Imported Debian patch 3.1.1-1
This commit is contained in:
commit
4fa3978984
53
Changelog
53
Changelog
@ -2,6 +2,59 @@
|
||||
NRPE Changelog
|
||||
**************
|
||||
|
||||
3.1.1 - 2017-05-24
|
||||
------------------
|
||||
FIXES
|
||||
- The '--log-file=' or '-g' option is missing from the help (John Frickson)
|
||||
- check_nrpe = segfault when specifying a config file (John Frickson)
|
||||
- Alternate log file not being used soon enough (John Frickson)
|
||||
- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
|
||||
- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
|
||||
- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
|
||||
- Fix build failure with -Werror=format-security (Bas Couwenberg)
|
||||
- Fixed a typo in `nrpe.spec.in` (John Frickson)
|
||||
- More detailed error logging for SSL (John Frickson)
|
||||
- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
|
||||
|
||||
|
||||
3.1.0 - 2017-04-17
|
||||
------------------
|
||||
ENHANCEMENTS
|
||||
- Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
|
||||
- While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
|
||||
- nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
|
||||
- check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
|
||||
|
||||
FIXES
|
||||
- Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
|
||||
- Fix help output for ssl option (configure) (Ruben Kerkhof)
|
||||
- Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
|
||||
- Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
|
||||
- Cleanup of config.h.in suggested by Ruben Kerkhof
|
||||
- Minor change to logging in check_nrpe (John Frickson)
|
||||
- Solaris 11 detection is broken in configure (John Frickson)
|
||||
- Removed function `b64_decode` which wasn't being used (John Frickson)
|
||||
- check_nrpe ignores -a option when -f option is specified (John Frickson)
|
||||
- Added missing LICENSE file (John Frickson)
|
||||
- Off-by-one BO in my_system() (John Frickson)
|
||||
- Got rid of some compiler warnings (Stefan Krüger / John Frickson)
|
||||
- Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
|
||||
- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
|
||||
- "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
|
||||
- nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
|
||||
- Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
|
||||
- Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
|
||||
- Fix systemd unit description (Bas Couwenberg)
|
||||
- Add reload command to systemd service file (Bas Couwenberg)
|
||||
- fix file not found error when updating version (Sven Nierlein)
|
||||
- Spelling fixes (Josh Soref)
|
||||
- Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
|
||||
- xinetd.d parameter causes many messages in log file (John Frickson)
|
||||
- Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
|
||||
- PATH and other environment variables not set with numeric nrpe_user (John Frickson)
|
||||
- rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
|
||||
|
||||
|
||||
3.0.1 - 2016-09-08
|
||||
------------------
|
||||
FIXES
|
||||
|
339
LICENSE
Normal file
339
LICENSE
Normal file
@ -0,0 +1,339 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Lesser General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License.
|
@ -70,7 +70,7 @@ all:
|
||||
echo "";\
|
||||
echo "You can now continue with the installation or upgrade process.";\
|
||||
echo "";\
|
||||
echo "Read the PDF documentation (NRPE.pdf) for information on the next";\
|
||||
echo "Read the PDF documentation (docs/NRPE.pdf) for information on the next";\
|
||||
echo "steps you should take to complete the installation or upgrade.";\
|
||||
echo ""
|
||||
|
||||
@ -126,7 +126,9 @@ install-init:
|
||||
launchctl load $(INIT_DIR)/$(INIT_FILE); \
|
||||
else\
|
||||
if test -f /sbin/chkconfig ; then \
|
||||
/sbin/chkconfig nrpe on;\
|
||||
case "$(DESTDIR)" in */rpmbuild/*) break;; \
|
||||
*)/sbin/chkconfig nrpe on;; \
|
||||
esac; \
|
||||
else\
|
||||
echo "Make sure to enable the nrpe daemon";\
|
||||
fi;\
|
||||
|
@ -171,14 +171,14 @@ run the nrpe daemon: `db_server` and `bobs_workstation`.
|
||||
As root, do the following:
|
||||
|
||||
mkdir -p -m 750 /usr/local/nagios/etc/ssl
|
||||
chown root.nagios /usr/local/nagios/etc/ssl
|
||||
chown root:nagios /usr/local/nagios/etc/ssl
|
||||
cd /usr/local/nagios/etc/ssl
|
||||
mkdir -m 750 ca
|
||||
chown root.root ca
|
||||
chown root:root ca
|
||||
mkdir -m 750 server_certs
|
||||
chown root.nagios server_certs
|
||||
chown root:nagios server_certs
|
||||
mkdir -m 750 client_certs
|
||||
chown root.nagios client_certs
|
||||
chown root:nagios client_certs
|
||||
|
||||
|
||||
####Create Certificate Authority
|
||||
@ -229,7 +229,7 @@ If you have the default `/etc/openssl.cnf`, either change it, or as root, do:
|
||||
mkdir demoCA/newcerts
|
||||
touch demoCA/index.txt
|
||||
echo "01" > demoCA/serial
|
||||
chown -R root.root demoCA
|
||||
chown -R root:root demoCA
|
||||
chmod 700 demoCA
|
||||
chmod 700 demoCA/newcerts
|
||||
chmod 600 demoCA/serial
|
||||
@ -242,13 +242,13 @@ Now, sign the CSRs. As root, do the following:
|
||||
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
|
||||
-in server_certs/db_server.csr \
|
||||
-out server_certs/db_server.pem
|
||||
chown root.nagios server_certs/db_server.pem
|
||||
chown root:nagios server_certs/db_server.pem
|
||||
chmod 440 server_certs/db_server.pem
|
||||
openssl ca -days 365 -notext -md sha256 \
|
||||
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
|
||||
-in server_certs/bobs_workstation.csr \
|
||||
-out server_certs/bobs_workstation.pem
|
||||
chown root.nagios server_certs/bobs_workstation.pem
|
||||
chown root:nagios server_certs/bobs_workstation.pem
|
||||
chmod 440 server_certs/bobs_workstation.pem
|
||||
|
||||
Now, copy the `db_server.pem` and `db_server.key` files to the
|
||||
@ -271,7 +271,7 @@ running the check_nrpe program.
|
||||
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
|
||||
-in client_certs/nag_serv.csr \
|
||||
-out client_certs/nag_serv.pem
|
||||
chown root.nagios client_certs/nag_serv.pem
|
||||
chown root:nagios client_certs/nag_serv.pem
|
||||
chmod 440 client_certs/nag_serv.pem
|
||||
|
||||
Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`
|
||||
|
@ -46,7 +46,7 @@ do two things:
|
||||
|
||||
#### ENABLING BASH COMMAND SUBSTITUTION ####
|
||||
|
||||
To enable support for arguments containing bash command substitions,
|
||||
To enable support for arguments containing bash command substitutions,
|
||||
you must do two things:
|
||||
|
||||
1. Enable arguments as described above
|
||||
@ -64,7 +64,7 @@ To help prevent some nasty things from being done by evil
|
||||
clients, the following metacharacters are not allowed
|
||||
in client command arguments:
|
||||
|
||||
| ` & > < ' " \ [ ] { } ; !
|
||||
| ` & > < ' \ [ ] { } ; ! \r \n
|
||||
|
||||
Any client request which contains the above mentioned metachars
|
||||
is discarded.
|
||||
|
9
THANKS
9
THANKS
@ -4,10 +4,12 @@ Andrew Boyce-Lewis
|
||||
Andrew Ryder
|
||||
Andrew Widdersheim
|
||||
Bartosz Woronicz
|
||||
Bas Couwenberg
|
||||
Bill Mitchell
|
||||
Bjoern Beutel
|
||||
Brian Seklecki
|
||||
Derrick Bennett
|
||||
Elan Ruusamäe
|
||||
Eric Mislivec
|
||||
Eric Stanley
|
||||
Gerhard Lausser
|
||||
@ -17,8 +19,10 @@ Grégory Starck
|
||||
James Peterson
|
||||
Jari Takkala
|
||||
Jason Cook
|
||||
Jobst Schmalenbach
|
||||
John Maag
|
||||
Jon Andrews
|
||||
Josh Soref
|
||||
Kaspersky Lab
|
||||
Kevin Pendleton
|
||||
Konstantin Malov
|
||||
@ -30,13 +34,18 @@ Matthias Flacke
|
||||
Niels Endres
|
||||
Patric Wust
|
||||
Peter Palfrader
|
||||
Philippe Kueck
|
||||
Rene Klootwijk
|
||||
Robert Peaslee
|
||||
Ruben Kerkhof
|
||||
Ryan McGarry
|
||||
Ryan Ordway
|
||||
Sean Finney
|
||||
Spenser Reinhardt
|
||||
Stefan Krüger
|
||||
Stephen Smoogen
|
||||
Subhendu Ghosh
|
||||
Sven Nierlein
|
||||
Thierry Bertaud
|
||||
Ton Voon
|
||||
Vadim Antipov
|
||||
|
219
configure
vendored
219
configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for nrpe 3.0.1.
|
||||
# Generated by GNU Autoconf 2.69 for nrpe 3.1.1.
|
||||
#
|
||||
# Report bugs to <nagios-users@lists.sourceforge.net>.
|
||||
#
|
||||
@ -580,8 +580,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='nrpe'
|
||||
PACKAGE_TARNAME='nrpe'
|
||||
PACKAGE_VERSION='3.0.1'
|
||||
PACKAGE_STRING='nrpe 3.0.1'
|
||||
PACKAGE_VERSION='3.1.1'
|
||||
PACKAGE_STRING='nrpe 3.1.1'
|
||||
PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
|
||||
PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
|
||||
|
||||
@ -630,6 +630,7 @@ SSL_LIB_DIR
|
||||
SSL_INC_PREFIX
|
||||
SSL_HDR
|
||||
SSL_INC_DIR
|
||||
SSL_TYPE
|
||||
HAVE_SSL
|
||||
EGREP
|
||||
GREP
|
||||
@ -756,6 +757,7 @@ with_logdir
|
||||
with_piddir
|
||||
with_pipedir
|
||||
enable_ssl
|
||||
with_need_dh
|
||||
with_ssl
|
||||
with_ssl_inc
|
||||
with_ssl_lib
|
||||
@ -1318,7 +1320,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures nrpe 3.0.1 to adapt to many kinds of systems.
|
||||
\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1368,7 +1370,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of nrpe 3.0.1:";;
|
||||
short | recursive ) echo "Configuration of nrpe 3.1.1:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1388,7 +1390,7 @@ Optional Features:
|
||||
'--enable-install-method', so you can see the
|
||||
destinations before a full './configure', 'make',
|
||||
'make install' process.
|
||||
--enable-ssl enables native SSL support
|
||||
--disable-ssl disables native SSL support [default=check]
|
||||
--enable-command-args allows clients to specify command arguments. ***
|
||||
THIS IS A SECURITY RISK! *** Read the SECURITY file
|
||||
before using this option!
|
||||
@ -1421,6 +1423,7 @@ Optional Packages:
|
||||
--with-logdir=DIR where log files should be placed
|
||||
--with-piddir=DIR where the PID file should be placed
|
||||
--with-pipedir=DIR where socket and pipe files should be placed
|
||||
--with-need-dh set to 'no' to not include Diffie-Hellman SSL logic
|
||||
--with-ssl=DIR sets location of the SSL installation
|
||||
--with-ssl-inc=DIR sets location of the SSL include files
|
||||
--with-ssl-lib=DIR sets location of the SSL libraries
|
||||
@ -1513,7 +1516,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
nrpe configure 3.0.1
|
||||
nrpe configure 3.1.1
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@ -2119,7 +2122,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by nrpe $as_me 3.0.1, which was
|
||||
It was created by nrpe $as_me 3.1.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -2484,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
|
||||
|
||||
|
||||
PKG_NAME=nrpe
|
||||
PKG_VERSION="3.0.1"
|
||||
PKG_VERSION="3.1.1"
|
||||
PKG_HOME_URL="http://www.nagios.org/"
|
||||
PKG_REL_DATE="09-08-2016"
|
||||
PKG_REL_DATE="2017-05-24"
|
||||
RPM_RELEASE=1
|
||||
|
||||
LANG=C
|
||||
@ -2751,10 +2754,12 @@ fi
|
||||
bsd) :
|
||||
dist_type=`uname -s | tr "A-Z" "a-z"`
|
||||
dist_ver=`uname -r` ;; #(
|
||||
aix|hp-ux) :
|
||||
dist_ver=$OSTYPE ;; #(
|
||||
aix) :
|
||||
dist_ver="`uname -v`.`uname -r`" ;; #(
|
||||
hp-ux) :
|
||||
dist_ver=`uname -r | cut -d'.' -f1-3` ;; #(
|
||||
solaris) :
|
||||
dist_ver=`echo $OSTYPE | cut -d'.' -f2` ;; #(
|
||||
dist_ver=`uname -r | cut -d'.' -f2` ;; #(
|
||||
*) :
|
||||
dist_ver=$OSTYPE
|
||||
;; #(
|
||||
@ -2888,20 +2893,19 @@ fi
|
||||
elif test "$dist_type" = "slackware"; then
|
||||
init_type="bsd"
|
||||
init_type_wanted=no
|
||||
elif test "$dist_type" = "aix"; then
|
||||
init_type="bsd"
|
||||
init_type_wanted=no
|
||||
elif test "$dist_type" = "hp-ux"; then
|
||||
init_type="unknown"
|
||||
init_type_wanted=no
|
||||
fi
|
||||
fi
|
||||
|
||||
PSCMD="ps -p1 -o args"
|
||||
case $dist_type in #(
|
||||
aix) :
|
||||
PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
|
||||
solaris) :
|
||||
PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
|
||||
hp-ux) :
|
||||
PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
|
||||
*) :
|
||||
;;
|
||||
esac
|
||||
if test $dist_type = solaris; then
|
||||
PSCMD="env UNIX95=1; ps -p1 -o args"
|
||||
fi
|
||||
|
||||
if test "$init_type_wanted" = yes; then
|
||||
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
|
||||
@ -2948,7 +2952,7 @@ esac
|
||||
|
||||
if test "$init_type_wanted" = yes; then
|
||||
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
|
||||
if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
|
||||
if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
|
||||
init_type="upstart"
|
||||
init_type_wanted=no
|
||||
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
|
||||
@ -3018,29 +3022,29 @@ fi
|
||||
|
||||
inetd_disabled=""
|
||||
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
elif test "$opsys" = "osx"; then
|
||||
inetd_type="launchd"
|
||||
fi
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
case $dist_type in #(
|
||||
case $dist_type in #(
|
||||
solaris) :
|
||||
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi ;; #(
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi ;; #(
|
||||
*bsd*) :
|
||||
inetd_type=`ps -A -o comm -c | grep inetd` ;; #(
|
||||
osx) :
|
||||
inetd_type=`launchd` ;; #(
|
||||
aix|hp-ux) :
|
||||
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #(
|
||||
*) :
|
||||
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #(
|
||||
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #(
|
||||
*) :
|
||||
;;
|
||||
esac
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
@ -3154,16 +3158,21 @@ case $dist_type in #(
|
||||
esac
|
||||
|
||||
|
||||
need_cgi=no
|
||||
need_web=no
|
||||
need_brk=no
|
||||
need_plg=no
|
||||
need_pipe=no
|
||||
need_spl=no
|
||||
need_loc=no
|
||||
need_log_subdir=no
|
||||
need_etc_subdir=no
|
||||
need_pls_dir=no
|
||||
# Does this package need to know:
|
||||
need_cgi=no # where the cgi-bin directory is
|
||||
need_web=no # where the website directory is
|
||||
need_brk=no # where the event broker modules directory is
|
||||
need_plg=no # where the plugins directory is
|
||||
need_pipe=no # where the pipe directory is
|
||||
need_spl=no # where the spool directory is
|
||||
need_loc=no # where the locale directory is
|
||||
need_log_subdir=no # where the loc sub-directory is
|
||||
need_etc_subdir=no # where the etc sub-directory is
|
||||
need_pls_dir=no # where the package locate state directory is
|
||||
|
||||
if test x"$INIT_PROG" = x; then
|
||||
INIT_PROG="$PKG_NAME"
|
||||
fi
|
||||
|
||||
case $PKG_NAME in #(
|
||||
nagios) :
|
||||
@ -3177,7 +3186,8 @@ case $PKG_NAME in #(
|
||||
need_cgi=yes
|
||||
need_web=yes ;; #(
|
||||
ndoutils) :
|
||||
need_spl=yes ;; #(
|
||||
need_brk=yes
|
||||
need_spl=yes ;; #(
|
||||
nrpe) :
|
||||
need_plg=yes ;; #(
|
||||
nsca) :
|
||||
@ -3348,14 +3358,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
|
||||
if test ! -d "$tmpfilesd"; then
|
||||
tmpfilesd="N/A"
|
||||
else
|
||||
tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
|
||||
tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
|
||||
fi
|
||||
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
|
||||
if test ! -d "$subsyslockdir"; then
|
||||
subsyslockdir="N/A"
|
||||
subsyslockfile="N/A"
|
||||
else
|
||||
subsyslockfile="$subsyslockdir/$PKG_NAME"
|
||||
subsyslockfile="$subsyslockdir/$INIT_PROG"
|
||||
fi
|
||||
if test "$need_loc" = no; then
|
||||
localedir="N/A"
|
||||
@ -3436,23 +3446,23 @@ elif test $opsys = "linux"; then
|
||||
fi
|
||||
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
|
||||
if test $need_log_subdir = yes; then
|
||||
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
|
||||
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
|
||||
else
|
||||
logdir=${logdir="$localstatedir/log"}
|
||||
fi
|
||||
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
|
||||
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
|
||||
if test "$need_pipe" = yes; then
|
||||
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
|
||||
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
|
||||
else
|
||||
pipedir="N/A"
|
||||
fi
|
||||
if test "$need_pls_dir" = yes; then
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
|
||||
else
|
||||
pkglocalstatedir="N/A"
|
||||
fi
|
||||
if test "$need_spl" = yes; then
|
||||
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
|
||||
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
|
||||
else
|
||||
spooldir="N/A"
|
||||
fi
|
||||
@ -3501,7 +3511,7 @@ elif test $opsys = "unix"; then
|
||||
fi
|
||||
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
|
||||
if test "$need_pls_dir" = yes; then
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
|
||||
else
|
||||
pkglocalstatedir="N/A"
|
||||
fi
|
||||
@ -3509,7 +3519,7 @@ elif test $opsys = "unix"; then
|
||||
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
|
||||
fi
|
||||
if test "$need_spl" = yes; then
|
||||
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
|
||||
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
|
||||
else
|
||||
spooldir="N/A"
|
||||
fi
|
||||
@ -3534,14 +3544,14 @@ elif test $opsys = "unix"; then
|
||||
pipedir=${pipedir="$pkglocalstatedir"}
|
||||
logdir=${logdir="$pkglocalstatedir/log"} ;; #(
|
||||
*) :
|
||||
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
|
||||
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
|
||||
if test "$need_pipe" = yes; then
|
||||
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
|
||||
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
|
||||
else
|
||||
pipedir="N/A"
|
||||
fi
|
||||
if test $need_log_subdir = yes; then
|
||||
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
|
||||
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
|
||||
else
|
||||
logdir=${logdir="$localstatedir/log"}
|
||||
fi
|
||||
@ -3594,7 +3604,7 @@ elif test $opsys = "bsd"; then
|
||||
fi
|
||||
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
|
||||
if test "$need_pls_dir" = yes; then
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
|
||||
else
|
||||
pkglocalstatedir="N/A"
|
||||
fi
|
||||
@ -3602,7 +3612,7 @@ elif test $opsys = "bsd"; then
|
||||
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
|
||||
fi
|
||||
if test "$need_spl" = yes; then
|
||||
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
|
||||
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
|
||||
else
|
||||
spooldir="N/A"
|
||||
fi
|
||||
@ -3627,14 +3637,14 @@ elif test $opsys = "bsd"; then
|
||||
else
|
||||
cgibindir="N/A"
|
||||
fi
|
||||
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
|
||||
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
|
||||
if test "$need_pipe" = yes; then
|
||||
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
|
||||
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
|
||||
else
|
||||
pipedir="N/A"
|
||||
fi
|
||||
if test $need_log_subdir = yes; then
|
||||
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
|
||||
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
|
||||
else
|
||||
logdir=${logdir="$localstatedir/log"}
|
||||
fi
|
||||
@ -3670,6 +3680,7 @@ eval libexecdir=$libexecdir
|
||||
eval brokersdir=$brokersdir
|
||||
eval pluginsdir=$pluginsdir
|
||||
eval cgibindir=$cgibindir
|
||||
eval localstatedir=$localstatedir
|
||||
eval pkglocalstatedir=$pkglocalstatedir
|
||||
eval webdir=$webdir
|
||||
eval localedir=$localedir
|
||||
@ -3687,51 +3698,56 @@ case $init_type in #(
|
||||
else
|
||||
initdir=${initdir="/etc/init.d"}
|
||||
fi
|
||||
initname=${initname="$PKG_NAME"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
initconfdir=${initconfdir="/etc/conf.d"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
|
||||
systemd) :
|
||||
if test $dist_type = "debian"; then
|
||||
initdir=${initdir="/lib/systemd/system"}
|
||||
else
|
||||
initdir=${initdir="/usr/lib/systemd/system"}
|
||||
fi
|
||||
initname=${initname="$PKG_NAME.service"} ;; #(
|
||||
initname=${initname="$INIT_PROG.service"} ;; #(
|
||||
bsd) :
|
||||
initdir=${initdir="/etc/rc.d"}
|
||||
initname=${initname="rc.$PKG_NAME"} ;; #(
|
||||
if test $dist_type = "aix"; then
|
||||
initdir=${initdir="/sbin/rc.d/init.d"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
else
|
||||
initdir=${initdir="/etc/rc.d"}
|
||||
initname=${initname="rc.$INIT_PROG"}
|
||||
fi ;; #(
|
||||
newbsd) :
|
||||
initdir=${initdir="/etc/rc.d"}
|
||||
initname=${initname="$PKG_NAME"} ;; #(
|
||||
initname=${initname="$INIT_PROG"} ;; #(
|
||||
gentoo) :
|
||||
initdir=${initdir="/etc/init.d"}
|
||||
initname=${initname="$PKG_NAME"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
initconfdir=${initconfdir="/etc/init.d"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
|
||||
openrc) :
|
||||
initdir=${initdir="/etc/init.d"}
|
||||
initname=${initname="$PKG_NAME"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
initconfdir=${initconfdir="/etc/conf.d"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
|
||||
smf*) :
|
||||
if test $init_type = smf10; then
|
||||
initdir=${initdir="/var/svc/manifest/network/nagios"}
|
||||
else
|
||||
initdir=${initdir="/lib/svc/manifest/network/nagios"}
|
||||
fi
|
||||
initname=${initname="$PKG_NAME.xml"}
|
||||
initname=${initname="$INIT_PROG.xml"}
|
||||
initconfdir=unknown
|
||||
initconf=unknown ;; #(
|
||||
upstart) :
|
||||
initdir=${initdir="/etc/init"}
|
||||
initname=${initname="$PKG_NAME.conf"}
|
||||
initname=${initname="$INIT_PROG.conf"}
|
||||
initconfdir=${initconfdir="/etc/default"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
|
||||
launchd) :
|
||||
initdir=${initdir="/Library/LaunchDaemons"}
|
||||
initname=${initname="org.nagios.$PKG_NAME.plist"} ;; #(
|
||||
initname=${initname="org.nagios.$INIT_PROG.plist"} ;; #(
|
||||
# initconfdir=${initconfdir="/private/etc"}
|
||||
# initconf=${initconf="$initconfdir/$PKG_NAME"},
|
||||
# initconf=${initconf="$initconfdir/$INIT_PROG"},
|
||||
|
||||
|
||||
*) :
|
||||
@ -3750,28 +3766,28 @@ case $inetd_type in #(
|
||||
inetdname=${inetdname="inetd.conf"} ;; #(
|
||||
xinetd) :
|
||||
inetddir=${inetddir="/etc/xinetd.d"}
|
||||
inetdname=${inetdname="$PKG_NAME"} ;; #(
|
||||
inetdname=${inetdname="$INIT_PROG"} ;; #(
|
||||
systemd) :
|
||||
if test $dist_type = "debian"; then
|
||||
inetddir=${inetddir="/lib/systemd/system"}
|
||||
else
|
||||
inetddir=${inetddir="/usr/lib/systemd/system"}
|
||||
fi
|
||||
netdname=${inetdname="$PKG_NAME.socket"} ;; #(
|
||||
netdname=${inetdname="$INIT_PROG.socket"} ;; #(
|
||||
smf*) :
|
||||
if test $init_type = smf10; then
|
||||
inetddir=${inetddir="/var/svc/manifest/network/nagios"}
|
||||
else
|
||||
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
|
||||
fi
|
||||
inetdname=${inetdname="$PKG_NAME.xml"} ;; #(
|
||||
inetdname=${inetdname="$INIT_PROG.xml"} ;; #(
|
||||
# [upstart],
|
||||
# inetddir=${inetddir="/etc/init.d"}
|
||||
# inetdname=${inetdname="$PKG_NAME"},
|
||||
# inetdname=${inetdname="$INIT_PROG"},
|
||||
|
||||
launchd) :
|
||||
inetddir=${inetddir="/Library/LaunchDaemons"}
|
||||
inetdname=${inetdname="org.nagios.$PKG_NAME.plist"} ;; #(
|
||||
inetdname=${inetdname="org.nagios.$INIT_PROG.plist"} ;; #(
|
||||
*) :
|
||||
inetddir=${inetddir="unknown"}
|
||||
inetdname=${inetdname="unknown"} ;; #(
|
||||
@ -3829,12 +3845,12 @@ case $init_type in #(
|
||||
src_init=upstart-init
|
||||
fi ;; #(
|
||||
launchd) :
|
||||
src_init="mac-init.plist"
|
||||
|
||||
* ;; #(
|
||||
src_init="mac-init.plist" ;; #(
|
||||
*) :
|
||||
src_init="unknown"
|
||||
;;
|
||||
;; #(
|
||||
*) :
|
||||
;;
|
||||
esac
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $src_init" >&5
|
||||
$as_echo "$src_init" >&6; }
|
||||
@ -3866,7 +3882,7 @@ $as_echo "$src_inetd" >&6; }
|
||||
|
||||
|
||||
|
||||
if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
|
||||
if test "$dist_type" = solaris -a "$dist_ver" = 10; then
|
||||
$as_echo "#define SOLARIS_10 yes" >>confdefs.h
|
||||
|
||||
fi
|
||||
@ -4332,7 +4348,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by nrpe $as_me 3.0.1, which was
|
||||
This file was extended by nrpe $as_me 3.1.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -4386,7 +4402,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
nrpe config.status 3.0.1
|
||||
nrpe config.status 3.1.1
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
@ -7140,7 +7156,7 @@ rm -f core conftest.err conftest.$ac_objext \
|
||||
|
||||
fi
|
||||
|
||||
for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction
|
||||
for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||
@ -7264,9 +7280,19 @@ else
|
||||
fi
|
||||
|
||||
|
||||
need_dh=yes
|
||||
|
||||
# Check whether --with-need_dh was given.
|
||||
if test "${with_need_dh+set}" = set; then :
|
||||
withval=$with_need_dh; need_dh=$withval
|
||||
else
|
||||
nrpe_group=need_dh
|
||||
fi
|
||||
|
||||
|
||||
if test x$check_for_ssl = xyes; then
|
||||
# need_dh should only be set for NRPE
|
||||
need_dh=yes
|
||||
# need_dh=yes
|
||||
|
||||
|
||||
# -------------------------------
|
||||
@ -7290,6 +7316,7 @@ SSL_LIB_DIR=
|
||||
|
||||
|
||||
|
||||
|
||||
# gnutls/openssl.h
|
||||
# nss_compat_ossl/nss_compat_ossl.h
|
||||
|
||||
@ -8257,7 +8284,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by nrpe $as_me 3.0.1, which was
|
||||
This file was extended by nrpe $as_me 3.1.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -8320,7 +8347,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
nrpe config.status 3.0.1
|
||||
nrpe config.status 3.1.1
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
20
configure.ac
20
configure.ac
@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
|
||||
define([AC_CACHE_SAVE],)
|
||||
|
||||
m4_include([build-aux/custom_help.m4])
|
||||
AC_INIT([nrpe],[3.0.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
|
||||
AC_INIT([nrpe],[3.1.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
|
||||
AC_CONFIG_SRCDIR([src/nrpe.c])
|
||||
AC_CONFIG_AUX_DIR([build-aux])
|
||||
AC_PREFIX_DEFAULT(/usr/local/nagios)
|
||||
|
||||
PKG_NAME=nrpe
|
||||
PKG_VERSION="3.0.1"
|
||||
PKG_VERSION="3.1.1"
|
||||
PKG_HOME_URL="http://www.nagios.org/"
|
||||
PKG_REL_DATE="09-08-2016"
|
||||
PKG_REL_DATE="2017-05-24"
|
||||
RPM_RELEASE=1
|
||||
|
||||
LANG=C
|
||||
@ -60,7 +60,7 @@ AC_NAGIOS_GET_INETD
|
||||
AC_NAGIOS_GET_PATHS
|
||||
AC_NAGIOS_GET_FILES
|
||||
|
||||
if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
|
||||
if test "$dist_type" = solaris -a "$dist_ver" = 10; then
|
||||
AC_DEFINE(SOLARIS_10,yes)
|
||||
fi
|
||||
|
||||
@ -243,7 +243,7 @@ AC_CHECK_LIB(wrap,main,[
|
||||
AC_TRY_LINK([#include <tcpd.h>
|
||||
],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
|
||||
])
|
||||
AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction)
|
||||
AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir)
|
||||
|
||||
dnl socklen_t check - from curl
|
||||
AC_CHECK_TYPE([socklen_t], ,[
|
||||
@ -296,7 +296,7 @@ AC_TRY_COMPILE([#include <stdlib.h>
|
||||
|
||||
dnl Does user want to check for SSL?
|
||||
AC_ARG_ENABLE([ssl],
|
||||
AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
|
||||
AS_HELP_STRING([--disable-ssl],[disables native SSL support @<:@default=check@:>@]),[
|
||||
if test x$enableval = xyes; then
|
||||
check_for_ssl=yes
|
||||
else
|
||||
@ -304,10 +304,16 @@ AC_ARG_ENABLE([ssl],
|
||||
fi
|
||||
],check_for_ssl=yes)
|
||||
|
||||
need_dh=yes
|
||||
AC_ARG_WITH([need_dh],
|
||||
AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]),
|
||||
[need_dh=$withval],
|
||||
[nrpe_group=need_dh])
|
||||
|
||||
dnl Optional SSL library and include paths
|
||||
if test x$check_for_ssl = xyes; then
|
||||
# need_dh should only be set for NRPE
|
||||
need_dh=yes
|
||||
# need_dh=yes
|
||||
AC_NAGIOS_GET_SSL
|
||||
fi
|
||||
|
||||
|
4
debian/README.Debian
vendored
4
debian/README.Debian
vendored
@ -1,9 +1,9 @@
|
||||
nrpe
|
||||
NRPE
|
||||
----
|
||||
|
||||
Put any local check command you need into /etc/nagios/nrpe_local.cfg or
|
||||
as a *.cfg file in /etc/nagios/nrpe.d/
|
||||
This files are included from the /etc/nagios/nrpe.cfg
|
||||
These files are included from the /etc/nagios/nrpe.cfg
|
||||
|
||||
This package is built without support for command argument processing. If you
|
||||
want to enable it, you will have to rebuild this package with
|
||||
|
28
debian/changelog
vendored
28
debian/changelog
vendored
@ -1,3 +1,31 @@
|
||||
nagios-nrpe (3.1.1-1) unstable; urgency=medium
|
||||
|
||||
* Move from experimental to unstable.
|
||||
|
||||
-- Bas Couwenberg <sebastic@debian.org> Sun, 18 Jun 2017 13:39:05 +0200
|
||||
|
||||
nagios-nrpe (3.1.1-1~exp1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
* Drop format-security.patch, applied upstream.
|
||||
* Use --with-need-dh=no configure option instead of patch.
|
||||
|
||||
-- Bas Couwenberg <sebastic@debian.org> Sat, 27 May 2017 10:57:03 +0200
|
||||
|
||||
nagios-nrpe (3.1.0-1~exp1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
(closes: #849417, #445976, #691328)
|
||||
* Fix typo in manpage.
|
||||
(closes: #856658)
|
||||
* Drop 10_reproducible_build.patch, applied upstream.
|
||||
Refresh remaining patches.
|
||||
* Update build dependency for OpenSSL 1.1.0.
|
||||
(closes: #859223)
|
||||
* Add patch to fix FTBFS with -Werror=format-security.
|
||||
|
||||
-- Bas Couwenberg <sebastic@debian.org> Wed, 19 Apr 2017 19:28:05 +0200
|
||||
|
||||
nagios-nrpe (3.0.1-3) unstable; urgency=medium
|
||||
|
||||
* Add reload command to systemd service file.
|
||||
|
2
debian/control
vendored
2
debian/control
vendored
@ -6,7 +6,7 @@ Priority: optional
|
||||
Build-Depends: debhelper (>= 9),
|
||||
dh-autoreconf,
|
||||
dh-systemd,
|
||||
libssl1.0-dev | libssl-dev,
|
||||
libssl-dev,
|
||||
libwrap0-dev,
|
||||
openssl
|
||||
Standards-Version: 3.9.8
|
||||
|
2
debian/nrpe.8
vendored
2
debian/nrpe.8
vendored
@ -45,7 +45,7 @@ command execution requests from the check_nrpe plugin on the Nagios host.
|
||||
.TP
|
||||
\fB\-d \-s\fR = Run as a subsystem under AIX
|
||||
.TP
|
||||
\fB\-d\fR = Don't fork() for systemd, launchd, etc.
|
||||
\fB\-f\fR = Don't fork() for systemd, launchd, etc.
|
||||
.PP
|
||||
Notes:
|
||||
This program is designed to process requests from the check_nrpe
|
||||
|
@ -5,7 +5,7 @@ Forwarded: not-needed
|
||||
|
||||
--- a/sample-config/nrpe.cfg.in
|
||||
+++ b/sample-config/nrpe.cfg.in
|
||||
@@ -301,3 +301,14 @@ command[check_total_procs]=@pluginsdir@/
|
||||
@@ -317,3 +317,14 @@ command[check_total_procs]=@pluginsdir@/
|
||||
#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
|
||||
#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
|
||||
#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
|
||||
|
24
debian/patches/10_reproducible_build.patch
vendored
24
debian/patches/10_reproducible_build.patch
vendored
@ -1,24 +0,0 @@
|
||||
Description: Make the build reproducible.
|
||||
Author: Chris Lamb <lamby@debian.org>
|
||||
Bug-Debian: https://bugs.debian.org/834857
|
||||
Forwarded: https://github.com/NagiosEnterprises/nrpe/pull/78
|
||||
Applied-Upstream: https://github.com/NagiosEnterprises/nrpe/commit/c6ca9766cae19bc194efa68ed85999e9c9756422
|
||||
|
||||
--- a/update-version
|
||||
+++ b/update-version
|
||||
@@ -20,11 +20,11 @@ fi
|
||||
|
||||
# Get date (two formats)
|
||||
if [ -n "$2" ]; then
|
||||
- LONGDATE=`date -d "$2" "+%B %d, %Y"`
|
||||
- SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
|
||||
+ LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
|
||||
+ SHORTDATE=$(date -u -d "$2" "+%m-%d-%Y")
|
||||
else
|
||||
- LONGDATE=`date "+%B %d, %Y"`
|
||||
- SHORTDATE=`date "+%m-%d-%Y"`
|
||||
+ LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
|
||||
+ SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%m-%d-%Y")
|
||||
fi
|
||||
|
||||
# Current version number
|
60
debian/patches/11_reproducible_dh.h.patch
vendored
60
debian/patches/11_reproducible_dh.h.patch
vendored
@ -1,60 +0,0 @@
|
||||
Description: Use pre-generated dh.h for reproducible builds.
|
||||
Author: Bas Couwenberg <sebastic@debian.org>
|
||||
Bug-Debian: https://bugs.debian.org/834857
|
||||
Forwarded: not-needed
|
||||
|
||||
--- /dev/null
|
||||
+++ b/include/dh.h
|
||||
@@ -0,0 +1,41 @@
|
||||
+#ifndef HEADER_DH_H
|
||||
+#include <openssl/dh.h>
|
||||
+#endif
|
||||
+DH *get_dh2048()
|
||||
+ {
|
||||
+ static unsigned char dh2048_p[]={
|
||||
+ 0xE9,0x3C,0xF4,0xCE,0x63,0x0A,0x57,0x9A,0xD1,0x34,0x74,0xA1,
|
||||
+ 0x3E,0xC3,0x93,0xB5,0x50,0x36,0x56,0x87,0x9F,0x8F,0xBC,0x74,
|
||||
+ 0x15,0x03,0x1D,0x00,0x45,0xB0,0x2F,0xA3,0x2C,0xC1,0x13,0xFF,
|
||||
+ 0x6C,0xF1,0xDB,0x36,0xB5,0xB5,0x49,0x2D,0x6A,0x8D,0x55,0xA1,
|
||||
+ 0xE6,0x4C,0xD1,0xA9,0x07,0x24,0xC4,0xDF,0x3A,0x2A,0x9E,0xDB,
|
||||
+ 0x4A,0x23,0xAD,0x56,0x79,0xA3,0x3D,0xC4,0xAD,0xE0,0x3E,0x17,
|
||||
+ 0x3B,0x43,0x0F,0xB6,0x83,0xE4,0x52,0xFD,0x6D,0x74,0x03,0xB3,
|
||||
+ 0x29,0x26,0xF2,0x29,0x0A,0xA2,0x33,0x56,0x0C,0x16,0xF7,0x81,
|
||||
+ 0xBF,0xDC,0xB8,0xCE,0x78,0xC1,0x73,0xD6,0x48,0x54,0x2D,0x98,
|
||||
+ 0xA5,0x7A,0xE3,0x38,0x8E,0x3D,0x75,0xDB,0x92,0x4D,0x76,0xC1,
|
||||
+ 0xCD,0xE7,0x27,0xEE,0x09,0x89,0xFA,0xCE,0x7A,0xD6,0xDC,0x5B,
|
||||
+ 0x08,0x6B,0xE8,0x7E,0x37,0x7B,0x40,0x89,0x72,0xBD,0x4E,0xF4,
|
||||
+ 0x9A,0xDC,0x94,0xA3,0x7D,0x4C,0x15,0xE4,0xE1,0xA8,0x8D,0xF9,
|
||||
+ 0xB2,0xF0,0x02,0x40,0x39,0x6C,0xDD,0x37,0x08,0xC1,0xE8,0x0B,
|
||||
+ 0xAD,0x16,0x24,0x81,0x5F,0x24,0xD9,0x65,0x71,0x34,0x78,0xF3,
|
||||
+ 0xFE,0x35,0xE0,0x20,0xFF,0x6D,0x41,0xE7,0xC8,0x8E,0x58,0x59,
|
||||
+ 0x24,0x01,0x9A,0xC8,0xA7,0x8D,0x48,0x43,0x8E,0x34,0x7C,0xC1,
|
||||
+ 0xB4,0xC8,0xD0,0x9C,0xBD,0xEA,0x83,0xC7,0xC9,0x86,0xFC,0xD1,
|
||||
+ 0xA7,0xAF,0x5C,0x99,0x98,0xD1,0x82,0x78,0xE4,0xA4,0x1C,0xB5,
|
||||
+ 0x87,0x72,0xD8,0x38,0x48,0x60,0xAE,0xCB,0x92,0xA2,0x79,0xFC,
|
||||
+ 0x8F,0x1D,0x94,0xB5,0x88,0xA5,0xA4,0xE1,0xF5,0x98,0xBA,0xB2,
|
||||
+ 0x06,0x22,0xA8,0x1B,
|
||||
+ };
|
||||
+ static unsigned char dh2048_g[]={
|
||||
+ 0x02,
|
||||
+ };
|
||||
+ DH *dh;
|
||||
+
|
||||
+ if ((dh=DH_new()) == NULL) return(NULL);
|
||||
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
||||
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
||||
+ if ((dh->p == NULL) || (dh->g == NULL))
|
||||
+ { DH_free(dh); return(NULL); }
|
||||
+ return(dh);
|
||||
+ }
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -307,7 +307,7 @@ AC_ARG_ENABLE([ssl],
|
||||
dnl Optional SSL library and include paths
|
||||
if test x$check_for_ssl = xyes; then
|
||||
# need_dh should only be set for NRPE
|
||||
- need_dh=yes
|
||||
+ need_dh=no
|
||||
AC_NAGIOS_GET_SSL
|
||||
fi
|
||||
|
2
debian/patches/series
vendored
2
debian/patches/series
vendored
@ -1,4 +1,2 @@
|
||||
02_nrpe.cfg_local-include_support_nrpe.d.patch
|
||||
07_warn_ssloption.patch
|
||||
10_reproducible_build.patch
|
||||
11_reproducible_dh.h.patch
|
||||
|
10
debian/rules
vendored
10
debian/rules
vendored
@ -14,9 +14,6 @@ export AUTOHEADER=true
|
||||
dh $@ --with autoreconf,systemd --parallel
|
||||
|
||||
override_dh_auto_configure:
|
||||
# Save deterministic "openssl dhparam" output.
|
||||
cp include/dh.h include/dh.h.orig
|
||||
|
||||
dh_auto_configure -- \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
@ -24,12 +21,9 @@ override_dh_auto_configure:
|
||||
--libexecdir=/usr/lib/nagios/plugins \
|
||||
--localstatedir=/var \
|
||||
--enable-ssl \
|
||||
--with-need-dh=no \
|
||||
--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
|
||||
--with-piddir=/var/run/nagios \
|
||||
--enable-command-args
|
||||
|
||||
# Restore deterministic "openssl dhparam" output.
|
||||
cp include/dh.h.orig include/dh.h
|
||||
--with-piddir=/var/run/nagios
|
||||
|
||||
override_dh_auto_build:
|
||||
dh_auto_build -- all
|
||||
|
BIN
docs/NRPE.odt
BIN
docs/NRPE.odt
Binary file not shown.
BIN
docs/NRPE.pdf
BIN
docs/NRPE.pdf
Binary file not shown.
@ -53,7 +53,7 @@ struct dns_acl {
|
||||
struct dns_acl *next;
|
||||
};
|
||||
|
||||
/* Poiters to head ACL structs */
|
||||
/* Pointers to head ACL structs */
|
||||
static struct ip_acl *ip_acl_head, *ip_acl_prev;
|
||||
static struct dns_acl *dns_acl_head, *dns_acl_prev;
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
*
|
||||
* COMMON.H - NRPE Common Include File
|
||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
||||
* Last Modified: 09-08-2016
|
||||
* Last Modified: 2017-05-24
|
||||
*
|
||||
* License:
|
||||
*
|
||||
@ -23,12 +23,18 @@
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#define SSL_TYPE_@SSL_TYPE@
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
#include <@SSL_INC_PREFIX@@SSL_HDR@>
|
||||
# ifdef SSL_TYPE_openssl
|
||||
# include <@SSL_INC_PREFIX@err.h>
|
||||
# include <@SSL_INC_PREFIX@rand.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#define PROGRAM_VERSION "3.0.1"
|
||||
#define MODIFICATION_DATE "09-08-2016"
|
||||
#define PROGRAM_VERSION "3.1.1"
|
||||
#define MODIFICATION_DATE "2017-05-24"
|
||||
|
||||
#define OK 0
|
||||
#define ERROR -1
|
||||
|
@ -28,30 +28,70 @@
|
||||
#include <stdlib.h>
|
||||
|
||||
|
||||
#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
|
||||
/* Default port for NRPE daemon */
|
||||
#undef DEFAULT_SERVER_PORT
|
||||
|
||||
#define NRPE_LOG_FACILITY @log_facility@
|
||||
/* NRPE syslog facility */
|
||||
#undef NRPE_LOG_FACILITY
|
||||
|
||||
/* Enable command-line arguments */
|
||||
#undef ENABLE_COMMAND_ARGUMENTS
|
||||
|
||||
/* Enable bash command substitution */
|
||||
#undef ENABLE_BASH_COMMAND_SUBSTITUTION
|
||||
|
||||
/* type to use in place of socklen_t if not defined */
|
||||
#undef socklen_t
|
||||
|
||||
/* Define to 1 if you have the `getopt_long' function. */
|
||||
#undef HAVE_GETOPT_LONG
|
||||
|
||||
/* Have the TCP wrappers library */
|
||||
#undef HAVE_LIBWRAP
|
||||
|
||||
/* Define to 1 if you have the ANSI C header files. */
|
||||
#undef STDC_HEADERS
|
||||
|
||||
/* Define to 1 if you have the `strdup' function. */
|
||||
#undef HAVE_STRDUP
|
||||
|
||||
/* Define to 1 if you have the `strstr' function. */
|
||||
#undef HAVE_STRSTR
|
||||
|
||||
/* Define to 1 if you have the `strtoul' function. */
|
||||
#undef HAVE_STRTOUL
|
||||
|
||||
/* Define to 1 if you have the `strtok_r' function. */
|
||||
#undef HAVE_STRTOK_R
|
||||
|
||||
/* Define to 1 if you have the `initgroups' function. */
|
||||
#undef HAVE_INITGROUPS
|
||||
|
||||
/* Define to 1 if you have the `closesocket' function. */
|
||||
#undef HAVE_CLOSESOCKET
|
||||
|
||||
/* Define to 1 if you have the `sigaction' function. */
|
||||
#undef HAVE_SIGACTION
|
||||
|
||||
/* Define to 1 if you have the `scandir' function. */
|
||||
#undef HAVE_SCANDIR
|
||||
|
||||
/* Set to 1 if you have rfc931_timeout */
|
||||
#undef HAVE_RFC931_TIMEOUT
|
||||
|
||||
/* The size of `int', as computed by sizeof. */
|
||||
#undef SIZEOF_INT
|
||||
|
||||
/* The size of `short', as computed by sizeof. */
|
||||
#undef SIZEOF_SHORT
|
||||
|
||||
/* The size of `long', as computed by sizeof. */
|
||||
#undef SIZEOF_LONG
|
||||
|
||||
/* #undef const */
|
||||
/* Define to empty if `const' does not conform to ANSI C. */
|
||||
#undef const
|
||||
|
||||
/* Set to 1 to use SSL DH */
|
||||
#undef USE_SSL_DH
|
||||
|
||||
/* stupid stuff for u_int32_t */
|
||||
@ -91,71 +131,98 @@ typedef int int32_t;
|
||||
|
||||
/***** ASPRINTF() AND FRIENDS *****/
|
||||
|
||||
/* Whether vsnprintf() is available */
|
||||
#undef HAVE_VSNPRINTF
|
||||
/* Whether snprintf() is available */
|
||||
#undef HAVE_SNPRINTF
|
||||
/* Whether aprintf() is available */
|
||||
#undef HAVE_ASPRINTF
|
||||
/* Whether vaprintf() is available */
|
||||
#undef HAVE_VASPRINTF
|
||||
/* Define if system has C99 compatible vsnprintf */
|
||||
#undef HAVE_C99_VSNPRINTF
|
||||
|
||||
/* Whether va_copy() is available */
|
||||
#undef HAVE_VA_COPY
|
||||
|
||||
/* Whether __va_copy() is available */
|
||||
#undef HAVE___VA_COPY
|
||||
|
||||
|
||||
#define SOCKET_SIZE_TYPE ""
|
||||
#define GETGROUPS_T ""
|
||||
#define RETSIGTYPE ""
|
||||
/* Socket Size Type */
|
||||
#undef SOCKET_SIZE_TYPE
|
||||
|
||||
/* Define to the type of elements in the array set by `getgroups'. Usually
|
||||
this is either `int' or `gid_t'. */
|
||||
#undef GETGROUPS_T
|
||||
|
||||
/* Define as the return type of signal handlers (`int' or `void'). */
|
||||
#undef RETSIGTYPE
|
||||
|
||||
/* Define to 1 if the system has the type `struct sockaddr_storage'. */
|
||||
#undef HAVE_STRUCT_SOCKADDR_STORAGE
|
||||
|
||||
/* Use seteuid() or setresuid() depending on the platform */
|
||||
#undef SETEUID
|
||||
|
||||
/* Is this a Solaris 10 machine? */
|
||||
/* Set to 1 if we are on Solaris 10 */
|
||||
#undef SOLARIS_10
|
||||
|
||||
/* Define to 1 if you have the <getopt.h> header file. */
|
||||
#undef HAVE_GETOPT_H
|
||||
#ifdef HAVE_GETOPT_H
|
||||
#include <getopt.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <strings.h> header file. */
|
||||
#undef HAVE_STRINGS_H
|
||||
#undef HAVE_STRING_H
|
||||
#ifdef HAVE_STRINGS_H
|
||||
#include <strings.h>
|
||||
#endif
|
||||
#ifdef HAVE_STRINGS_H
|
||||
|
||||
/* Define to 1 if you have the <string.h> header file. */
|
||||
#undef HAVE_STRING_H
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <unistd.h> header file. */
|
||||
#undef HAVE_UNISTD_H
|
||||
#ifdef HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
|
||||
/* Define to 1 if you have the <signal.h> header file. */
|
||||
#undef HAVE_SIGNAL_H
|
||||
#ifdef HAVE_SIGNAL_H
|
||||
#include <signal.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <syslog.h> header file. */
|
||||
#undef HAVE_SYSLOG_H
|
||||
#ifdef HAVE_SYSLOG_H
|
||||
#include <syslog.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
#undef HAVE_SYS_STAT_H
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
#include <sys/stat.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <fcntl.h> header file. */
|
||||
#undef HAVE_FCNTL_H
|
||||
#ifdef HAVE_FCNTL_H
|
||||
#include <fcntl.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#undef HAVE_SYS_TYPES_H
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <sys/wait.h> header file. */
|
||||
#undef HAVE_SYS_WAIT_H
|
||||
#ifdef HAVE_SYS_WAIT_H
|
||||
#include <sys/wait.h>
|
||||
@ -168,14 +235,18 @@ typedef int int32_t;
|
||||
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <errno.h> header file. */
|
||||
#undef HAVE_ERRNO_H
|
||||
#ifdef HAVE_ERRNO_H
|
||||
#include <errno.h>
|
||||
#endif
|
||||
|
||||
/* needed for the time_t structures we use later... */
|
||||
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
|
||||
#undef TIME_WITH_SYS_TIME
|
||||
|
||||
/* Define to 1 if you have the <sys/time.h> header file. */
|
||||
#undef HAVE_SYS_TIME_H
|
||||
|
||||
#if TIME_WITH_SYS_TIME
|
||||
# include <sys/time.h>
|
||||
# include <time.h>
|
||||
@ -188,68 +259,81 @@ typedef int int32_t;
|
||||
#endif
|
||||
|
||||
|
||||
/* Define to 1 if you have the <sys/socket.h> header file. */
|
||||
#undef HAVE_SYS_SOCKET_H
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
#include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
/* Define to 'int' if <sys/socket.h> does not define */
|
||||
#undef socklen_t
|
||||
|
||||
/* Define to 1 if you have the <socket.h> header file. */
|
||||
#undef HAVE_SOCKET_H
|
||||
#ifdef HAVE_SOCKET_H
|
||||
#include <socket.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <tcpd.h> header file. */
|
||||
#undef HAVE_TCPD_H
|
||||
#ifdef HAVE_TCPD_H
|
||||
#include <tcpd.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <netinet/in.h> header file. */
|
||||
#undef HAVE_NETINET_IN_H
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <arpa/inet.h> header file. */
|
||||
#undef HAVE_ARPA_INET_H
|
||||
#ifdef HAVE_ARPA_INET_H
|
||||
#include <arpa/inet.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <netdb.h> header file. */
|
||||
#undef HAVE_NETDB_H
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <ctype.h> header file. */
|
||||
#undef HAVE_CTYPE_H
|
||||
#ifdef HAVE_CTYPE_H
|
||||
#include <ctype.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <pwd.h> header file. */
|
||||
#undef HAVE_PWD_H
|
||||
#ifdef HAVE_PWD_H
|
||||
#include <pwd.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <grp.h> header file. */
|
||||
#undef HAVE_GRP_H
|
||||
#ifdef HAVE_GRP_H
|
||||
#include <grp.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <dirent.h> header file. */
|
||||
#undef HAVE_DIRENT_H
|
||||
#ifdef HAVE_DIRENT_H
|
||||
#include <dirent.h>
|
||||
#endif
|
||||
|
||||
/* Have SSL support */
|
||||
#undef HAVE_SSL
|
||||
|
||||
/* Have the krb5.h header file */
|
||||
#undef HAVE_KRB5_H
|
||||
#ifdef HAVE_KRB5_H
|
||||
#include <krb5.h>
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
#undef HAVE_INTTYPES_H
|
||||
|
||||
/* Define to 1 if you have the <stdint.h> header file. */
|
||||
#undef HAVE_STDINT_H
|
||||
|
||||
#ifdef HAVE_INTTYPES_H
|
||||
#include <inttypes.h>
|
||||
#else
|
||||
@ -258,4 +342,10 @@ typedef int int32_t;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <paths.h> header file. */
|
||||
#undef HAVE_PATHS_H
|
||||
|
||||
/* Define to 1 if you have the <sys/resource.h> header file. */
|
||||
#undef HAVE_SYS_RESOURCE_H
|
||||
|
||||
#endif
|
||||
|
@ -49,7 +49,9 @@ char* strip(char*);
|
||||
int sendall(int, char*, int*);
|
||||
int recvall(int, char*, int*, int);
|
||||
char *my_strsep(char**, const char*);
|
||||
int b64_decode(unsigned char *encoded);
|
||||
void open_log_file();
|
||||
void logit(int priority, const char *format, ...);
|
||||
void close_log_file();
|
||||
void display_license(void);
|
||||
|
||||
#endif
|
||||
|
@ -34,8 +34,8 @@ used in subsequent macros.
|
||||
> Output Variables : dist_type, dist_ver
|
||||
|
||||
This macro detects the distribution type. For Linux, this would be rh
|
||||
(for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
|
||||
(Gentoo and derivitives), debian (Debian and derivitives), and so on.
|
||||
(for Red Hat and derivatives), suse (OpenSUSE, SLES, derivatives), gentoo
|
||||
(Gentoo and derivatives), debian (Debian and derivatives), and so on.
|
||||
For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
|
||||
also be aix, solaris, osx, and so on for Unix operating systems.
|
||||
|
||||
@ -94,7 +94,7 @@ on a simple program to make sure a compile and link will work correctly.
|
||||
## Usage
|
||||
|
||||
This repo is intended to be used as a git subtree, so changes will
|
||||
automatically propogate, and still be reasonably easy to use.
|
||||
automatically propagate, and still be reasonably easy to use.
|
||||
|
||||
* First, Create, checkout, clone, or branch your project. If you do an
|
||||
`ls -AF` it might look something like this:
|
||||
@ -129,7 +129,7 @@ master.
|
||||
|
||||
* To get the latest version of `autoconf-macros` into your parent project:
|
||||
|
||||
git subtgree pull --squash --prefix=macros autoconf-macros master
|
||||
git subtree pull --squash --prefix=macros autoconf-macros master
|
||||
|
||||
|
||||
|
||||
|
@ -96,10 +96,12 @@ AC_SUBST(dist_ver)
|
||||
[bsd],
|
||||
dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]`
|
||||
dist_ver=`uname -r`,
|
||||
[aix|hp-ux],
|
||||
dist_ver=$OSTYPE,
|
||||
[aix],
|
||||
dist_ver="`uname -v`.`uname -r`",
|
||||
[hp-ux],
|
||||
dist_ver=`uname -r | cut -d'.' -f1-3`,
|
||||
[solaris],
|
||||
dist_ver=`echo $OSTYPE | cut -d'.' -f2`,
|
||||
dist_ver=`uname -r | cut -d'.' -f2`,
|
||||
[*],
|
||||
dist_ver=$OSTYPE
|
||||
)
|
||||
|
@ -97,7 +97,7 @@ AS_CASE([$init_type],
|
||||
fi,
|
||||
|
||||
[launchd],
|
||||
src_init="mac-init.plist"
|
||||
src_init="mac-init.plist",
|
||||
|
||||
[*],
|
||||
src_init="unknown"
|
||||
|
@ -93,29 +93,30 @@ AC_SUBST(inetd_type)
|
||||
|
||||
inetd_disabled=""
|
||||
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
elif test "$opsys" = "osx"; then
|
||||
inetd_type="launchd"
|
||||
fi
|
||||
AS_CASE([$dist_type],
|
||||
[solaris],
|
||||
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi,
|
||||
|
||||
[*bsd*],
|
||||
inetd_type=`ps -A -o comm -c | grep inetd`,
|
||||
|
||||
[osx],
|
||||
inetd_type=`launchd`,
|
||||
|
||||
[aix|hp-ux],
|
||||
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
|
||||
|
||||
[*],
|
||||
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
AS_CASE([$dist_type],
|
||||
[solaris],
|
||||
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi,
|
||||
|
||||
[*bsd*],
|
||||
inetd_type=`ps -A -o comm -c | grep inetd`,
|
||||
|
||||
[aix|hp-ux],
|
||||
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
|
||||
|
||||
[*],
|
||||
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND`])
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
|
@ -119,14 +119,19 @@ AC_SUBST(init_type)
|
||||
elif test "$dist_type" = "slackware"; then
|
||||
init_type="bsd"
|
||||
init_type_wanted=no
|
||||
elif test "$dist_type" = "aix"; then
|
||||
init_type="bsd"
|
||||
init_type_wanted=no
|
||||
elif test "$dist_type" = "hp-ux"; then
|
||||
init_type="unknown"
|
||||
init_type_wanted=no
|
||||
fi
|
||||
fi
|
||||
|
||||
PSCMD="ps -p1 -o args"
|
||||
AS_CASE([$dist_type],
|
||||
[aix], PSCMD="env UNIX95=1; ps -p1 -o args",
|
||||
[solaris], PSCMD="env UNIX95=1; ps -p1 -o args",
|
||||
[hp-ux], PSCMD="env UNIX95=1; ps -p1 -o args")
|
||||
if test $dist_type = solaris; then
|
||||
PSCMD="env UNIX95=1; ps -p1 -o args"
|
||||
fi
|
||||
|
||||
if test "$init_type_wanted" = yes; then
|
||||
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
|
||||
@ -173,7 +178,7 @@ AC_SUBST(init_type)
|
||||
|
||||
if test "$init_type_wanted" = yes; then
|
||||
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
|
||||
if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
|
||||
if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
|
||||
init_type="upstart"
|
||||
init_type_wanted=no
|
||||
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
|
||||
|
@ -119,16 +119,21 @@ AS_CASE([$dist_type],
|
||||
[*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix)
|
||||
|
||||
|
||||
need_cgi=no
|
||||
need_web=no
|
||||
need_brk=no
|
||||
need_plg=no
|
||||
need_pipe=no
|
||||
need_spl=no
|
||||
need_loc=no
|
||||
need_log_subdir=no
|
||||
need_etc_subdir=no
|
||||
need_pls_dir=no
|
||||
# Does this package need to know:
|
||||
need_cgi=no # where the cgi-bin directory is
|
||||
need_web=no # where the website directory is
|
||||
need_brk=no # where the event broker modules directory is
|
||||
need_plg=no # where the plugins directory is
|
||||
need_pipe=no # where the pipe directory is
|
||||
need_spl=no # where the spool directory is
|
||||
need_loc=no # where the locale directory is
|
||||
need_log_subdir=no # where the loc sub-directory is
|
||||
need_etc_subdir=no # where the etc sub-directory is
|
||||
need_pls_dir=no # where the package locate state directory is
|
||||
|
||||
if test x"$INIT_PROG" = x; then
|
||||
INIT_PROG="$PKG_NAME"
|
||||
fi
|
||||
|
||||
AS_CASE([$PKG_NAME],
|
||||
[nagios],
|
||||
@ -143,6 +148,7 @@ AS_CASE([$PKG_NAME],
|
||||
need_web=yes,
|
||||
|
||||
[ndoutils],
|
||||
need_brk=yes
|
||||
need_spl=yes,
|
||||
|
||||
[nrpe],
|
||||
@ -284,14 +290,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
|
||||
if test ! -d "$tmpfilesd"; then
|
||||
tmpfilesd="N/A"
|
||||
else
|
||||
tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
|
||||
tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
|
||||
fi
|
||||
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
|
||||
if test ! -d "$subsyslockdir"; then
|
||||
subsyslockdir="N/A"
|
||||
subsyslockfile="N/A"
|
||||
else
|
||||
subsyslockfile="$subsyslockdir/$PKG_NAME"
|
||||
subsyslockfile="$subsyslockdir/$INIT_PROG"
|
||||
fi
|
||||
if test "$need_loc" = no; then
|
||||
localedir="N/A"
|
||||
@ -372,23 +378,23 @@ elif test $opsys = "linux"; then
|
||||
fi
|
||||
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
|
||||
if test $need_log_subdir = yes; then
|
||||
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
|
||||
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
|
||||
else
|
||||
logdir=${logdir="$localstatedir/log"}
|
||||
fi
|
||||
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
|
||||
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
|
||||
if test "$need_pipe" = yes; then
|
||||
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
|
||||
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
|
||||
else
|
||||
pipedir="N/A"
|
||||
fi
|
||||
if test "$need_pls_dir" = yes; then
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
|
||||
else
|
||||
pkglocalstatedir="N/A"
|
||||
fi
|
||||
if test "$need_spl" = yes; then
|
||||
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
|
||||
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
|
||||
else
|
||||
spooldir="N/A"
|
||||
fi
|
||||
@ -437,7 +443,7 @@ elif test $opsys = "unix"; then
|
||||
fi
|
||||
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
|
||||
if test "$need_pls_dir" = yes; then
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
|
||||
else
|
||||
pkglocalstatedir="N/A"
|
||||
fi
|
||||
@ -445,7 +451,7 @@ elif test $opsys = "unix"; then
|
||||
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
|
||||
fi
|
||||
if test "$need_spl" = yes; then
|
||||
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
|
||||
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
|
||||
else
|
||||
spooldir="N/A"
|
||||
fi
|
||||
@ -471,14 +477,14 @@ elif test $opsys = "unix"; then
|
||||
logdir=${logdir="$pkglocalstatedir/log"},
|
||||
|
||||
[*],
|
||||
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
|
||||
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
|
||||
if test "$need_pipe" = yes; then
|
||||
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
|
||||
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
|
||||
else
|
||||
pipedir="N/A"
|
||||
fi
|
||||
if test $need_log_subdir = yes; then
|
||||
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
|
||||
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
|
||||
else
|
||||
logdir=${logdir="$localstatedir/log"}
|
||||
fi
|
||||
@ -528,7 +534,7 @@ elif test $opsys = "bsd"; then
|
||||
fi
|
||||
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
|
||||
if test "$need_pls_dir" = yes; then
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
|
||||
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
|
||||
else
|
||||
pkglocalstatedir="N/A"
|
||||
fi
|
||||
@ -536,7 +542,7 @@ elif test $opsys = "bsd"; then
|
||||
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
|
||||
fi
|
||||
if test "$need_spl" = yes; then
|
||||
spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
|
||||
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
|
||||
else
|
||||
spooldir="N/A"
|
||||
fi
|
||||
@ -561,14 +567,14 @@ elif test $opsys = "bsd"; then
|
||||
else
|
||||
cgibindir="N/A"
|
||||
fi
|
||||
piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
|
||||
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
|
||||
if test "$need_pipe" = yes; then
|
||||
pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
|
||||
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
|
||||
else
|
||||
pipedir="N/A"
|
||||
fi
|
||||
if test $need_log_subdir = yes; then
|
||||
logdir=${logdir="$localstatedir/log/$PKG_NAME"}
|
||||
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
|
||||
else
|
||||
logdir=${logdir="$localstatedir/log"}
|
||||
fi
|
||||
@ -604,6 +610,7 @@ eval libexecdir=$libexecdir
|
||||
eval brokersdir=$brokersdir
|
||||
eval pluginsdir=$pluginsdir
|
||||
eval cgibindir=$cgibindir
|
||||
eval localstatedir=$localstatedir
|
||||
eval pkglocalstatedir=$pkglocalstatedir
|
||||
eval webdir=$webdir
|
||||
eval localedir=$localedir
|
||||
@ -622,9 +629,9 @@ AS_CASE([$init_type],
|
||||
else
|
||||
initdir=${initdir="/etc/init.d"}
|
||||
fi
|
||||
initname=${initname="$PKG_NAME"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
initconfdir=${initconfdir="/etc/conf.d"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"},
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"},
|
||||
|
||||
[systemd],
|
||||
if test $dist_type = "debian"; then
|
||||
@ -632,27 +639,32 @@ AS_CASE([$init_type],
|
||||
else
|
||||
initdir=${initdir="/usr/lib/systemd/system"}
|
||||
fi
|
||||
initname=${initname="$PKG_NAME.service"},
|
||||
initname=${initname="$INIT_PROG.service"},
|
||||
|
||||
[bsd],
|
||||
initdir=${initdir="/etc/rc.d"}
|
||||
initname=${initname="rc.$PKG_NAME"},
|
||||
if test $dist_type = "aix"; then
|
||||
initdir=${initdir="/sbin/rc.d/init.d"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
else
|
||||
initdir=${initdir="/etc/rc.d"}
|
||||
initname=${initname="rc.$INIT_PROG"}
|
||||
fi,
|
||||
|
||||
[newbsd],
|
||||
initdir=${initdir="/etc/rc.d"}
|
||||
initname=${initname="$PKG_NAME"},
|
||||
initname=${initname="$INIT_PROG"},
|
||||
|
||||
[gentoo],
|
||||
initdir=${initdir="/etc/init.d"}
|
||||
initname=${initname="$PKG_NAME"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
initconfdir=${initconfdir="/etc/init.d"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"},
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"},
|
||||
|
||||
[openrc],
|
||||
initdir=${initdir="/etc/init.d"}
|
||||
initname=${initname="$PKG_NAME"}
|
||||
initname=${initname="$INIT_PROG"}
|
||||
initconfdir=${initconfdir="/etc/conf.d"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"},
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"},
|
||||
|
||||
[smf*],
|
||||
if test $init_type = smf10; then
|
||||
@ -660,21 +672,21 @@ AS_CASE([$init_type],
|
||||
else
|
||||
initdir=${initdir="/lib/svc/manifest/network/nagios"}
|
||||
fi
|
||||
initname=${initname="$PKG_NAME.xml"}
|
||||
initname=${initname="$INIT_PROG.xml"}
|
||||
initconfdir=unknown
|
||||
initconf=unknown,
|
||||
|
||||
[upstart],
|
||||
initdir=${initdir="/etc/init"}
|
||||
initname=${initname="$PKG_NAME.conf"}
|
||||
initname=${initname="$INIT_PROG.conf"}
|
||||
initconfdir=${initconfdir="/etc/default"}
|
||||
initconf=${initconf="$initconfdir/$PKG_NAME"},
|
||||
initconf=${initconf="$initconfdir/$INIT_PROG"},
|
||||
|
||||
[launchd],
|
||||
initdir=${initdir="/Library/LaunchDaemons"}
|
||||
initname=${initname="org.nagios.$PKG_NAME.plist"},
|
||||
initname=${initname="org.nagios.$INIT_PROG.plist"},
|
||||
# initconfdir=${initconfdir="/private/etc"}
|
||||
# initconf=${initconf="$initconfdir/$PKG_NAME"},
|
||||
# initconf=${initconf="$initconfdir/$INIT_PROG"},
|
||||
|
||||
|
||||
[*],
|
||||
@ -691,7 +703,7 @@ AS_CASE([$inetd_type],
|
||||
|
||||
[xinetd],
|
||||
inetddir=${inetddir="/etc/xinetd.d"}
|
||||
inetdname=${inetdname="$PKG_NAME"},
|
||||
inetdname=${inetdname="$INIT_PROG"},
|
||||
|
||||
[systemd],
|
||||
if test $dist_type = "debian"; then
|
||||
@ -699,7 +711,7 @@ AS_CASE([$inetd_type],
|
||||
else
|
||||
inetddir=${inetddir="/usr/lib/systemd/system"}
|
||||
fi
|
||||
netdname=${inetdname="$PKG_NAME.socket"},
|
||||
netdname=${inetdname="$INIT_PROG.socket"},
|
||||
|
||||
[smf*],
|
||||
if test $init_type = smf10; then
|
||||
@ -707,15 +719,15 @@ AS_CASE([$inetd_type],
|
||||
else
|
||||
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
|
||||
fi
|
||||
inetdname=${inetdname="$PKG_NAME.xml"},
|
||||
inetdname=${inetdname="$INIT_PROG.xml"},
|
||||
|
||||
# [upstart],
|
||||
# inetddir=${inetddir="/etc/init.d"}
|
||||
# inetdname=${inetdname="$PKG_NAME"},
|
||||
# inetdname=${inetdname="$INIT_PROG"},
|
||||
|
||||
[launchd],
|
||||
inetddir=${inetddir="/Library/LaunchDaemons"}
|
||||
inetdname=${inetdname="org.nagios.$PKG_NAME.plist"},
|
||||
inetdname=${inetdname="org.nagios.$INIT_PROG.plist"},
|
||||
|
||||
[*],
|
||||
inetddir=${inetddir="unknown"}
|
||||
|
@ -59,6 +59,7 @@ SSL_HDR=
|
||||
SSL_LIB_DIR=
|
||||
|
||||
AC_SUBST(HAVE_SSL)
|
||||
AC_SUBST(SSL_TYPE)
|
||||
AC_SUBST(SSL_INC_DIR)
|
||||
AC_SUBST(SSL_HDR)
|
||||
AC_SUBST(SSL_INC_PREFIX)
|
||||
|
@ -9,6 +9,7 @@
|
||||
%endif
|
||||
%if %{islinux}
|
||||
%define _init_dir @initdir@
|
||||
%define _init_type @init_type@
|
||||
%define _exec_prefix %{_prefix}/sbin
|
||||
%define _bindir %{_prefix}/sbin
|
||||
%define _sbindir %{_prefix}/lib/nagios/cgi
|
||||
@ -21,7 +22,7 @@
|
||||
%define _sysconfdir /etc/nagios
|
||||
|
||||
%define name @PACKAGE_NAME@
|
||||
%define version @PACKAGE_VERSION@
|
||||
%define version 3.1.1
|
||||
%define release @RPM_RELEASE@
|
||||
%define nsusr @nrpe_user@
|
||||
%define nsgrp @nrpe_group@
|
||||
@ -32,7 +33,7 @@
|
||||
# rpm -ba|--rebuild --define 'nsport 5666'
|
||||
%{?port:%define nsport %{port}}
|
||||
|
||||
# Macro that print mesages to syslog at package (un)install time
|
||||
# Macro that print messages to syslog at package (un)install time
|
||||
%define nnmmsg logger -t %{name}/rpm
|
||||
|
||||
Summary: Host/service/network monitoring agent for Nagios
|
||||
@ -127,7 +128,7 @@ fi
|
||||
export PATH=$PATH:/usr/sbin
|
||||
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
|
||||
MAKE=%{_make} ./configure \
|
||||
--with-init-dir=/etc/init.d \
|
||||
--with-init-type=%{_init_type} \
|
||||
--with-nrpe-port=%{nsport} \
|
||||
--with-nrpe-user=%{nsusr} \
|
||||
--with-nrpe-group=%{nsgrp} \
|
||||
|
@ -18,6 +18,14 @@ log_facility=@log_facility@
|
||||
|
||||
|
||||
|
||||
# LOG FILE
|
||||
# If a log file is specified in this option, nrpe will write to
|
||||
# that file instead of using syslog.
|
||||
|
||||
#log_file=@logdir@/nrpe.log
|
||||
|
||||
|
||||
|
||||
# DEBUGGING OPTION
|
||||
# This option determines whether or not debugging messages are logged to the
|
||||
# syslog facility.
|
||||
@ -38,7 +46,7 @@ pid_file=@piddir@/nrpe.pid
|
||||
|
||||
# PORT NUMBER
|
||||
# Port number we should wait for connections on.
|
||||
# NOTE: This must be a non-priviledged port (i.e. > 1024).
|
||||
# NOTE: This must be a non-privileged port (i.e. > 1024).
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
server_port=@nrpe_port@
|
||||
@ -95,7 +103,7 @@ nrpe_group=@nrpe_group@
|
||||
#
|
||||
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
||||
|
||||
allowed_hosts=127.0.0.1
|
||||
allowed_hosts=127.0.0.1,::1
|
||||
|
||||
|
||||
|
||||
@ -115,7 +123,7 @@ dont_blame_nrpe=0
|
||||
|
||||
|
||||
|
||||
# BASH COMMAND SUBTITUTION
|
||||
# BASH COMMAND SUBSTITUTION
|
||||
# This option determines whether or not the NRPE daemon will allow clients
|
||||
# to specify arguments that contain bash command substitutions of the form
|
||||
# $(...). This option only works if the daemon was configured with both
|
||||
@ -141,7 +149,7 @@ allow_bash_command_substitution=0
|
||||
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
|
||||
# Usage scenario:
|
||||
# Execute restricted commmands using sudo. For this to work, you need to add
|
||||
# the nagios user to your /etc/sudoers. An example entry for alllowing
|
||||
# the nagios user to your /etc/sudoers. An example entry for allowing
|
||||
# execution of the plugins from might be:
|
||||
#
|
||||
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
|
||||
@ -197,6 +205,7 @@ connection_timeout=300
|
||||
# TLSv1.2+ (use TLSv1.2 or above)
|
||||
# If an "or above" version is used, the best will be negotiated. So if both
|
||||
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
|
||||
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
|
||||
|
||||
#ssl_version=SSLv2+
|
||||
|
||||
@ -246,6 +255,13 @@ connection_timeout=300
|
||||
|
||||
|
||||
|
||||
# NASTY METACHARACTERS
|
||||
# This option allows you to override the list of characters that cannot
|
||||
# be passed to the NRPE daemon.
|
||||
|
||||
# nasty_metachars="|`&><'\\[]{};\r\n"
|
||||
|
||||
|
||||
# INCLUDE CONFIG FILE
|
||||
# This directive allows you to include definitions from an external config file.
|
||||
|
||||
@ -285,7 +301,7 @@ connection_timeout=300
|
||||
# The following examples use hardcoded command arguments...
|
||||
|
||||
command[check_users]=@pluginsdir@/check_users -w 5 -c 10
|
||||
command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20
|
||||
command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
|
||||
command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
|
||||
command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
|
||||
command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
|
||||
|
135
src/acl.c
135
src/acl.c
@ -29,6 +29,7 @@
|
||||
*/
|
||||
|
||||
#include "../include/config.h"
|
||||
#include "../include/common.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
@ -41,12 +42,13 @@
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <netdb.h>
|
||||
#include <syslog.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "../include/acl.h"
|
||||
|
||||
/* This function checks if a char argumnet from valid char range.
|
||||
extern int debug;
|
||||
|
||||
/* This function checks if a char argument from valid char range.
|
||||
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
|
||||
*
|
||||
* Returns:
|
||||
@ -76,16 +78,12 @@ int isvalidchar(int c) {
|
||||
switch (c) {
|
||||
case '.':
|
||||
return 4;
|
||||
break;
|
||||
case '/':
|
||||
return 5;
|
||||
break;
|
||||
case '-':
|
||||
return 6;
|
||||
break;
|
||||
case ',':
|
||||
return 7;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
@ -142,18 +140,27 @@ int add_ipv4_to_acl(char *ipv4) {
|
||||
unsigned long ip, mask;
|
||||
struct ip_acl *ip_acl_curr;
|
||||
|
||||
if(debug == TRUE)
|
||||
logit(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
|
||||
|
||||
/* Check for min and max IPv4 valid length */
|
||||
if (len < 7 || len > 18)
|
||||
return 0;
|
||||
if (len < 7 || len > 18) {
|
||||
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* default mask for ipv4 */
|
||||
data[4] = 32;
|
||||
|
||||
/* Basic IPv4 format check */
|
||||
for (i = 0; i < len; i++) {
|
||||
/* Return 0 on error state */
|
||||
if (state == -1)
|
||||
return 0;
|
||||
/* Return 0 on error state */
|
||||
if (state == -1) {
|
||||
if(debug == TRUE)
|
||||
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
|
||||
"format, continue with next check ...", ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
c = ipv4[i];
|
||||
|
||||
@ -201,6 +208,7 @@ int add_ipv4_to_acl(char *ipv4) {
|
||||
break;
|
||||
default:
|
||||
/* Bad states */
|
||||
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -209,29 +217,29 @@ int add_ipv4_to_acl(char *ipv4) {
|
||||
*/
|
||||
for (i=0; i < 4; i++) {
|
||||
if (data[i] < 0 || data[i] > 255) {
|
||||
syslog(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
|
||||
logit(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (data[4] < 0 || data[4] > 32) {
|
||||
syslog(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
|
||||
logit(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Conver ip and mask to unsigned long */
|
||||
/* Convert ip and mask to unsigned long */
|
||||
ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
|
||||
mask = htonl(-1 << (32 - data[4]));
|
||||
|
||||
/* Wrong network address */
|
||||
if ( (ip & mask) != ip) {
|
||||
syslog(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
|
||||
logit(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Add addr to ip_acl list */
|
||||
if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
|
||||
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
|
||||
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -247,6 +255,10 @@ int add_ipv4_to_acl(char *ipv4) {
|
||||
ip_acl_prev->next = ip_acl_curr;
|
||||
}
|
||||
ip_acl_prev = ip_acl_curr;
|
||||
|
||||
if(debug == TRUE)
|
||||
logit(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -271,7 +283,7 @@ int add_ipv6_to_acl(char *ipv6) {
|
||||
messages if needed */
|
||||
ipv6tmp = strdup(ipv6);
|
||||
if(NULL == ipv6tmp) {
|
||||
syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
|
||||
logit(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
|
||||
ipv6);
|
||||
return 0;
|
||||
}
|
||||
@ -327,7 +339,7 @@ int add_ipv6_to_acl(char *ipv6) {
|
||||
/* Add address to ip_acl list */
|
||||
ip_acl_curr = malloc(sizeof(*ip_acl_curr));
|
||||
if(NULL == ip_acl_curr) {
|
||||
syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
|
||||
logit(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -387,8 +399,12 @@ int add_domain_to_acl(char *domain) {
|
||||
|
||||
struct dns_acl *dns_acl_curr;
|
||||
|
||||
if (len > 63)
|
||||
if (len > 63) {
|
||||
logit(LOG_INFO,
|
||||
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
|
||||
domain);
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
c = domain[i];
|
||||
@ -426,7 +442,10 @@ int add_domain_to_acl(char *domain) {
|
||||
}
|
||||
break;
|
||||
default:
|
||||
/* Not valid chars */
|
||||
logit(LOG_INFO,
|
||||
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
|
||||
"invalid chars!", domain);
|
||||
/* Not valid chars */
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
@ -436,7 +455,7 @@ int add_domain_to_acl(char *domain) {
|
||||
case 1: case 4: case 5:
|
||||
/* Add name to domain ACL list */
|
||||
if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
|
||||
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
|
||||
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
|
||||
return 0;
|
||||
}
|
||||
strcpy(dns_acl_curr->domain, domain);
|
||||
@ -448,13 +467,18 @@ int add_domain_to_acl(char *domain) {
|
||||
dns_acl_prev->next = dns_acl_curr;
|
||||
|
||||
dns_acl_prev = dns_acl_curr;
|
||||
if(debug == TRUE)
|
||||
logit(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
|
||||
return 1;
|
||||
default:
|
||||
logit(LOG_INFO,
|
||||
"ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
|
||||
"check allowed_host in config file!", domain);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Checks connectiong host in ACL
|
||||
/* Checks connection host in ACL
|
||||
*
|
||||
* Returns:
|
||||
* 1 - on success
|
||||
@ -470,14 +494,23 @@ int is_an_allowed_host(int family, void *host)
|
||||
struct sockaddr_in *addr;
|
||||
struct sockaddr_in6 addr6;
|
||||
struct addrinfo *res, *ai;
|
||||
struct in_addr tmp;
|
||||
|
||||
while (ip_acl_curr != NULL) {
|
||||
if(ip_acl_curr->family == family) {
|
||||
switch(ip_acl_curr->family) {
|
||||
case AF_INET:
|
||||
if (debug == TRUE) {
|
||||
tmp.s_addr = ((struct in_addr*)host)->s_addr;
|
||||
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
|
||||
"an allowed host >%s<\n",
|
||||
inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
|
||||
}
|
||||
if((((struct in_addr *)host)->s_addr &
|
||||
ip_acl_curr->mask.s_addr) ==
|
||||
ip_acl_curr->addr.s_addr) {
|
||||
if (debug == TRUE)
|
||||
logit(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
@ -509,9 +542,20 @@ int is_an_allowed_host(int family, void *host)
|
||||
switch(ai->ai_family) {
|
||||
|
||||
case AF_INET:
|
||||
if(debug == TRUE) {
|
||||
tmp.s_addr=((struct in_addr *)host)->s_addr;
|
||||
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
|
||||
"an allowed host >%s<\n",
|
||||
inet_ntoa(tmp), dns_acl_curr->domain);
|
||||
}
|
||||
|
||||
addr = (struct sockaddr_in*)(ai->ai_addr);
|
||||
if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
|
||||
if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) {
|
||||
if (debug == TRUE)
|
||||
logit(LOG_INFO, "is_an_allowed_host (AF_INET): "
|
||||
"host is in allowed host list!");
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
|
||||
case AF_INET6:
|
||||
@ -521,9 +565,9 @@ int is_an_allowed_host(int family, void *host)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@ -559,19 +603,30 @@ void parse_allowed_hosts(char *allowed_hosts) {
|
||||
const char *delim = ",";
|
||||
char *trimmed_tok;
|
||||
|
||||
if (debug == TRUE)
|
||||
logit(LOG_INFO,
|
||||
"parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
|
||||
allowed_hosts);
|
||||
|
||||
#ifdef HAVE_STRTOK_R
|
||||
tok = strtok_r(hosts, delim, &saveptr);
|
||||
#else
|
||||
if (debug == TRUE)
|
||||
logit(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
|
||||
"problems in the allowed_hosts string determination!\n");
|
||||
tok = strtok(hosts, delim);
|
||||
#endif
|
||||
while( tok) {
|
||||
trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
|
||||
trim( tok, trimmed_tok);
|
||||
if(debug == TRUE)
|
||||
logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
|
||||
if( strlen( trimmed_tok) > 0) {
|
||||
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
|
||||
&& !add_domain_to_acl(trimmed_tok)) {
|
||||
syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
|
||||
}
|
||||
logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
|
||||
} else if (debug == TRUE)
|
||||
logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
|
||||
}
|
||||
free( trimmed_tok);
|
||||
#ifdef HAVE_STRTOK_R
|
||||
@ -606,17 +661,21 @@ unsigned int prefix_from_mask(struct in_addr mask) {
|
||||
* It shows all hosts in ACL lists
|
||||
*/
|
||||
|
||||
void show_acl_lists(void) {
|
||||
struct ip_acl *ip_acl_curr = ip_acl_head;
|
||||
struct dns_acl *dns_acl_curr = dns_acl_head;
|
||||
void show_acl_lists(void)
|
||||
{
|
||||
struct ip_acl *ip_acl_curr = ip_acl_head;
|
||||
struct dns_acl *dns_acl_curr = dns_acl_head;
|
||||
|
||||
while (ip_acl_curr != NULL) {
|
||||
printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
|
||||
ip_acl_curr = ip_acl_curr->next;
|
||||
}
|
||||
logit(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
|
||||
|
||||
while (dns_acl_curr != NULL) {
|
||||
printf("DNS ACL: %s\n", dns_acl_curr->domain);
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
while (ip_acl_curr != NULL) {
|
||||
logit(LOG_INFO, " IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
|
||||
prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
|
||||
ip_acl_curr = ip_acl_curr->next;
|
||||
}
|
||||
|
||||
while (dns_acl_curr != NULL) {
|
||||
logit(LOG_INFO, " DNS ACL: %s\n", dns_acl_curr->domain);
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
}
|
||||
|
367
src/check_nrpe.c
367
src/check_nrpe.c
@ -4,7 +4,7 @@
|
||||
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||
* License: GPL
|
||||
*
|
||||
* Last Modified: 09-08-2016
|
||||
* Last Modified: 2017-05-24
|
||||
*
|
||||
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
|
||||
*
|
||||
@ -46,7 +46,9 @@ int show_help = FALSE;
|
||||
int show_license = FALSE;
|
||||
int show_version = FALSE;
|
||||
int packet_ver = NRPE_PACKET_VERSION_3;
|
||||
int force_v2_packet = 0;
|
||||
int payload_size = 0;
|
||||
extern char *log_file;
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
|
||||
@ -57,7 +59,7 @@ const SSL_METHOD *meth;
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
int use_ssl = TRUE;
|
||||
int ssl_opts = SSL_OP_ALL;
|
||||
unsigned long ssl_opts = SSL_OP_ALL;
|
||||
#else
|
||||
int use_ssl = FALSE;
|
||||
#endif
|
||||
@ -81,7 +83,7 @@ struct _SSL_PARMS {
|
||||
char *cacert_file;
|
||||
char *privatekey_file;
|
||||
char cipher_list[MAX_FILENAME_LENGTH];
|
||||
SslVer ssl_min_ver;
|
||||
SslVer ssl_proto_ver;
|
||||
int allowDH;
|
||||
ClntCerts client_certs;
|
||||
SslLogging log_opts;
|
||||
@ -97,7 +99,7 @@ void set_timeout_state (char *state);
|
||||
int parse_timeout_string (char *timeout_str);
|
||||
void usage(int result);
|
||||
void setup_ssl();
|
||||
void set_sig_hadlers();
|
||||
void set_sig_handlers();
|
||||
int connect_to_remote();
|
||||
int send_request();
|
||||
int read_response();
|
||||
@ -127,14 +129,14 @@ int main(int argc, char **argv)
|
||||
timeout_return_code = STATE_CRITICAL;
|
||||
if (sslprm.cipher_list[0] == '\0')
|
||||
strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
|
||||
if (sslprm.ssl_min_ver == SSL_Ver_Invalid)
|
||||
sslprm.ssl_min_ver = TLSv1_plus;
|
||||
if (sslprm.ssl_proto_ver == SSL_Ver_Invalid)
|
||||
sslprm.ssl_proto_ver = TLSv1_plus;
|
||||
if (sslprm.allowDH == -1)
|
||||
sslprm.allowDH = TRUE;
|
||||
|
||||
generate_crc32_table(); /* generate the CRC 32 table */
|
||||
setup_ssl(); /* Do all the SSL/TLS set up */
|
||||
set_sig_hadlers(); /* initialize alarm signal handling */
|
||||
set_sig_handlers(); /* initialize alarm signal handling */
|
||||
result = connect_to_remote(); /* Make the connection */
|
||||
if (result != STATE_OK) {
|
||||
alarm(0);
|
||||
@ -149,28 +151,32 @@ int main(int argc, char **argv)
|
||||
|
||||
if (result == -1) {
|
||||
/* Failure reading from remote, so try version 2 packet */
|
||||
syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host);
|
||||
logit(LOG_INFO, "Remote %s does not support Version 3 Packets", rem_host);
|
||||
packet_ver = NRPE_PACKET_VERSION_2;
|
||||
|
||||
/* Rerun the setup */
|
||||
setup_ssl();
|
||||
set_sig_hadlers();
|
||||
set_sig_handlers();
|
||||
result = connect_to_remote(); /* Connect */
|
||||
if (result != STATE_OK) {
|
||||
alarm(0);
|
||||
close_log_file(); /* close the log file */
|
||||
return result;
|
||||
}
|
||||
|
||||
result = send_request(); /* Send the request */
|
||||
if (result != STATE_OK)
|
||||
if (result != STATE_OK) {
|
||||
close_log_file(); /* close the log file */
|
||||
return result;
|
||||
}
|
||||
|
||||
result = read_response(); /* Get the response */
|
||||
}
|
||||
|
||||
if (result != -1)
|
||||
syslog(LOG_NOTICE, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
|
||||
if (result != -1 && force_v2_packet == 0 && packet_ver == NRPE_PACKET_VERSION_2)
|
||||
logit(LOG_DEBUG, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
|
||||
|
||||
close_log_file(); /* close the log file */
|
||||
return result;
|
||||
}
|
||||
|
||||
@ -206,6 +212,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
{"timeout", required_argument, 0, 't'},
|
||||
{"port", required_argument, 0, 'p'},
|
||||
{"payload-size", required_argument, 0, 'P'},
|
||||
{"log-file", required_argument, 0, 'g'},
|
||||
{"help", no_argument, 0, 'h'},
|
||||
{"license", no_argument, 0, 'l'},
|
||||
{0, 0, 0, 0}
|
||||
@ -217,15 +224,17 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
return ERROR;
|
||||
|
||||
optind = 0;
|
||||
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:246hlnuV");
|
||||
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuV");
|
||||
|
||||
while (1) {
|
||||
if (argindex > 0)
|
||||
break;
|
||||
#ifdef HAVE_GETOPT_LONG
|
||||
c = getopt_long(argc, argv, optchars, long_options, &option_index);
|
||||
#else
|
||||
c = getopt(argc, argv, optchars);
|
||||
#endif
|
||||
if (c == -1 || c == EOF || argindex > 0)
|
||||
if (c == -1 || c == EOF)
|
||||
break;
|
||||
|
||||
/* process all arguments */
|
||||
@ -258,7 +267,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 't':
|
||||
if (from_config_file && socket_timeout != -1) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
|
||||
logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
|
||||
"the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -269,7 +278,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'p':
|
||||
if (from_config_file && server_port != 0) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line server port overrides "
|
||||
logit(LOG_WARNING, "WARNING: Command-line server port overrides "
|
||||
"the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -280,7 +289,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'P':
|
||||
if (from_config_file && payload_size > 0) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
|
||||
logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
|
||||
"the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -291,7 +300,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'H':
|
||||
if (from_config_file && server_name != NULL) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line server name overrides "
|
||||
logit(LOG_WARNING, "WARNING: Command-line server name overrides "
|
||||
"the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -302,7 +311,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
if (from_config_file) {
|
||||
printf("Error: The config file should not have a command (-c) option.\n");
|
||||
return ERROR;
|
||||
break;
|
||||
}
|
||||
command_name = strdup(optarg);
|
||||
break;
|
||||
@ -311,7 +319,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
if (from_config_file) {
|
||||
printf("Error: The config file should not have args (-a) arguments.\n");
|
||||
return ERROR;
|
||||
break;
|
||||
}
|
||||
argindex = optind;
|
||||
break;
|
||||
@ -322,7 +329,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'u':
|
||||
if (from_config_file && timeout_return_code != -1) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -331,16 +338,17 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case '2':
|
||||
if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
packet_ver = NRPE_PACKET_VERSION_2;
|
||||
force_v2_packet = 1;
|
||||
break;
|
||||
|
||||
case '4':
|
||||
if (from_config_file && address_family != AF_UNSPEC) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
|
||||
"or ipv6 (-6) overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -349,7 +357,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case '6':
|
||||
if (from_config_file && address_family != AF_UNSPEC) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
|
||||
"or ipv6 (-6) overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -358,7 +366,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'd':
|
||||
if (from_config_file && sslprm.allowDH != -1) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -369,7 +377,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'A':
|
||||
if (from_config_file && sslprm.cacert_file != NULL) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -378,7 +386,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'C':
|
||||
if (from_config_file && sslprm.cert_file != NULL) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -388,7 +396,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 'K':
|
||||
if (from_config_file && sslprm.privatekey_file != NULL) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line key-file (-K) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line key-file (-K) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -397,38 +405,41 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
break;
|
||||
|
||||
case 'S':
|
||||
if (from_config_file && sslprm.ssl_min_ver != SSL_Ver_Invalid) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
|
||||
if (from_config_file && sslprm.ssl_proto_ver != SSL_Ver_Invalid) {
|
||||
logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
if (!strcmp(optarg, "SSLv2"))
|
||||
sslprm.ssl_min_ver = SSLv2;
|
||||
else if (!strcmp(optarg, "SSLv2+"))
|
||||
sslprm.ssl_min_ver = SSLv2_plus;
|
||||
else if (!strcmp(optarg, "SSLv3"))
|
||||
sslprm.ssl_min_ver = SSLv3;
|
||||
else if (!strcmp(optarg, "SSLv3+"))
|
||||
sslprm.ssl_min_ver = SSLv3_plus;
|
||||
else if (!strcmp(optarg, "TLSv1"))
|
||||
sslprm.ssl_min_ver = TLSv1;
|
||||
else if (!strcmp(optarg, "TLSv1+"))
|
||||
sslprm.ssl_min_ver = TLSv1_plus;
|
||||
else if (!strcmp(optarg, "TLSv1.1"))
|
||||
sslprm.ssl_min_ver = TLSv1_1;
|
||||
else if (!strcmp(optarg, "TLSv1.1+"))
|
||||
sslprm.ssl_min_ver = TLSv1_1_plus;
|
||||
else if (!strcmp(optarg, "TLSv1.2"))
|
||||
sslprm.ssl_min_ver = TLSv1_2;
|
||||
|
||||
if (!strcmp(optarg, "TLSv1.2"))
|
||||
sslprm.ssl_proto_ver = TLSv1_2;
|
||||
else if (!strcmp(optarg, "TLSv1.2+"))
|
||||
sslprm.ssl_min_ver = TLSv1_2_plus;
|
||||
sslprm.ssl_proto_ver = TLSv1_2_plus;
|
||||
else if (!strcmp(optarg, "TLSv1.1"))
|
||||
sslprm.ssl_proto_ver = TLSv1_1;
|
||||
else if (!strcmp(optarg, "TLSv1.1+"))
|
||||
sslprm.ssl_proto_ver = TLSv1_1_plus;
|
||||
else if (!strcmp(optarg, "TLSv1"))
|
||||
sslprm.ssl_proto_ver = TLSv1;
|
||||
else if (!strcmp(optarg, "TLSv1+"))
|
||||
sslprm.ssl_proto_ver = TLSv1_plus;
|
||||
else if (!strcmp(optarg, "SSLv3"))
|
||||
sslprm.ssl_proto_ver = SSLv3;
|
||||
else if (!strcmp(optarg, "SSLv3+"))
|
||||
sslprm.ssl_proto_ver = SSLv3_plus;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
else if (!strcmp(optarg, "SSLv2"))
|
||||
sslprm.ssl_proto_ver = SSLv2;
|
||||
else if (!strcmp(optarg, "SSLv2+"))
|
||||
sslprm.ssl_proto_ver = SSLv2_plus;
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
|
||||
else
|
||||
return ERROR;
|
||||
break;
|
||||
|
||||
case 'L':
|
||||
if (from_config_file && sslprm.cipher_list[0] != '\0') {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -438,7 +449,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
|
||||
case 's':
|
||||
if (from_config_file && have_log_opts == TRUE) {
|
||||
syslog(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
|
||||
logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
@ -446,19 +457,30 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
have_log_opts = TRUE;
|
||||
break;
|
||||
|
||||
case 'g':
|
||||
if (from_config_file && log_file != NULL) {
|
||||
logit(LOG_WARNING, "WARNING: Command-line log-file (-g) "
|
||||
"overrides the config file option.");
|
||||
break;
|
||||
}
|
||||
log_file = strdup(optarg);
|
||||
open_log_file();
|
||||
break;
|
||||
|
||||
default:
|
||||
return ERROR;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* determine (base) command query */
|
||||
snprintf(query, sizeof(query), "%s",
|
||||
(command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
|
||||
query[sizeof(query) - 1] = '\x0';
|
||||
if (!from_config_file) {
|
||||
snprintf(query, sizeof(query), "%s",
|
||||
(command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
|
||||
query[sizeof(query) - 1] = '\x0';
|
||||
}
|
||||
|
||||
/* get the command args */
|
||||
if (argindex > 0) {
|
||||
if (!from_config_file && argindex > 0) {
|
||||
|
||||
for (c = argindex - 1; c < argc; c++) {
|
||||
|
||||
@ -471,7 +493,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
query[sizeof(query) - 1] = '\x0';
|
||||
}
|
||||
}
|
||||
|
||||
if (!from_config_file && config_file != NULL) {
|
||||
if ((rc = read_config_file(config_file)) != OK)
|
||||
return rc;
|
||||
@ -507,28 +528,28 @@ int read_config_file(char *fname)
|
||||
size_t sz;
|
||||
|
||||
if (stat(fname, &st)) {
|
||||
syslog(LOG_ERR, "Error: Could not stat config file %s", fname);
|
||||
logit(LOG_ERR, "Error: Could not stat config file %s", fname);
|
||||
return ERROR;
|
||||
}
|
||||
if ((f = fopen(fname, "r")) == NULL) {
|
||||
syslog(LOG_ERR, "Error: Could not open config file %s", fname);
|
||||
logit(LOG_ERR, "Error: Could not open config file %s", fname);
|
||||
return ERROR;
|
||||
}
|
||||
if ((buf = (char*)calloc(1, st.st_size + 2)) == NULL) {
|
||||
fclose(f);
|
||||
syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
|
||||
logit(LOG_ERR, "Error: read_config_file fail to allocate memory");
|
||||
return ERROR;
|
||||
}
|
||||
if ((sz = fread(buf, 1, st.st_size, f)) != st.st_size) {
|
||||
fclose(f);
|
||||
free(buf);
|
||||
syslog(LOG_ERR, "Error: Failed to completely read config file %s", fname);
|
||||
logit(LOG_ERR, "Error: Failed to completely read config file %s", fname);
|
||||
return ERROR;
|
||||
}
|
||||
if ((argv = calloc(50, sizeof(char*))) == NULL) {
|
||||
fclose(f);
|
||||
free(buf);
|
||||
syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
|
||||
logit(LOG_ERR, "Error: read_config_file fail to allocate memory");
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
@ -536,10 +557,10 @@ int read_config_file(char *fname)
|
||||
|
||||
bufp = buf;
|
||||
while (argc < 50) {
|
||||
while (*bufp && strchr(delims, *bufp))
|
||||
++bufp;
|
||||
if (*bufp == '\0')
|
||||
break;
|
||||
while (strchr(delims, *bufp))
|
||||
++bufp;
|
||||
argv[argc] = my_strsep(&bufp, delims);
|
||||
if (!argv[argc++])
|
||||
break;
|
||||
@ -550,7 +571,7 @@ int read_config_file(char *fname)
|
||||
if (argc == 50) {
|
||||
free(buf);
|
||||
free(argv);
|
||||
syslog(LOG_ERR, "Error: too many parameters in config file %s", fname);
|
||||
logit(LOG_ERR, "Error: too many parameters in config file %s", fname);
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
@ -594,22 +615,22 @@ void set_timeout_state (char *state) {
|
||||
|
||||
int parse_timeout_string (char *timeout_str)
|
||||
{
|
||||
char *seperated_str;
|
||||
char *separated_str;
|
||||
char *timeout_val = NULL;
|
||||
char *timeout_sta = NULL;
|
||||
|
||||
if (strstr(timeout_str, ":") == NULL)
|
||||
timeout_val = timeout_str;
|
||||
else if (strncmp(timeout_str, ":", 1) == 0) {
|
||||
seperated_str = strtok(timeout_str, ":");
|
||||
if (seperated_str != NULL)
|
||||
timeout_sta = seperated_str;
|
||||
separated_str = strtok(timeout_str, ":");
|
||||
if (separated_str != NULL)
|
||||
timeout_sta = separated_str;
|
||||
} else {
|
||||
seperated_str = strtok(timeout_str, ":");
|
||||
timeout_val = seperated_str;
|
||||
seperated_str = strtok(NULL, ":");
|
||||
if (seperated_str != NULL) {
|
||||
timeout_sta = seperated_str;
|
||||
separated_str = strtok(timeout_str, ":");
|
||||
timeout_val = separated_str;
|
||||
separated_str = strtok(NULL, ":");
|
||||
if (separated_str != NULL) {
|
||||
timeout_sta = separated_str;
|
||||
}
|
||||
}
|
||||
|
||||
@ -645,7 +666,7 @@ void usage(int result)
|
||||
printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
|
||||
" [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n"
|
||||
" [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
|
||||
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n"
|
||||
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n"
|
||||
" [-c <command>] [-a <arglist...>]\n");
|
||||
printf("\n");
|
||||
printf("Options:\n");
|
||||
@ -655,7 +676,7 @@ void usage(int result)
|
||||
printf(" -6 = bind to ipv6 only\n");
|
||||
printf(" -n = Do no use SSL\n");
|
||||
printf
|
||||
(" -u = (DEPRECATED) Make timeouts return UNKNOWN instead of CRITICAL\n");
|
||||
(" -u = Make connection problems return UNKNOWN instead of CRITICAL\n");
|
||||
printf(" -V = Show version\n");
|
||||
printf(" -l = Show license\n");
|
||||
printf(" <dhopt> = Anonymous Diffie Hellman use:\n");
|
||||
@ -665,10 +686,14 @@ void usage(int result)
|
||||
printf(" 2 = Force Anonymous Diffie Hellman\n");
|
||||
printf(" <size> = Specify non-default payload size for NSClient++\n");
|
||||
printf
|
||||
(" <ssl ver> = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
|
||||
printf(" SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
|
||||
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
|
||||
printf(" TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
|
||||
(" <ssl ver> = The SSL/TLS version to use. Can be any one of:\n");
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
printf(" SSLv2 (only), SSLv2+ (or above),\n");
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
|
||||
printf(" SSLv3 (only), SSLv3+ (or above),\n");
|
||||
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT),\n");
|
||||
printf(" TLSv1.1 (only), TLSv1.1+ (or above),\n");
|
||||
printf(" TLSv1.2 (only), TLSv1.2+ (or above)\n");
|
||||
printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
|
||||
printf
|
||||
(" to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
|
||||
@ -678,6 +703,7 @@ void usage(int result)
|
||||
printf(" <logopts> = SSL Logging Options\n");
|
||||
printf(" <bindaddr> = bind to local address\n");
|
||||
printf(" <cfg-file> = configuration file to use\n");
|
||||
printf(" <log-file> = full path to the log file to write to\n");
|
||||
printf(" [port] = The port on which the daemon is running (default=%d)\n",
|
||||
DEFAULT_SERVER_PORT);
|
||||
printf(" [command] = The name of the command that the remote daemon should run\n");
|
||||
@ -717,25 +743,26 @@ void usage(int result)
|
||||
void setup_ssl()
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
int vrfy;
|
||||
int vrfy, x;
|
||||
|
||||
if (sslprm.log_opts & SSL_LogStartup) {
|
||||
char *val;
|
||||
|
||||
syslog(LOG_INFO, "SSL Certificate File: %s",
|
||||
logit(LOG_INFO, "SSL Certificate File: %s",
|
||||
sslprm.cert_file ? sslprm.cert_file : "None");
|
||||
syslog(LOG_INFO, "SSL Private Key File: %s",
|
||||
logit(LOG_INFO, "SSL Private Key File: %s",
|
||||
sslprm.privatekey_file ? sslprm.privatekey_file : "None");
|
||||
syslog(LOG_INFO, "SSL CA Certificate File: %s",
|
||||
logit(LOG_INFO, "SSL CA Certificate File: %s",
|
||||
sslprm.cacert_file ? sslprm.cacert_file : "None");
|
||||
if (sslprm.allowDH < 2)
|
||||
syslog(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
|
||||
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
|
||||
else
|
||||
syslog(LOG_INFO, "SSL Cipher List: ADH");
|
||||
syslog(LOG_INFO, "SSL Allow ADH: %s",
|
||||
logit(LOG_INFO, "SSL Cipher List: ADH");
|
||||
logit(LOG_INFO, "SSL Allow ADH: %s",
|
||||
sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
|
||||
syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
|
||||
switch (sslprm.ssl_min_ver) {
|
||||
logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
|
||||
|
||||
switch (sslprm.ssl_proto_ver) {
|
||||
case SSLv2:
|
||||
val = "SSLv2";
|
||||
break;
|
||||
@ -770,56 +797,125 @@ void setup_ssl()
|
||||
val = "INVALID VALUE!";
|
||||
break;
|
||||
}
|
||||
syslog(LOG_INFO, "SSL Version: %s", val);
|
||||
logit(LOG_INFO, "SSL Version: %s", val);
|
||||
}
|
||||
|
||||
/* initialize SSL */
|
||||
if (use_ssl == TRUE) {
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||
|
||||
meth = TLS_method();
|
||||
|
||||
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
|
||||
|
||||
meth = SSLv23_client_method();
|
||||
|
||||
# ifndef OPENSSL_NO_SSL2
|
||||
if (sslprm.ssl_min_ver == SSLv2)
|
||||
if (sslprm.ssl_proto_ver == SSLv2)
|
||||
meth = SSLv2_client_method();
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_SSL3
|
||||
if (sslprm.ssl_min_ver == SSLv3)
|
||||
if (sslprm.ssl_proto_ver == SSLv3)
|
||||
meth = SSLv3_client_method();
|
||||
# endif
|
||||
if (sslprm.ssl_min_ver == TLSv1)
|
||||
if (sslprm.ssl_proto_ver == TLSv1)
|
||||
meth = TLSv1_client_method();
|
||||
# ifdef SSL_TXT_TLSV1_1
|
||||
if (sslprm.ssl_min_ver == TLSv1_1)
|
||||
if (sslprm.ssl_proto_ver == TLSv1_1)
|
||||
meth = TLSv1_1_client_method();
|
||||
# ifdef SSL_TXT_TLSV1_2
|
||||
if (sslprm.ssl_min_ver == TLSv1_2)
|
||||
if (sslprm.ssl_proto_ver == TLSv1_2)
|
||||
meth = TLSv1_2_client_method();
|
||||
# endif
|
||||
# endif
|
||||
# endif /* ifdef SSL_TXT_TLSV1_2 */
|
||||
# endif /* ifdef SSL_TXT_TLSV1_1 */
|
||||
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
|
||||
|
||||
if ((ctx = SSL_CTX_new(meth)) == NULL) {
|
||||
printf("CHECK_NRPE: Error - could not create SSL context.\n");
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
|
||||
if (sslprm.ssl_min_ver >= SSLv3) {
|
||||
ssl_opts |= SSL_OP_NO_SSLv2;
|
||||
if (sslprm.ssl_min_ver >= TLSv1)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||
|
||||
SSL_CTX_set_max_proto_version(ctx, 0);
|
||||
|
||||
switch(sslprm.ssl_proto_ver) {
|
||||
|
||||
case TLSv1_2:
|
||||
SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
|
||||
case TLSv1_2_plus:
|
||||
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
|
||||
break;
|
||||
|
||||
case TLSv1_1:
|
||||
SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
|
||||
case TLSv1_1_plus:
|
||||
SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
|
||||
break;
|
||||
|
||||
case TLSv1:
|
||||
SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
|
||||
case TLSv1_plus:
|
||||
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
|
||||
break;
|
||||
|
||||
case SSLv3:
|
||||
SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
|
||||
case SSLv3_plus:
|
||||
SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
|
||||
break;
|
||||
}
|
||||
|
||||
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
|
||||
|
||||
switch(sslprm.ssl_proto_ver) {
|
||||
case SSLv2:
|
||||
case SSLv2_plus:
|
||||
break;
|
||||
case TLSv1_2:
|
||||
case TLSv1_2_plus:
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
ssl_opts |= SSL_OP_NO_TLSv1_1;
|
||||
#endif
|
||||
case TLSv1_1:
|
||||
case TLSv1_1_plus:
|
||||
ssl_opts |= SSL_OP_NO_TLSv1;
|
||||
case TLSv1:
|
||||
case TLSv1_plus:
|
||||
ssl_opts |= SSL_OP_NO_SSLv3;
|
||||
case SSLv3:
|
||||
case SSLv3_plus:
|
||||
ssl_opts |= SSL_OP_NO_SSLv2;
|
||||
break;
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
|
||||
|
||||
SSL_CTX_set_options(ctx, ssl_opts);
|
||||
|
||||
if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
|
||||
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Error: could not use certificate file '%s': %s\n",
|
||||
sslprm.cert_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: could not use private key file '%s'.\n",
|
||||
sslprm.privatekey_file);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Error: could not use private key file '%s': %s\n",
|
||||
sslprm.privatekey_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
@ -828,8 +924,12 @@ void setup_ssl()
|
||||
vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
|
||||
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Error: could not use CA certificate '%s': %s\n",
|
||||
sslprm.privatekey_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
@ -838,7 +938,7 @@ void setup_ssl()
|
||||
if (strlen(sslprm.cipher_list) < sizeof(sslprm.cipher_list) - 6) {
|
||||
strcat(sslprm.cipher_list, ":!ADH");
|
||||
if (sslprm.log_opts & SSL_LogStartup)
|
||||
syslog(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
|
||||
logit(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
|
||||
}
|
||||
} else {
|
||||
/* use anonymous DH ciphers */
|
||||
@ -847,15 +947,19 @@ void setup_ssl()
|
||||
}
|
||||
|
||||
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Could not set SSL/TLS cipher list '%s': %s\n",
|
||||
sslprm.cipher_list, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void set_sig_hadlers()
|
||||
void set_sig_handlers()
|
||||
{
|
||||
#ifdef HAVE_SIGACTION
|
||||
struct sigaction sig_action;
|
||||
@ -880,12 +984,12 @@ int connect_to_remote()
|
||||
struct sockaddr addr;
|
||||
struct in_addr *inaddr;
|
||||
socklen_t addrlen;
|
||||
int result, rc, ssl_err, ern;
|
||||
int result, rc, ssl_err, ern, x, nerrs = 0;
|
||||
|
||||
/* try to connect to the host at the given port number */
|
||||
if ((sd =
|
||||
my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
|
||||
exit(STATE_CRITICAL);
|
||||
exit(timeout_return_code);
|
||||
|
||||
result = STATE_OK;
|
||||
addrlen = sizeof(addr);
|
||||
@ -901,7 +1005,7 @@ int connect_to_remote()
|
||||
strncpy(rem_host, "Unknown", sizeof(rem_host));
|
||||
rem_host[MAX_HOST_ADDRESS_LENGTH - 1] = '\0';
|
||||
if ((sslprm.log_opts & SSL_LogIpAddr) != 0)
|
||||
syslog(LOG_DEBUG, "Connected to %s", rem_host);
|
||||
logit(LOG_DEBUG, "Connected to %s", rem_host);
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
if (use_ssl == FALSE)
|
||||
@ -919,20 +1023,26 @@ int connect_to_remote()
|
||||
ssl_err = SSL_get_error(ssl, rc);
|
||||
|
||||
if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
|
||||
int x, nerrs = 0;
|
||||
rc = 0;
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
||||
rem_host, ERR_reason_error_string(x));
|
||||
++nerrs;
|
||||
}
|
||||
if (nerrs == 0)
|
||||
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
|
||||
rem_host, rc, ssl_err);
|
||||
|
||||
} else
|
||||
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
|
||||
rem_host, rc, ssl_err);
|
||||
} else {
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
||||
rem_host, ERR_reason_error_string(x));
|
||||
++nerrs;
|
||||
}
|
||||
if (nerrs == 0)
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: "
|
||||
"rc=%d SSL-error=%d", rem_host, rc, ssl_err);
|
||||
}
|
||||
|
||||
if (ssl_err == 5) {
|
||||
/* Often, errno will be zero, so print a generic message here */
|
||||
@ -961,7 +1071,7 @@ int connect_to_remote()
|
||||
} else {
|
||||
|
||||
if (sslprm.log_opts & SSL_LogVersion)
|
||||
syslog(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
|
||||
logit(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
|
||||
|
||||
if (sslprm.log_opts & SSL_LogCipher) {
|
||||
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
|
||||
@ -969,7 +1079,7 @@ int connect_to_remote()
|
||||
# else
|
||||
const SSL_CIPHER *c = SSL_get_current_cipher(ssl);
|
||||
# endif
|
||||
syslog(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
|
||||
logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
|
||||
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
|
||||
}
|
||||
|
||||
@ -979,16 +1089,17 @@ int connect_to_remote()
|
||||
|
||||
if (peer) {
|
||||
if (sslprm.log_opts & SSL_LogIfClientCert)
|
||||
syslog(LOG_NOTICE, "SSL %s has %s certificate",
|
||||
rem_host, peer->valid ? "a valid" : "an invalid");
|
||||
logit(LOG_NOTICE, "SSL %s has %s certificate",
|
||||
rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
|
||||
if (sslprm.log_opts & SSL_LogCertDetails) {
|
||||
syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
|
||||
logit(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
|
||||
syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
|
||||
logit(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
|
||||
}
|
||||
|
||||
} else
|
||||
syslog(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
|
||||
logit(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1095,7 +1206,7 @@ int read_response()
|
||||
int rc, result;
|
||||
|
||||
alarm(0);
|
||||
set_sig_hadlers();
|
||||
set_sig_handlers();
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
rc = read_packet(sd, ssl, &v2_receive_packet, &v3_receive_packet);
|
||||
@ -1240,7 +1351,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
||||
} else
|
||||
buffer_size = pkt_size - common_size;
|
||||
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
|
||||
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
return -1;
|
||||
}
|
||||
memcpy(*v2_pkt, &packet, common_size);
|
||||
@ -1266,7 +1377,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
||||
buffer_size = ntohl(buffer_size);
|
||||
pkt_size += buffer_size;
|
||||
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
|
||||
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -1329,7 +1440,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
||||
} else
|
||||
buffer_size = pkt_size - common_size;
|
||||
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
|
||||
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
return -1;
|
||||
}
|
||||
memcpy(*v2_pkt, &packet, common_size);
|
||||
@ -1361,7 +1472,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
||||
buffer_size = ntohl(buffer_size);
|
||||
pkt_size += buffer_size;
|
||||
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
|
||||
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -1427,11 +1538,11 @@ int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
|
||||
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
|
||||
|
||||
X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
|
||||
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
|
||||
X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
|
||||
|
||||
if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
|
||||
&& (sslprm.log_opts & SSL_LogCertDetails)) {
|
||||
syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
|
||||
logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
|
||||
name, issuer, err, X509_verify_cert_error_string(err));
|
||||
}
|
||||
|
||||
|
532
src/nrpe.c
532
src/nrpe.c
File diff suppressed because it is too large
Load Diff
@ -77,7 +77,7 @@
|
||||
* Fix incorrect zpadlen handling in fmtfp.
|
||||
* Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
|
||||
* few mods to make it easier to compile the tests.
|
||||
* addedd the "Ollie" test to the floating point ones.
|
||||
* added the "Ollie" test to the floating point ones.
|
||||
*
|
||||
* Martin Pool (mbp@samba.org) April 2003
|
||||
* Remove NO_CONFIG_H so that the test case can be built within a source
|
||||
@ -847,7 +847,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
|
||||
spadlen = 0;
|
||||
}
|
||||
if (flags & DP_F_MINUS)
|
||||
spadlen = -spadlen; /* Left Justifty */
|
||||
spadlen = -spadlen; /* Left Justify */
|
||||
|
||||
#ifdef DEBUG_SNPRINTF
|
||||
printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
|
||||
@ -1055,7 +1055,7 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
|
||||
if (padlen < 0)
|
||||
padlen = 0;
|
||||
if (flags & DP_F_MINUS)
|
||||
padlen = -padlen; /* Left Justifty */
|
||||
padlen = -padlen; /* Left Justify */
|
||||
|
||||
if ((flags & DP_F_ZERO) && (padlen > 0)) {
|
||||
if (signvalue) {
|
||||
|
157
src/utils.c
157
src/utils.c
@ -31,10 +31,17 @@
|
||||
|
||||
#include "../include/common.h"
|
||||
#include "../include/utils.h"
|
||||
#include <stdarg.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_ASPRINTF
|
||||
extern int asprintf(char **ptr, const char *format, ...);
|
||||
#endif
|
||||
#ifndef HAVE_VASPRINTF
|
||||
extern int vasprintf(char **ptr, const char *format, va_list ap);
|
||||
#endif
|
||||
|
||||
#ifndef NI_MAXSERV
|
||||
# define NI_MAXSERV 32
|
||||
@ -48,6 +55,9 @@ extern char **environ;
|
||||
|
||||
static unsigned long crc32_table[256];
|
||||
|
||||
char *log_file = NULL;
|
||||
FILE *log_fp = NULL;
|
||||
|
||||
static int my_create_socket(struct addrinfo *ai, const char *bind_address);
|
||||
|
||||
|
||||
@ -231,7 +241,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
|
||||
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
|
||||
syslog(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
|
||||
logit(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
|
||||
gai_strerror(gaierr));
|
||||
exit(1);
|
||||
}
|
||||
@ -242,7 +252,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
|
||||
|
||||
int clean_environ(const char *keep_env_vars, const char *nrpe_user)
|
||||
{
|
||||
#ifdef HAVE_PATHS_H
|
||||
#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH)
|
||||
static char *path = _PATH_STDPATH;
|
||||
#else
|
||||
static char *path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
|
||||
@ -257,7 +267,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
|
||||
else
|
||||
asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
|
||||
if (keep == NULL) {
|
||||
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
|
||||
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
@ -269,7 +279,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
|
||||
}
|
||||
|
||||
if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
|
||||
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
|
||||
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
|
||||
return ERROR;
|
||||
}
|
||||
for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
|
||||
@ -283,7 +293,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
|
||||
free(keep);
|
||||
free(kept);
|
||||
free(var);
|
||||
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
|
||||
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
|
||||
return ERROR;
|
||||
}
|
||||
if (len >= var_sz) {
|
||||
@ -309,17 +319,24 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
|
||||
free(keep);
|
||||
free(kept);
|
||||
|
||||
pw = (struct passwd *)getpwnam(nrpe_user);
|
||||
if (pw == NULL)
|
||||
return OK;
|
||||
|
||||
setenv("PATH", path, 1);
|
||||
setenv("IFS", " \t\n", 1);
|
||||
setenv("HOME", pw->pw_dir, 0);
|
||||
setenv("SHELL", pw->pw_shell, 0);
|
||||
setenv("LOGNAME", nrpe_user, 0);
|
||||
setenv("USER", nrpe_user, 0);
|
||||
|
||||
pw = (struct passwd *)getpwnam(nrpe_user);
|
||||
if (pw == NULL) {
|
||||
char *end = NULL;
|
||||
uid_t uid = strtol(nrpe_user, &end, 10);
|
||||
if (uid > 0)
|
||||
pw = (struct passwd *)getpwuid(uid);
|
||||
if (pw == NULL || *end != '\0')
|
||||
return OK;
|
||||
}
|
||||
|
||||
setenv("HOME", pw->pw_dir, 0);
|
||||
setenv("SHELL", pw->pw_shell, 0);
|
||||
|
||||
return OK;
|
||||
}
|
||||
|
||||
@ -450,53 +467,87 @@ char *my_strsep(char **stringp, const char *delim)
|
||||
return begin;
|
||||
}
|
||||
|
||||
int b64_decode(unsigned char *encoded)
|
||||
void open_log_file()
|
||||
{
|
||||
static const char *b64 = {
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
|
||||
};
|
||||
int i, j, l, padding = 0;
|
||||
unsigned char c[4], *outp = encoded;
|
||||
int fh;
|
||||
int flags = O_RDWR|O_APPEND|O_CREAT;
|
||||
struct stat st;
|
||||
|
||||
union {
|
||||
unsigned c3;
|
||||
struct {
|
||||
unsigned f1:6;
|
||||
unsigned f2:6;
|
||||
unsigned f3:6;
|
||||
unsigned f4:6;
|
||||
} fields;
|
||||
} enc;
|
||||
close_log_file();
|
||||
|
||||
enc.c3 = 0;
|
||||
l = strlen((char *)encoded);
|
||||
for (i = 0; i < l; i += 4) {
|
||||
for (j = 0; j < 4; ++j) {
|
||||
if (encoded[i + j] == '=') {
|
||||
c[j] = 0;
|
||||
++padding;
|
||||
} else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
|
||||
c[j] = encoded[i + j] - 'A';
|
||||
else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
|
||||
c[j] = encoded[i + j] - 'a' + 26;
|
||||
else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
|
||||
c[j] = encoded[i + j] - '0' + 52;
|
||||
else if (encoded[i + j] == '+')
|
||||
c[j] = encoded[i + j] - '+' + 62;
|
||||
else
|
||||
c[j] = encoded[i + j] - '/' + 63;
|
||||
}
|
||||
enc.fields.f1 = c[3];
|
||||
enc.fields.f2 = c[2];
|
||||
enc.fields.f3 = c[1];
|
||||
enc.fields.f4 = c[0];
|
||||
*outp++ = (enc.c3 >> 16) & 0xff;
|
||||
*outp++ = (enc.c3 >> 8) & 0xff;
|
||||
*outp++ = (enc.c3) & 0xff;
|
||||
if (!log_file)
|
||||
return;
|
||||
|
||||
#ifdef O_NOFOLLOW
|
||||
flags |= O_NOFOLLOW;
|
||||
#endif
|
||||
if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
|
||||
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
|
||||
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
|
||||
return;
|
||||
}
|
||||
*outp = '\0';
|
||||
log_fp = fdopen(fh, "a+");
|
||||
if(log_fp == NULL) {
|
||||
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
|
||||
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
|
||||
return;
|
||||
}
|
||||
|
||||
return outp - encoded - padding;
|
||||
if ((fstat(fh, &st)) == -1) {
|
||||
log_fp = NULL;
|
||||
close(fh);
|
||||
printf("Warning: Cannot fstat log file '%s'\n", log_file);
|
||||
logit(LOG_WARNING, "Warning: Cannot fstat log file '%s'", log_file);
|
||||
return;
|
||||
}
|
||||
if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
|
||||
log_fp = NULL;
|
||||
close(fh);
|
||||
printf("Warning: log file '%s' has an invalid mode\n", log_file);
|
||||
logit(LOG_WARNING, "Warning: log file '%s' has an invalid mode", log_file);
|
||||
return;
|
||||
}
|
||||
|
||||
(void)fcntl(fileno(log_fp), F_SETFD, FD_CLOEXEC);
|
||||
}
|
||||
|
||||
void logit(int priority, const char *format, ...)
|
||||
{
|
||||
time_t log_time = 0L;
|
||||
va_list ap;
|
||||
char *buffer = NULL;
|
||||
|
||||
if (!format || !*format)
|
||||
return;
|
||||
|
||||
va_start(ap, format);
|
||||
if(vasprintf(&buffer, format, ap) > 0) {
|
||||
if (log_fp) {
|
||||
time(&log_time);
|
||||
/* strip any newlines from the end of the buffer */
|
||||
strip(buffer);
|
||||
|
||||
/* write the buffer to the log file */
|
||||
fprintf(log_fp, "[%llu] %s\n", (unsigned long long)log_time, buffer);
|
||||
fflush(log_fp);
|
||||
|
||||
} else
|
||||
syslog(priority, "%s", buffer);
|
||||
|
||||
free(buffer);
|
||||
}
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
void close_log_file()
|
||||
{
|
||||
if(!log_fp)
|
||||
return;
|
||||
|
||||
fflush(log_fp);
|
||||
fclose(log_fp);
|
||||
log_fp = NULL;
|
||||
return;
|
||||
}
|
||||
|
||||
/* show license */
|
||||
|
@ -1,5 +1,5 @@
|
||||
[Unit]
|
||||
Description=Nagios Remote Program Executor
|
||||
Description=Nagios Remote Plugin Executor
|
||||
Documentation=http://www.nagios.org/documentation
|
||||
After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
|
||||
Before=getty@tty1.service plymouth-quit.service xdm.service
|
||||
@ -15,6 +15,7 @@ PIDFile=@piddir@/nrpe.pid
|
||||
RuntimeDirectory=nrpe
|
||||
RuntimeDirectoryMode=0755
|
||||
ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
|
||||
TimeoutStopSec=60
|
||||
User=@nrpe_user@
|
||||
|
@ -1,5 +1,5 @@
|
||||
[Unit]
|
||||
Description=Nagios Remote Program Executor
|
||||
Description=Nagios Remote Plugin Executor
|
||||
Documentation=http://www.nagios.org/documentation
|
||||
After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
[Unit]
|
||||
Description=Nagios Remote Program Executor
|
||||
Description=Nagios Remote Plugin Executor
|
||||
Documentation=http://www.nagios.org/documentation
|
||||
Before=nrpe.service
|
||||
Conflicts=nrpe.service
|
||||
|
@ -11,5 +11,5 @@ service nrpe
|
||||
server = @sbindir@/nrpe
|
||||
server_args = -c @pkgsysconfdir@/nrpe.cfg --inetd
|
||||
only_from = 127.0.0.1
|
||||
log_on_failure += USERID
|
||||
log_on_success =
|
||||
}
|
||||
|
@ -20,18 +20,18 @@ fi
|
||||
|
||||
# Get date (two formats)
|
||||
if [ -n "$2" ]; then
|
||||
LONGDATE=`date -d "$2" "+%B %d, %Y"`
|
||||
SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
|
||||
LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
|
||||
SHORTDATE=$(date -u -d "$2" "+%Y-%m-%d")
|
||||
else
|
||||
LONGDATE=`date "+%B %d, %Y"`
|
||||
SHORTDATE=`date "+%m-%d-%Y"`
|
||||
LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
|
||||
SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%Y-%m-%d")
|
||||
fi
|
||||
|
||||
# Current version number
|
||||
CURRENTVERSION=3.0.1
|
||||
CURRENTVERSION=3.1.1
|
||||
|
||||
# Last date
|
||||
LASTDATE=09-08-2016
|
||||
LASTDATE=2017-05-24
|
||||
|
||||
if [ "x$1" = "x" ]
|
||||
then
|
||||
@ -73,8 +73,8 @@ perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.ac
|
||||
autoconf
|
||||
|
||||
# Update RPM spec file with version number
|
||||
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec
|
||||
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec
|
||||
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec.in
|
||||
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec.in
|
||||
|
||||
# Update this file with version number and last date
|
||||
perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version
|
||||
|
Loading…
Reference in New Issue
Block a user