000 +0100 +@@ -67,14 +67,17 @@ + ---------- + + If you do enable support for command arguments in the NRPE daemon, +-make sure that you encrypt communications either by using: +- +- 1. Stunnel (see http://www.stunnel.org for more info) +- 2. Native SSL support ++make sure that you encrypt communications either by using, for ++example, Stunnel (see http://www.stunnel.org for more info). + + Do NOT assume that just because the daemon is behind a firewall + that you are safe! Always encrypt NRPE traffic! + ++NOTE: the currently shipped native SSL support of NRPE is not an ++adequante protection, because it does not verify clients and ++server, and uses pregenerated key material. NRPE's SSL option is ++advised against. For more information, see Debian bug #547092. ++ + + USING ARGUMENTS + --------------- diff --git a/debian/patches/09_noremove_pid.dpatch b/debian/patches/09_noremove_pid.dpatch new file mode 100644 index 0000000..ce57531 --- /dev/null +++ b/debian/patches/09_noremove_pid.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 09_noremove_pid.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Do not remove the PID file after a connection error (original patch +## DP: from Hiren Patel) + +# Author: Hiren Patel +# From: http://comments.gmane.org/gmane.network.nagios.devel/6774 +# Bug-Debian: #716949 +# Bug-Ubuntu: https://launchpad.net/bugs/1126890 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2014-07-15 14:20:02.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2014-07-15 14:20:55.775429979 +0200 +@@ -998,7 +998,7 @@ + /* close socket prioer to exiting */ + close(sock); + +- return; ++ exit(STATE_CRITICAL); + } + + /* handle signals */ +@@ -1022,7 +1022,7 @@ + /* close socket prior to exiting */ + close(new_sd); + +- return; ++ exit(STATE_CRITICAL); + } + + /* is this is a blessed machine? */ diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..247b5d8 --- /dev/null +++ b/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +# newer dpkg set this by default. +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +# Include dpatch stuff. +include /usr/share/dpatch/dpatch.make + +%: + dh $@ --with dpatch,autotools_dev + +override_dh_auto_configure: + ./configure \ + --prefix=/usr \ + --enable-ssl \ + --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib/nagios/plugins \ + --libdir=/usr/lib/nagios + +override_dh_auto_install: diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..2d6451a --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://sf.net/nagios/nrpe-([0-9.]+).tar.gz