debmon
/
nagios-nrpe
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 3.1.1-1

This commit is contained in:
Bas Couwenberg 2017-06-18 13:39:05 +02:00 committed by Mario Fetka
parent 006f9bb7a7 02b430a86c
commit 4fa3978984
42 changed files with 1620 additions and 754 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
Changelog
View File

@ -2,6 +2,59 @@
NRPE Changelog
**************
3.1.1 - 2017-05-24
------------------
FIXES
- The '--log-file=' or '-g' option is missing from the help (John Frickson)
- check_nrpe = segfault when specifying a config file (John Frickson)
- Alternate log file not being used soon enough (John Frickson)
- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
- Fix build failure with -Werror=format-security (Bas Couwenberg)
- Fixed a typo in `nrpe.spec.in` (John Frickson)
- More detailed error logging for SSL (John Frickson)
- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
3.1.0 - 2017-04-17
------------------
ENHANCEMENTS
- Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
- While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
- nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
- check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
FIXES
- Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
- Fix help output for ssl option (configure) (Ruben Kerkhof)
- Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
- Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
- Cleanup of config.h.in suggested by Ruben Kerkhof
- Minor change to logging in check_nrpe (John Frickson)
- Solaris 11 detection is broken in configure (John Frickson)
- Removed function `b64_decode` which wasn't being used (John Frickson)
- check_nrpe ignores -a option when -f option is specified (John Frickson)
- Added missing LICENSE file (John Frickson)
- Off-by-one BO in my_system() (John Frickson)
- Got rid of some compiler warnings (Stefan Krüger / John Frickson)
- Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
- "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
- nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
- Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
- Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
- Fix systemd unit description (Bas Couwenberg)
- Add reload command to systemd service file (Bas Couwenberg)
- fix file not found error when updating version (Sven Nierlein)
- Spelling fixes (Josh Soref)
- Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
- xinetd.d parameter causes many messages in log file (John Frickson)
- Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
- PATH and other environment variables not set with numeric nrpe_user (John Frickson)
- rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
3.0.1 - 2016-09-08
------------------
FIXES

339
LICENSE Normal file
View File

@ -0,0 +1,339 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

6
Makefile.in
View File

@ -70,7 +70,7 @@ all:
echo "";\
echo "You can now continue with the installation or upgrade process.";\
echo "";\
echo "Read the PDF documentation (NRPE.pdf) for information on the next";\
echo "Read the PDF documentation (docs/NRPE.pdf) for information on the next";\
echo "steps you should take to complete the installation or upgrade.";\
echo ""
@ -126,7 +126,9 @@ install-init:
launchctl load $(INIT_DIR)/$(INIT_FILE); \
else\
if test -f /sbin/chkconfig ; then \
/sbin/chkconfig nrpe on;\
case "$(DESTDIR)" in */rpmbuild/*) break;; \
*)/sbin/chkconfig nrpe on;; \
esac; \
else\
echo "Make sure to enable the nrpe daemon";\
fi;\

16
README.SSL.md
View File

@ -171,14 +171,14 @@ run the nrpe daemon: `db_server` and `bobs_workstation`.
As root, do the following:
mkdir -p -m 750 /usr/local/nagios/etc/ssl
chown root.nagios /usr/local/nagios/etc/ssl
chown root:nagios /usr/local/nagios/etc/ssl
cd /usr/local/nagios/etc/ssl
mkdir -m 750 ca
chown root.root ca
chown root:root ca
mkdir -m 750 server_certs
chown root.nagios server_certs
chown root:nagios server_certs
mkdir -m 750 client_certs
chown root.nagios client_certs
chown root:nagios client_certs
####Create Certificate Authority
@ -229,7 +229,7 @@ If you have the default `/etc/openssl.cnf`, either change it, or as root, do:
mkdir demoCA/newcerts
touch demoCA/index.txt
echo "01" > demoCA/serial
chown -R root.root demoCA
chown -R root:root demoCA
chmod 700 demoCA
chmod 700 demoCA/newcerts
chmod 600 demoCA/serial
@ -242,13 +242,13 @@ Now, sign the CSRs. As root, do the following:
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in server_certs/db_server.csr \
-out server_certs/db_server.pem
chown root.nagios server_certs/db_server.pem
chown root:nagios server_certs/db_server.pem
chmod 440 server_certs/db_server.pem
openssl ca -days 365 -notext -md sha256 \
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in server_certs/bobs_workstation.csr \
-out server_certs/bobs_workstation.pem
chown root.nagios server_certs/bobs_workstation.pem
chown root:nagios server_certs/bobs_workstation.pem
chmod 440 server_certs/bobs_workstation.pem
Now, copy the `db_server.pem` and `db_server.key` files to the
@ -271,7 +271,7 @@ running the check_nrpe program.
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in client_certs/nag_serv.csr \
-out client_certs/nag_serv.pem
chown root.nagios client_certs/nag_serv.pem
chown root:nagios client_certs/nag_serv.pem
chmod 440 client_certs/nag_serv.pem
Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`

4
SECURITY.md
View File

@ -46,7 +46,7 @@ do two things:
#### ENABLING BASH COMMAND SUBSTITUTION ####
To enable support for arguments containing bash command substitions,
To enable support for arguments containing bash command substitutions,
you must do two things:
1. Enable arguments as described above
@ -64,7 +64,7 @@ To help prevent some nasty things from being done by evil
clients, the following metacharacters are not allowed
in client command arguments:
| ` & > < ' " \ [ ] { } ; !
| ` & > < ' \ [ ] { } ; ! \r \n
Any client request which contains the above mentioned metachars
is discarded.

9
THANKS
View File

@ -4,10 +4,12 @@ Andrew Boyce-Lewis
Andrew Ryder
Andrew Widdersheim
Bartosz Woronicz
Bas Couwenberg
Bill Mitchell
Bjoern Beutel
Brian Seklecki
Derrick Bennett
Elan Ruusamäe
Eric Mislivec
Eric Stanley
Gerhard Lausser
@ -17,8 +19,10 @@ Grégory Starck
James Peterson
Jari Takkala
Jason Cook
Jobst Schmalenbach
John Maag
Jon Andrews
Josh Soref
Kaspersky Lab
Kevin Pendleton
Konstantin Malov
@ -30,13 +34,18 @@ Matthias Flacke
Niels Endres
Patric Wust
Peter Palfrader
Philippe Kueck
Rene Klootwijk
Robert Peaslee
Ruben Kerkhof
Ryan McGarry
Ryan Ordway
Sean Finney
Spenser Reinhardt
Stefan Krüger
Stephen Smoogen
Subhendu Ghosh
Sven Nierlein
Thierry Bertaud
Ton Voon
Vadim Antipov

219
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for nrpe 3.0.1.
# Generated by GNU Autoconf 2.69 for nrpe 3.1.1.
#
# Report bugs to <nagios-users@lists.sourceforge.net>.
#
@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='nrpe'
PACKAGE_TARNAME='nrpe'
PACKAGE_VERSION='3.0.1'
PACKAGE_STRING='nrpe 3.0.1'
PACKAGE_VERSION='3.1.1'
PACKAGE_STRING='nrpe 3.1.1'
PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
@ -630,6 +630,7 @@ SSL_LIB_DIR
SSL_INC_PREFIX
SSL_HDR
SSL_INC_DIR
SSL_TYPE
HAVE_SSL
EGREP
GREP
@ -756,6 +757,7 @@ with_logdir
with_piddir
with_pipedir
enable_ssl
with_need_dh
with_ssl
with_ssl_inc
with_ssl_lib
@ -1318,7 +1320,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures nrpe 3.0.1 to adapt to many kinds of systems.
\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1368,7 +1370,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of nrpe 3.0.1:";;
short | recursive ) echo "Configuration of nrpe 3.1.1:";;
esac
cat <<\_ACEOF
@ -1388,7 +1390,7 @@ Optional Features:
'--enable-install-method', so you can see the
destinations before a full './configure', 'make',
'make install' process.
--enable-ssl enables native SSL support
--disable-ssl disables native SSL support [default=check]
--enable-command-args allows clients to specify command arguments. ***
THIS IS A SECURITY RISK! *** Read the SECURITY file
before using this option!
@ -1421,6 +1423,7 @@ Optional Packages:
--with-logdir=DIR where log files should be placed
--with-piddir=DIR where the PID file should be placed
--with-pipedir=DIR where socket and pipe files should be placed
--with-need-dh set to 'no' to not include Diffie-Hellman SSL logic
--with-ssl=DIR sets location of the SSL installation
--with-ssl-inc=DIR sets location of the SSL include files
--with-ssl-lib=DIR sets location of the SSL libraries
@ -1513,7 +1516,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
nrpe configure 3.0.1
nrpe configure 3.1.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2119,7 +2122,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by nrpe $as_me 3.0.1, which was
It was created by nrpe $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2484,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
PKG_NAME=nrpe
PKG_VERSION="3.0.1"
PKG_VERSION="3.1.1"
PKG_HOME_URL="http://www.nagios.org/"
PKG_REL_DATE="09-08-2016"
PKG_REL_DATE="2017-05-24"
RPM_RELEASE=1
LANG=C
@ -2751,10 +2754,12 @@ fi
bsd) :
dist_type=`uname -s | tr "A-Z" "a-z"`
dist_ver=`uname -r` ;; #(
aix|hp-ux) :
dist_ver=$OSTYPE ;; #(
aix) :
dist_ver="`uname -v`.`uname -r`" ;; #(
hp-ux) :
dist_ver=`uname -r | cut -d'.' -f1-3` ;; #(
solaris) :
dist_ver=`echo $OSTYPE | cut -d'.' -f2` ;; #(
dist_ver=`uname -r | cut -d'.' -f2` ;; #(
*) :
dist_ver=$OSTYPE
;; #(
@ -2888,20 +2893,19 @@ fi
elif test "$dist_type" = "slackware"; then
init_type="bsd"
init_type_wanted=no
elif test "$dist_type" = "aix"; then
init_type="bsd"
init_type_wanted=no
elif test "$dist_type" = "hp-ux"; then
init_type="unknown"
init_type_wanted=no
fi
fi
PSCMD="ps -p1 -o args"
case $dist_type in #(
aix) :
PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
solaris) :
PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
hp-ux) :
PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
*) :
;;
esac
if test $dist_type = solaris; then
PSCMD="env UNIX95=1; ps -p1 -o args"
fi
if test "$init_type_wanted" = yes; then
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
@ -2948,7 +2952,7 @@ esac
if test "$init_type_wanted" = yes; then
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
init_type="upstart"
init_type_wanted=no
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
@ -3018,29 +3022,29 @@ fi
inetd_disabled=""
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
elif test "$opsys" = "osx"; then
inetd_type="launchd"
fi
if test x"$inetd_type" = x; then
case $dist_type in #(
case $dist_type in #(
solaris) :
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi ;; #(
inetd_type="$init_type"
else
inetd_type="inetd"
fi ;; #(
*bsd*) :
inetd_type=`ps -A -o comm -c | grep inetd` ;; #(
osx) :
inetd_type=`launchd` ;; #(
aix|hp-ux) :
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #(
*) :
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #(
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #(
*) :
;;
esac
if test x"$inetd_type" = x; then
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
fi
fi
if test x"$inetd_type" = x; then
@ -3154,16 +3158,21 @@ case $dist_type in #(
esac
need_cgi=no
need_web=no
need_brk=no
need_plg=no
need_pipe=no
need_spl=no
need_loc=no
need_log_subdir=no
need_etc_subdir=no
need_pls_dir=no
# Does this package need to know:
need_cgi=no # where the cgi-bin directory is
need_web=no # where the website directory is
need_brk=no # where the event broker modules directory is
need_plg=no # where the plugins directory is
need_pipe=no # where the pipe directory is
need_spl=no # where the spool directory is
need_loc=no # where the locale directory is
need_log_subdir=no # where the loc sub-directory is
need_etc_subdir=no # where the etc sub-directory is
need_pls_dir=no # where the package locate state directory is
if test x"$INIT_PROG" = x; then
INIT_PROG="$PKG_NAME"
fi
case $PKG_NAME in #(
nagios) :
@ -3177,7 +3186,8 @@ case $PKG_NAME in #(
need_cgi=yes
need_web=yes ;; #(
ndoutils) :
need_spl=yes ;; #(
need_brk=yes
need_spl=yes ;; #(
nrpe) :
need_plg=yes ;; #(
nsca) :
@ -3348,14 +3358,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
if test ! -d "$tmpfilesd"; then
tmpfilesd="N/A"
else
tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
fi
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
if test ! -d "$subsyslockdir"; then
subsyslockdir="N/A"
subsyslockfile="N/A"
else
subsyslockfile="$subsyslockdir/$PKG_NAME"
subsyslockfile="$subsyslockdir/$INIT_PROG"
fi
if test "$need_loc" = no; then
localedir="N/A"
@ -3436,23 +3446,23 @@ elif test $opsys = "linux"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@ -3501,7 +3511,7 @@ elif test $opsys = "unix"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@ -3509,7 +3519,7 @@ elif test $opsys = "unix"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@ -3534,14 +3544,14 @@ elif test $opsys = "unix"; then
pipedir=${pipedir="$pkglocalstatedir"}
logdir=${logdir="$pkglocalstatedir/log"} ;; #(
*) :
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@ -3594,7 +3604,7 @@ elif test $opsys = "bsd"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@ -3602,7 +3612,7 @@ elif test $opsys = "bsd"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@ -3627,14 +3637,14 @@ elif test $opsys = "bsd"; then
else
cgibindir="N/A"
fi
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@ -3670,6 +3680,7 @@ eval libexecdir=$libexecdir
eval brokersdir=$brokersdir
eval pluginsdir=$pluginsdir
eval cgibindir=$cgibindir
eval localstatedir=$localstatedir
eval pkglocalstatedir=$pkglocalstatedir
eval webdir=$webdir
eval localedir=$localedir
@ -3687,51 +3698,56 @@ case $init_type in #(
else
initdir=${initdir="/etc/init.d"}
fi
initname=${initname="$PKG_NAME"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
systemd) :
if test $dist_type = "debian"; then
initdir=${initdir="/lib/systemd/system"}
else
initdir=${initdir="/usr/lib/systemd/system"}
fi
initname=${initname="$PKG_NAME.service"} ;; #(
initname=${initname="$INIT_PROG.service"} ;; #(
bsd) :
initdir=${initdir="/etc/rc.d"}
initname=${initname="rc.$PKG_NAME"} ;; #(
if test $dist_type = "aix"; then
initdir=${initdir="/sbin/rc.d/init.d"}
initname=${initname="$INIT_PROG"}
else
initdir=${initdir="/etc/rc.d"}
initname=${initname="rc.$INIT_PROG"}
fi ;; #(
newbsd) :
initdir=${initdir="/etc/rc.d"}
initname=${initname="$PKG_NAME"} ;; #(
initname=${initname="$INIT_PROG"} ;; #(
gentoo) :
initdir=${initdir="/etc/init.d"}
initname=${initname="$PKG_NAME"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/init.d"}
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
openrc) :
initdir=${initdir="/etc/init.d"}
initname=${initname="$PKG_NAME"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
smf*) :
if test $init_type = smf10; then
initdir=${initdir="/var/svc/manifest/network/nagios"}
else
initdir=${initdir="/lib/svc/manifest/network/nagios"}
fi
initname=${initname="$PKG_NAME.xml"}
initname=${initname="$INIT_PROG.xml"}
initconfdir=unknown
initconf=unknown ;; #(
upstart) :
initdir=${initdir="/etc/init"}
initname=${initname="$PKG_NAME.conf"}
initname=${initname="$INIT_PROG.conf"}
initconfdir=${initconfdir="/etc/default"}
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
launchd) :
initdir=${initdir="/Library/LaunchDaemons"}
initname=${initname="org.nagios.$PKG_NAME.plist"} ;; #(
initname=${initname="org.nagios.$INIT_PROG.plist"} ;; #(
# initconfdir=${initconfdir="/private/etc"}
# initconf=${initconf="$initconfdir/$PKG_NAME"},
# initconf=${initconf="$initconfdir/$INIT_PROG"},
*) :
@ -3750,28 +3766,28 @@ case $inetd_type in #(
inetdname=${inetdname="inetd.conf"} ;; #(
xinetd) :
inetddir=${inetddir="/etc/xinetd.d"}
inetdname=${inetdname="$PKG_NAME"} ;; #(
inetdname=${inetdname="$INIT_PROG"} ;; #(
systemd) :
if test $dist_type = "debian"; then
inetddir=${inetddir="/lib/systemd/system"}
else
inetddir=${inetddir="/usr/lib/systemd/system"}
fi
netdname=${inetdname="$PKG_NAME.socket"} ;; #(
netdname=${inetdname="$INIT_PROG.socket"} ;; #(
smf*) :
if test $init_type = smf10; then
inetddir=${inetddir="/var/svc/manifest/network/nagios"}
else
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
fi
inetdname=${inetdname="$PKG_NAME.xml"} ;; #(
inetdname=${inetdname="$INIT_PROG.xml"} ;; #(
# [upstart],
# inetddir=${inetddir="/etc/init.d"}
# inetdname=${inetdname="$PKG_NAME"},
# inetdname=${inetdname="$INIT_PROG"},
launchd) :
inetddir=${inetddir="/Library/LaunchDaemons"}
inetdname=${inetdname="org.nagios.$PKG_NAME.plist"} ;; #(
inetdname=${inetdname="org.nagios.$INIT_PROG.plist"} ;; #(
*) :
inetddir=${inetddir="unknown"}
inetdname=${inetdname="unknown"} ;; #(
@ -3829,12 +3845,12 @@ case $init_type in #(
src_init=upstart-init
fi ;; #(
launchd) :
src_init="mac-init.plist"
* ;; #(
src_init="mac-init.plist" ;; #(
*) :
src_init="unknown"
;;
;; #(
*) :
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $src_init" >&5
$as_echo "$src_init" >&6; }
@ -3866,7 +3882,7 @@ $as_echo "$src_inetd" >&6; }
if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
if test "$dist_type" = solaris -a "$dist_ver" = 10; then
$as_echo "#define SOLARIS_10 yes" >>confdefs.h
fi
@ -4332,7 +4348,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by nrpe $as_me 3.0.1, which was
This file was extended by nrpe $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -4386,7 +4402,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
nrpe config.status 3.0.1
nrpe config.status 3.1.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@ -7140,7 +7156,7 @@ rm -f core conftest.err conftest.$ac_objext \
fi
for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction
for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -7264,9 +7280,19 @@ else
fi
need_dh=yes
# Check whether --with-need_dh was given.
if test "${with_need_dh+set}" = set; then :
withval=$with_need_dh; need_dh=$withval
else
nrpe_group=need_dh
fi
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
need_dh=yes
# need_dh=yes
# -------------------------------
@ -7290,6 +7316,7 @@ SSL_LIB_DIR=
# gnutls/openssl.h
# nss_compat_ossl/nss_compat_ossl.h
@ -8257,7 +8284,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by nrpe $as_me 3.0.1, which was
This file was extended by nrpe $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -8320,7 +8347,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
nrpe config.status 3.0.1
nrpe config.status 3.1.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

20
configure.ac
View File

@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
define([AC_CACHE_SAVE],)
m4_include([build-aux/custom_help.m4])
AC_INIT([nrpe],[3.0.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
AC_INIT([nrpe],[3.1.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
AC_CONFIG_SRCDIR([src/nrpe.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_PREFIX_DEFAULT(/usr/local/nagios)
PKG_NAME=nrpe
PKG_VERSION="3.0.1"
PKG_VERSION="3.1.1"
PKG_HOME_URL="http://www.nagios.org/"
PKG_REL_DATE="09-08-2016"
PKG_REL_DATE="2017-05-24"
RPM_RELEASE=1
LANG=C
@ -60,7 +60,7 @@ AC_NAGIOS_GET_INETD
AC_NAGIOS_GET_PATHS
AC_NAGIOS_GET_FILES
if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
if test "$dist_type" = solaris -a "$dist_ver" = 10; then
AC_DEFINE(SOLARIS_10,yes)
fi
@ -243,7 +243,7 @@ AC_CHECK_LIB(wrap,main,[
AC_TRY_LINK([#include <tcpd.h>
],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
])
AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction)
AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir)
dnl socklen_t check - from curl
AC_CHECK_TYPE([socklen_t], ,[
@ -296,7 +296,7 @@ AC_TRY_COMPILE([#include <stdlib.h>
dnl Does user want to check for SSL?
AC_ARG_ENABLE([ssl],
AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
AS_HELP_STRING([--disable-ssl],[disables native SSL support @<:@default=check@:>@]),[
if test x$enableval = xyes; then
check_for_ssl=yes
else
@ -304,10 +304,16 @@ AC_ARG_ENABLE([ssl],
fi
],check_for_ssl=yes)
need_dh=yes
AC_ARG_WITH([need_dh],
AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]),
[need_dh=$withval],
[nrpe_group=need_dh])
dnl Optional SSL library and include paths
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
need_dh=yes
# need_dh=yes
AC_NAGIOS_GET_SSL
fi

4
debian/README.Debian vendored
View File

@ -1,9 +1,9 @@
nrpe
NRPE
----
Put any local check command you need into /etc/nagios/nrpe_local.cfg or
as a *.cfg file in /etc/nagios/nrpe.d/
This files are included from the /etc/nagios/nrpe.cfg
These files are included from the /etc/nagios/nrpe.cfg
This package is built without support for command argument processing. If you
want to enable it, you will have to rebuild this package with

28
debian/changelog vendored
View File

@ -1,3 +1,31 @@
nagios-nrpe (3.1.1-1) unstable; urgency=medium
* Move from experimental to unstable.
-- Bas Couwenberg <sebastic@debian.org> Sun, 18 Jun 2017 13:39:05 +0200
nagios-nrpe (3.1.1-1~exp1) experimental; urgency=medium
* New upstream release.
* Drop format-security.patch, applied upstream.
* Use --with-need-dh=no configure option instead of patch.
-- Bas Couwenberg <sebastic@debian.org> Sat, 27 May 2017 10:57:03 +0200
nagios-nrpe (3.1.0-1~exp1) experimental; urgency=medium
* New upstream release.
(closes: #849417, #445976, #691328)
* Fix typo in manpage.
(closes: #856658)
* Drop 10_reproducible_build.patch, applied upstream.
Refresh remaining patches.
* Update build dependency for OpenSSL 1.1.0.
(closes: #859223)
* Add patch to fix FTBFS with -Werror=format-security.
-- Bas Couwenberg <sebastic@debian.org> Wed, 19 Apr 2017 19:28:05 +0200
nagios-nrpe (3.0.1-3) unstable; urgency=medium
* Add reload command to systemd service file.

2
debian/control vendored
View File

@ -6,7 +6,7 @@ Priority: optional
Build-Depends: debhelper (>= 9),
dh-autoreconf,
dh-systemd,
libssl1.0-dev | libssl-dev,
libssl-dev,
libwrap0-dev,
openssl
Standards-Version: 3.9.8

2
debian/nrpe.8 vendored
View File

@ -45,7 +45,7 @@ command execution requests from the check_nrpe plugin on the Nagios host.
.TP
\fB\-d \-s\fR = Run as a subsystem under AIX
.TP
\fB\-d\fR = Don't fork() for systemd, launchd, etc.
\fB\-f\fR = Don't fork() for systemd, launchd, etc.
.PP
Notes:
This program is designed to process requests from the check_nrpe

2
debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch vendored
View File

@ -5,7 +5,7 @@ Forwarded: not-needed
--- a/sample-config/nrpe.cfg.in
+++ b/sample-config/nrpe.cfg.in
@@ -301,3 +301,14 @@ command[check_total_procs]=@pluginsdir@/
@@ -317,3 +317,14 @@ command[check_total_procs]=@pluginsdir@/
#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$

24
debian/patches/10_reproducible_build.patch vendored
View File

@ -1,24 +0,0 @@
Description: Make the build reproducible.
Author: Chris Lamb <lamby@debian.org>
Bug-Debian: https://bugs.debian.org/834857
Forwarded: https://github.com/NagiosEnterprises/nrpe/pull/78
Applied-Upstream: https://github.com/NagiosEnterprises/nrpe/commit/c6ca9766cae19bc194efa68ed85999e9c9756422
--- a/update-version
+++ b/update-version
@@ -20,11 +20,11 @@ fi
# Get date (two formats)
if [ -n "$2" ]; then
- LONGDATE=`date -d "$2" "+%B %d, %Y"`
- SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
+ LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
+ SHORTDATE=$(date -u -d "$2" "+%m-%d-%Y")
else
- LONGDATE=`date "+%B %d, %Y"`
- SHORTDATE=`date "+%m-%d-%Y"`
+ LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
+ SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%m-%d-%Y")
fi
# Current version number

60
debian/patches/11_reproducible_dh.h.patch vendored
View File

@ -1,60 +0,0 @@
Description: Use pre-generated dh.h for reproducible builds.
Author: Bas Couwenberg <sebastic@debian.org>
Bug-Debian: https://bugs.debian.org/834857
Forwarded: not-needed
--- /dev/null
+++ b/include/dh.h
@@ -0,0 +1,41 @@
+#ifndef HEADER_DH_H
+#include <openssl/dh.h>
+#endif
+DH *get_dh2048()
+ {
+ static unsigned char dh2048_p[]={
+ 0xE9,0x3C,0xF4,0xCE,0x63,0x0A,0x57,0x9A,0xD1,0x34,0x74,0xA1,
+ 0x3E,0xC3,0x93,0xB5,0x50,0x36,0x56,0x87,0x9F,0x8F,0xBC,0x74,
+ 0x15,0x03,0x1D,0x00,0x45,0xB0,0x2F,0xA3,0x2C,0xC1,0x13,0xFF,
+ 0x6C,0xF1,0xDB,0x36,0xB5,0xB5,0x49,0x2D,0x6A,0x8D,0x55,0xA1,
+ 0xE6,0x4C,0xD1,0xA9,0x07,0x24,0xC4,0xDF,0x3A,0x2A,0x9E,0xDB,
+ 0x4A,0x23,0xAD,0x56,0x79,0xA3,0x3D,0xC4,0xAD,0xE0,0x3E,0x17,
+ 0x3B,0x43,0x0F,0xB6,0x83,0xE4,0x52,0xFD,0x6D,0x74,0x03,0xB3,
+ 0x29,0x26,0xF2,0x29,0x0A,0xA2,0x33,0x56,0x0C,0x16,0xF7,0x81,
+ 0xBF,0xDC,0xB8,0xCE,0x78,0xC1,0x73,0xD6,0x48,0x54,0x2D,0x98,
+ 0xA5,0x7A,0xE3,0x38,0x8E,0x3D,0x75,0xDB,0x92,0x4D,0x76,0xC1,
+ 0xCD,0xE7,0x27,0xEE,0x09,0x89,0xFA,0xCE,0x7A,0xD6,0xDC,0x5B,
+ 0x08,0x6B,0xE8,0x7E,0x37,0x7B,0x40,0x89,0x72,0xBD,0x4E,0xF4,
+ 0x9A,0xDC,0x94,0xA3,0x7D,0x4C,0x15,0xE4,0xE1,0xA8,0x8D,0xF9,
+ 0xB2,0xF0,0x02,0x40,0x39,0x6C,0xDD,0x37,0x08,0xC1,0xE8,0x0B,
+ 0xAD,0x16,0x24,0x81,0x5F,0x24,0xD9,0x65,0x71,0x34,0x78,0xF3,
+ 0xFE,0x35,0xE0,0x20,0xFF,0x6D,0x41,0xE7,0xC8,0x8E,0x58,0x59,
+ 0x24,0x01,0x9A,0xC8,0xA7,0x8D,0x48,0x43,0x8E,0x34,0x7C,0xC1,
+ 0xB4,0xC8,0xD0,0x9C,0xBD,0xEA,0x83,0xC7,0xC9,0x86,0xFC,0xD1,
+ 0xA7,0xAF,0x5C,0x99,0x98,0xD1,0x82,0x78,0xE4,0xA4,0x1C,0xB5,
+ 0x87,0x72,0xD8,0x38,0x48,0x60,0xAE,0xCB,0x92,0xA2,0x79,0xFC,
+ 0x8F,0x1D,0x94,0xB5,0x88,0xA5,0xA4,0xE1,0xF5,0x98,0xBA,0xB2,
+ 0x06,0x22,0xA8,0x1B,
+ };
+ static unsigned char dh2048_g[]={
+ 0x02,
+ };
+ DH *dh;
+
+ if ((dh=DH_new()) == NULL) return(NULL);
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ { DH_free(dh); return(NULL); }
+ return(dh);
+ }
--- a/configure.ac
+++ b/configure.ac
@@ -307,7 +307,7 @@ AC_ARG_ENABLE([ssl],
dnl Optional SSL library and include paths
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
- need_dh=yes
+ need_dh=no
AC_NAGIOS_GET_SSL
fi

2
debian/patches/series vendored
View File

@ -1,4 +1,2 @@
02_nrpe.cfg_local-include_support_nrpe.d.patch
07_warn_ssloption.patch
10_reproducible_build.patch
11_reproducible_dh.h.patch

10
debian/rules vendored
View File

@ -14,9 +14,6 @@ export AUTOHEADER=true
dh $@ --with autoreconf,systemd --parallel
override_dh_auto_configure:
# Save deterministic "openssl dhparam" output.
cp include/dh.h include/dh.h.orig
dh_auto_configure -- \
--prefix=/usr \
--sysconfdir=/etc \
@ -24,12 +21,9 @@ override_dh_auto_configure:
--libexecdir=/usr/lib/nagios/plugins \
--localstatedir=/var \
--enable-ssl \
--with-need-dh=no \
--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
--with-piddir=/var/run/nagios \
--enable-command-args
# Restore deterministic "openssl dhparam" output.
cp include/dh.h.orig include/dh.h
--with-piddir=/var/run/nagios
override_dh_auto_build:
dh_auto_build -- all

BIN
docs/NRPE.odt
View File

Binary file not shown.

BIN
docs/NRPE.pdf
View File

Binary file not shown.

2
include/acl.h
View File

@ -53,7 +53,7 @@ struct dns_acl {
struct dns_acl *next;
};
/* Poiters to head ACL structs */
/* Pointers to head ACL structs */
static struct ip_acl *ip_acl_head, *ip_acl_prev;
static struct dns_acl *dns_acl_head, *dns_acl_prev;

12
include/common.h.in
View File

@ -2,7 +2,7 @@
*
* COMMON.H - NRPE Common Include File
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
* Last Modified: 09-08-2016
* Last Modified: 2017-05-24
*
* License:
*
@ -23,12 +23,18 @@
#include "config.h"
#define SSL_TYPE_@SSL_TYPE@
#ifdef HAVE_SSL
#include <@SSL_INC_PREFIX@@SSL_HDR@>
# ifdef SSL_TYPE_openssl
# include <@SSL_INC_PREFIX@err.h>
# include <@SSL_INC_PREFIX@rand.h>
# endif
#endif
#define PROGRAM_VERSION "3.0.1"
#define MODIFICATION_DATE "09-08-2016"
#define PROGRAM_VERSION "3.1.1"
#define MODIFICATION_DATE "2017-05-24"
#define OK 0
#define ERROR -1

118
include/config.h.in
View File

@ -28,30 +28,70 @@
#include <stdlib.h>
#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
/* Default port for NRPE daemon */
#undef DEFAULT_SERVER_PORT
#define NRPE_LOG_FACILITY @log_facility@
/* NRPE syslog facility */
#undef NRPE_LOG_FACILITY
/* Enable command-line arguments */
#undef ENABLE_COMMAND_ARGUMENTS
/* Enable bash command substitution */
#undef ENABLE_BASH_COMMAND_SUBSTITUTION
/* type to use in place of socklen_t if not defined */
#undef socklen_t
/* Define to 1 if you have the `getopt_long' function. */
#undef HAVE_GETOPT_LONG
/* Have the TCP wrappers library */
#undef HAVE_LIBWRAP
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if you have the `strdup' function. */
#undef HAVE_STRDUP
/* Define to 1 if you have the `strstr' function. */
#undef HAVE_STRSTR
/* Define to 1 if you have the `strtoul' function. */
#undef HAVE_STRTOUL
/* Define to 1 if you have the `strtok_r' function. */
#undef HAVE_STRTOK_R
/* Define to 1 if you have the `initgroups' function. */
#undef HAVE_INITGROUPS
/* Define to 1 if you have the `closesocket' function. */
#undef HAVE_CLOSESOCKET
/* Define to 1 if you have the `sigaction' function. */
#undef HAVE_SIGACTION
/* Define to 1 if you have the `scandir' function. */
#undef HAVE_SCANDIR
/* Set to 1 if you have rfc931_timeout */
#undef HAVE_RFC931_TIMEOUT
/* The size of `int', as computed by sizeof. */
#undef SIZEOF_INT
/* The size of `short', as computed by sizeof. */
#undef SIZEOF_SHORT
/* The size of `long', as computed by sizeof. */
#undef SIZEOF_LONG
/* #undef const */
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Set to 1 to use SSL DH */
#undef USE_SSL_DH
/* stupid stuff for u_int32_t */
@ -91,71 +131,98 @@ typedef int int32_t;
/***** ASPRINTF() AND FRIENDS *****/
/* Whether vsnprintf() is available */
#undef HAVE_VSNPRINTF
/* Whether snprintf() is available */
#undef HAVE_SNPRINTF
/* Whether aprintf() is available */
#undef HAVE_ASPRINTF
/* Whether vaprintf() is available */
#undef HAVE_VASPRINTF
/* Define if system has C99 compatible vsnprintf */
#undef HAVE_C99_VSNPRINTF
/* Whether va_copy() is available */
#undef HAVE_VA_COPY
/* Whether __va_copy() is available */
#undef HAVE___VA_COPY
#define SOCKET_SIZE_TYPE ""
#define GETGROUPS_T ""
#define RETSIGTYPE ""
/* Socket Size Type */
#undef SOCKET_SIZE_TYPE
/* Define to the type of elements in the array set by `getgroups'. Usually
this is either `int' or `gid_t'. */
#undef GETGROUPS_T
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
/* Define to 1 if the system has the type `struct sockaddr_storage'. */
#undef HAVE_STRUCT_SOCKADDR_STORAGE
/* Use seteuid() or setresuid() depending on the platform */
#undef SETEUID
/* Is this a Solaris 10 machine? */
/* Set to 1 if we are on Solaris 10 */
#undef SOLARIS_10
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
#undef HAVE_STRING_H
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
#ifdef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
#ifdef HAVE_STRING_H
#include <string.h>
#endif
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
/* Define to 1 if you have the <signal.h> header file. */
#undef HAVE_SIGNAL_H
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
/* Define to 1 if you have the <sys/wait.h> header file. */
#undef HAVE_SYS_WAIT_H
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
@ -168,14 +235,18 @@ typedef int int32_t;
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
#endif
/* Define to 1 if you have the <errno.h> header file. */
#undef HAVE_ERRNO_H
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
/* needed for the time_t structures we use later... */
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
@ -188,68 +259,81 @@ typedef int int32_t;
#endif
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
/* Define to 'int' if <sys/socket.h> does not define */
#undef socklen_t
/* Define to 1 if you have the <socket.h> header file. */
#undef HAVE_SOCKET_H
#ifdef HAVE_SOCKET_H
#include <socket.h>
#endif
/* Define to 1 if you have the <tcpd.h> header file. */
#undef HAVE_TCPD_H
#ifdef HAVE_TCPD_H
#include <tcpd.h>
#endif
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
/* Define to 1 if you have the <ctype.h> header file. */
#undef HAVE_CTYPE_H
#ifdef HAVE_CTYPE_H
#include <ctype.h>
#endif
/* Define to 1 if you have the <pwd.h> header file. */
#undef HAVE_PWD_H
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
/* Define to 1 if you have the <grp.h> header file. */
#undef HAVE_GRP_H
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
/* Define to 1 if you have the <dirent.h> header file. */
#undef HAVE_DIRENT_H
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
/* Have SSL support */
#undef HAVE_SSL
/* Have the krb5.h header file */
#undef HAVE_KRB5_H
#ifdef HAVE_KRB5_H
#include <krb5.h>
#endif
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#else
@ -258,4 +342,10 @@ typedef int int32_t;
#endif
#endif
/* Define to 1 if you have the <paths.h> header file. */
#undef HAVE_PATHS_H
/* Define to 1 if you have the <sys/resource.h> header file. */
#undef HAVE_SYS_RESOURCE_H
#endif

4
include/utils.h
View File

@ -49,7 +49,9 @@ char* strip(char*);
int sendall(int, char*, int*);
int recvall(int, char*, int*, int);
char *my_strsep(char**, const char*);
int b64_decode(unsigned char *encoded);
void open_log_file();
void logit(int priority, const char *format, ...);
void close_log_file();
void display_license(void);
#endif

8
macros/README.md
View File

@ -34,8 +34,8 @@ used in subsequent macros.
> Output Variables : dist_type, dist_ver
This macro detects the distribution type. For Linux, this would be rh
(for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
(Gentoo and derivitives), debian (Debian and derivitives), and so on.
(for Red Hat and derivatives), suse (OpenSUSE, SLES, derivatives), gentoo
(Gentoo and derivatives), debian (Debian and derivatives), and so on.
For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
also be aix, solaris, osx, and so on for Unix operating systems.
@ -94,7 +94,7 @@ on a simple program to make sure a compile and link will work correctly.
## Usage
This repo is intended to be used as a git subtree, so changes will
automatically propogate, and still be reasonably easy to use.
automatically propagate, and still be reasonably easy to use.
* First, Create, checkout, clone, or branch your project. If you do an
`ls -AF` it might look something like this:
@ -129,7 +129,7 @@ master.
* To get the latest version of `autoconf-macros` into your parent project:
git subtgree pull --squash --prefix=macros autoconf-macros master
git subtree pull --squash --prefix=macros autoconf-macros master

8
macros/ax_nagios_get_distrib
View File

@ -96,10 +96,12 @@ AC_SUBST(dist_ver)
[bsd],
dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]`
dist_ver=`uname -r`,
[aix|hp-ux],
dist_ver=$OSTYPE,
[aix],
dist_ver="`uname -v`.`uname -r`",
[hp-ux],
dist_ver=`uname -r | cut -d'.' -f1-3`,
[solaris],
dist_ver=`echo $OSTYPE | cut -d'.' -f2`,
dist_ver=`uname -r | cut -d'.' -f2`,
[*],
dist_ver=$OSTYPE
)

2
macros/ax_nagios_get_files
View File

@ -97,7 +97,7 @@ AS_CASE([$init_type],
fi,
[launchd],
src_init="mac-init.plist"
src_init="mac-init.plist",
[*],
src_init="unknown"

43
macros/ax_nagios_get_inetd
View File

@ -93,29 +93,30 @@ AC_SUBST(inetd_type)
inetd_disabled=""
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
elif test "$opsys" = "osx"; then
inetd_type="launchd"
fi
AS_CASE([$dist_type],
[solaris],
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi,
[*bsd*],
inetd_type=`ps -A -o comm -c | grep inetd`,
[osx],
inetd_type=`launchd`,
[aix|hp-ux],
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
[*],
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
if test x"$inetd_type" = x; then
AS_CASE([$dist_type],
[solaris],
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi,
[*bsd*],
inetd_type=`ps -A -o comm -c | grep inetd`,
[aix|hp-ux],
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
[*],
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND`])
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
fi
fi
if test x"$inetd_type" = x; then

15
macros/ax_nagios_get_init
View File

@ -119,14 +119,19 @@ AC_SUBST(init_type)
elif test "$dist_type" = "slackware"; then
init_type="bsd"
init_type_wanted=no
elif test "$dist_type" = "aix"; then
init_type="bsd"
init_type_wanted=no
elif test "$dist_type" = "hp-ux"; then
init_type="unknown"
init_type_wanted=no
fi
fi
PSCMD="ps -p1 -o args"
AS_CASE([$dist_type],
[aix], PSCMD="env UNIX95=1; ps -p1 -o args",
[solaris], PSCMD="env UNIX95=1; ps -p1 -o args",
[hp-ux], PSCMD="env UNIX95=1; ps -p1 -o args")
if test $dist_type = solaris; then
PSCMD="env UNIX95=1; ps -p1 -o args"
fi
if test "$init_type_wanted" = yes; then
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
@ -173,7 +178,7 @@ AC_SUBST(init_type)
if test "$init_type_wanted" = yes; then
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
init_type="upstart"
init_type_wanted=no
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then

106
macros/ax_nagios_get_paths
View File

@ -119,16 +119,21 @@ AS_CASE([$dist_type],
[*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix)
need_cgi=no
need_web=no
need_brk=no
need_plg=no
need_pipe=no
need_spl=no
need_loc=no
need_log_subdir=no
need_etc_subdir=no
need_pls_dir=no
# Does this package need to know:
need_cgi=no # where the cgi-bin directory is
need_web=no # where the website directory is
need_brk=no # where the event broker modules directory is
need_plg=no # where the plugins directory is
need_pipe=no # where the pipe directory is
need_spl=no # where the spool directory is
need_loc=no # where the locale directory is
need_log_subdir=no # where the loc sub-directory is
need_etc_subdir=no # where the etc sub-directory is
need_pls_dir=no # where the package locate state directory is
if test x"$INIT_PROG" = x; then
INIT_PROG="$PKG_NAME"
fi
AS_CASE([$PKG_NAME],
[nagios],
@ -143,6 +148,7 @@ AS_CASE([$PKG_NAME],
need_web=yes,
[ndoutils],
need_brk=yes
need_spl=yes,
[nrpe],
@ -284,14 +290,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
if test ! -d "$tmpfilesd"; then
tmpfilesd="N/A"
else
tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
fi
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
if test ! -d "$subsyslockdir"; then
subsyslockdir="N/A"
subsyslockfile="N/A"
else
subsyslockfile="$subsyslockdir/$PKG_NAME"
subsyslockfile="$subsyslockdir/$INIT_PROG"
fi
if test "$need_loc" = no; then
localedir="N/A"
@ -372,23 +378,23 @@ elif test $opsys = "linux"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@ -437,7 +443,7 @@ elif test $opsys = "unix"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@ -445,7 +451,7 @@ elif test $opsys = "unix"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@ -471,14 +477,14 @@ elif test $opsys = "unix"; then
logdir=${logdir="$pkglocalstatedir/log"},
[*],
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@ -528,7 +534,7 @@ elif test $opsys = "bsd"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@ -536,7 +542,7 @@ elif test $opsys = "bsd"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@ -561,14 +567,14 @@ elif test $opsys = "bsd"; then
else
cgibindir="N/A"
fi
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@ -604,6 +610,7 @@ eval libexecdir=$libexecdir
eval brokersdir=$brokersdir
eval pluginsdir=$pluginsdir
eval cgibindir=$cgibindir
eval localstatedir=$localstatedir
eval pkglocalstatedir=$pkglocalstatedir
eval webdir=$webdir
eval localedir=$localedir
@ -622,9 +629,9 @@ AS_CASE([$init_type],
else
initdir=${initdir="/etc/init.d"}
fi
initname=${initname="$PKG_NAME"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
initconf=${initconf="$initconfdir/$PKG_NAME"},
initconf=${initconf="$initconfdir/$INIT_PROG"},
[systemd],
if test $dist_type = "debian"; then
@ -632,27 +639,32 @@ AS_CASE([$init_type],
else
initdir=${initdir="/usr/lib/systemd/system"}
fi
initname=${initname="$PKG_NAME.service"},
initname=${initname="$INIT_PROG.service"},
[bsd],
initdir=${initdir="/etc/rc.d"}
initname=${initname="rc.$PKG_NAME"},
if test $dist_type = "aix"; then
initdir=${initdir="/sbin/rc.d/init.d"}
initname=${initname="$INIT_PROG"}
else
initdir=${initdir="/etc/rc.d"}
initname=${initname="rc.$INIT_PROG"}
fi,
[newbsd],
initdir=${initdir="/etc/rc.d"}
initname=${initname="$PKG_NAME"},
initname=${initname="$INIT_PROG"},
[gentoo],
initdir=${initdir="/etc/init.d"}
initname=${initname="$PKG_NAME"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/init.d"}
initconf=${initconf="$initconfdir/$PKG_NAME"},
initconf=${initconf="$initconfdir/$INIT_PROG"},
[openrc],
initdir=${initdir="/etc/init.d"}
initname=${initname="$PKG_NAME"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
initconf=${initconf="$initconfdir/$PKG_NAME"},
initconf=${initconf="$initconfdir/$INIT_PROG"},
[smf*],
if test $init_type = smf10; then
@ -660,21 +672,21 @@ AS_CASE([$init_type],
else
initdir=${initdir="/lib/svc/manifest/network/nagios"}
fi
initname=${initname="$PKG_NAME.xml"}
initname=${initname="$INIT_PROG.xml"}
initconfdir=unknown
initconf=unknown,
[upstart],
initdir=${initdir="/etc/init"}
initname=${initname="$PKG_NAME.conf"}
initname=${initname="$INIT_PROG.conf"}
initconfdir=${initconfdir="/etc/default"}
initconf=${initconf="$initconfdir/$PKG_NAME"},
initconf=${initconf="$initconfdir/$INIT_PROG"},
[launchd],
initdir=${initdir="/Library/LaunchDaemons"}
initname=${initname="org.nagios.$PKG_NAME.plist"},
initname=${initname="org.nagios.$INIT_PROG.plist"},
# initconfdir=${initconfdir="/private/etc"}
# initconf=${initconf="$initconfdir/$PKG_NAME"},
# initconf=${initconf="$initconfdir/$INIT_PROG"},
[*],
@ -691,7 +703,7 @@ AS_CASE([$inetd_type],
[xinetd],
inetddir=${inetddir="/etc/xinetd.d"}
inetdname=${inetdname="$PKG_NAME"},
inetdname=${inetdname="$INIT_PROG"},
[systemd],
if test $dist_type = "debian"; then
@ -699,7 +711,7 @@ AS_CASE([$inetd_type],
else
inetddir=${inetddir="/usr/lib/systemd/system"}
fi
netdname=${inetdname="$PKG_NAME.socket"},
netdname=${inetdname="$INIT_PROG.socket"},
[smf*],
if test $init_type = smf10; then
@ -707,15 +719,15 @@ AS_CASE([$inetd_type],
else
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
fi
inetdname=${inetdname="$PKG_NAME.xml"},
inetdname=${inetdname="$INIT_PROG.xml"},
# [upstart],
# inetddir=${inetddir="/etc/init.d"}
# inetdname=${inetdname="$PKG_NAME"},
# inetdname=${inetdname="$INIT_PROG"},
[launchd],
inetddir=${inetddir="/Library/LaunchDaemons"}
inetdname=${inetdname="org.nagios.$PKG_NAME.plist"},
inetdname=${inetdname="org.nagios.$INIT_PROG.plist"},
[*],
inetddir=${inetddir="unknown"}

1
macros/ax_nagios_get_ssl
View File

@ -59,6 +59,7 @@ SSL_HDR=
SSL_LIB_DIR=
AC_SUBST(HAVE_SSL)
AC_SUBST(SSL_TYPE)
AC_SUBST(SSL_INC_DIR)
AC_SUBST(SSL_HDR)
AC_SUBST(SSL_INC_PREFIX)

7
nrpe.spec.in
View File

@ -9,6 +9,7 @@
%endif
%if %{islinux}
%define _init_dir @initdir@
%define _init_type @init_type@
%define _exec_prefix %{_prefix}/sbin
%define _bindir %{_prefix}/sbin
%define _sbindir %{_prefix}/lib/nagios/cgi
@ -21,7 +22,7 @@
%define _sysconfdir /etc/nagios
%define name @PACKAGE_NAME@
%define version @PACKAGE_VERSION@
%define version 3.1.1
%define release @RPM_RELEASE@
%define nsusr @nrpe_user@
%define nsgrp @nrpe_group@
@ -32,7 +33,7 @@
# rpm -ba|--rebuild --define 'nsport 5666'
%{?port:%define nsport %{port}}
# Macro that print mesages to syslog at package (un)install time
# Macro that print messages to syslog at package (un)install time
%define nnmmsg logger -t %{name}/rpm
Summary: Host/service/network monitoring agent for Nagios
@ -127,7 +128,7 @@ fi
export PATH=$PATH:/usr/sbin
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
MAKE=%{_make} ./configure \
--with-init-dir=/etc/init.d \
--with-init-type=%{_init_type} \
--with-nrpe-port=%{nsport} \
--with-nrpe-user=%{nsusr} \
--with-nrpe-group=%{nsgrp} \

26
sample-config/nrpe.cfg.in
View File

@ -18,6 +18,14 @@ log_facility=@log_facility@
# LOG FILE
# If a log file is specified in this option, nrpe will write to
# that file instead of using syslog.
#log_file=@logdir@/nrpe.log
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
@ -38,7 +46,7 @@ pid_file=@piddir@/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This must be a non-privileged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=@nrpe_port@
@ -95,7 +103,7 @@ nrpe_group=@nrpe_group@
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1
allowed_hosts=127.0.0.1,::1
@ -115,7 +123,7 @@ dont_blame_nrpe=0
# BASH COMMAND SUBTITUTION
# BASH COMMAND SUBSTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
@ -141,7 +149,7 @@ allow_bash_command_substitution=0
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing
# the nagios user to your /etc/sudoers. An example entry for allowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
@ -197,6 +205,7 @@ connection_timeout=300
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
#ssl_version=SSLv2+
@ -246,6 +255,13 @@ connection_timeout=300
# NASTY METACHARACTERS
# This option allows you to override the list of characters that cannot
# be passed to the NRPE daemon.
# nasty_metachars="|`&><'\\[]{};\r\n"
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
@ -285,7 +301,7 @@ connection_timeout=300
# The following examples use hardcoded command arguments...
command[check_users]=@pluginsdir@/check_users -w 5 -c 10
command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20
command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200

135
src/acl.c
View File

@ -29,6 +29,7 @@
*/
#include "../include/config.h"
#include "../include/common.h"
#include <sys/types.h>
#include <sys/socket.h>
@ -41,12 +42,13 @@
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <syslog.h>
#include <stdarg.h>
#include "../include/acl.h"
/* This function checks if a char argumnet from valid char range.
extern int debug;
/* This function checks if a char argument from valid char range.
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
*
* Returns:
@ -76,16 +78,12 @@ int isvalidchar(int c) {
switch (c) {
case '.':
return 4;
break;
case '/':
return 5;
break;
case '-':
return 6;
break;
case ',':
return 7;
break;
default:
return 0;
}
@ -142,18 +140,27 @@ int add_ipv4_to_acl(char *ipv4) {
unsigned long ip, mask;
struct ip_acl *ip_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
/* Check for min and max IPv4 valid length */
if (len < 7 || len > 18)
return 0;
if (len < 7 || len > 18) {
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
return 0;
}
/* default mask for ipv4 */
data[4] = 32;
/* Basic IPv4 format check */
for (i = 0; i < len; i++) {
/* Return 0 on error state */
if (state == -1)
return 0;
/* Return 0 on error state */
if (state == -1) {
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
"format, continue with next check ...", ipv4);
return 0;
}
c = ipv4[i];
@ -201,6 +208,7 @@ int add_ipv4_to_acl(char *ipv4) {
break;
default:
/* Bad states */
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
return 0;
}
@ -209,29 +217,29 @@ int add_ipv4_to_acl(char *ipv4) {
*/
for (i=0; i < 4; i++) {
if (data[i] < 0 || data[i] > 255) {
syslog(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
logit(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
}
if (data[4] < 0 || data[4] > 32) {
syslog(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
logit(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
/* Conver ip and mask to unsigned long */
/* Convert ip and mask to unsigned long */
ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
mask = htonl(-1 << (32 - data[4]));
/* Wrong network address */
if ( (ip & mask) != ip) {
syslog(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
logit(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
return 0;
}
/* Add addr to ip_acl list */
if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
@ -247,6 +255,10 @@ int add_ipv4_to_acl(char *ipv4) {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
return 1;
}
@ -271,7 +283,7 @@ int add_ipv6_to_acl(char *ipv6) {
messages if needed */
ipv6tmp = strdup(ipv6);
if(NULL == ipv6tmp) {
syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
logit(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
ipv6);
return 0;
}
@ -327,7 +339,7 @@ int add_ipv6_to_acl(char *ipv6) {
/* Add address to ip_acl list */
ip_acl_curr = malloc(sizeof(*ip_acl_curr));
if(NULL == ip_acl_curr) {
syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
logit(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
return 0;
}
@ -387,8 +399,12 @@ int add_domain_to_acl(char *domain) {
struct dns_acl *dns_acl_curr;
if (len > 63)
if (len > 63) {
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
domain);
return 0;
}
for (i = 0; i < len; i++) {
c = domain[i];
@ -426,7 +442,10 @@ int add_domain_to_acl(char *domain) {
}
break;
default:
/* Not valid chars */
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
"invalid chars!", domain);
/* Not valid chars */
return 0;
}
}
@ -436,7 +455,7 @@ int add_domain_to_acl(char *domain) {
case 1: case 4: case 5:
/* Add name to domain ACL list */
if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
strcpy(dns_acl_curr->domain, domain);
@ -448,13 +467,18 @@ int add_domain_to_acl(char *domain) {
dns_acl_prev->next = dns_acl_curr;
dns_acl_prev = dns_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
return 1;
default:
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
"check allowed_host in config file!", domain);
return 0;
}
}
/* Checks connectiong host in ACL
/* Checks connection host in ACL
*
* Returns:
* 1 - on success
@ -470,14 +494,23 @@ int is_an_allowed_host(int family, void *host)
struct sockaddr_in *addr;
struct sockaddr_in6 addr6;
struct addrinfo *res, *ai;
struct in_addr tmp;
while (ip_acl_curr != NULL) {
if(ip_acl_curr->family == family) {
switch(ip_acl_curr->family) {
case AF_INET:
if (debug == TRUE) {
tmp.s_addr = ((struct in_addr*)host)->s_addr;
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
"an allowed host >%s<\n",
inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
}
if((((struct in_addr *)host)->s_addr &
ip_acl_curr->mask.s_addr) ==
ip_acl_curr->addr.s_addr) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
return 1;
}
break;
@ -509,9 +542,20 @@ int is_an_allowed_host(int family, void *host)
switch(ai->ai_family) {
case AF_INET:
if(debug == TRUE) {
tmp.s_addr=((struct in_addr *)host)->s_addr;
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
"an allowed host >%s<\n",
inet_ntoa(tmp), dns_acl_curr->domain);
}
addr = (struct sockaddr_in*)(ai->ai_addr);
if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET): "
"host is in allowed host list!");
return 1;
}
break;
case AF_INET6:
@ -521,9 +565,9 @@ int is_an_allowed_host(int family, void *host)
break;
}
}
dns_acl_curr = dns_acl_curr->next;
}
dns_acl_curr = dns_acl_curr->next;
}
return 0;
}
@ -559,19 +603,30 @@ void parse_allowed_hosts(char *allowed_hosts) {
const char *delim = ",";
char *trimmed_tok;
if (debug == TRUE)
logit(LOG_INFO,
"parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
allowed_hosts);
#ifdef HAVE_STRTOK_R
tok = strtok_r(hosts, delim, &saveptr);
#else
if (debug == TRUE)
logit(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
"problems in the allowed_hosts string determination!\n");
tok = strtok(hosts, delim);
#endif
while( tok) {
trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
trim( tok, trimmed_tok);
if(debug == TRUE)
logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
if( strlen( trimmed_tok) > 0) {
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
&& !add_domain_to_acl(trimmed_tok)) {
syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
}
logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
} else if (debug == TRUE)
logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
}
free( trimmed_tok);
#ifdef HAVE_STRTOK_R
@ -606,17 +661,21 @@ unsigned int prefix_from_mask(struct in_addr mask) {
* It shows all hosts in ACL lists
*/
void show_acl_lists(void) {
struct ip_acl *ip_acl_curr = ip_acl_head;
struct dns_acl *dns_acl_curr = dns_acl_head;
void show_acl_lists(void)
{
struct ip_acl *ip_acl_curr = ip_acl_head;
struct dns_acl *dns_acl_curr = dns_acl_head;
while (ip_acl_curr != NULL) {
printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
ip_acl_curr = ip_acl_curr->next;
}
logit(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
while (dns_acl_curr != NULL) {
printf("DNS ACL: %s\n", dns_acl_curr->domain);
dns_acl_curr = dns_acl_curr->next;
}
while (ip_acl_curr != NULL) {
logit(LOG_INFO, " IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
ip_acl_curr = ip_acl_curr->next;
}
while (dns_acl_curr != NULL) {
logit(LOG_INFO, " DNS ACL: %s\n", dns_acl_curr->domain);
dns_acl_curr = dns_acl_curr->next;
}
}

367
src/check_nrpe.c
View File

@ -4,7 +4,7 @@
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
* License: GPL
*
* Last Modified: 09-08-2016
* Last Modified: 2017-05-24
*
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
*
@ -46,7 +46,9 @@ int show_help = FALSE;
int show_license = FALSE;
int show_version = FALSE;
int packet_ver = NRPE_PACKET_VERSION_3;
int force_v2_packet = 0;
int payload_size = 0;
extern char *log_file;
#ifdef HAVE_SSL
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
@ -57,7 +59,7 @@ const SSL_METHOD *meth;
SSL_CTX *ctx;
SSL *ssl;
int use_ssl = TRUE;
int ssl_opts = SSL_OP_ALL;
unsigned long ssl_opts = SSL_OP_ALL;
#else
int use_ssl = FALSE;
#endif
@ -81,7 +83,7 @@ struct _SSL_PARMS {
char *cacert_file;
char *privatekey_file;
char cipher_list[MAX_FILENAME_LENGTH];
SslVer ssl_min_ver;
SslVer ssl_proto_ver;
int allowDH;
ClntCerts client_certs;
SslLogging log_opts;
@ -97,7 +99,7 @@ void set_timeout_state (char *state);
int parse_timeout_string (char *timeout_str);
void usage(int result);
void setup_ssl();
void set_sig_hadlers();
void set_sig_handlers();
int connect_to_remote();
int send_request();
int read_response();
@ -127,14 +129,14 @@ int main(int argc, char **argv)
timeout_return_code = STATE_CRITICAL;
if (sslprm.cipher_list[0] == '\0')
strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
if (sslprm.ssl_min_ver == SSL_Ver_Invalid)
sslprm.ssl_min_ver = TLSv1_plus;
if (sslprm.ssl_proto_ver == SSL_Ver_Invalid)
sslprm.ssl_proto_ver = TLSv1_plus;
if (sslprm.allowDH == -1)
sslprm.allowDH = TRUE;
generate_crc32_table(); /* generate the CRC 32 table */
setup_ssl(); /* Do all the SSL/TLS set up */
set_sig_hadlers(); /* initialize alarm signal handling */
set_sig_handlers(); /* initialize alarm signal handling */
result = connect_to_remote(); /* Make the connection */
if (result != STATE_OK) {
alarm(0);
@ -149,28 +151,32 @@ int main(int argc, char **argv)
if (result == -1) {
/* Failure reading from remote, so try version 2 packet */
syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host);
logit(LOG_INFO, "Remote %s does not support Version 3 Packets", rem_host);
packet_ver = NRPE_PACKET_VERSION_2;
/* Rerun the setup */
setup_ssl();
set_sig_hadlers();
set_sig_handlers();
result = connect_to_remote(); /* Connect */
if (result != STATE_OK) {
alarm(0);
close_log_file(); /* close the log file */
return result;
}
result = send_request(); /* Send the request */
if (result != STATE_OK)
if (result != STATE_OK) {
close_log_file(); /* close the log file */
return result;
}
result = read_response(); /* Get the response */
}
if (result != -1)
syslog(LOG_NOTICE, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
if (result != -1 && force_v2_packet == 0 && packet_ver == NRPE_PACKET_VERSION_2)
logit(LOG_DEBUG, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
close_log_file(); /* close the log file */
return result;
}
@ -206,6 +212,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
{"timeout", required_argument, 0, 't'},
{"port", required_argument, 0, 'p'},
{"payload-size", required_argument, 0, 'P'},
{"log-file", required_argument, 0, 'g'},
{"help", no_argument, 0, 'h'},
{"license", no_argument, 0, 'l'},
{0, 0, 0, 0}
@ -217,15 +224,17 @@ int process_arguments(int argc, char **argv, int from_config_file)
return ERROR;
optind = 0;
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:246hlnuV");
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuV");
while (1) {
if (argindex > 0)
break;
#ifdef HAVE_GETOPT_LONG
c = getopt_long(argc, argv, optchars, long_options, &option_index);
#else
c = getopt(argc, argv, optchars);
#endif
if (c == -1 || c == EOF || argindex > 0)
if (c == -1 || c == EOF)
break;
/* process all arguments */
@ -258,7 +267,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 't':
if (from_config_file && socket_timeout != -1) {
syslog(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
"the config file option.");
break;
}
@ -269,7 +278,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'p':
if (from_config_file && server_port != 0) {
syslog(LOG_WARNING, "WARNING: Command-line server port overrides "
logit(LOG_WARNING, "WARNING: Command-line server port overrides "
"the config file option.");
break;
}
@ -280,7 +289,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'P':
if (from_config_file && payload_size > 0) {
syslog(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
"the config file option.");
break;
}
@ -291,7 +300,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'H':
if (from_config_file && server_name != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line server name overrides "
logit(LOG_WARNING, "WARNING: Command-line server name overrides "
"the config file option.");
break;
}
@ -302,7 +311,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
if (from_config_file) {
printf("Error: The config file should not have a command (-c) option.\n");
return ERROR;
break;
}
command_name = strdup(optarg);
break;
@ -311,7 +319,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
if (from_config_file) {
printf("Error: The config file should not have args (-a) arguments.\n");
return ERROR;
break;
}
argindex = optind;
break;
@ -322,7 +329,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'u':
if (from_config_file && timeout_return_code != -1) {
syslog(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
"overrides the config file option.");
break;
}
@ -331,16 +338,17 @@ int process_arguments(int argc, char **argv, int from_config_file)
case '2':
if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
syslog(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
"overrides the config file option.");
break;
}
packet_ver = NRPE_PACKET_VERSION_2;
force_v2_packet = 1;
break;
case '4':
if (from_config_file && address_family != AF_UNSPEC) {
syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
"or ipv6 (-6) overrides the config file option.");
break;
}
@ -349,7 +357,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case '6':
if (from_config_file && address_family != AF_UNSPEC) {
syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
"or ipv6 (-6) overrides the config file option.");
break;
}
@ -358,7 +366,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'd':
if (from_config_file && sslprm.allowDH != -1) {
syslog(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
"overrides the config file option.");
break;
}
@ -369,7 +377,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'A':
if (from_config_file && sslprm.cacert_file != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
"overrides the config file option.");
break;
}
@ -378,7 +386,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'C':
if (from_config_file && sslprm.cert_file != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
"overrides the config file option.");
break;
}
@ -388,7 +396,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'K':
if (from_config_file && sslprm.privatekey_file != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line key-file (-K) "
logit(LOG_WARNING, "WARNING: Command-line key-file (-K) "
"overrides the config file option.");
break;
}
@ -397,38 +405,41 @@ int process_arguments(int argc, char **argv, int from_config_file)
break;
case 'S':
if (from_config_file && sslprm.ssl_min_ver != SSL_Ver_Invalid) {
syslog(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
if (from_config_file && sslprm.ssl_proto_ver != SSL_Ver_Invalid) {
logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
"overrides the config file option.");
break;
}
if (!strcmp(optarg, "SSLv2"))
sslprm.ssl_min_ver = SSLv2;
else if (!strcmp(optarg, "SSLv2+"))
sslprm.ssl_min_ver = SSLv2_plus;
else if (!strcmp(optarg, "SSLv3"))
sslprm.ssl_min_ver = SSLv3;
else if (!strcmp(optarg, "SSLv3+"))
sslprm.ssl_min_ver = SSLv3_plus;
else if (!strcmp(optarg, "TLSv1"))
sslprm.ssl_min_ver = TLSv1;
else if (!strcmp(optarg, "TLSv1+"))
sslprm.ssl_min_ver = TLSv1_plus;
else if (!strcmp(optarg, "TLSv1.1"))
sslprm.ssl_min_ver = TLSv1_1;
else if (!strcmp(optarg, "TLSv1.1+"))
sslprm.ssl_min_ver = TLSv1_1_plus;
else if (!strcmp(optarg, "TLSv1.2"))
sslprm.ssl_min_ver = TLSv1_2;
if (!strcmp(optarg, "TLSv1.2"))
sslprm.ssl_proto_ver = TLSv1_2;
else if (!strcmp(optarg, "TLSv1.2+"))
sslprm.ssl_min_ver = TLSv1_2_plus;
sslprm.ssl_proto_ver = TLSv1_2_plus;
else if (!strcmp(optarg, "TLSv1.1"))
sslprm.ssl_proto_ver = TLSv1_1;
else if (!strcmp(optarg, "TLSv1.1+"))
sslprm.ssl_proto_ver = TLSv1_1_plus;
else if (!strcmp(optarg, "TLSv1"))
sslprm.ssl_proto_ver = TLSv1;
else if (!strcmp(optarg, "TLSv1+"))
sslprm.ssl_proto_ver = TLSv1_plus;
else if (!strcmp(optarg, "SSLv3"))
sslprm.ssl_proto_ver = SSLv3;
else if (!strcmp(optarg, "SSLv3+"))
sslprm.ssl_proto_ver = SSLv3_plus;
#if OPENSSL_VERSION_NUMBER < 0x10100000
else if (!strcmp(optarg, "SSLv2"))
sslprm.ssl_proto_ver = SSLv2;
else if (!strcmp(optarg, "SSLv2+"))
sslprm.ssl_proto_ver = SSLv2_plus;
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
else
return ERROR;
break;
case 'L':
if (from_config_file && sslprm.cipher_list[0] != '\0') {
syslog(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
"overrides the config file option.");
break;
}
@ -438,7 +449,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 's':
if (from_config_file && have_log_opts == TRUE) {
syslog(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
"overrides the config file option.");
break;
}
@ -446,19 +457,30 @@ int process_arguments(int argc, char **argv, int from_config_file)
have_log_opts = TRUE;
break;
case 'g':
if (from_config_file && log_file != NULL) {
logit(LOG_WARNING, "WARNING: Command-line log-file (-g) "
"overrides the config file option.");
break;
}
log_file = strdup(optarg);
open_log_file();
break;
default:
return ERROR;
break;
}
}
/* determine (base) command query */
snprintf(query, sizeof(query), "%s",
(command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
query[sizeof(query) - 1] = '\x0';
if (!from_config_file) {
snprintf(query, sizeof(query), "%s",
(command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
query[sizeof(query) - 1] = '\x0';
}
/* get the command args */
if (argindex > 0) {
if (!from_config_file && argindex > 0) {
for (c = argindex - 1; c < argc; c++) {
@ -471,7 +493,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
query[sizeof(query) - 1] = '\x0';
}
}
if (!from_config_file && config_file != NULL) {
if ((rc = read_config_file(config_file)) != OK)
return rc;
@ -507,28 +528,28 @@ int read_config_file(char *fname)
size_t sz;
if (stat(fname, &st)) {
syslog(LOG_ERR, "Error: Could not stat config file %s", fname);
logit(LOG_ERR, "Error: Could not stat config file %s", fname);
return ERROR;
}
if ((f = fopen(fname, "r")) == NULL) {
syslog(LOG_ERR, "Error: Could not open config file %s", fname);
logit(LOG_ERR, "Error: Could not open config file %s", fname);
return ERROR;
}
if ((buf = (char*)calloc(1, st.st_size + 2)) == NULL) {
fclose(f);
syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
logit(LOG_ERR, "Error: read_config_file fail to allocate memory");
return ERROR;
}
if ((sz = fread(buf, 1, st.st_size, f)) != st.st_size) {
fclose(f);
free(buf);
syslog(LOG_ERR, "Error: Failed to completely read config file %s", fname);
logit(LOG_ERR, "Error: Failed to completely read config file %s", fname);
return ERROR;
}
if ((argv = calloc(50, sizeof(char*))) == NULL) {
fclose(f);
free(buf);
syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
logit(LOG_ERR, "Error: read_config_file fail to allocate memory");
return ERROR;
}
@ -536,10 +557,10 @@ int read_config_file(char *fname)
bufp = buf;
while (argc < 50) {
while (*bufp && strchr(delims, *bufp))
++bufp;
if (*bufp == '\0')
break;
while (strchr(delims, *bufp))
++bufp;
argv[argc] = my_strsep(&bufp, delims);
if (!argv[argc++])
break;
@ -550,7 +571,7 @@ int read_config_file(char *fname)
if (argc == 50) {
free(buf);
free(argv);
syslog(LOG_ERR, "Error: too many parameters in config file %s", fname);
logit(LOG_ERR, "Error: too many parameters in config file %s", fname);
return ERROR;
}
@ -594,22 +615,22 @@ void set_timeout_state (char *state) {
int parse_timeout_string (char *timeout_str)
{
char *seperated_str;
char *separated_str;
char *timeout_val = NULL;
char *timeout_sta = NULL;
if (strstr(timeout_str, ":") == NULL)
timeout_val = timeout_str;
else if (strncmp(timeout_str, ":", 1) == 0) {
seperated_str = strtok(timeout_str, ":");
if (seperated_str != NULL)
timeout_sta = seperated_str;
separated_str = strtok(timeout_str, ":");
if (separated_str != NULL)
timeout_sta = separated_str;
} else {
seperated_str = strtok(timeout_str, ":");
timeout_val = seperated_str;
seperated_str = strtok(NULL, ":");
if (seperated_str != NULL) {
timeout_sta = seperated_str;
separated_str = strtok(timeout_str, ":");
timeout_val = separated_str;
separated_str = strtok(NULL, ":");
if (separated_str != NULL) {
timeout_sta = separated_str;
}
}
@ -645,7 +666,7 @@ void usage(int result)
printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
" [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n"
" [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n"
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n"
" [-c <command>] [-a <arglist...>]\n");
printf("\n");
printf("Options:\n");
@ -655,7 +676,7 @@ void usage(int result)
printf(" -6 = bind to ipv6 only\n");
printf(" -n = Do no use SSL\n");
printf
(" -u = (DEPRECATED) Make timeouts return UNKNOWN instead of CRITICAL\n");
(" -u = Make connection problems return UNKNOWN instead of CRITICAL\n");
printf(" -V = Show version\n");
printf(" -l = Show license\n");
printf(" <dhopt> = Anonymous Diffie Hellman use:\n");
@ -665,10 +686,14 @@ void usage(int result)
printf(" 2 = Force Anonymous Diffie Hellman\n");
printf(" <size> = Specify non-default payload size for NSClient++\n");
printf
(" <ssl ver> = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
printf(" SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
printf(" TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
(" <ssl ver> = The SSL/TLS version to use. Can be any one of:\n");
#if OPENSSL_VERSION_NUMBER < 0x10100000
printf(" SSLv2 (only), SSLv2+ (or above),\n");
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
printf(" SSLv3 (only), SSLv3+ (or above),\n");
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT),\n");
printf(" TLSv1.1 (only), TLSv1.1+ (or above),\n");
printf(" TLSv1.2 (only), TLSv1.2+ (or above)\n");
printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
printf
(" to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
@ -678,6 +703,7 @@ void usage(int result)
printf(" <logopts> = SSL Logging Options\n");
printf(" <bindaddr> = bind to local address\n");
printf(" <cfg-file> = configuration file to use\n");
printf(" <log-file> = full path to the log file to write to\n");
printf(" [port] = The port on which the daemon is running (default=%d)\n",
DEFAULT_SERVER_PORT);
printf(" [command] = The name of the command that the remote daemon should run\n");
@ -717,25 +743,26 @@ void usage(int result)
void setup_ssl()
{
#ifdef HAVE_SSL
int vrfy;
int vrfy, x;
if (sslprm.log_opts & SSL_LogStartup) {
char *val;
syslog(LOG_INFO, "SSL Certificate File: %s",
logit(LOG_INFO, "SSL Certificate File: %s",
sslprm.cert_file ? sslprm.cert_file : "None");
syslog(LOG_INFO, "SSL Private Key File: %s",
logit(LOG_INFO, "SSL Private Key File: %s",
sslprm.privatekey_file ? sslprm.privatekey_file : "None");
syslog(LOG_INFO, "SSL CA Certificate File: %s",
logit(LOG_INFO, "SSL CA Certificate File: %s",
sslprm.cacert_file ? sslprm.cacert_file : "None");
if (sslprm.allowDH < 2)
syslog(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
else
syslog(LOG_INFO, "SSL Cipher List: ADH");
syslog(LOG_INFO, "SSL Allow ADH: %s",
logit(LOG_INFO, "SSL Cipher List: ADH");
logit(LOG_INFO, "SSL Allow ADH: %s",
sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
switch (sslprm.ssl_min_ver) {
logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
switch (sslprm.ssl_proto_ver) {
case SSLv2:
val = "SSLv2";
break;
@ -770,56 +797,125 @@ void setup_ssl()
val = "INVALID VALUE!";
break;
}
syslog(LOG_INFO, "SSL Version: %s", val);
logit(LOG_INFO, "SSL Version: %s", val);
}
/* initialize SSL */
if (use_ssl == TRUE) {
SSL_load_error_strings();
SSL_library_init();
#if OPENSSL_VERSION_NUMBER >= 0x10100000
meth = TLS_method();
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
meth = SSLv23_client_method();
# ifndef OPENSSL_NO_SSL2
if (sslprm.ssl_min_ver == SSLv2)
if (sslprm.ssl_proto_ver == SSLv2)
meth = SSLv2_client_method();
# endif
# ifndef OPENSSL_NO_SSL3
if (sslprm.ssl_min_ver == SSLv3)
if (sslprm.ssl_proto_ver == SSLv3)
meth = SSLv3_client_method();
# endif
if (sslprm.ssl_min_ver == TLSv1)
if (sslprm.ssl_proto_ver == TLSv1)
meth = TLSv1_client_method();
# ifdef SSL_TXT_TLSV1_1
if (sslprm.ssl_min_ver == TLSv1_1)
if (sslprm.ssl_proto_ver == TLSv1_1)
meth = TLSv1_1_client_method();
# ifdef SSL_TXT_TLSV1_2
if (sslprm.ssl_min_ver == TLSv1_2)
if (sslprm.ssl_proto_ver == TLSv1_2)
meth = TLSv1_2_client_method();
# endif
# endif
# endif /* ifdef SSL_TXT_TLSV1_2 */
# endif /* ifdef SSL_TXT_TLSV1_1 */
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
if ((ctx = SSL_CTX_new(meth)) == NULL) {
printf("CHECK_NRPE: Error - could not create SSL context.\n");
exit(STATE_CRITICAL);
}
if (sslprm.ssl_min_ver >= SSLv3) {
ssl_opts |= SSL_OP_NO_SSLv2;
if (sslprm.ssl_min_ver >= TLSv1)
#if OPENSSL_VERSION_NUMBER >= 0x10100000
SSL_CTX_set_max_proto_version(ctx, 0);
switch(sslprm.ssl_proto_ver) {
case TLSv1_2:
SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
case TLSv1_2_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
break;
case TLSv1_1:
SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
case TLSv1_1_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
break;
case TLSv1:
SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
case TLSv1_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
break;
case SSLv3:
SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
case SSLv3_plus:
SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
break;
}
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
switch(sslprm.ssl_proto_ver) {
case SSLv2:
case SSLv2_plus:
break;
case TLSv1_2:
case TLSv1_2_plus:
#ifdef SSL_OP_NO_TLSv1_1
ssl_opts |= SSL_OP_NO_TLSv1_1;
#endif
case TLSv1_1:
case TLSv1_1_plus:
ssl_opts |= SSL_OP_NO_TLSv1;
case TLSv1:
case TLSv1_plus:
ssl_opts |= SSL_OP_NO_SSLv3;
case SSLv3:
case SSLv3_plus:
ssl_opts |= SSL_OP_NO_SSLv2;
break;
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
SSL_CTX_set_options(ctx, ssl_opts);
if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx);
printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Error: could not use certificate file '%s': %s\n",
sslprm.cert_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx);
printf("Error: could not use private key file '%s'.\n",
sslprm.privatekey_file);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Error: could not use private key file '%s': %s\n",
sslprm.privatekey_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
}
@ -828,8 +924,12 @@ void setup_ssl()
vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
SSL_CTX_free(ctx);
printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Error: could not use CA certificate '%s': %s\n",
sslprm.privatekey_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
}
@ -838,7 +938,7 @@ void setup_ssl()
if (strlen(sslprm.cipher_list) < sizeof(sslprm.cipher_list) - 6) {
strcat(sslprm.cipher_list, ":!ADH");
if (sslprm.log_opts & SSL_LogStartup)
syslog(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
logit(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
}
} else {
/* use anonymous DH ciphers */
@ -847,15 +947,19 @@ void setup_ssl()
}
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
SSL_CTX_free(ctx);
printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Could not set SSL/TLS cipher list '%s': %s\n",
sslprm.cipher_list, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
}
#endif
}
void set_sig_hadlers()
void set_sig_handlers()
{
#ifdef HAVE_SIGACTION
struct sigaction sig_action;
@ -880,12 +984,12 @@ int connect_to_remote()
struct sockaddr addr;
struct in_addr *inaddr;
socklen_t addrlen;
int result, rc, ssl_err, ern;
int result, rc, ssl_err, ern, x, nerrs = 0;
/* try to connect to the host at the given port number */
if ((sd =
my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
exit(STATE_CRITICAL);
exit(timeout_return_code);
result = STATE_OK;
addrlen = sizeof(addr);
@ -901,7 +1005,7 @@ int connect_to_remote()
strncpy(rem_host, "Unknown", sizeof(rem_host));
rem_host[MAX_HOST_ADDRESS_LENGTH - 1] = '\0';
if ((sslprm.log_opts & SSL_LogIpAddr) != 0)
syslog(LOG_DEBUG, "Connected to %s", rem_host);
logit(LOG_DEBUG, "Connected to %s", rem_host);
#ifdef HAVE_SSL
if (use_ssl == FALSE)
@ -919,20 +1023,26 @@ int connect_to_remote()
ssl_err = SSL_get_error(ssl, rc);
if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
int x, nerrs = 0;
rc = 0;
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
rem_host, ERR_reason_error_string(x));
++nerrs;
}
if (nerrs == 0)
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
rem_host, rc, ssl_err);
} else
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
rem_host, rc, ssl_err);
} else {
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
rem_host, ERR_reason_error_string(x));
++nerrs;
}
if (nerrs == 0)
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: "
"rc=%d SSL-error=%d", rem_host, rc, ssl_err);
}
if (ssl_err == 5) {
/* Often, errno will be zero, so print a generic message here */
@ -961,7 +1071,7 @@ int connect_to_remote()
} else {
if (sslprm.log_opts & SSL_LogVersion)
syslog(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
logit(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
if (sslprm.log_opts & SSL_LogCipher) {
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
@ -969,7 +1079,7 @@ int connect_to_remote()
# else
const SSL_CIPHER *c = SSL_get_current_cipher(ssl);
# endif
syslog(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
}
@ -979,16 +1089,17 @@ int connect_to_remote()
if (peer) {
if (sslprm.log_opts & SSL_LogIfClientCert)
syslog(LOG_NOTICE, "SSL %s has %s certificate",
rem_host, peer->valid ? "a valid" : "an invalid");
logit(LOG_NOTICE, "SSL %s has %s certificate",
rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
if (sslprm.log_opts & SSL_LogCertDetails) {
syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
logit(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
logit(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
}
} else
syslog(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
logit(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
}
}
@ -1095,7 +1206,7 @@ int read_response()
int rc, result;
alarm(0);
set_sig_hadlers();
set_sig_handlers();
#ifdef HAVE_SSL
rc = read_packet(sd, ssl, &v2_receive_packet, &v3_receive_packet);
@ -1240,7 +1351,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
} else
buffer_size = pkt_size - common_size;
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
memcpy(*v2_pkt, &packet, common_size);
@ -1266,7 +1377,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
buffer_size = ntohl(buffer_size);
pkt_size += buffer_size;
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
@ -1329,7 +1440,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
} else
buffer_size = pkt_size - common_size;
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
memcpy(*v2_pkt, &packet, common_size);
@ -1361,7 +1472,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
buffer_size = ntohl(buffer_size);
pkt_size += buffer_size;
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
@ -1427,11 +1538,11 @@ int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
&& (sslprm.log_opts & SSL_LogCertDetails)) {
syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
name, issuer, err, X509_verify_cert_error_string(err));
}

532
src/nrpe.c
View File

File diff suppressed because it is too large Load Diff

6
src/snprintf.c
View File

@ -77,7 +77,7 @@
* Fix incorrect zpadlen handling in fmtfp.
* Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
* few mods to make it easier to compile the tests.
* addedd the "Ollie" test to the floating point ones.
* added the "Ollie" test to the floating point ones.
*
* Martin Pool (mbp@samba.org) April 2003
* Remove NO_CONFIG_H so that the test case can be built within a source
@ -847,7 +847,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
spadlen = 0;
}
if (flags & DP_F_MINUS)
spadlen = -spadlen; /* Left Justifty */
spadlen = -spadlen; /* Left Justify */
#ifdef DEBUG_SNPRINTF
printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
@ -1055,7 +1055,7 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
if (padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen; /* Left Justifty */
padlen = -padlen; /* Left Justify */
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {

157
src/utils.c
View File

@ -31,10 +31,17 @@
#include "../include/common.h"
#include "../include/utils.h"
#include <stdarg.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifndef HAVE_ASPRINTF
extern int asprintf(char **ptr, const char *format, ...);
#endif
#ifndef HAVE_VASPRINTF
extern int vasprintf(char **ptr, const char *format, va_list ap);
#endif
#ifndef NI_MAXSERV
# define NI_MAXSERV 32
@ -48,6 +55,9 @@ extern char **environ;
static unsigned long crc32_table[256];
char *log_file = NULL;
FILE *log_fp = NULL;
static int my_create_socket(struct addrinfo *ai, const char *bind_address);
@ -231,7 +241,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
syslog(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
logit(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
gai_strerror(gaierr));
exit(1);
}
@ -242,7 +252,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
int clean_environ(const char *keep_env_vars, const char *nrpe_user)
{
#ifdef HAVE_PATHS_H
#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH)
static char *path = _PATH_STDPATH;
#else
static char *path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
@ -257,7 +267,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
else
asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
if (keep == NULL) {
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
@ -269,7 +279,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
}
if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
@ -283,7 +293,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
free(keep);
free(kept);
free(var);
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
if (len >= var_sz) {
@ -309,17 +319,24 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
free(keep);
free(kept);
pw = (struct passwd *)getpwnam(nrpe_user);
if (pw == NULL)
return OK;
setenv("PATH", path, 1);
setenv("IFS", " \t\n", 1);
setenv("HOME", pw->pw_dir, 0);
setenv("SHELL", pw->pw_shell, 0);
setenv("LOGNAME", nrpe_user, 0);
setenv("USER", nrpe_user, 0);
pw = (struct passwd *)getpwnam(nrpe_user);
if (pw == NULL) {
char *end = NULL;
uid_t uid = strtol(nrpe_user, &end, 10);
if (uid > 0)
pw = (struct passwd *)getpwuid(uid);
if (pw == NULL || *end != '\0')
return OK;
}
setenv("HOME", pw->pw_dir, 0);
setenv("SHELL", pw->pw_shell, 0);
return OK;
}
@ -450,53 +467,87 @@ char *my_strsep(char **stringp, const char *delim)
return begin;
}
int b64_decode(unsigned char *encoded)
void open_log_file()
{
static const char *b64 = {
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
};
int i, j, l, padding = 0;
unsigned char c[4], *outp = encoded;
int fh;
int flags = O_RDWR|O_APPEND|O_CREAT;
struct stat st;
union {
unsigned c3;
struct {
unsigned f1:6;
unsigned f2:6;
unsigned f3:6;
unsigned f4:6;
} fields;
} enc;
close_log_file();
enc.c3 = 0;
l = strlen((char *)encoded);
for (i = 0; i < l; i += 4) {
for (j = 0; j < 4; ++j) {
if (encoded[i + j] == '=') {
c[j] = 0;
++padding;
} else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
c[j] = encoded[i + j] - 'A';
else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
c[j] = encoded[i + j] - 'a' + 26;
else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
c[j] = encoded[i + j] - '0' + 52;
else if (encoded[i + j] == '+')
c[j] = encoded[i + j] - '+' + 62;
else
c[j] = encoded[i + j] - '/' + 63;
}
enc.fields.f1 = c[3];
enc.fields.f2 = c[2];
enc.fields.f3 = c[1];
enc.fields.f4 = c[0];
*outp++ = (enc.c3 >> 16) & 0xff;
*outp++ = (enc.c3 >> 8) & 0xff;
*outp++ = (enc.c3) & 0xff;
if (!log_file)
return;
#ifdef O_NOFOLLOW
flags |= O_NOFOLLOW;
#endif
if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
}
*outp = '\0';
log_fp = fdopen(fh, "a+");
if(log_fp == NULL) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
}
return outp - encoded - padding;
if ((fstat(fh, &st)) == -1) {
log_fp = NULL;
close(fh);
printf("Warning: Cannot fstat log file '%s'\n", log_file);
logit(LOG_WARNING, "Warning: Cannot fstat log file '%s'", log_file);
return;
}
if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
log_fp = NULL;
close(fh);
printf("Warning: log file '%s' has an invalid mode\n", log_file);
logit(LOG_WARNING, "Warning: log file '%s' has an invalid mode", log_file);
return;
}
(void)fcntl(fileno(log_fp), F_SETFD, FD_CLOEXEC);
}
void logit(int priority, const char *format, ...)
{
time_t log_time = 0L;
va_list ap;
char *buffer = NULL;
if (!format || !*format)
return;
va_start(ap, format);
if(vasprintf(&buffer, format, ap) > 0) {
if (log_fp) {
time(&log_time);
/* strip any newlines from the end of the buffer */
strip(buffer);
/* write the buffer to the log file */
fprintf(log_fp, "[%llu] %s\n", (unsigned long long)log_time, buffer);
fflush(log_fp);
} else
syslog(priority, "%s", buffer);
free(buffer);
}
va_end(ap);
}
void close_log_file()
{
if(!log_fp)
return;
fflush(log_fp);
fclose(log_fp);
log_fp = NULL;
return;
}
/* show license */

3
startup/default-service.in
View File

@ -1,5 +1,5 @@
[Unit]
Description=Nagios Remote Program Executor
Description=Nagios Remote Plugin Executor
Documentation=http://www.nagios.org/documentation
After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
Before=getty@tty1.service plymouth-quit.service xdm.service
@ -15,6 +15,7 @@ PIDFile=@piddir@/nrpe.pid
RuntimeDirectory=nrpe
RuntimeDirectoryMode=0755
ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
ExecReload=/bin/kill -HUP $MAINPID
ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
TimeoutStopSec=60
User=@nrpe_user@

2
startup/default-socket-svc.in
View File

@ -1,5 +1,5 @@
[Unit]
Description=Nagios Remote Program Executor
Description=Nagios Remote Plugin Executor
Documentation=http://www.nagios.org/documentation
After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target

2
startup/default-socket.in
View File

@ -1,5 +1,5 @@
[Unit]
Description=Nagios Remote Program Executor
Description=Nagios Remote Plugin Executor
Documentation=http://www.nagios.org/documentation
Before=nrpe.service
Conflicts=nrpe.service

2
startup/default-xinetd.in
View File

@ -11,5 +11,5 @@ service nrpe
server = @sbindir@/nrpe
server_args = -c @pkgsysconfdir@/nrpe.cfg --inetd
only_from = 127.0.0.1
log_on_failure += USERID
log_on_success =
}

16
update-version
View File

@ -20,18 +20,18 @@ fi
# Get date (two formats)
if [ -n "$2" ]; then
LONGDATE=`date -d "$2" "+%B %d, %Y"`
SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
SHORTDATE=$(date -u -d "$2" "+%Y-%m-%d")
else
LONGDATE=`date "+%B %d, %Y"`
SHORTDATE=`date "+%m-%d-%Y"`
LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%Y-%m-%d")
fi
# Current version number
CURRENTVERSION=3.0.1
CURRENTVERSION=3.1.1
# Last date
LASTDATE=09-08-2016
LASTDATE=2017-05-24
if [ "x$1" = "x" ]
then
@ -73,8 +73,8 @@ perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.ac
autoconf
# Update RPM spec file with version number
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec.in
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec.in
# Update this file with version number and last date
perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version