Imported Upstream version 2.15

SECURITY

@@ -0,0 +1,131 @@
+********************
+NRPE SECURITY README
+********************
+
+
+TCP WRAPPER SUPPORT
+===================
+
+NRPE 2.x includes native support for TCP wrappers.  The older
+host access list directive was removed from the config file.
+Make sure your system supports TCP wrappers before running NRPE.
+Once you compile NRPE you can check to see if it has wrapper
+support built in by running the daemon from the command line
+without any arguments like this:
+
+	./nrpe --help
+
+
+
+
+COMMAND ARGUMENTS
+=================
+
+NRPE 2.0 includes the ability for clients to supply arguments to
+commands which should be run.  Please note that this feature
+should be considered a security risk, and you should only use
+it if you know what you're doing!
+
+
+BASH COMMAND SUBSTITUTION
+-------------------------
+
+Even with the metacharacter restrictions below, if command arguments 
+are enabled, it is still possible to send bash command substitions 
+in the form $(...) as an agrument. This is explicity disabled by 
+default, but can be enabled by a configure-time option and a
+configuration file option. Enabling this option is VERY RISKY and 
+its use is HIGHLY DISCOURAGED.
+
+
+ENABLING ARGUMENTS
+------------------
+
+To enable support for command argument in the daemon, you must
+do two things:
+
+   1.  Run the configure script with the --enable-command-args 
+       option
+
+   2.  Set the 'dont_blame_nrpe' directive in the NRPE config
+       file to 1.
+
+
+ENABLING BASH COMMAND SUBSTITUTION
+----------------------------------
+
+To enable support for arguments containing bash command substitions, 
+you must do two things:
+
+   1.  Enable arguments as described above
+
+   2.  Include the --enable-bash-command-substitution configure
+       option when running the configure script
+
+   3.  Set the 'allow_bash_command_substitutions' directive in the 
+       NRPE config file to 1.
+
+
+ILLEGAL METACHARS
+-----------------
+
+To help prevent some nasty things from being done by evil 
+clients, the following metacharacters are not allowed
+in client command arguments:
+
+   | ` & > < ' " \ [ ] { } ; !
+
+Any client request which contains the abovementioned metachars
+is discarded.
+
+
+USER/GROUP RESTRICTIONS
+-----------------------
+
+The NRPE daemon cannot be run with (effective) root user/group
+privileges.  You must run the daemon with an account that does
+not have superuser rights.  Use the nrpe_user and nrpe_group
+directives in the config file to specify which user/group the
+daemon should run as.
+
+
+ENCRYPTION
+----------
+
+If you do enable support for command arguments in the NRPE daemon,
+make sure that you encrypt communications either by using:
+
+   1.  Stunnel (see http://www.stunnel.org for more info)
+   2.  Native SSL support
+
+Do NOT assume that just because the daemon is behind a firewall
+that you are safe!  Always encrypt NRPE traffic!
+
+
+USING ARGUMENTS
+---------------
+
+How do you use command arguments?  Well, lets say you define a
+command in the NRPE config file that looks like this:
+
+	command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
+
+You could then call the check_nrpe plugin like this:
+
+	./check_nrpe -H <host> -c check_users -a 5 10
+
+The arguments '5' and '10' get substituted into the appropriate
+$ARGx$ macros in the command ($ARG1$ and $ARG2$, respectively).
+The command that would be executed by the NRPE daemon would look
+like this:
+
+	/usr/local/nagios/libexec/check_users -w 5 -c 10
+
+You can supply up to 16 arguments to be passed to the command
+for substitution in $ARG$ macros ($ARG1$ - $ARG16$).
+
+
+
+
+    -- Ethan Galstad (nagios@nagios.org)
+