Imported Upstream version 3.2.1
This commit is contained in:
parent
02b430a86c
commit
52cbd1b45f
10
.travis.yml
Normal file
10
.travis.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
|
||||||
|
|
||||||
|
language: c
|
||||||
|
sudo: enabled
|
||||||
|
dist:
|
||||||
|
- trusty
|
||||||
|
compiler:
|
||||||
|
- clang
|
||||||
|
- gcc
|
||||||
|
script: ./configure && make all && sudo ./test-wrapper
|
503
CHANGELOG.md
Normal file
503
CHANGELOG.md
Normal file
@ -0,0 +1,503 @@
|
|||||||
|
NRPE Changelog
|
||||||
|
==============
|
||||||
|
|
||||||
|
[3.2.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.1) - 2017-08-31
|
||||||
|
---------------------------------------------------------------------------------------
|
||||||
|
**FIXES**
|
||||||
|
* Change seteuid error messages to warning/debug (Bryan Heden)
|
||||||
|
* Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden)
|
||||||
|
* Added additional strings to error messages to remove duplicates (Bryan Heden)
|
||||||
|
* Fix nrpe.spec for rpmbuild (Bryan Heden)
|
||||||
|
* Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)
|
||||||
|
|
||||||
|
|
||||||
|
[3.2.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.0) - 2017-06-26
|
||||||
|
---------------------------------------------------------------------------------------
|
||||||
|
**ENHANCEMENTS**
|
||||||
|
* Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden)
|
||||||
|
* Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden)
|
||||||
|
* Added support for Gentoo init (Troy Lea @box293)
|
||||||
|
* Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden)
|
||||||
|
* Added -V, --version to nrpe and fixed the output (Bryan Heden)
|
||||||
|
* Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden)
|
||||||
|
* Updated logic in al parse_allowed_hosts (Bryan Heden)
|
||||||
|
* Added builtin OpenSSL Engine support where available (Bryan Heden + @skrueger8)
|
||||||
|
* Clean up compilation warnings (Bryan Heden)
|
||||||
|
* Added more commented commands in nrpe.cfg (Bryan Heden)
|
||||||
|
|
||||||
|
**FIXES**
|
||||||
|
* Undefined check returns UNKNOWN (Bryan Heden)
|
||||||
|
* Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden)
|
||||||
|
* Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden)
|
||||||
|
* Fix improper valid/invalid certificate warnings (Bryan Heden)
|
||||||
|
|
||||||
|
[3.1.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.1) - 2017-05-24
|
||||||
|
---------------------------------------------------------------------------------------
|
||||||
|
**FIXES**
|
||||||
|
* The '--log-file=' or '-g' option is missing from the help (John Frickson)
|
||||||
|
* check_nrpe = segfault when specifying a config file (John Frickson)
|
||||||
|
* Alternate log file not being used soon enough (John Frickson)
|
||||||
|
* Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
|
||||||
|
* Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
|
||||||
|
* Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
|
||||||
|
* Fix build failure with -Werror=format-security (Bas Couwenberg)
|
||||||
|
* Fixed a typo in `nrpe.spec.in` (John Frickson)
|
||||||
|
* More detailed error logging for SSL (John Frickson)
|
||||||
|
* Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
|
||||||
|
|
||||||
|
[3.1.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.0) - 2017-04-17
|
||||||
|
---------------------------------------------------------------------------------------
|
||||||
|
**ENHANCEMENTS**
|
||||||
|
* Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
|
||||||
|
* While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
|
||||||
|
* nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
|
||||||
|
* check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
|
||||||
|
|
||||||
|
**FIXES**
|
||||||
|
* Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
|
||||||
|
* Fix help output for ssl option (configure) (Ruben Kerkhof)
|
||||||
|
* Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
|
||||||
|
* Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
|
||||||
|
* Cleanup of config.h.in suggested by Ruben Kerkhof
|
||||||
|
* Minor change to logging in check_nrpe (John Frickson)
|
||||||
|
* Solaris 11 detection is broken in configure (John Frickson)
|
||||||
|
* Removed function `b64_decode` which wasn't being used (John Frickson)
|
||||||
|
* check_nrpe ignores -a option when -f option is specified (John Frickson)
|
||||||
|
* Added missing LICENSE file (John Frickson)
|
||||||
|
* Off-by-one BO in my_system() (John Frickson)
|
||||||
|
* Got rid of some compiler warnings (Stefan Krüger / John Frickson)
|
||||||
|
* Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
|
||||||
|
* nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
|
||||||
|
* "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
|
||||||
|
* nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
|
||||||
|
* Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
|
||||||
|
* Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
|
||||||
|
* Fix systemd unit description (Bas Couwenberg)
|
||||||
|
* Add reload command to systemd service file (Bas Couwenberg)
|
||||||
|
* fix file not found error when updating version (Sven Nierlein)
|
||||||
|
* Spelling fixes (Josh Soref)
|
||||||
|
* Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
|
||||||
|
* xinetd.d parameter causes many messages in log file (John Frickson)
|
||||||
|
* Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
|
||||||
|
* PATH and other environment variables not set with numeric nrpe_user (John Frickson)
|
||||||
|
* rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
|
||||||
|
|
||||||
|
[3.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.1) - 2016-09-08
|
||||||
|
---------------------------------------------------------------------------------------
|
||||||
|
**FIXES**
|
||||||
|
* _set_rc: command not found reported by init script (John Frickson)
|
||||||
|
* Version string contains name (John Frickson)
|
||||||
|
* Changes to get 'rpmbuild' to work - nrpe.spec file outdated (John Frickson)
|
||||||
|
* typo in startup/default-xinetd.in (Philippe Kueck)
|
||||||
|
* debug output missing command name (Philippe Kueck)
|
||||||
|
* /usr/lib/tmpfiles.d/ndo2db.conf should have 'd' type, not 'D' (John Frickson)
|
||||||
|
* Fixes in parse_allowed_hosts() and called functions (Jobst Schmalenbach / John Frickson)
|
||||||
|
* nrpe.cfg: 'debug' statement needs to be first in file (Jobst Schmalenbach / John Frickson)
|
||||||
|
|
||||||
|
[3.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.0) - 2016-08-01
|
||||||
|
---------------------------------------------------------------------------------------
|
||||||
|
**SECURITY**
|
||||||
|
* Fix for CVE-2014-2913
|
||||||
|
* Added function to clean the environment before forking. (John Frickson)
|
||||||
|
|
||||||
|
**ENHANCEMENTS**
|
||||||
|
* Added support for optional config file to check_nrpe. With the new SSL
|
||||||
|
parameters, the line was getting long. The config file is specified with
|
||||||
|
--config-file=<path> or -f <path> parameters. The config file must look
|
||||||
|
like command line options, but the options can be on separate lines. It
|
||||||
|
MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any
|
||||||
|
options are in both the config file and on the command line, the command line
|
||||||
|
options are used.
|
||||||
|
* make can now add users and groups using "make install-groups-users" (John Frickson)
|
||||||
|
* Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson)
|
||||||
|
* Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X.
|
||||||
|
There should be no errors or warnings. Let me know if any errors or
|
||||||
|
warning appear (John Frickson)
|
||||||
|
* Added command-line option to prevent forking, since some of the init
|
||||||
|
replacements (such as systemd, etc.) don't want daemons to fork (John Frickson)
|
||||||
|
* Added autoconf macros and additional files to better support multi-platform
|
||||||
|
config and compile. The default will still set up to install to
|
||||||
|
/usr/local/nagios but I added a new configure option:
|
||||||
|
'--enable-install-method=<method>'. If <method> is 'opt', everything will
|
||||||
|
install to '/opt/nagios'. If <method> is 'os', installation will be to O/S-
|
||||||
|
and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios,
|
||||||
|
/etc/nagios, and so on.
|
||||||
|
* Added additional init and inetd config files to support more systems,
|
||||||
|
including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X.
|
||||||
|
* Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)
|
||||||
|
* Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)
|
||||||
|
* Added support for version 3 variable sized packets up to 64KB. nrpe will
|
||||||
|
accept either version from check_nrpe. check_nrpe will try to send a
|
||||||
|
version 3 packet first, and fall back to version 2. check_nrpe can be forced
|
||||||
|
to only send version 2 packets if the switch `-2` is used. (John Frickson)
|
||||||
|
* Added extended timeout syntax in the -t <secs>:<status> format. (ABrist)
|
||||||
|
|
||||||
|
**FIXES**
|
||||||
|
* Fixed configure to check more places for SSL headers/libs. (John Frickson)
|
||||||
|
* Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel)
|
||||||
|
* Renamed configure.in to configure.ac and added check for sigaction (John Frickson)
|
||||||
|
* Replaced all instances of signal() with sigaction() + blocking (John Frickson)
|
||||||
|
* check_nrpe does not parse passed arguments correctly (John Frickson)
|
||||||
|
* NRPE should not start if cannot write pid file (John Frickson)
|
||||||
|
* Fixed out-of-bounds error (return code 255) for some failures (John Frickson)
|
||||||
|
* Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)
|
||||||
|
* allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson)
|
||||||
|
* allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson)
|
||||||
|
* Return UNKNOWN when issues occur (Andrew Widdersheim)
|
||||||
|
* NRPE returns OK if check can't be executed (Andrew Widdersheim)
|
||||||
|
* nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus)
|
||||||
|
* compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson)
|
||||||
|
* sample configuration for check_load has crazy sample load avg (ernestoongaro)
|
||||||
|
|
||||||
|
|
||||||
|
2.15 - 09/06/2013
|
||||||
|
-----------------
|
||||||
|
* Now compiles on HP-UX (Grant Byers)
|
||||||
|
* Added support for IPv6 (Leo Baltus, Eric Stanley)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.14 - 12/21/2012
|
||||||
|
-----------------
|
||||||
|
* Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
|
||||||
|
* Patched to shutdown SSL connection completely (Jari Takkala)
|
||||||
|
* Added SRC support on AIX (Thierry Bertaud)
|
||||||
|
* Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
|
||||||
|
* Updated logging to support compiling on AIX (Eric Stanley)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.13 - 11/11/2011
|
||||||
|
-----------------
|
||||||
|
* Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
|
||||||
|
* Fixed bug in allowed_hosts parsing (Eric Stanley)
|
||||||
|
* Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.12 - 03/10/2008
|
||||||
|
-----------------
|
||||||
|
* Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.11 - 12/26/2007
|
||||||
|
-----------------
|
||||||
|
* Added lib64 library paths to configure script for 64-bit systems (John Maag)
|
||||||
|
* Added --with-ssl-lib configure script option
|
||||||
|
* Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.10 - 10/19/2007
|
||||||
|
-----------------
|
||||||
|
* Moved PDF docs to docs/ subdirectory, added OpenOffice source document
|
||||||
|
* A critical result is now returned for child processed that die due to a signal (Klas Lindfors)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.9 - 08/13/2007
|
||||||
|
----------------
|
||||||
|
* Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
|
||||||
|
* Fixed bug with check_disk thresholds in sample config file (Patric Wust)
|
||||||
|
* Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
|
||||||
|
for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
|
||||||
|
* Added asprintf() support for systems that are missing it (Samba team)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.8.1 - 05/10/2007
|
||||||
|
-----------------
|
||||||
|
* Fixed configure script error with user-specified NRPE group
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.8 - 05/08/2007
|
||||||
|
---------------
|
||||||
|
* Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.8b1 - 03/14/2007
|
||||||
|
-----------------
|
||||||
|
* Changes to sample config files
|
||||||
|
* Added ';' as an additional prohibited metachar for command arguments
|
||||||
|
* Updated documentation and added easier installation commands
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.7.1 - 03/08/2007
|
||||||
|
------------------
|
||||||
|
* Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.7 - 02/18/2007
|
||||||
|
----------------
|
||||||
|
* Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
|
||||||
|
* NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.6 - 12/11/2006
|
||||||
|
----------------
|
||||||
|
* Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
|
||||||
|
* Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
|
||||||
|
* Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.5.2 - 06/30/2006
|
||||||
|
------------------
|
||||||
|
* Fixed incorrect service name in sample xinetd config file
|
||||||
|
* Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
|
||||||
|
* Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
|
||||||
|
* Fix to (re)allow week random seed (Gerhard Lausser)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.5.1 - 04/09/2006
|
||||||
|
------------------
|
||||||
|
* Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.5 - 04/06/2006
|
||||||
|
----------------
|
||||||
|
* (Re)added allowed_hosts option for systems that don't support TCP wrappers
|
||||||
|
* Fix for SSL errors under Solaris 8 (Niels Endres)
|
||||||
|
* Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.4 - 02/22/2006
|
||||||
|
----------------
|
||||||
|
* Added option to allow week random seed (Gerhard Lausser)
|
||||||
|
* Added optional command line prefix (Sean Finney)
|
||||||
|
* Added ability to reload config file with SIGHUP
|
||||||
|
* Fixed bug with location of dh.h include file
|
||||||
|
* Fixed bug with disconnect message in debug mode
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.3 - 01/23/2006
|
||||||
|
----------------
|
||||||
|
* Spec file fixes
|
||||||
|
* Removed errant PID file debugging code
|
||||||
|
* Fixed problem with trimming command definitions
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.2 - 01/22/2006
|
||||||
|
----------------
|
||||||
|
* Spec file fix
|
||||||
|
* Patch to add Tru64 and IRIX support (Ton Voon)
|
||||||
|
* Updated config.sub and config.guess
|
||||||
|
* Fixed bug with config file lines with only whitespace
|
||||||
|
* Fixed bug with missing getopt() command line option for -V
|
||||||
|
* Removed sample FreeBSD init script (now maintained by FreeBSD port)
|
||||||
|
* Added config file option for writing a PID file
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.1 - 01/19/2004
|
||||||
|
----------------
|
||||||
|
* Replaced host access list with TCP wrapper support
|
||||||
|
* Removed length restrictions for command names and command lines
|
||||||
|
* Configure script patch for getopt_long on Solaris
|
||||||
|
* Bug fixes for accept() on HP-UX 11.0
|
||||||
|
* Init script for SUSE Linux (Subhendu Ghosh)
|
||||||
|
* SSL protocol used is now limited to TLSv1
|
||||||
|
* Any output from plugins after first line is now ignored before
|
||||||
|
plugin process is closed
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
2.0 - 09/08/2003
|
||||||
|
----------------
|
||||||
|
* Added support for passing arguments to command
|
||||||
|
* NRPE daemon can no longer be run as root user/group
|
||||||
|
* Added getopt support
|
||||||
|
* Added 'include' variable to config file to allow inclusion
|
||||||
|
of external config files
|
||||||
|
* Added 'include_dir' variable to allow inclusion of external
|
||||||
|
config files in directories (with recursion)
|
||||||
|
* Added native SSL support (Derrick Bennett)
|
||||||
|
* Added my_strsep(), as Solaris doesn't have strsep()
|
||||||
|
* Added license exemption for use with OpenSSL
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.8 - 01/16/2003
|
||||||
|
----------------
|
||||||
|
* Daemon now closes stdio/out/err properly (James Peterson)
|
||||||
|
* Makefile changes (James Peterson)
|
||||||
|
* Mode command line option bug fix in daemon
|
||||||
|
* Fixed incorrect command line options in check_nrpe plugin
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.7 - 01/08/2003
|
||||||
|
----------------
|
||||||
|
* Spec file updates and minor bug fixes (James Peterson)
|
||||||
|
* Bug fix with default nrpe port definition
|
||||||
|
* Added sample xinetd config file (nrpe.xinetd)
|
||||||
|
* Bug fix for command_timeout variable (James Peterson)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.6 - 12/30/2002
|
||||||
|
----------------
|
||||||
|
* Updated sample commands to match new plugin argument format
|
||||||
|
* Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
|
||||||
|
* Syntax changes (-H option specifies host name in check_nrpe,
|
||||||
|
-c option specifies config file in nrpe)
|
||||||
|
* Added command_timeout directive to config file to allow user
|
||||||
|
to specify timeout for executing plugins
|
||||||
|
* Added spec file and misc patches for building RPMs (James Peterson)
|
||||||
|
* Added --with-nrpe-port config directive (James Peterson)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.5 - 06/03/2002
|
||||||
|
----------------
|
||||||
|
* Added setuid/setgid option to config file (suggested by Marek Cervenka)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.4 - 06/01/2002
|
||||||
|
----------------
|
||||||
|
* Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
|
||||||
|
* Minor doc and sample config file changes
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.3 - 02/21/2002
|
||||||
|
----------------
|
||||||
|
* Name and version change
|
||||||
|
* Ignore SIGHUP, minor cleanup (Jon Andrews)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.2.5 - 12/22/2001
|
||||||
|
------------------
|
||||||
|
* Implemented Beej's sendall() to handle partial send()s
|
||||||
|
* Added instructions on running under xinetd to README
|
||||||
|
* Removed some old crud
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.2.4 - 02/22/2001
|
||||||
|
------------------
|
||||||
|
* I forgot what changes I made. Go figure...
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.2.3 - 12/21/2000
|
||||||
|
------------------
|
||||||
|
* A bit more documentation on configuring command definitions for the plugin
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.2.2 - 06/05/2000
|
||||||
|
------------------
|
||||||
|
* Fixed error in docs for running under inetd using TCP wrappers
|
||||||
|
* Replaced old email address in src/netutils.h with new one
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.2.1 - 05/07/2000
|
||||||
|
------------------
|
||||||
|
* Removed trapping of SIGCHLD
|
||||||
|
* Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.2.0 - 04/18/2000
|
||||||
|
------------------
|
||||||
|
* Server forks twice after accepting a client connection, so as to prevent the
|
||||||
|
creation of zombies
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.1.5 - 04/07/2000
|
||||||
|
------------------
|
||||||
|
* Fixed a small bug where one debug message was not getting logged properly
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.1.4 - 03/30/2000
|
||||||
|
------------------
|
||||||
|
* Added option to disable/enable debug messages using the debug option in the
|
||||||
|
config file
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.1.3 - 03/11/2000
|
||||||
|
------------------
|
||||||
|
* Changed config file to use an absolute path
|
||||||
|
* Changed all debug output to use syslog (Rene Klootwijk)
|
||||||
|
* No convert all data to network order before sending it and convert it back to
|
||||||
|
host order when receiving it. This makes it possible to mix Solaris and Linux,
|
||||||
|
e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.1.2 - 03/07/2000
|
||||||
|
------------------
|
||||||
|
* Removed unnecessary code in signal handler routine
|
||||||
|
* Unused signals are no longer trapper
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.1.1 - 02/28/2000 - RKL
|
||||||
|
---------------------------
|
||||||
|
* Modified syslog code to include string describing the error code.
|
||||||
|
* Changed hardcoded number in signal handler to its name. This prevented nrpe
|
||||||
|
to run on Solaris.
|
||||||
|
* Fixed race condition in accept loop. The result of accept should also be
|
||||||
|
checked for EINTR.
|
||||||
|
* Modified recv and send function calls to compile without warnings on Solaris.
|
||||||
|
* Modified configure.in,configure and Makefile.in to include nsl and socket libs
|
||||||
|
for Solaris.
|
||||||
|
* Modified the signal handler to reestablish itself after being called.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
|
||||||
|
-----------------
|
||||||
|
* Added ability to bind nrpe to a specific interface by specifying the address
|
||||||
|
of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.0 - 02/16/2000
|
||||||
|
------------------
|
||||||
|
* Added ability to run as a service under inetd
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.0b6 - 02/01/2000
|
||||||
|
------------------
|
||||||
|
* Added configure script
|
||||||
|
* Netutils functions from the NetSaint plugins is now used
|
||||||
|
* Reset SIGCHLD to default behavior before calling popen() to
|
||||||
|
prevent race condition with pclose() (Reported by Rene Klootwijk)
|
||||||
|
* Cleaned up code
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.0b5 - 01/10/2000
|
||||||
|
------------------
|
||||||
|
* Added init script contributed by Jacob L
|
||||||
|
* Incorporated syslog code and other patches contributed by Jacob L
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
1.0b4 - 11/04/1999
|
||||||
|
------------------
|
||||||
|
* Changed 'allowed_ip' option in configuration file to
|
||||||
|
'allowed_hosts' and added support for multiple hosts
|
||||||
|
* Minor buffer overflow protection fixes
|
||||||
|
* main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
|
||||||
|
* Added syslog support (jaclu@grm.se)
|
478
Changelog
478
Changelog
@ -1,478 +0,0 @@
|
|||||||
**************
|
|
||||||
NRPE Changelog
|
|
||||||
**************
|
|
||||||
|
|
||||||
3.1.1 - 2017-05-24
|
|
||||||
------------------
|
|
||||||
FIXES
|
|
||||||
- The '--log-file=' or '-g' option is missing from the help (John Frickson)
|
|
||||||
- check_nrpe = segfault when specifying a config file (John Frickson)
|
|
||||||
- Alternate log file not being used soon enough (John Frickson)
|
|
||||||
- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
|
|
||||||
- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
|
|
||||||
- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
|
|
||||||
- Fix build failure with -Werror=format-security (Bas Couwenberg)
|
|
||||||
- Fixed a typo in `nrpe.spec.in` (John Frickson)
|
|
||||||
- More detailed error logging for SSL (John Frickson)
|
|
||||||
- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
|
|
||||||
|
|
||||||
|
|
||||||
3.1.0 - 2017-04-17
|
|
||||||
------------------
|
|
||||||
ENHANCEMENTS
|
|
||||||
- Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
|
|
||||||
- While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
|
|
||||||
- nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
|
|
||||||
- check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
|
|
||||||
|
|
||||||
FIXES
|
|
||||||
- Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
|
|
||||||
- Fix help output for ssl option (configure) (Ruben Kerkhof)
|
|
||||||
- Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
|
|
||||||
- Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
|
|
||||||
- Cleanup of config.h.in suggested by Ruben Kerkhof
|
|
||||||
- Minor change to logging in check_nrpe (John Frickson)
|
|
||||||
- Solaris 11 detection is broken in configure (John Frickson)
|
|
||||||
- Removed function `b64_decode` which wasn't being used (John Frickson)
|
|
||||||
- check_nrpe ignores -a option when -f option is specified (John Frickson)
|
|
||||||
- Added missing LICENSE file (John Frickson)
|
|
||||||
- Off-by-one BO in my_system() (John Frickson)
|
|
||||||
- Got rid of some compiler warnings (Stefan Krüger / John Frickson)
|
|
||||||
- Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
|
|
||||||
- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
|
|
||||||
- "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
|
|
||||||
- nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
|
|
||||||
- Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
|
|
||||||
- Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
|
|
||||||
- Fix systemd unit description (Bas Couwenberg)
|
|
||||||
- Add reload command to systemd service file (Bas Couwenberg)
|
|
||||||
- fix file not found error when updating version (Sven Nierlein)
|
|
||||||
- Spelling fixes (Josh Soref)
|
|
||||||
- Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
|
|
||||||
- xinetd.d parameter causes many messages in log file (John Frickson)
|
|
||||||
- Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
|
|
||||||
- PATH and other environment variables not set with numeric nrpe_user (John Frickson)
|
|
||||||
- rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
|
|
||||||
|
|
||||||
|
|
||||||
3.0.1 - 2016-09-08
|
|
||||||
------------------
|
|
||||||
FIXES
|
|
||||||
- _set_rc: command not found reported by init script (John Frickson)
|
|
||||||
- Version string contains name (John Frickson)
|
|
||||||
- Changes to get 'rpmbuild' to work - nrpe.spec file outdated (John Frickson)
|
|
||||||
- typo in startup/default-xinetd.in (Philippe Kueck)
|
|
||||||
- debug output missing command name (Philippe Kueck)
|
|
||||||
- /usr/lib/tmpfiles.d/ndo2db.conf should have 'd' type, not 'D' (John Frickson)
|
|
||||||
- Fixes in parse_allowed_hosts() and called functions (Jobst Schmalenbach / John Frickson)
|
|
||||||
- nrpe.cfg: 'debug' statement needs to be first in file (Jobst Schmalenbach / John Frickson)
|
|
||||||
|
|
||||||
|
|
||||||
3.0 - 2016-08-01
|
|
||||||
-----------------
|
|
||||||
SECURITY
|
|
||||||
- Fix for CVE-2014-2913
|
|
||||||
- Added function to clean the environment before forking. (John Frickson)
|
|
||||||
|
|
||||||
ENHANCEMENTS
|
|
||||||
- Added support for optional config file to check_nrpe. With the new SSL
|
|
||||||
parameters, the line was getting long. The config file is specified with
|
|
||||||
--config-file=<path> or -f <path> parameters. The config file must look
|
|
||||||
like command line options, but the options can be on separate lines. It
|
|
||||||
MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any
|
|
||||||
options are in both the config file and on the command line, the command line
|
|
||||||
options are used.
|
|
||||||
- make can now add users and groups using "make install-groups-users" (John Frickson)
|
|
||||||
- Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson)
|
|
||||||
- Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X.
|
|
||||||
There should be no errors or warnings. Let me know if any errors or
|
|
||||||
warning appear (John Frickson)
|
|
||||||
- Added command-line option to prevent forking, since some of the init
|
|
||||||
replacements (such as systemd, etc.) don't want daemons to fork (John Frickson)
|
|
||||||
- Added autoconf macros and additional files to better support multi-platform
|
|
||||||
config and compile. The default will still set up to install to
|
|
||||||
/usr/local/nagios but I added a new configure option:
|
|
||||||
'--enable-install-method=<method>'. If <method> is 'opt', everything will
|
|
||||||
install to '/opt/nagios'. If <method> is 'os', installation will be to O/S-
|
|
||||||
and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios,
|
|
||||||
/etc/nagios, and so on.
|
|
||||||
- Added additional init and inetd config files to support more systems,
|
|
||||||
including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X.
|
|
||||||
- Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)
|
|
||||||
- Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)
|
|
||||||
- Added support for version 3 variable sized packets up to 64KB. nrpe will
|
|
||||||
accept either version from check_nrpe. check_nrpe will try to send a
|
|
||||||
version 3 packet first, and fall back to version 2. check_nrpe can be forced
|
|
||||||
to only send version 2 packets if the switch `-2` is used. (John Frickson)
|
|
||||||
- Added extended timeout syntax in the -t <secs>:<status> format. (ABrist)
|
|
||||||
|
|
||||||
FIXES
|
|
||||||
- Fixed configure to check more places for SSL headers/libs. (John Frickson)
|
|
||||||
- Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel)
|
|
||||||
- Renamed configure.in to configure.ac and added check for sigaction (John Frickson)
|
|
||||||
- Replaced all instances of signal() with sigaction() + blocking (John Frickson)
|
|
||||||
- check_nrpe does not parse passed arguments correctly (John Frickson)
|
|
||||||
- NRPE should not start if cannot write pid file (John Frickson)
|
|
||||||
- Fixed out-of-bounds error (return code 255) for some failures (John Frickson)
|
|
||||||
- Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)
|
|
||||||
- allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson)
|
|
||||||
- allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson)
|
|
||||||
- Return UNKNOWN when issues occur (Andrew Widdersheim)
|
|
||||||
- NRPE returns OK if check can't be executed (Andrew Widdersheim)
|
|
||||||
- nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus)
|
|
||||||
- compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson)
|
|
||||||
- sample configuration for check_load has crazy sample load avg (ernestoongaro)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.15 - 09/06/2013
|
|
||||||
-----------------
|
|
||||||
- Now compiles on HP-UX (Grant Byers)
|
|
||||||
- Added support for IPv6 (Leo Baltus, Eric Stanley)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.14 - 12/21/2012
|
|
||||||
-----------------
|
|
||||||
- Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
|
|
||||||
- Patched to shutdown SSL connection completely (Jari Takkala)
|
|
||||||
- Added SRC support on AIX (Thierry Bertaud)
|
|
||||||
- Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
|
|
||||||
- Updated logging to support compiling on AIX (Eric Stanley)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.13 - 11/11/2011
|
|
||||||
-----------------
|
|
||||||
- Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
|
|
||||||
- Fixed bug in allowed_hosts parsing (Eric Stanley)
|
|
||||||
- Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.12 - 03/10/2008
|
|
||||||
-----------------
|
|
||||||
- Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.11 - 12/26/2007
|
|
||||||
-----------------
|
|
||||||
- Added lib64 library paths to configure script for 64-bit systems (John Maag)
|
|
||||||
- Added --with-ssl-lib configure script option
|
|
||||||
- Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.10 - 10/19/2007
|
|
||||||
-----------------
|
|
||||||
- Moved PDF docs to docs/ subdirectory, added OpenOffice source document
|
|
||||||
- A critical result is now returned for child processed that die due to a signal (Klas Lindfors)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.9 - 08/13/2007
|
|
||||||
----------------
|
|
||||||
- Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
|
|
||||||
- Fixed bug with check_disk thresholds in sample config file (Patric Wust)
|
|
||||||
- Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
|
|
||||||
for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
|
|
||||||
- Added asprintf() support for systems that are missing it (Samba team)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.8.1 - 05/10/2007
|
|
||||||
-----------------
|
|
||||||
- Fixed configure script error with user-specified NRPE group
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.8 - 05/08/2007
|
|
||||||
---------------
|
|
||||||
- Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.8b1 - 03/14/2007
|
|
||||||
-----------------
|
|
||||||
- Changes to sample config files
|
|
||||||
- Added ';' as an additional prohibited metachar for command arguments
|
|
||||||
- Updated documentation and added easier installation commands
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.7.1 - 03/08/2007
|
|
||||||
------------------
|
|
||||||
- Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.7 - 02/18/2007
|
|
||||||
----------------
|
|
||||||
- Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
|
|
||||||
- NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.6 - 12/11/2006
|
|
||||||
----------------
|
|
||||||
- Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
|
|
||||||
- Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
|
|
||||||
- Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.5.2 - 06/30/2006
|
|
||||||
------------------
|
|
||||||
- Fixed incorrect service name in sample xinetd config file
|
|
||||||
- Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
|
|
||||||
- Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
|
|
||||||
- Fix to (re)allow week random seed (Gerhard Lausser)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.5.1 - 04/09/2006
|
|
||||||
------------------
|
|
||||||
- Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.5 - 04/06/2006
|
|
||||||
----------------
|
|
||||||
- (Re)added allowed_hosts option for systems that don't support TCP wrappers
|
|
||||||
- Fix for SSL errors under Solaris 8 (Niels Endres)
|
|
||||||
- Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.4 - 02/22/2006
|
|
||||||
----------------
|
|
||||||
- Added option to allow week random seed (Gerhard Lausser)
|
|
||||||
- Added optional command line prefix (Sean Finney)
|
|
||||||
- Added ability to reload config file with SIGHUP
|
|
||||||
- Fixed bug with location of dh.h include file
|
|
||||||
- Fixed bug with disconnect message in debug mode
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.3 - 01/23/2006
|
|
||||||
----------------
|
|
||||||
- Spec file fixes
|
|
||||||
- Removed errant PID file debugging code
|
|
||||||
- Fixed problem with trimming command definitions
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.2 - 01/22/2006
|
|
||||||
----------------
|
|
||||||
- Spec file fix
|
|
||||||
- Patch to add Tru64 and IRIX support (Ton Voon)
|
|
||||||
- Updated config.sub and config.guess
|
|
||||||
- Fixed bug with config file lines with only whitespace
|
|
||||||
- Fixed bug with missing getopt() command line option for -V
|
|
||||||
- Removed sample FreeBSD init script (now maintained by FreeBSD port)
|
|
||||||
- Added config file option for writing a PID file
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.1 - 01/19/2004
|
|
||||||
----------------
|
|
||||||
- Replaced host access list with TCP wrapper support
|
|
||||||
- Removed length restrictions for command names and command lines
|
|
||||||
- Configure script patch for getopt_long on Solaris
|
|
||||||
- Bug fixes for accept() on HP-UX 11.0
|
|
||||||
- Init script for SUSE Linux (Subhendu Ghosh)
|
|
||||||
- SSL protocol used is now limited to TLSv1
|
|
||||||
- Any output from plugins after first line is now ignored before
|
|
||||||
plugin process is closed
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
2.0 - 09/08/2003
|
|
||||||
----------------
|
|
||||||
- Added support for passing arguments to command
|
|
||||||
- NRPE daemon can no longer be run as root user/group
|
|
||||||
- Added getopt support
|
|
||||||
- Added 'include' variable to config file to allow inclusion
|
|
||||||
of external config files
|
|
||||||
- Added 'include_dir' variable to allow inclusion of external
|
|
||||||
config files in directories (with recursion)
|
|
||||||
- Added native SSL support (Derrick Bennett)
|
|
||||||
- Added my_strsep(), as Solaris doesn't have strsep()
|
|
||||||
- Added license exemption for use with OpenSSL
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.8 - 01/16/2003
|
|
||||||
----------------
|
|
||||||
- Daemon now closes stdio/out/err properly (James Peterson)
|
|
||||||
- Makefile changes (James Peterson)
|
|
||||||
- Mode command line option bug fix in daemon
|
|
||||||
- Fixed incorrect command line options in check_nrpe plugin
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.7 - 01/08/2003
|
|
||||||
----------------
|
|
||||||
- Spec file updates and minor bug fixes (James Peterson)
|
|
||||||
- Bug fix with default nrpe port definition
|
|
||||||
- Added sample xinetd config file (nrpe.xinetd)
|
|
||||||
- Bug fix for command_timeout variable (James Peterson)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.6 - 12/30/2002
|
|
||||||
----------------
|
|
||||||
- Updated sample commands to match new plugin argument format
|
|
||||||
- Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
|
|
||||||
- Syntax changes (-H option specifies host name in check_nrpe,
|
|
||||||
-c option specifies config file in nrpe)
|
|
||||||
- Added command_timeout directive to config file to allow user
|
|
||||||
to specify timeout for executing plugins
|
|
||||||
- Added spec file and misc patches for building RPMs (James Peterson)
|
|
||||||
- Added --with-nrpe-port config directive (James Peterson)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.5 - 06/03/2002
|
|
||||||
----------------
|
|
||||||
- Added setuid/setgid option to config file (suggested by Marek Cervenka)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.4 - 06/01/2002
|
|
||||||
----------------
|
|
||||||
- Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
|
|
||||||
- Minor doc and sample config file changes
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.3 - 02/21/2002
|
|
||||||
----------------
|
|
||||||
- Name and version change
|
|
||||||
- Ignore SIGHUP, minor cleanup (Jon Andrews)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.2.5 - 12/22/2001
|
|
||||||
------------------
|
|
||||||
- Implemented Beej's sendall() to handle partial send()s
|
|
||||||
- Added instructions on running under xinetd to README
|
|
||||||
- Removed some old crud
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.2.4 - 02/22/2001
|
|
||||||
------------------
|
|
||||||
- I forgot what changes I made. Go figure...
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.2.3 - 12/21/2000
|
|
||||||
------------------
|
|
||||||
- A bit more documentation on configuring command definitions for the plugin
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.2.2 - 06/05/2000
|
|
||||||
------------------
|
|
||||||
- Fixed error in docs for running under inetd using TCP wrappers
|
|
||||||
- Replaced old email address in src/netutils.h with new one
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.2.1 - 05/07/2000
|
|
||||||
------------------
|
|
||||||
- Removed trapping of SIGCHLD
|
|
||||||
- Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.2.0 - 04/18/2000
|
|
||||||
------------------
|
|
||||||
- Server forks twice after accepting a client connection, so as to prevent the
|
|
||||||
creation of zombies
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.1.5 - 04/07/2000
|
|
||||||
------------------
|
|
||||||
- Fixed a small bug where one debug message was not getting logged properly
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.1.4 - 03/30/2000
|
|
||||||
------------------
|
|
||||||
- Added option to disable/enable debug messages using the debug option in the
|
|
||||||
config file
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.1.3 - 03/11/2000
|
|
||||||
------------------
|
|
||||||
- Changed config file to use an absolute path
|
|
||||||
- Changed all debug output to use syslog (Rene Klootwijk)
|
|
||||||
- No convert all data to network order before sending it and convert it back to
|
|
||||||
host order when receiving it. This makes it possible to mix Solaris and Linux,
|
|
||||||
e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.1.2 - 03/07/2000
|
|
||||||
------------------
|
|
||||||
- Removed unnecessary code in signal handler routine
|
|
||||||
- Unused signals are no longer trapper
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.1.1 - 02/28/2000 - RKL
|
|
||||||
---------------------------
|
|
||||||
- Modified syslog code to include string describing the error code.
|
|
||||||
- Changed hardcoded number in signal handler to its name. This prevented nrpe
|
|
||||||
to run on Solaris.
|
|
||||||
- Fixed race condition in accept loop. The result of accept should also be
|
|
||||||
checked for EINTR.
|
|
||||||
- Modified recv and send function calls to compile without warnings on Solaris.
|
|
||||||
- Modified configure.in,configure and Makefile.in to include nsl and socket libs
|
|
||||||
for Solaris.
|
|
||||||
- Modified the signal handler to reestablish itself after being called.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
|
|
||||||
-----------------
|
|
||||||
- Added ability to bind nrpe to a specific interface by specifying the address
|
|
||||||
of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.0 - 02/16/2000
|
|
||||||
------------------
|
|
||||||
- Added ability to run as a service under inetd
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.0b6 - 02/01/2000
|
|
||||||
------------------
|
|
||||||
- Added configure script
|
|
||||||
- Netutils functions from the NetSaint plugins is now used
|
|
||||||
- Reset SIGCHLD to default behavior before calling popen() to
|
|
||||||
prevent race condition with pclose() (Reported by Rene Klootwijk)
|
|
||||||
- Cleaned up code
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.0b5 - 01/10/2000
|
|
||||||
------------------
|
|
||||||
- Added init script contributed by Jacob L
|
|
||||||
- Incorporated syslog code and other patches contributed by Jacob L
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1.0b4 - 11/04/1999
|
|
||||||
------------------
|
|
||||||
- Changed 'allowed_ip' option in configuration file to
|
|
||||||
'allowed_hosts' and added support for multiple hosts
|
|
||||||
- Minor buffer overflow protection fixes
|
|
||||||
- main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
|
|
||||||
- Added syslog support (jaclu@grm.se)
|
|
339
LICENSE
339
LICENSE
@ -1,339 +0,0 @@
|
|||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
Version 2, June 1991
|
|
||||||
|
|
||||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
Preamble
|
|
||||||
|
|
||||||
The licenses for most software are designed to take away your
|
|
||||||
freedom to share and change it. By contrast, the GNU General Public
|
|
||||||
License is intended to guarantee your freedom to share and change free
|
|
||||||
software--to make sure the software is free for all its users. This
|
|
||||||
General Public License applies to most of the Free Software
|
|
||||||
Foundation's software and to any other program whose authors commit to
|
|
||||||
using it. (Some other Free Software Foundation software is covered by
|
|
||||||
the GNU Lesser General Public License instead.) You can apply it to
|
|
||||||
your programs, too.
|
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom, not
|
|
||||||
price. Our General Public Licenses are designed to make sure that you
|
|
||||||
have the freedom to distribute copies of free software (and charge for
|
|
||||||
this service if you wish), that you receive source code or can get it
|
|
||||||
if you want it, that you can change the software or use pieces of it
|
|
||||||
in new free programs; and that you know you can do these things.
|
|
||||||
|
|
||||||
To protect your rights, we need to make restrictions that forbid
|
|
||||||
anyone to deny you these rights or to ask you to surrender the rights.
|
|
||||||
These restrictions translate to certain responsibilities for you if you
|
|
||||||
distribute copies of the software, or if you modify it.
|
|
||||||
|
|
||||||
For example, if you distribute copies of such a program, whether
|
|
||||||
gratis or for a fee, you must give the recipients all the rights that
|
|
||||||
you have. You must make sure that they, too, receive or can get the
|
|
||||||
source code. And you must show them these terms so they know their
|
|
||||||
rights.
|
|
||||||
|
|
||||||
We protect your rights with two steps: (1) copyright the software, and
|
|
||||||
(2) offer you this license which gives you legal permission to copy,
|
|
||||||
distribute and/or modify the software.
|
|
||||||
|
|
||||||
Also, for each author's protection and ours, we want to make certain
|
|
||||||
that everyone understands that there is no warranty for this free
|
|
||||||
software. If the software is modified by someone else and passed on, we
|
|
||||||
want its recipients to know that what they have is not the original, so
|
|
||||||
that any problems introduced by others will not reflect on the original
|
|
||||||
authors' reputations.
|
|
||||||
|
|
||||||
Finally, any free program is threatened constantly by software
|
|
||||||
patents. We wish to avoid the danger that redistributors of a free
|
|
||||||
program will individually obtain patent licenses, in effect making the
|
|
||||||
program proprietary. To prevent this, we have made it clear that any
|
|
||||||
patent must be licensed for everyone's free use or not licensed at all.
|
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
|
||||||
modification follow.
|
|
||||||
|
|
||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
|
||||||
|
|
||||||
0. This License applies to any program or other work which contains
|
|
||||||
a notice placed by the copyright holder saying it may be distributed
|
|
||||||
under the terms of this General Public License. The "Program", below,
|
|
||||||
refers to any such program or work, and a "work based on the Program"
|
|
||||||
means either the Program or any derivative work under copyright law:
|
|
||||||
that is to say, a work containing the Program or a portion of it,
|
|
||||||
either verbatim or with modifications and/or translated into another
|
|
||||||
language. (Hereinafter, translation is included without limitation in
|
|
||||||
the term "modification".) Each licensee is addressed as "you".
|
|
||||||
|
|
||||||
Activities other than copying, distribution and modification are not
|
|
||||||
covered by this License; they are outside its scope. The act of
|
|
||||||
running the Program is not restricted, and the output from the Program
|
|
||||||
is covered only if its contents constitute a work based on the
|
|
||||||
Program (independent of having been made by running the Program).
|
|
||||||
Whether that is true depends on what the Program does.
|
|
||||||
|
|
||||||
1. You may copy and distribute verbatim copies of the Program's
|
|
||||||
source code as you receive it, in any medium, provided that you
|
|
||||||
conspicuously and appropriately publish on each copy an appropriate
|
|
||||||
copyright notice and disclaimer of warranty; keep intact all the
|
|
||||||
notices that refer to this License and to the absence of any warranty;
|
|
||||||
and give any other recipients of the Program a copy of this License
|
|
||||||
along with the Program.
|
|
||||||
|
|
||||||
You may charge a fee for the physical act of transferring a copy, and
|
|
||||||
you may at your option offer warranty protection in exchange for a fee.
|
|
||||||
|
|
||||||
2. You may modify your copy or copies of the Program or any portion
|
|
||||||
of it, thus forming a work based on the Program, and copy and
|
|
||||||
distribute such modifications or work under the terms of Section 1
|
|
||||||
above, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) You must cause the modified files to carry prominent notices
|
|
||||||
stating that you changed the files and the date of any change.
|
|
||||||
|
|
||||||
b) You must cause any work that you distribute or publish, that in
|
|
||||||
whole or in part contains or is derived from the Program or any
|
|
||||||
part thereof, to be licensed as a whole at no charge to all third
|
|
||||||
parties under the terms of this License.
|
|
||||||
|
|
||||||
c) If the modified program normally reads commands interactively
|
|
||||||
when run, you must cause it, when started running for such
|
|
||||||
interactive use in the most ordinary way, to print or display an
|
|
||||||
announcement including an appropriate copyright notice and a
|
|
||||||
notice that there is no warranty (or else, saying that you provide
|
|
||||||
a warranty) and that users may redistribute the program under
|
|
||||||
these conditions, and telling the user how to view a copy of this
|
|
||||||
License. (Exception: if the Program itself is interactive but
|
|
||||||
does not normally print such an announcement, your work based on
|
|
||||||
the Program is not required to print an announcement.)
|
|
||||||
|
|
||||||
These requirements apply to the modified work as a whole. If
|
|
||||||
identifiable sections of that work are not derived from the Program,
|
|
||||||
and can be reasonably considered independent and separate works in
|
|
||||||
themselves, then this License, and its terms, do not apply to those
|
|
||||||
sections when you distribute them as separate works. But when you
|
|
||||||
distribute the same sections as part of a whole which is a work based
|
|
||||||
on the Program, the distribution of the whole must be on the terms of
|
|
||||||
this License, whose permissions for other licensees extend to the
|
|
||||||
entire whole, and thus to each and every part regardless of who wrote it.
|
|
||||||
|
|
||||||
Thus, it is not the intent of this section to claim rights or contest
|
|
||||||
your rights to work written entirely by you; rather, the intent is to
|
|
||||||
exercise the right to control the distribution of derivative or
|
|
||||||
collective works based on the Program.
|
|
||||||
|
|
||||||
In addition, mere aggregation of another work not based on the Program
|
|
||||||
with the Program (or with a work based on the Program) on a volume of
|
|
||||||
a storage or distribution medium does not bring the other work under
|
|
||||||
the scope of this License.
|
|
||||||
|
|
||||||
3. You may copy and distribute the Program (or a work based on it,
|
|
||||||
under Section 2) in object code or executable form under the terms of
|
|
||||||
Sections 1 and 2 above provided that you also do one of the following:
|
|
||||||
|
|
||||||
a) Accompany it with the complete corresponding machine-readable
|
|
||||||
source code, which must be distributed under the terms of Sections
|
|
||||||
1 and 2 above on a medium customarily used for software interchange; or,
|
|
||||||
|
|
||||||
b) Accompany it with a written offer, valid for at least three
|
|
||||||
years, to give any third party, for a charge no more than your
|
|
||||||
cost of physically performing source distribution, a complete
|
|
||||||
machine-readable copy of the corresponding source code, to be
|
|
||||||
distributed under the terms of Sections 1 and 2 above on a medium
|
|
||||||
customarily used for software interchange; or,
|
|
||||||
|
|
||||||
c) Accompany it with the information you received as to the offer
|
|
||||||
to distribute corresponding source code. (This alternative is
|
|
||||||
allowed only for noncommercial distribution and only if you
|
|
||||||
received the program in object code or executable form with such
|
|
||||||
an offer, in accord with Subsection b above.)
|
|
||||||
|
|
||||||
The source code for a work means the preferred form of the work for
|
|
||||||
making modifications to it. For an executable work, complete source
|
|
||||||
code means all the source code for all modules it contains, plus any
|
|
||||||
associated interface definition files, plus the scripts used to
|
|
||||||
control compilation and installation of the executable. However, as a
|
|
||||||
special exception, the source code distributed need not include
|
|
||||||
anything that is normally distributed (in either source or binary
|
|
||||||
form) with the major components (compiler, kernel, and so on) of the
|
|
||||||
operating system on which the executable runs, unless that component
|
|
||||||
itself accompanies the executable.
|
|
||||||
|
|
||||||
If distribution of executable or object code is made by offering
|
|
||||||
access to copy from a designated place, then offering equivalent
|
|
||||||
access to copy the source code from the same place counts as
|
|
||||||
distribution of the source code, even though third parties are not
|
|
||||||
compelled to copy the source along with the object code.
|
|
||||||
|
|
||||||
4. You may not copy, modify, sublicense, or distribute the Program
|
|
||||||
except as expressly provided under this License. Any attempt
|
|
||||||
otherwise to copy, modify, sublicense or distribute the Program is
|
|
||||||
void, and will automatically terminate your rights under this License.
|
|
||||||
However, parties who have received copies, or rights, from you under
|
|
||||||
this License will not have their licenses terminated so long as such
|
|
||||||
parties remain in full compliance.
|
|
||||||
|
|
||||||
5. You are not required to accept this License, since you have not
|
|
||||||
signed it. However, nothing else grants you permission to modify or
|
|
||||||
distribute the Program or its derivative works. These actions are
|
|
||||||
prohibited by law if you do not accept this License. Therefore, by
|
|
||||||
modifying or distributing the Program (or any work based on the
|
|
||||||
Program), you indicate your acceptance of this License to do so, and
|
|
||||||
all its terms and conditions for copying, distributing or modifying
|
|
||||||
the Program or works based on it.
|
|
||||||
|
|
||||||
6. Each time you redistribute the Program (or any work based on the
|
|
||||||
Program), the recipient automatically receives a license from the
|
|
||||||
original licensor to copy, distribute or modify the Program subject to
|
|
||||||
these terms and conditions. You may not impose any further
|
|
||||||
restrictions on the recipients' exercise of the rights granted herein.
|
|
||||||
You are not responsible for enforcing compliance by third parties to
|
|
||||||
this License.
|
|
||||||
|
|
||||||
7. If, as a consequence of a court judgment or allegation of patent
|
|
||||||
infringement or for any other reason (not limited to patent issues),
|
|
||||||
conditions are imposed on you (whether by court order, agreement or
|
|
||||||
otherwise) that contradict the conditions of this License, they do not
|
|
||||||
excuse you from the conditions of this License. If you cannot
|
|
||||||
distribute so as to satisfy simultaneously your obligations under this
|
|
||||||
License and any other pertinent obligations, then as a consequence you
|
|
||||||
may not distribute the Program at all. For example, if a patent
|
|
||||||
license would not permit royalty-free redistribution of the Program by
|
|
||||||
all those who receive copies directly or indirectly through you, then
|
|
||||||
the only way you could satisfy both it and this License would be to
|
|
||||||
refrain entirely from distribution of the Program.
|
|
||||||
|
|
||||||
If any portion of this section is held invalid or unenforceable under
|
|
||||||
any particular circumstance, the balance of the section is intended to
|
|
||||||
apply and the section as a whole is intended to apply in other
|
|
||||||
circumstances.
|
|
||||||
|
|
||||||
It is not the purpose of this section to induce you to infringe any
|
|
||||||
patents or other property right claims or to contest validity of any
|
|
||||||
such claims; this section has the sole purpose of protecting the
|
|
||||||
integrity of the free software distribution system, which is
|
|
||||||
implemented by public license practices. Many people have made
|
|
||||||
generous contributions to the wide range of software distributed
|
|
||||||
through that system in reliance on consistent application of that
|
|
||||||
system; it is up to the author/donor to decide if he or she is willing
|
|
||||||
to distribute software through any other system and a licensee cannot
|
|
||||||
impose that choice.
|
|
||||||
|
|
||||||
This section is intended to make thoroughly clear what is believed to
|
|
||||||
be a consequence of the rest of this License.
|
|
||||||
|
|
||||||
8. If the distribution and/or use of the Program is restricted in
|
|
||||||
certain countries either by patents or by copyrighted interfaces, the
|
|
||||||
original copyright holder who places the Program under this License
|
|
||||||
may add an explicit geographical distribution limitation excluding
|
|
||||||
those countries, so that distribution is permitted only in or among
|
|
||||||
countries not thus excluded. In such case, this License incorporates
|
|
||||||
the limitation as if written in the body of this License.
|
|
||||||
|
|
||||||
9. The Free Software Foundation may publish revised and/or new versions
|
|
||||||
of the General Public License from time to time. Such new versions will
|
|
||||||
be similar in spirit to the present version, but may differ in detail to
|
|
||||||
address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Program
|
|
||||||
specifies a version number of this License which applies to it and "any
|
|
||||||
later version", you have the option of following the terms and conditions
|
|
||||||
either of that version or of any later version published by the Free
|
|
||||||
Software Foundation. If the Program does not specify a version number of
|
|
||||||
this License, you may choose any version ever published by the Free Software
|
|
||||||
Foundation.
|
|
||||||
|
|
||||||
10. If you wish to incorporate parts of the Program into other free
|
|
||||||
programs whose distribution conditions are different, write to the author
|
|
||||||
to ask for permission. For software which is copyrighted by the Free
|
|
||||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
|
||||||
make exceptions for this. Our decision will be guided by the two goals
|
|
||||||
of preserving the free status of all derivatives of our free software and
|
|
||||||
of promoting the sharing and reuse of software generally.
|
|
||||||
|
|
||||||
NO WARRANTY
|
|
||||||
|
|
||||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
|
||||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
|
||||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
|
||||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
|
||||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
||||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
|
||||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
|
||||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
|
||||||
REPAIR OR CORRECTION.
|
|
||||||
|
|
||||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
|
||||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
|
||||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
|
||||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
|
||||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
|
||||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
|
||||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
|
||||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
|
||||||
POSSIBILITY OF SUCH DAMAGES.
|
|
||||||
|
|
||||||
END OF TERMS AND CONDITIONS
|
|
||||||
|
|
||||||
How to Apply These Terms to Your New Programs
|
|
||||||
|
|
||||||
If you develop a new program, and you want it to be of the greatest
|
|
||||||
possible use to the public, the best way to achieve this is to make it
|
|
||||||
free software which everyone can redistribute and change under these terms.
|
|
||||||
|
|
||||||
To do so, attach the following notices to the program. It is safest
|
|
||||||
to attach them to the start of each source file to most effectively
|
|
||||||
convey the exclusion of warranty; and each file should have at least
|
|
||||||
the "copyright" line and a pointer to where the full notice is found.
|
|
||||||
|
|
||||||
<one line to give the program's name and a brief idea of what it does.>
|
|
||||||
Copyright (C) <year> <name of author>
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License along
|
|
||||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
|
|
||||||
Also add information on how to contact you by electronic and paper mail.
|
|
||||||
|
|
||||||
If the program is interactive, make it output a short notice like this
|
|
||||||
when it starts in an interactive mode:
|
|
||||||
|
|
||||||
Gnomovision version 69, Copyright (C) year name of author
|
|
||||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
|
||||||
This is free software, and you are welcome to redistribute it
|
|
||||||
under certain conditions; type `show c' for details.
|
|
||||||
|
|
||||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
|
||||||
parts of the General Public License. Of course, the commands you use may
|
|
||||||
be called something other than `show w' and `show c'; they could even be
|
|
||||||
mouse-clicks or menu items--whatever suits your program.
|
|
||||||
|
|
||||||
You should also get your employer (if you work as a programmer) or your
|
|
||||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
|
||||||
necessary. Here is a sample; alter the names:
|
|
||||||
|
|
||||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
|
||||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
|
||||||
|
|
||||||
<signature of Ty Coon>, 1 April 1989
|
|
||||||
Ty Coon, President of Vice
|
|
||||||
|
|
||||||
This General Public License does not permit incorporating your program into
|
|
||||||
proprietary programs. If your program is a subroutine library, you may
|
|
||||||
consider it more useful to permit linking proprietary applications with the
|
|
||||||
library. If this is what you want to do, use the GNU Lesser General
|
|
||||||
Public License instead of this License.
|
|
264
LICENSE.md
Normal file
264
LICENSE.md
Normal file
@ -0,0 +1,264 @@
|
|||||||
|
The GNU General Public License, Version 2, June 1991 (GPLv2)
|
||||||
|
============================================================
|
||||||
|
|
||||||
|
> Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||||
|
> 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||||
|
document, but changing it is not allowed.
|
||||||
|
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
--------
|
||||||
|
|
||||||
|
The licenses for most software are designed to take away your freedom to share
|
||||||
|
and change it. By contrast, the GNU General Public License is intended to
|
||||||
|
guarantee your freedom to share and change free software--to make sure the
|
||||||
|
software is free for all its users. This General Public License applies to most
|
||||||
|
of the Free Software Foundation's software and to any other program whose
|
||||||
|
authors commit to using it. (Some other Free Software Foundation software is
|
||||||
|
covered by the GNU Lesser General Public License instead.) You can apply it to
|
||||||
|
your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not price. Our
|
||||||
|
General Public Licenses are designed to make sure that you have the freedom to
|
||||||
|
distribute copies of free software (and charge for this service if you wish),
|
||||||
|
that you receive source code or can get it if you want it, that you can change
|
||||||
|
the software or use pieces of it in new free programs; and that you know you can
|
||||||
|
do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to make restrictions that forbid anyone to deny
|
||||||
|
you these rights or to ask you to surrender the rights. These restrictions
|
||||||
|
translate to certain responsibilities for you if you distribute copies of the
|
||||||
|
software, or if you modify it.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether gratis or for a
|
||||||
|
fee, you must give the recipients all the rights that you have. You must make
|
||||||
|
sure that they, too, receive or can get the source code. And you must show them
|
||||||
|
these terms so they know their rights.
|
||||||
|
|
||||||
|
We protect your rights with two steps: (1) copyright the software, and (2) offer
|
||||||
|
you this license which gives you legal permission to copy, distribute and/or
|
||||||
|
modify the software.
|
||||||
|
|
||||||
|
Also, for each author's protection and ours, we want to make certain that
|
||||||
|
everyone understands that there is no warranty for this free software. If the
|
||||||
|
software is modified by someone else and passed on, we want its recipients to
|
||||||
|
know that what they have is not the original, so that any problems introduced by
|
||||||
|
others will not reflect on the original authors' reputations.
|
||||||
|
|
||||||
|
Finally, any free program is threatened constantly by software patents. We wish
|
||||||
|
to avoid the danger that redistributors of a free program will individually
|
||||||
|
obtain patent licenses, in effect making the program proprietary. To prevent
|
||||||
|
this, we have made it clear that any patent must be licensed for everyone's free
|
||||||
|
use or not licensed at all.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and modification
|
||||||
|
follow.
|
||||||
|
|
||||||
|
|
||||||
|
Terms And Conditions For Copying, Distribution And Modification
|
||||||
|
---------------------------------------------------------------
|
||||||
|
|
||||||
|
**0.** This License applies to any program or other work which contains a notice
|
||||||
|
placed by the copyright holder saying it may be distributed under the terms of
|
||||||
|
this General Public License. The "Program", below, refers to any such program or
|
||||||
|
work, and a "work based on the Program" means either the Program or any
|
||||||
|
derivative work under copyright law: that is to say, a work containing the
|
||||||
|
Program or a portion of it, either verbatim or with modifications and/or
|
||||||
|
translated into another language. (Hereinafter, translation is included without
|
||||||
|
limitation in the term "modification".) Each licensee is addressed as "you".
|
||||||
|
|
||||||
|
Activities other than copying, distribution and modification are not covered by
|
||||||
|
this License; they are outside its scope. The act of running the Program is not
|
||||||
|
restricted, and the output from the Program is covered only if its contents
|
||||||
|
constitute a work based on the Program (independent of having been made by
|
||||||
|
running the Program). Whether that is true depends on what the Program does.
|
||||||
|
|
||||||
|
**1.** You may copy and distribute verbatim copies of the Program's source code
|
||||||
|
as you receive it, in any medium, provided that you conspicuously and
|
||||||
|
appropriately publish on each copy an appropriate copyright notice and
|
||||||
|
disclaimer of warranty; keep intact all the notices that refer to this License
|
||||||
|
and to the absence of any warranty; and give any other recipients of the Program
|
||||||
|
a copy of this License along with the Program.
|
||||||
|
|
||||||
|
You may charge a fee for the physical act of transferring a copy, and you may at
|
||||||
|
your option offer warranty protection in exchange for a fee.
|
||||||
|
|
||||||
|
**2.** You may modify your copy or copies of the Program or any portion of it,
|
||||||
|
thus forming a work based on the Program, and copy and distribute such
|
||||||
|
modifications or work under the terms of Section 1 above, provided that you also
|
||||||
|
meet all of these conditions:
|
||||||
|
|
||||||
|
* **a)** You must cause the modified files to carry prominent notices stating
|
||||||
|
that you changed the files and the date of any change.
|
||||||
|
|
||||||
|
* **b)** You must cause any work that you distribute or publish, that in whole
|
||||||
|
or in part contains or is derived from the Program or any part thereof, to
|
||||||
|
be licensed as a whole at no charge to all third parties under the terms of
|
||||||
|
this License.
|
||||||
|
|
||||||
|
* **c)** If the modified program normally reads commands interactively when
|
||||||
|
run, you must cause it, when started running for such interactive use in the
|
||||||
|
most ordinary way, to print or display an announcement including an
|
||||||
|
appropriate copyright notice and a notice that there is no warranty (or
|
||||||
|
else, saying that you provide a warranty) and that users may redistribute
|
||||||
|
the program under these conditions, and telling the user how to view a copy
|
||||||
|
of this License. (Exception: if the Program itself is interactive but does
|
||||||
|
not normally print such an announcement, your work based on the Program is
|
||||||
|
not required to print an announcement.)
|
||||||
|
|
||||||
|
These requirements apply to the modified work as a whole. If identifiable
|
||||||
|
sections of that work are not derived from the Program, and can be reasonably
|
||||||
|
considered independent and separate works in themselves, then this License, and
|
||||||
|
its terms, do not apply to those sections when you distribute them as separate
|
||||||
|
works. But when you distribute the same sections as part of a whole which is a
|
||||||
|
work based on the Program, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the entire whole,
|
||||||
|
and thus to each and every part regardless of who wrote it.
|
||||||
|
|
||||||
|
Thus, it is not the intent of this section to claim rights or contest your
|
||||||
|
rights to work written entirely by you; rather, the intent is to exercise the
|
||||||
|
right to control the distribution of derivative or collective works based on the
|
||||||
|
Program.
|
||||||
|
|
||||||
|
In addition, mere aggregation of another work not based on the Program with the
|
||||||
|
Program (or with a work based on the Program) on a volume of a storage or
|
||||||
|
distribution medium does not bring the other work under the scope of this
|
||||||
|
License.
|
||||||
|
|
||||||
|
**3.** You may copy and distribute the Program (or a work based on it, under
|
||||||
|
Section 2) in object code or executable form under the terms of Sections 1 and 2
|
||||||
|
above provided that you also do one of the following:
|
||||||
|
|
||||||
|
* **a)** Accompany it with the complete corresponding machine-readable source
|
||||||
|
code, which must be distributed under the terms of Sections 1 and 2 above on
|
||||||
|
a medium customarily used for software interchange; or,
|
||||||
|
|
||||||
|
* **b)** Accompany it with a written offer, valid for at least three years, to
|
||||||
|
give any third party, for a charge no more than your cost of physically
|
||||||
|
performing source distribution, a complete machine-readable copy of the
|
||||||
|
corresponding source code, to be distributed under the terms of Sections 1
|
||||||
|
and 2 above on a medium customarily used for software interchange; or,
|
||||||
|
|
||||||
|
* **c)** Accompany it with the information you received as to the offer to
|
||||||
|
distribute corresponding source code. (This alternative is allowed only for
|
||||||
|
noncommercial distribution and only if you received the program in object
|
||||||
|
code or executable form with such an offer, in accord with Subsection b
|
||||||
|
above.)
|
||||||
|
|
||||||
|
The source code for a work means the preferred form of the work for making
|
||||||
|
modifications to it. For an executable work, complete source code means all the
|
||||||
|
source code for all modules it contains, plus any associated interface
|
||||||
|
definition files, plus the scripts used to control compilation and installation
|
||||||
|
of the executable. However, as a special exception, the source code distributed
|
||||||
|
need not include anything that is normally distributed (in either source or
|
||||||
|
binary form) with the major components (compiler, kernel, and so on) of the
|
||||||
|
operating system on which the executable runs, unless that component itself
|
||||||
|
accompanies the executable.
|
||||||
|
|
||||||
|
If distribution of executable or object code is made by offering access to copy
|
||||||
|
from a designated place, then offering equivalent access to copy the source code
|
||||||
|
from the same place counts as distribution of the source code, even though third
|
||||||
|
parties are not compelled to copy the source along with the object code.
|
||||||
|
|
||||||
|
**4.** You may not copy, modify, sublicense, or distribute the Program except as
|
||||||
|
expressly provided under this License. Any attempt otherwise to copy, modify,
|
||||||
|
sublicense or distribute the Program is void, and will automatically terminate
|
||||||
|
your rights under this License. However, parties who have received copies, or
|
||||||
|
rights, from you under this License will not have their licenses terminated so
|
||||||
|
long as such parties remain in full compliance.
|
||||||
|
|
||||||
|
**5.** You are not required to accept this License, since you have not signed
|
||||||
|
it. However, nothing else grants you permission to modify or distribute the
|
||||||
|
Program or its derivative works. These actions are prohibited by law if you do
|
||||||
|
not accept this License. Therefore, by modifying or distributing the Program (or
|
||||||
|
any work based on the Program), you indicate your acceptance of this License to
|
||||||
|
do so, and all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Program or works based on it.
|
||||||
|
|
||||||
|
**6.** Each time you redistribute the Program (or any work based on the
|
||||||
|
Program), the recipient automatically receives a license from the original
|
||||||
|
licensor to copy, distribute or modify the Program subject to these terms and
|
||||||
|
conditions. You may not impose any further restrictions on the recipients'
|
||||||
|
exercise of the rights granted herein. You are not responsible for enforcing
|
||||||
|
compliance by third parties to this License.
|
||||||
|
|
||||||
|
**7.** If, as a consequence of a court judgment or allegation of patent
|
||||||
|
infringement or for any other reason (not limited to patent issues), conditions
|
||||||
|
are imposed on you (whether by court order, agreement or otherwise) that
|
||||||
|
contradict the conditions of this License, they do not excuse you from the
|
||||||
|
conditions of this License. If you cannot distribute so as to satisfy
|
||||||
|
simultaneously your obligations under this License and any other pertinent
|
||||||
|
obligations, then as a consequence you may not distribute the Program at all.
|
||||||
|
For example, if a patent license would not permit royalty-free redistribution of
|
||||||
|
the Program by all those who receive copies directly or indirectly through you,
|
||||||
|
then the only way you could satisfy both it and this License would be to refrain
|
||||||
|
entirely from distribution of the Program.
|
||||||
|
|
||||||
|
If any portion of this section is held invalid or unenforceable under any
|
||||||
|
particular circumstance, the balance of the section is intended to apply and the
|
||||||
|
section as a whole is intended to apply in other circumstances.
|
||||||
|
|
||||||
|
It is not the purpose of this section to induce you to infringe any patents or
|
||||||
|
other property right claims or to contest validity of any such claims; this
|
||||||
|
section has the sole purpose of protecting the integrity of the free software
|
||||||
|
distribution system, which is implemented by public license practices. Many
|
||||||
|
people have made generous contributions to the wide range of software
|
||||||
|
distributed through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing to
|
||||||
|
distribute software through any other system and a licensee cannot impose that
|
||||||
|
choice.
|
||||||
|
|
||||||
|
This section is intended to make thoroughly clear what is believed to be a
|
||||||
|
consequence of the rest of this License.
|
||||||
|
|
||||||
|
**8.** If the distribution and/or use of the Program is restricted in certain
|
||||||
|
countries either by patents or by copyrighted interfaces, the original copyright
|
||||||
|
holder who places the Program under this License may add an explicit
|
||||||
|
geographical distribution limitation excluding those countries, so that
|
||||||
|
distribution is permitted only in or among countries not thus excluded. In such
|
||||||
|
case, this License incorporates the limitation as if written in the body of this
|
||||||
|
License.
|
||||||
|
|
||||||
|
**9.** The Free Software Foundation may publish revised and/or new versions of
|
||||||
|
the General Public License from time to time. Such new versions will be similar
|
||||||
|
in spirit to the present version, but may differ in detail to address new
|
||||||
|
problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Program specifies
|
||||||
|
a version number of this License which applies to it and "any later version",
|
||||||
|
you have the option of following the terms and conditions either of that version
|
||||||
|
or of any later version published by the Free Software Foundation. If the
|
||||||
|
Program does not specify a version number of this License, you may choose any
|
||||||
|
version ever published by the Free Software Foundation.
|
||||||
|
|
||||||
|
**10.** If you wish to incorporate parts of the Program into other free programs
|
||||||
|
whose distribution conditions are different, write to the author to ask for
|
||||||
|
permission. For software which is copyrighted by the Free Software Foundation,
|
||||||
|
write to the Free Software Foundation; we sometimes make exceptions for this.
|
||||||
|
Our decision will be guided by the two goals of preserving the free status of
|
||||||
|
all derivatives of our free software and of promoting the sharing and reuse of
|
||||||
|
software generally.
|
||||||
|
|
||||||
|
|
||||||
|
No Warranty
|
||||||
|
-----------
|
||||||
|
|
||||||
|
**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
|
||||||
|
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
|
||||||
|
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
|
||||||
|
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
|
||||||
|
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
|
||||||
|
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||||
|
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
|
||||||
|
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||||
|
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
|
||||||
|
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
|
||||||
|
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
|
||||||
|
FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
|
||||||
|
OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
@ -1,10 +1,9 @@
|
|||||||
###############################
|
###############################
|
||||||
# Makefile for NRPE
|
|
||||||
#
|
#
|
||||||
# Last Modified: 03-14-2007
|
# NRPE Makefile
|
||||||
|
#
|
||||||
###############################
|
###############################
|
||||||
|
|
||||||
|
|
||||||
# Source code directories
|
# Source code directories
|
||||||
SRC_BASE=./src/
|
SRC_BASE=./src/
|
||||||
SRC_INCLUDE=./include/
|
SRC_INCLUDE=./include/
|
||||||
@ -110,6 +109,10 @@ install-init:
|
|||||||
echo svccfg import $(INIT_DIR)/$(INIT_FILE); \
|
echo svccfg import $(INIT_DIR)/$(INIT_FILE); \
|
||||||
svccfg import $(INIT_DIR)/$(INIT_FILE); \
|
svccfg import $(INIT_DIR)/$(INIT_FILE); \
|
||||||
echo "*** Run 'svcadm enable nrpe' to start it"; \
|
echo "*** Run 'svcadm enable nrpe' to start it"; \
|
||||||
|
elif test $(INIT_TYPE) = gentoo; then\
|
||||||
|
$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
|
||||||
|
echo rc-update add nrpe default; \
|
||||||
|
rc-update add nrpe default; \
|
||||||
else\
|
else\
|
||||||
echo $(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
|
echo $(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
|
||||||
$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
|
$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
|
||||||
|
@ -1,16 +1,27 @@
|
|||||||
NRPE With SSL/TLS
|
NRPE With SSL/TLS
|
||||||
=================
|
=================
|
||||||
|
|
||||||
##Contents
|
This document covers the different methods of SSL transport
|
||||||
1. [Introduction](#intro)
|
that NRPE allows for.
|
||||||
2. [NRPE Changes](#nrpe)
|
|
||||||
3. [check_nrpe Changes](#chk)
|
|
||||||
4. [Certificate Generation Example](#xmp)
|
|
||||||
|
|
||||||
<a id=intro></a>
|
If there was a TL;DR here, it is these:
|
||||||
|
|
||||||
------------
|
### Don't use NRPE without encryption
|
||||||
###Introduction
|
|
||||||
|
and
|
||||||
|
|
||||||
|
### Use Public Key Encryption
|
||||||
|
|
||||||
|
Contents
|
||||||
|
--------
|
||||||
|
|
||||||
|
1. [Introduction](#introduction)
|
||||||
|
2. [NRPE Changes](#nrpe-changes)
|
||||||
|
3. [check_nrpe Changes](#check_nrpe-changes)
|
||||||
|
4. [Certificate Generation Example](#certificate-generation-example)
|
||||||
|
|
||||||
|
|
||||||
|
Introduction
|
||||||
------------
|
------------
|
||||||
|
|
||||||
NRPE has had basic support for SSL/TLS for some time now, but it was
|
NRPE has had basic support for SSL/TLS for some time now, but it was
|
||||||
@ -19,17 +30,16 @@ exchange, it used a fixed 512-bit key (generated at `./configure`
|
|||||||
time and extremely insecure) and originally allowed SSLv2. In 2004,
|
time and extremely insecure) and originally allowed SSLv2. In 2004,
|
||||||
SSLv2 and SSLv3 support was disabled.
|
SSLv2 and SSLv3 support was disabled.
|
||||||
|
|
||||||
nrpe and check_nrpe have been updated to offer much more secure
|
`nrpe` and `check_nrpe` have been updated to offer much more secure
|
||||||
encryption and more options. And the updates are done in a backward-
|
encryption and more options. And the updates are done in a backward-
|
||||||
compatible way, allowing you to migrate to the newer versions
|
compatible way, allowing you to migrate to the newer versions
|
||||||
without having to do it all at once, and possibly miss updating some
|
without having to do it all at once, and possibly miss updating some
|
||||||
machines, causing lost reporting.
|
machines, causing lost reporting.
|
||||||
|
|
||||||
<a id=nrpe></a>
|
|
||||||
|
|
||||||
------------------------------------------
|
|
||||||
###CHANGES IN THE CURRENT VERSION OF NRPE
|
NRPE Changes
|
||||||
------------------------------------------
|
------------
|
||||||
|
|
||||||
Running `./configure` will now create a 2048-bit DH key instead
|
Running `./configure` will now create a 2048-bit DH key instead
|
||||||
of the old 512-bit key. The most current versions of openSSL will
|
of the old 512-bit key. The most current versions of openSSL will
|
||||||
@ -52,8 +62,8 @@ If you are upgrading NRPE from a prior version, you can run the
|
|||||||
The `ssl_version` directive lets you set which versions of SSL/TLS
|
The `ssl_version` directive lets you set which versions of SSL/TLS
|
||||||
you want to allow. SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 are
|
you want to allow. SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 are
|
||||||
allowed, or those litereals with a `+` after them (as in TLSv1.1+).
|
allowed, or those litereals with a `+` after them (as in TLSv1.1+).
|
||||||
Without the `+`, that version _only_ will be used. With the `+`,
|
Without the `+`, *that version only* will be used. With the `+`,
|
||||||
that version _or above_ will be used. openSSL will always negotiate
|
that *version or above* will be used. openSSL will always negotiate
|
||||||
the highest available allowed version available on both ends. This
|
the highest available allowed version available on both ends. This
|
||||||
directive currently defaults to `TLSv1+`.
|
directive currently defaults to `TLSv1+`.
|
||||||
|
|
||||||
@ -61,7 +71,7 @@ The `ssl_use_adh` directive is **DEPRECATED**, even though it is new.
|
|||||||
Possible values are `0` to not allow ADH at all, `1` to allow ADH,
|
Possible values are `0` to not allow ADH at all, `1` to allow ADH,
|
||||||
and `2` to require ADH. The `2` should never be required, but it's
|
and `2` to require ADH. The `2` should never be required, but it's
|
||||||
there just in case it's needed, for whatever reason. `1` is currently
|
there just in case it's needed, for whatever reason. `1` is currently
|
||||||
the default, which allows older check_nrpe plugins to connect using
|
the default, which allows older `check_nrpe` plugins to connect using
|
||||||
ADH. When all the plugins are migrated to the newer version, it
|
ADH. When all the plugins are migrated to the newer version, it
|
||||||
should be set to `0`. In an upcoming version of NRPE, ADH will no
|
should be set to `0`. In an upcoming version of NRPE, ADH will no
|
||||||
longer be allowed at all. Note that if you use a `2` here, NRPE will
|
longer be allowed at all. Note that if you use a `2` here, NRPE will
|
||||||
@ -103,13 +113,11 @@ This can be especially helpful during plugin migration, so you can
|
|||||||
tell which plugins have certificates, what SSL/TLS version is being
|
tell which plugins have certificates, what SSL/TLS version is being
|
||||||
used, and which ciphers are being used.
|
used, and which ciphers are being used.
|
||||||
|
|
||||||
<a id=chk></a>
|
|
||||||
|
|
||||||
------------------------------------------------
|
check_nrpe Changes
|
||||||
###CHANGES IN THE CURRENT VERSION OF CHECK_NRPE
|
------------------
|
||||||
------------------------------------------------
|
|
||||||
|
|
||||||
The check_nrpe plugin has also been updated to provide more secure
|
The `check_nrpe` plugin has also been updated to provide more secure
|
||||||
encryption and allow the use of client certificates. The command line
|
encryption and allow the use of client certificates. The command line
|
||||||
has several new options, which are outlined below. Both the long and
|
has several new options, which are outlined below. Both the long and
|
||||||
short arguments are presented.
|
short arguments are presented.
|
||||||
@ -145,11 +153,10 @@ data to syslog. OR (or add) values together to have more than one
|
|||||||
option enabled. See the description of the `ssl_logging` directive
|
option enabled. See the description of the `ssl_logging` directive
|
||||||
from NRPE above.
|
from NRPE above.
|
||||||
|
|
||||||
<a id=xmp></a>
|
|
||||||
|
|
||||||
----------------------------------
|
|
||||||
###Certificate Generation Example
|
Certificate Generation Example
|
||||||
----------------------------------
|
------------------------------
|
||||||
|
|
||||||
**Note** _The following example does not follow best practice for
|
**Note** _The following example does not follow best practice for
|
||||||
creating and running a CA or creating certificates. It is for testing
|
creating and running a CA or creating certificates. It is for testing
|
||||||
|
184
README.md
184
README.md
@ -1,13 +1,30 @@
|
|||||||
NRPE README
|
![Nagios!](https://www.nagios.com/wp-content/uploads/2015/05/Nagios-Black-500x124.png)
|
||||||
===========
|
|
||||||
|
[![Build Status](https://travis-ci.org/NagiosEnterprises/nrpe.svg?branch=master)](https://travis-ci.org/NagiosEnterprises/nrpe)
|
||||||
|
|
||||||
|
NRPE
|
||||||
|
====
|
||||||
|
|
||||||
|
## Nagios Remote Plugin Executor
|
||||||
|
|
||||||
|
|
||||||
For installation instructions and information on the design overview
|
For installation instructions and information on the design overview
|
||||||
of the NRPE addon, please read the PDF documentation that is found in
|
of the NRPE addon, please read the PDF documentation that is found in
|
||||||
this directory: `docs/NRPE.pdf`
|
this directory: `docs/NRPE.pdf`.
|
||||||
|
|
||||||
If you are upgrading from a previous version, run 'update-cfg.pl' to
|
If you are upgrading from a previous version, you'll want to
|
||||||
|
check the [Changelog](CHANGELOG.md) and then run `./update-cfg.pl` to
|
||||||
add the new SSL parameters to your config file.
|
add the new SSL parameters to your config file.
|
||||||
|
|
||||||
|
TL;DR: You can jump straight to [Compiling](#compiling) and
|
||||||
|
[Installing](#installing)
|
||||||
|
|
||||||
|
You'll want to read up on the [Security](SECURITY.md) document
|
||||||
|
regarding NRPE, no doubt.
|
||||||
|
|
||||||
|
And make sure to check out the [SSL Readme](README.SSL.md) as well,
|
||||||
|
if you plan on using encryption methods to transmit `nrpe` data.
|
||||||
|
|
||||||
|
|
||||||
Purpose
|
Purpose
|
||||||
-------
|
-------
|
||||||
@ -20,7 +37,9 @@ Contents
|
|||||||
|
|
||||||
There are two pieces to this addon:
|
There are two pieces to this addon:
|
||||||
|
|
||||||
1) **NRPE** - This program runs as a background process on the
|
1. `nrpe`
|
||||||
|
|
||||||
|
This program runs as a background process on the
|
||||||
remote host and processes command execution requests
|
remote host and processes command execution requests
|
||||||
from the check_nrpe plugin on the Nagios host.
|
from the check_nrpe plugin on the Nagios host.
|
||||||
Upon receiving a plugin request from an authorized
|
Upon receiving a plugin request from an authorized
|
||||||
@ -29,7 +48,9 @@ There are two pieces to this addon:
|
|||||||
program output and return code back to the
|
program output and return code back to the
|
||||||
check_nrpe plugin
|
check_nrpe plugin
|
||||||
|
|
||||||
2) **check_nrpe** - This is a plugin that is run on the Nagios host
|
2. `check_nrpe`
|
||||||
|
|
||||||
|
This is a plugin that is run on the Nagios host
|
||||||
and is used to contact the NRPE process on remote
|
and is used to contact the NRPE process on remote
|
||||||
hosts. The plugin requests that a plugin be
|
hosts. The plugin requests that a plugin be
|
||||||
executed on the remote host and wait for the NRPE
|
executed on the remote host and wait for the NRPE
|
||||||
@ -42,47 +63,100 @@ There are two pieces to this addon:
|
|||||||
Compiling
|
Compiling
|
||||||
---------
|
---------
|
||||||
|
|
||||||
The code is very basic and may not work on your particular
|
If you are having any problems compiling on your system,
|
||||||
system without some tweaking. If you are having any problems
|
please let us know (preferrably with fixes). Most users
|
||||||
compiling on your system, please let us know, hopefully with
|
should be able to compile `nrpe` and the `check_nrpe`
|
||||||
fixes. Most users should be able to compile NRPE and the
|
plugin with the following commands...
|
||||||
check_nrpe plugin with the following commands...
|
|
||||||
|
|
||||||
./configure
|
./configure
|
||||||
make all
|
make all
|
||||||
|
|
||||||
The binaries will be located in the `src/` directory after you
|
***HINT:*** `./configure --help`
|
||||||
run `make all` and will have to be installed manually somewhere
|
|
||||||
on your system.
|
|
||||||
|
|
||||||
_NOTE: Since the check_nrpe plugin and nrpe daemon run on different
|
**NOTE:** If you're cloning from GitHub, you'll need to run
|
||||||
machines (the plugin runs on the Nagios host and the daemon
|
`autoconf` first.
|
||||||
runs on the remote host), you will have to compile the nrpe
|
|
||||||
daemon on the target machine._
|
**NOTE:** Since the check_nrpe plugin and nrpe daemon run
|
||||||
|
on different machines (the plugin runs on the Nagios host and
|
||||||
|
the daemon runs on the remote host), you will have to compile
|
||||||
|
the nrpe daemon on the target machine.
|
||||||
|
|
||||||
|
|
||||||
Installing
|
Installing
|
||||||
----------
|
----------
|
||||||
|
|
||||||
The check_nrpe plugin should be placed on the Nagios host along
|
You have a few options here. The binaries created from `make all`
|
||||||
with your other plugins. In most cases, this will be in the
|
were placed in your `src/` directory. You can either copy these
|
||||||
`/usr/local/nagios/libexec` directory.
|
where they need to be, or you can run any of the following
|
||||||
|
`make install` options:
|
||||||
|
|
||||||
The nrpe program and the configuration file `nrpe.cfg` should
|
* `make install-groups-users`
|
||||||
be placed somewhere on the remote host. Note that you will also
|
|
||||||
have to install some plugins on the remote host if you want to
|
|
||||||
make much use of this addon.
|
|
||||||
|
|
||||||
|
Add the users and groups sepcified during `./configure`. Defaults
|
||||||
|
to nagios and nagios, respectively. You can override these with the
|
||||||
|
`./configure --with-nrpe-user=USER --with-nrpe-group=GROUP`.
|
||||||
|
|
||||||
|
* `make install`
|
||||||
|
|
||||||
|
This will run both `install-plugin` and `install-daemon`.
|
||||||
|
|
||||||
|
* `make install-plugin`
|
||||||
|
|
||||||
|
This will install the plugin by default in
|
||||||
|
`/usr/local/nagios/libexec`. You can override this
|
||||||
|
behavior by using the `--with-pluginsdir=DIR` flag during
|
||||||
|
`./configure`.
|
||||||
|
|
||||||
|
* `make install-daemon`
|
||||||
|
|
||||||
|
This will install the plugin by default in
|
||||||
|
`/usr/local/nagios/bin`. You can override this
|
||||||
|
behavior by using the `--prefix=DIR` or
|
||||||
|
`--bindir=DIR` flags during `./configure`.
|
||||||
|
|
||||||
|
* `make install-config`
|
||||||
|
|
||||||
|
This will install the sample config by default in
|
||||||
|
`/usr/local/nagios/etc`. You can override this
|
||||||
|
behavior by using the `--with-pkgsysconfdir=DIR`
|
||||||
|
flag during `./configure`.
|
||||||
|
|
||||||
|
* `make install-inetd`
|
||||||
|
|
||||||
|
`./configure` attempts to determine your inetd type.
|
||||||
|
If it finds it, it will install the appropriate inetd
|
||||||
|
script in the proper location. You can help it out with
|
||||||
|
`./configure --with-inetd-type=TYPE` where `TYPE` can be
|
||||||
|
one of: `inetd`, `xinetd`, `systemd`, `launchd`,
|
||||||
|
`smf10`, `smf11`.
|
||||||
|
|
||||||
|
* `make install-init`
|
||||||
|
|
||||||
|
`./configure` attempts to determine the appropriate
|
||||||
|
init type. If it figures it out, will install the
|
||||||
|
required startup script. You can help it out with
|
||||||
|
`./configure --with-init-type=TYPE` where TYPE can be
|
||||||
|
one of: `bsd`, `sysv`, `systemd`, `launchd`, `smf10`,
|
||||||
|
`smf11`, `upstart`, `openrc`.
|
||||||
|
|
||||||
|
If you used all the necessary `./configure` flags, you shouldn't
|
||||||
|
need to tweak your config file any at this point, and a simple
|
||||||
|
`service nrpe start` or `systemctl start nrpe.service` should
|
||||||
|
work just fine.
|
||||||
|
|
||||||
Configuring
|
Configuring
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
Sample config files for the NRPE daemon are located in the
|
A sample config file for the NRPE daemon are located in the
|
||||||
`sample-config/` subdirectory.
|
`sample-config/` subdirectory.
|
||||||
|
|
||||||
|
If you used the proper flags during `./configure`, this file
|
||||||
|
should contain all of the appropriate information as a starting
|
||||||
|
point.
|
||||||
|
|
||||||
Running Under INETD or XINETD
|
|
||||||
-----------------------------
|
Running Under `inetd` or `xinetd`
|
||||||
|
---------------------------------
|
||||||
|
|
||||||
If you plan on running nrpe under inetd or xinetd and making use
|
If you plan on running nrpe under inetd or xinetd and making use
|
||||||
of TCP wrappers, you need to add a line to your `/etc/services`
|
of TCP wrappers, you need to add a line to your `/etc/services`
|
||||||
@ -93,23 +167,20 @@ file as follows (modify the port number as you see fit)
|
|||||||
The run `make install-inetd` to copy the appropriate file, or
|
The run `make install-inetd` to copy the appropriate file, or
|
||||||
add the appropriate line to your `/etc/inetd.conf`.
|
add the appropriate line to your `/etc/inetd.conf`.
|
||||||
|
|
||||||
_NOTE: If you run nrpe under inetd or xinetd, the server_port
|
**NOTE:** If you run nrpe under inetd or xinetd, the server_port
|
||||||
and allowed_hosts variables in the nrpe configuration file are
|
and allowed_hosts variables in the nrpe configuration file are
|
||||||
ignored._
|
ignored.
|
||||||
|
|
||||||
|
|
||||||
#### INETD
|
* `inetd`
|
||||||
|
|
||||||
After running `make install-inetd`, your `/etc/inetd.conf` file will
|
After running `make install-inetd`, your `/etc/inetd.conf` file will
|
||||||
contain lines similar to the following:
|
contain lines similar to the following:
|
||||||
|
|
||||||
```
|
|
||||||
#
|
|
||||||
# Enable the following entry to enable the nrpe daemon
|
# Enable the following entry to enable the nrpe daemon
|
||||||
#nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
|
#nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
|
||||||
# Enable the following entry if the nrpe daemon didn't link with libwrap
|
# Enable the following entry if the nrpe daemon didn't link with libwrap
|
||||||
#nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag
|
#nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag
|
||||||
```
|
|
||||||
|
|
||||||
Un-comment the appropriate line, then Restart inetd:
|
Un-comment the appropriate line, then Restart inetd:
|
||||||
|
|
||||||
@ -124,13 +195,12 @@ file to enable TCP wrapper protection for the nrpe service.
|
|||||||
This is optional, although highly recommended.
|
This is optional, although highly recommended.
|
||||||
|
|
||||||
|
|
||||||
#### XINETD
|
* `xinetd`
|
||||||
|
|
||||||
If your system uses xinetd instead of inetd, `make install-inetd`
|
If your system uses xinetd instead of inetd, `make install-inetd`
|
||||||
will create a file called `nrpe` in your `/etc/xinetd.d`
|
will create a file called `nrpe` in your `/etc/xinetd.d`
|
||||||
directory that contains a file similar to this:
|
directory that contains a file similar to this:
|
||||||
|
|
||||||
```
|
|
||||||
# default: off
|
# default: off
|
||||||
# description: NRPE (Nagios Remote Plugin Executor)
|
# description: NRPE (Nagios Remote Plugin Executor)
|
||||||
service nrpe
|
service nrpe
|
||||||
@ -146,17 +216,16 @@ directory that contains a file similar to this:
|
|||||||
only_from = 127.0.0.1
|
only_from = 127.0.0.1
|
||||||
log_on_failure += USERID
|
log_on_failure += USERID
|
||||||
}
|
}
|
||||||
```
|
|
||||||
|
|
||||||
- Replace `disable = yes` with `disable = no`
|
* Replace `disable = yes` with `disable = no`
|
||||||
- Replace the `127.0.0.1` field with the IP addresses of hosts which
|
* Replace the `127.0.0.1` field with the IP addresses of hosts which
|
||||||
are allowed to connect to the NRPE daemon. This only works if xinetd was
|
are allowed to connect to the NRPE daemon. This only works if xinetd was
|
||||||
compiled with support for tcpwrappers.
|
compiled with support for tcpwrappers.
|
||||||
- Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
|
* Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
|
||||||
file to enable TCP wrapper protection for the nrpe service.
|
file to enable TCP wrapper protection for the nrpe service.
|
||||||
This is optional, although highly recommended.
|
This is optional, although highly recommended.
|
||||||
|
|
||||||
Restart xinetd:
|
* Restart xinetd:
|
||||||
|
|
||||||
/etc/rc.d/init.d/xinetd restart
|
/etc/rc.d/init.d/xinetd restart
|
||||||
|
|
||||||
@ -190,17 +259,34 @@ is simplified for this example):
|
|||||||
}
|
}
|
||||||
|
|
||||||
where `yourcommand` is a name of a command that you define in
|
where `yourcommand` is a name of a command that you define in
|
||||||
your nrpe.cfg file on the remote host (see the docs in the
|
your `nrpe.cfg` file on the remote host (see the docs in the
|
||||||
sample nrpe.cfg file for more information).
|
sample nrpe.cfg file for more information).
|
||||||
|
|
||||||
|
|
||||||
|
License Notice
|
||||||
|
--------------
|
||||||
|
|
||||||
|
NRPE - Nagios Remote Plugin Executor
|
||||||
|
|
||||||
|
Copyright (c) 2017 Nagios Enterprises
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
|
|
||||||
Questions?
|
Questions?
|
||||||
----------
|
----------
|
||||||
|
|
||||||
If you have questions about this addon, or problems getting things
|
If you have questions about this addon, or encounter problems getting things
|
||||||
working, first try searching the nagios-users mailing list archives.
|
working along the way, your best bet for an answer or quick resolution is to check the
|
||||||
Details on searching the list archives can be found at
|
[Nagios Support Forums](https://support.nagios.com/forum/viewforum.php?f=5).
|
||||||
http://www.nagios.org
|
|
||||||
|
|
||||||
If you don't find an answer there, post a message in the Nagios
|
|
||||||
Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35
|
|
||||||
|
50
SECURITY.md
50
SECURITY.md
@ -1,10 +1,8 @@
|
|||||||
NRPE SECURITY README
|
NRPE SECURITY README
|
||||||
====================
|
====================
|
||||||
|
|
||||||
---
|
TCP Wrapper Support
|
||||||
|
-------------------
|
||||||
### TCP WRAPPER SUPPORT ###
|
|
||||||
|
|
||||||
|
|
||||||
NRPE 2.x includes native support for TCP wrappers. Once you
|
NRPE 2.x includes native support for TCP wrappers. Once you
|
||||||
compile NRPE you can check to see if it has wrapper support
|
compile NRPE you can check to see if it has wrapper support
|
||||||
@ -14,7 +12,8 @@ any arguments like this:
|
|||||||
./nrpe --help
|
./nrpe --help
|
||||||
|
|
||||||
|
|
||||||
#### COMMAND ARGUMENTS ####
|
Command Arguments
|
||||||
|
-----------------
|
||||||
|
|
||||||
NRPE 2.0 includes the ability for clients to supply arguments to
|
NRPE 2.0 includes the ability for clients to supply arguments to
|
||||||
commands which should be run. Please note that this feature
|
commands which should be run. Please note that this feature
|
||||||
@ -22,7 +21,8 @@ should be considered a security risk, and you should only use
|
|||||||
it if you know what you're doing!
|
it if you know what you're doing!
|
||||||
|
|
||||||
|
|
||||||
#### BASH COMMAND SUBSTITUTION ####
|
Bash Command Substitution
|
||||||
|
-------------------------
|
||||||
|
|
||||||
Even with the metacharacter restrictions below, if command arguments
|
Even with the metacharacter restrictions below, if command arguments
|
||||||
are enabled, it is still possible to send bash command substitutions
|
are enabled, it is still possible to send bash command substitutions
|
||||||
@ -32,7 +32,8 @@ configuration file option. Enabling this option is **VERY RISKY**
|
|||||||
and its use is **HIGHLY DISCOURAGED**.
|
and its use is **HIGHLY DISCOURAGED**.
|
||||||
|
|
||||||
|
|
||||||
#### ENABLING ARGUMENTS ####
|
Enabling Arguments
|
||||||
|
------------------
|
||||||
|
|
||||||
To enable support for command argument in the daemon, you must
|
To enable support for command argument in the daemon, you must
|
||||||
do two things:
|
do two things:
|
||||||
@ -44,7 +45,8 @@ do two things:
|
|||||||
file to `1`.
|
file to `1`.
|
||||||
|
|
||||||
|
|
||||||
#### ENABLING BASH COMMAND SUBSTITUTION ####
|
Enabling Bash Command Substitution
|
||||||
|
----------------------------------
|
||||||
|
|
||||||
To enable support for arguments containing bash command substitutions,
|
To enable support for arguments containing bash command substitutions,
|
||||||
you must do two things:
|
you must do two things:
|
||||||
@ -58,7 +60,8 @@ you must do two things:
|
|||||||
NRPE config file to `1`.
|
NRPE config file to `1`.
|
||||||
|
|
||||||
|
|
||||||
#### ILLEGAL METACHARS ####
|
Nasty Metacharacters
|
||||||
|
--------------------
|
||||||
|
|
||||||
To help prevent some nasty things from being done by evil
|
To help prevent some nasty things from being done by evil
|
||||||
clients, the following metacharacters are not allowed
|
clients, the following metacharacters are not allowed
|
||||||
@ -66,32 +69,39 @@ in client command arguments:
|
|||||||
|
|
||||||
| ` & > < ' \ [ ] { } ; ! \r \n
|
| ` & > < ' \ [ ] { } ; ! \r \n
|
||||||
|
|
||||||
|
You can override these defaults by adjusting the `nasty_metachars`
|
||||||
|
flag in the config file.
|
||||||
|
|
||||||
Any client request which contains the above mentioned metachars
|
Any client request which contains the above mentioned metachars
|
||||||
is discarded.
|
is discarded.
|
||||||
|
|
||||||
|
|
||||||
#### USER/GROUP RESTRICTIONS ####
|
User/Group Restrictions
|
||||||
|
-----------------------
|
||||||
|
|
||||||
The NRPE daemon cannot be run with (effective) root user/group
|
The NRPE daemon cannot be run with (effective) root user/group
|
||||||
privileges. You must run the daemon with an account that does
|
privileges. You must run the daemon with an account that does
|
||||||
not have superuser rights. Use the nrpe_user and nrpe_group
|
not have superuser rights. Use the `--with-nrpe-user` and
|
||||||
directives in the config file to specify which user/group the
|
`--with-nrpe-group` flags during `./configure`, or the `nrpe_user`
|
||||||
daemon should run as.
|
and `nrpe_group` config file options to specify which user/group
|
||||||
|
the daemon should run as.
|
||||||
|
|
||||||
|
|
||||||
#### ENCRYPTION ####
|
Encryption
|
||||||
|
----------
|
||||||
|
|
||||||
If you do enable support for command arguments in the NRPE daemon,
|
If you do enable support for command arguments in the NRPE daemon,
|
||||||
make sure that you encrypt communications either by using:
|
make sure that you encrypt communications either by using:
|
||||||
|
|
||||||
1. Stunnel (see http://www.stunnel.org for more info)
|
1. Stunnel (see http://www.stunnel.org for more info)
|
||||||
2. Native SSL support (See the `README.SSL.md` file for more info)
|
2. Native SSL support (See the [SSL Readme](README.SSL.md) file for more info)
|
||||||
|
|
||||||
*Do NOT* assume that just because the daemon is behind a firewall
|
Do **NOT** assume that just because the daemon is behind a firewall
|
||||||
that you are safe! Always encrypt NRPE traffic!
|
that you are safe! ***Always encrypt NRPE traffic!***
|
||||||
|
|
||||||
|
|
||||||
#### USING ARGUMENTS ####
|
Using Arguments
|
||||||
|
---------------
|
||||||
|
|
||||||
How do you use command arguments? Well, lets say you define a
|
How do you use command arguments? Well, lets say you define a
|
||||||
command in the NRPE config file that looks like this:
|
command in the NRPE config file that looks like this:
|
||||||
@ -103,11 +113,11 @@ You could then call the check_nrpe plugin like this:
|
|||||||
./check_nrpe -H <host> -c check_users -a 5 10
|
./check_nrpe -H <host> -c check_users -a 5 10
|
||||||
|
|
||||||
The arguments '5' and '10' get substituted into the appropriate
|
The arguments '5' and '10' get substituted into the appropriate
|
||||||
$ARGx$ macros in the command ($ARG1$ and $ARG2$, respectively).
|
`$ARGx$` macros in the command (`$ARG1$` and `$ARG2$`, respectively).
|
||||||
The command that would be executed by the NRPE daemon would look
|
The command that would be executed by the NRPE daemon would look
|
||||||
like this:
|
like this:
|
||||||
|
|
||||||
/usr/local/nagios/libexec/check_users -w 5 -c 10
|
/usr/local/nagios/libexec/check_users -w 5 -c 10
|
||||||
|
|
||||||
You can supply up to 16 arguments to be passed to the command
|
You can supply up to 16 arguments to be passed to the command
|
||||||
for substitution in $ARG$ macros ($ARG1$ - $ARG16$).
|
for substitution in `$ARG$` macros (`$ARG1$` - `$ARG16$`).
|
||||||
|
4
THANKS
4
THANKS
@ -8,6 +8,7 @@ Bas Couwenberg
|
|||||||
Bill Mitchell
|
Bill Mitchell
|
||||||
Bjoern Beutel
|
Bjoern Beutel
|
||||||
Brian Seklecki
|
Brian Seklecki
|
||||||
|
Bryan Heden
|
||||||
Derrick Bennett
|
Derrick Bennett
|
||||||
Elan Ruusamäe
|
Elan Ruusamäe
|
||||||
Eric Mislivec
|
Eric Mislivec
|
||||||
@ -16,10 +17,12 @@ Gerhard Lausser
|
|||||||
Graham Collinson
|
Graham Collinson
|
||||||
Grant Byers
|
Grant Byers
|
||||||
Grégory Starck
|
Grégory Starck
|
||||||
|
jaclu@grm.se
|
||||||
James Peterson
|
James Peterson
|
||||||
Jari Takkala
|
Jari Takkala
|
||||||
Jason Cook
|
Jason Cook
|
||||||
Jobst Schmalenbach
|
Jobst Schmalenbach
|
||||||
|
John Frickson
|
||||||
John Maag
|
John Maag
|
||||||
Jon Andrews
|
Jon Andrews
|
||||||
Josh Soref
|
Josh Soref
|
||||||
@ -49,4 +52,3 @@ Sven Nierlein
|
|||||||
Thierry Bertaud
|
Thierry Bertaud
|
||||||
Ton Voon
|
Ton Voon
|
||||||
Vadim Antipov
|
Vadim Antipov
|
||||||
jaclu@grm.se
|
|
||||||
|
39
configure
vendored
39
configure
vendored
@ -1,6 +1,6 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for nrpe 3.1.1.
|
# Generated by GNU Autoconf 2.69 for nrpe newdate.
|
||||||
#
|
#
|
||||||
# Report bugs to <nagios-users@lists.sourceforge.net>.
|
# Report bugs to <nagios-users@lists.sourceforge.net>.
|
||||||
#
|
#
|
||||||
@ -580,8 +580,8 @@ MAKEFLAGS=
|
|||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='nrpe'
|
PACKAGE_NAME='nrpe'
|
||||||
PACKAGE_TARNAME='nrpe'
|
PACKAGE_TARNAME='nrpe'
|
||||||
PACKAGE_VERSION='3.1.1'
|
PACKAGE_VERSION='newdate'
|
||||||
PACKAGE_STRING='nrpe 3.1.1'
|
PACKAGE_STRING='nrpe newdate'
|
||||||
PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
|
PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
|
||||||
PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
|
PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
|
||||||
|
|
||||||
@ -1320,7 +1320,7 @@ if test "$ac_init_help" = "long"; then
|
|||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems.
|
\`configure' configures nrpe newdate to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
@ -1370,7 +1370,7 @@ fi
|
|||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of nrpe 3.1.1:";;
|
short | recursive ) echo "Configuration of nrpe newdate:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
@ -1516,7 +1516,7 @@ fi
|
|||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
nrpe configure 3.1.1
|
nrpe configure newdate
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
@ -2122,7 +2122,7 @@ cat >config.log <<_ACEOF
|
|||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by nrpe $as_me 3.1.1, which was
|
It was created by nrpe $as_me newdate, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
@ -2487,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
|
|||||||
|
|
||||||
|
|
||||||
PKG_NAME=nrpe
|
PKG_NAME=nrpe
|
||||||
PKG_VERSION="3.1.1"
|
PKG_VERSION="3.2.1"
|
||||||
PKG_HOME_URL="http://www.nagios.org/"
|
PKG_HOME_URL="http://www.nagios.org/"
|
||||||
PKG_REL_DATE="2017-05-24"
|
PKG_REL_DATE="2017-09-01"
|
||||||
RPM_RELEASE=1
|
RPM_RELEASE=1
|
||||||
|
|
||||||
LANG=C
|
LANG=C
|
||||||
@ -3041,12 +3041,6 @@ fi
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if test x"$inetd_type" = x; then
|
|
||||||
if test x"$init_type" = "xupstart"; then
|
|
||||||
inetd_type="upstart"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test x"$inetd_type" = x; then
|
if test x"$inetd_type" = x; then
|
||||||
if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
|
if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
|
||||||
inetd_disabled="(Not running)"
|
inetd_disabled="(Not running)"
|
||||||
@ -3057,6 +3051,12 @@ esac
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test x"$inetd_type" = x; then
|
||||||
|
if test x"$init_type" = "xupstart"; then
|
||||||
|
inetd_type="upstart"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if test x"$inetd_type" = x; then
|
if test x"$inetd_type" = x; then
|
||||||
if test x"$init_type" = "xsystemd"; then
|
if test x"$init_type" = "xsystemd"; then
|
||||||
inetd_type="systemd"
|
inetd_type="systemd"
|
||||||
@ -3686,6 +3686,7 @@ eval webdir=$webdir
|
|||||||
eval localedir=$localedir
|
eval localedir=$localedir
|
||||||
eval sysconfdir=$sysconfdir
|
eval sysconfdir=$sysconfdir
|
||||||
eval pkgsysconfdir=$pkgsysconfdir
|
eval pkgsysconfdir=$pkgsysconfdir
|
||||||
|
eval logdir=$logdir
|
||||||
eval piddir=$piddir
|
eval piddir=$piddir
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -4348,7 +4349,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by nrpe $as_me 3.1.1, which was
|
This file was extended by nrpe $as_me newdate, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -4402,7 +4403,7 @@ _ACEOF
|
|||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
nrpe config.status 3.1.1
|
nrpe config.status newdate
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
@ -8284,7 +8285,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by nrpe $as_me 3.1.1, which was
|
This file was extended by nrpe $as_me newdate, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -8347,7 +8348,7 @@ _ACEOF
|
|||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
nrpe config.status 3.1.1
|
nrpe config.status newdate
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
|
|||||||
define([AC_CACHE_SAVE],)
|
define([AC_CACHE_SAVE],)
|
||||||
|
|
||||||
m4_include([build-aux/custom_help.m4])
|
m4_include([build-aux/custom_help.m4])
|
||||||
AC_INIT([nrpe],[3.1.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
|
AC_INIT([nrpe],[newdate],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
|
||||||
AC_CONFIG_SRCDIR([src/nrpe.c])
|
AC_CONFIG_SRCDIR([src/nrpe.c])
|
||||||
AC_CONFIG_AUX_DIR([build-aux])
|
AC_CONFIG_AUX_DIR([build-aux])
|
||||||
AC_PREFIX_DEFAULT(/usr/local/nagios)
|
AC_PREFIX_DEFAULT(/usr/local/nagios)
|
||||||
|
|
||||||
PKG_NAME=nrpe
|
PKG_NAME=nrpe
|
||||||
PKG_VERSION="3.1.1"
|
PKG_VERSION="3.2.1"
|
||||||
PKG_HOME_URL="http://www.nagios.org/"
|
PKG_HOME_URL="http://www.nagios.org/"
|
||||||
PKG_REL_DATE="2017-05-24"
|
PKG_REL_DATE="2017-09-01"
|
||||||
RPM_RELEASE=1
|
RPM_RELEASE=1
|
||||||
|
|
||||||
LANG=C
|
LANG=C
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
/*-
|
/****************************************************************************
|
||||||
* acl.c - header file for acl.c
|
|
||||||
* Copyright (c) 2011 Kaspersky Lab ZAO
|
|
||||||
* Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help
|
|
||||||
*
|
*
|
||||||
* License: GPL
|
* acl.h - header file for acl.c
|
||||||
|
*
|
||||||
|
* License: GPLv2
|
||||||
|
* Copyright (c) 2011 Kaspersky Lab ZAO
|
||||||
|
*
|
||||||
|
* License Notice:
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -18,7 +20,8 @@
|
|||||||
* You should have received a copy of the GNU General Public License
|
* You should have received a copy of the GNU General Public License
|
||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
*/
|
*
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
#ifndef ACL_H_INCLUDED
|
#ifndef ACL_H_INCLUDED
|
||||||
#define ACL_H_INCLUDED 1
|
#define ACL_H_INCLUDED 1
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
/************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* COMMON.H - NRPE Common Include File
|
* common.h - NRPE Common header file
|
||||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
|
||||||
* Last Modified: 2017-05-24
|
|
||||||
*
|
*
|
||||||
* License:
|
* License: GPLv2
|
||||||
|
* Copyright (c) 2006-2017 Nagios Enterprises
|
||||||
|
* 1999-2006 Ethan Galstad (nagios@nagios.org)
|
||||||
|
*
|
||||||
|
* License Notice:
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -19,7 +21,8 @@
|
|||||||
* You should have received a copy of the GNU General Public License
|
* You should have received a copy of the GNU General Public License
|
||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
************************************************************************/
|
*
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
@ -30,11 +33,12 @@
|
|||||||
# ifdef SSL_TYPE_openssl
|
# ifdef SSL_TYPE_openssl
|
||||||
# include <@SSL_INC_PREFIX@err.h>
|
# include <@SSL_INC_PREFIX@err.h>
|
||||||
# include <@SSL_INC_PREFIX@rand.h>
|
# include <@SSL_INC_PREFIX@rand.h>
|
||||||
|
# include <@SSL_INC_PREFIX@engine.h>
|
||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define PROGRAM_VERSION "3.1.1"
|
#define PROGRAM_VERSION "3.2.1"
|
||||||
#define MODIFICATION_DATE "2017-05-24"
|
#define MODIFICATION_DATE "2017-09-01"
|
||||||
|
|
||||||
#define OK 0
|
#define OK 0
|
||||||
#define ERROR -1
|
#define ERROR -1
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
/************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* NRPE Common Header File
|
* config.h - NRPE Configuration header file
|
||||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
|
||||||
* Last Modified: 11-23-2007
|
|
||||||
*
|
*
|
||||||
* License:
|
* License: GPLv2
|
||||||
|
* Copyright (c) 2006-2017 Nagios Enterprises
|
||||||
|
* 1999-2006 Ethan Galstad (nagios@nagios.org)
|
||||||
|
*
|
||||||
|
* License Notice:
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -19,7 +21,8 @@
|
|||||||
* You should have received a copy of the GNU General Public License
|
* You should have received a copy of the GNU General Public License
|
||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
************************************************************************/
|
*
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
#ifndef _CONFIG_H
|
#ifndef _CONFIG_H
|
||||||
#define _CONFIG_H
|
#define _CONFIG_H
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
/************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* NRPE.H - NRPE Include File
|
* nrpe.h - Nagios Remote Plugin Executor header file
|
||||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
|
||||||
* Last Modified: 08-10-2011 by Konstantin Malov
|
|
||||||
*
|
*
|
||||||
* License:
|
* License: GPLv2
|
||||||
|
* Copyright (c) 2006-2017 Nagios Enterprises
|
||||||
|
* 1999-2006 Ethan Galstad (nagios@nagios.org)
|
||||||
|
*
|
||||||
|
* License Notice:
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -20,9 +22,7 @@
|
|||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
*
|
*
|
||||||
************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
/**************** COMMAND STRUCTURE DEFINITION **********/
|
|
||||||
|
|
||||||
typedef struct command_struct {
|
typedef struct command_struct {
|
||||||
char *command_name;
|
char *command_name;
|
||||||
|
@ -1,17 +1,12 @@
|
|||||||
/************************************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* UTILS.H - NRPE Utilities Include File
|
* utils.h - NRPE Utility Functions header file
|
||||||
*
|
*
|
||||||
* License: GPL
|
* License: GPLv2
|
||||||
* Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
|
* Copyright (c) 2009-2017 Nagios Enterprises
|
||||||
|
* 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||||
*
|
*
|
||||||
* Last Modified: 12-11-2006
|
* License Notice:
|
||||||
*
|
|
||||||
* Description:
|
|
||||||
*
|
|
||||||
* This file contains common include files and function definitions used in many of the plugins.
|
|
||||||
*
|
|
||||||
* License Information:
|
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -27,7 +22,8 @@
|
|||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
*
|
*
|
||||||
************************************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
|
|
||||||
#ifndef NRPE_UTILS_H_INCLUDED
|
#ifndef NRPE_UTILS_H_INCLUDED
|
||||||
#define NRPE_UTILS_H_INCLUDED
|
#define NRPE_UTILS_H_INCLUDED
|
||||||
@ -39,9 +35,9 @@ unsigned long calculate_crc32(char*, int);
|
|||||||
void randomize_buffer(char*,int);
|
void randomize_buffer(char*,int);
|
||||||
int my_tcp_connect(char*, int, int*);
|
int my_tcp_connect(char*, int, int*);
|
||||||
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
|
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
|
||||||
int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*);
|
int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*, int);
|
||||||
#else
|
#else
|
||||||
int my_connect(const char*, struct sockaddr*, u_short, int, const char*);
|
int my_connect(const char*, struct sockaddr*, u_short, int, const char*, int);
|
||||||
#endif
|
#endif
|
||||||
void add_listen_addr(struct addrinfo**, int, char*, int);
|
void add_listen_addr(struct addrinfo**, int, char*, int);
|
||||||
int clean_environ(const char *keep_env_vars, const char *nrpe_user);
|
int clean_environ(const char *keep_env_vars, const char *nrpe_user);
|
||||||
|
7
macros/CHANGELOG.md
Normal file
7
macros/CHANGELOG.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
1.0.1
|
||||||
|
-----
|
||||||
|
* Fix bug determining inetd,xinetd if neither are running (Bryan Heden)
|
||||||
|
|
||||||
|
1.0.0
|
||||||
|
-----
|
||||||
|
* Initial Release (John Frickson)
|
509
macros/LICENSE
509
macros/LICENSE
@ -1,339 +1,264 @@
|
|||||||
GNU GENERAL PUBLIC LICENSE
|
The GNU General Public License, Version 2, June 1991 (GPLv2)
|
||||||
Version 2, June 1991
|
============================================================
|
||||||
|
|
||||||
|
> Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||||
|
> 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||||
|
document, but changing it is not allowed.
|
||||||
|
|
||||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
|
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
Preamble
|
Preamble
|
||||||
|
--------
|
||||||
|
|
||||||
The licenses for most software are designed to take away your
|
The licenses for most software are designed to take away your freedom to share
|
||||||
freedom to share and change it. By contrast, the GNU General Public
|
and change it. By contrast, the GNU General Public License is intended to
|
||||||
License is intended to guarantee your freedom to share and change free
|
guarantee your freedom to share and change free software--to make sure the
|
||||||
software--to make sure the software is free for all its users. This
|
software is free for all its users. This General Public License applies to most
|
||||||
General Public License applies to most of the Free Software
|
of the Free Software Foundation's software and to any other program whose
|
||||||
Foundation's software and to any other program whose authors commit to
|
authors commit to using it. (Some other Free Software Foundation software is
|
||||||
using it. (Some other Free Software Foundation software is covered by
|
covered by the GNU Lesser General Public License instead.) You can apply it to
|
||||||
the GNU Lesser General Public License instead.) You can apply it to
|
|
||||||
your programs, too.
|
your programs, too.
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom, not
|
When we speak of free software, we are referring to freedom, not price. Our
|
||||||
price. Our General Public Licenses are designed to make sure that you
|
General Public Licenses are designed to make sure that you have the freedom to
|
||||||
have the freedom to distribute copies of free software (and charge for
|
distribute copies of free software (and charge for this service if you wish),
|
||||||
this service if you wish), that you receive source code or can get it
|
that you receive source code or can get it if you want it, that you can change
|
||||||
if you want it, that you can change the software or use pieces of it
|
the software or use pieces of it in new free programs; and that you know you can
|
||||||
in new free programs; and that you know you can do these things.
|
do these things.
|
||||||
|
|
||||||
To protect your rights, we need to make restrictions that forbid
|
To protect your rights, we need to make restrictions that forbid anyone to deny
|
||||||
anyone to deny you these rights or to ask you to surrender the rights.
|
you these rights or to ask you to surrender the rights. These restrictions
|
||||||
These restrictions translate to certain responsibilities for you if you
|
translate to certain responsibilities for you if you distribute copies of the
|
||||||
distribute copies of the software, or if you modify it.
|
software, or if you modify it.
|
||||||
|
|
||||||
For example, if you distribute copies of such a program, whether
|
For example, if you distribute copies of such a program, whether gratis or for a
|
||||||
gratis or for a fee, you must give the recipients all the rights that
|
fee, you must give the recipients all the rights that you have. You must make
|
||||||
you have. You must make sure that they, too, receive or can get the
|
sure that they, too, receive or can get the source code. And you must show them
|
||||||
source code. And you must show them these terms so they know their
|
these terms so they know their rights.
|
||||||
rights.
|
|
||||||
|
|
||||||
We protect your rights with two steps: (1) copyright the software, and
|
We protect your rights with two steps: (1) copyright the software, and (2) offer
|
||||||
(2) offer you this license which gives you legal permission to copy,
|
you this license which gives you legal permission to copy, distribute and/or
|
||||||
distribute and/or modify the software.
|
modify the software.
|
||||||
|
|
||||||
Also, for each author's protection and ours, we want to make certain
|
Also, for each author's protection and ours, we want to make certain that
|
||||||
that everyone understands that there is no warranty for this free
|
everyone understands that there is no warranty for this free software. If the
|
||||||
software. If the software is modified by someone else and passed on, we
|
software is modified by someone else and passed on, we want its recipients to
|
||||||
want its recipients to know that what they have is not the original, so
|
know that what they have is not the original, so that any problems introduced by
|
||||||
that any problems introduced by others will not reflect on the original
|
others will not reflect on the original authors' reputations.
|
||||||
authors' reputations.
|
|
||||||
|
|
||||||
Finally, any free program is threatened constantly by software
|
Finally, any free program is threatened constantly by software patents. We wish
|
||||||
patents. We wish to avoid the danger that redistributors of a free
|
to avoid the danger that redistributors of a free program will individually
|
||||||
program will individually obtain patent licenses, in effect making the
|
obtain patent licenses, in effect making the program proprietary. To prevent
|
||||||
program proprietary. To prevent this, we have made it clear that any
|
this, we have made it clear that any patent must be licensed for everyone's free
|
||||||
patent must be licensed for everyone's free use or not licensed at all.
|
use or not licensed at all.
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
The precise terms and conditions for copying, distribution and modification
|
||||||
modification follow.
|
follow.
|
||||||
|
|
||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
|
||||||
|
|
||||||
0. This License applies to any program or other work which contains
|
Terms And Conditions For Copying, Distribution And Modification
|
||||||
a notice placed by the copyright holder saying it may be distributed
|
---------------------------------------------------------------
|
||||||
under the terms of this General Public License. The "Program", below,
|
|
||||||
refers to any such program or work, and a "work based on the Program"
|
|
||||||
means either the Program or any derivative work under copyright law:
|
|
||||||
that is to say, a work containing the Program or a portion of it,
|
|
||||||
either verbatim or with modifications and/or translated into another
|
|
||||||
language. (Hereinafter, translation is included without limitation in
|
|
||||||
the term "modification".) Each licensee is addressed as "you".
|
|
||||||
|
|
||||||
Activities other than copying, distribution and modification are not
|
**0.** This License applies to any program or other work which contains a notice
|
||||||
covered by this License; they are outside its scope. The act of
|
placed by the copyright holder saying it may be distributed under the terms of
|
||||||
running the Program is not restricted, and the output from the Program
|
this General Public License. The "Program", below, refers to any such program or
|
||||||
is covered only if its contents constitute a work based on the
|
work, and a "work based on the Program" means either the Program or any
|
||||||
Program (independent of having been made by running the Program).
|
derivative work under copyright law: that is to say, a work containing the
|
||||||
Whether that is true depends on what the Program does.
|
Program or a portion of it, either verbatim or with modifications and/or
|
||||||
|
translated into another language. (Hereinafter, translation is included without
|
||||||
|
limitation in the term "modification".) Each licensee is addressed as "you".
|
||||||
|
|
||||||
1. You may copy and distribute verbatim copies of the Program's
|
Activities other than copying, distribution and modification are not covered by
|
||||||
source code as you receive it, in any medium, provided that you
|
this License; they are outside its scope. The act of running the Program is not
|
||||||
conspicuously and appropriately publish on each copy an appropriate
|
restricted, and the output from the Program is covered only if its contents
|
||||||
copyright notice and disclaimer of warranty; keep intact all the
|
constitute a work based on the Program (independent of having been made by
|
||||||
notices that refer to this License and to the absence of any warranty;
|
running the Program). Whether that is true depends on what the Program does.
|
||||||
and give any other recipients of the Program a copy of this License
|
|
||||||
along with the Program.
|
|
||||||
|
|
||||||
You may charge a fee for the physical act of transferring a copy, and
|
**1.** You may copy and distribute verbatim copies of the Program's source code
|
||||||
you may at your option offer warranty protection in exchange for a fee.
|
as you receive it, in any medium, provided that you conspicuously and
|
||||||
|
appropriately publish on each copy an appropriate copyright notice and
|
||||||
|
disclaimer of warranty; keep intact all the notices that refer to this License
|
||||||
|
and to the absence of any warranty; and give any other recipients of the Program
|
||||||
|
a copy of this License along with the Program.
|
||||||
|
|
||||||
2. You may modify your copy or copies of the Program or any portion
|
You may charge a fee for the physical act of transferring a copy, and you may at
|
||||||
of it, thus forming a work based on the Program, and copy and
|
your option offer warranty protection in exchange for a fee.
|
||||||
distribute such modifications or work under the terms of Section 1
|
|
||||||
above, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) You must cause the modified files to carry prominent notices
|
**2.** You may modify your copy or copies of the Program or any portion of it,
|
||||||
stating that you changed the files and the date of any change.
|
thus forming a work based on the Program, and copy and distribute such
|
||||||
|
modifications or work under the terms of Section 1 above, provided that you also
|
||||||
|
meet all of these conditions:
|
||||||
|
|
||||||
b) You must cause any work that you distribute or publish, that in
|
* **a)** You must cause the modified files to carry prominent notices stating
|
||||||
whole or in part contains or is derived from the Program or any
|
that you changed the files and the date of any change.
|
||||||
part thereof, to be licensed as a whole at no charge to all third
|
|
||||||
parties under the terms of this License.
|
|
||||||
|
|
||||||
c) If the modified program normally reads commands interactively
|
* **b)** You must cause any work that you distribute or publish, that in whole
|
||||||
when run, you must cause it, when started running for such
|
or in part contains or is derived from the Program or any part thereof, to
|
||||||
interactive use in the most ordinary way, to print or display an
|
be licensed as a whole at no charge to all third parties under the terms of
|
||||||
announcement including an appropriate copyright notice and a
|
|
||||||
notice that there is no warranty (or else, saying that you provide
|
|
||||||
a warranty) and that users may redistribute the program under
|
|
||||||
these conditions, and telling the user how to view a copy of this
|
|
||||||
License. (Exception: if the Program itself is interactive but
|
|
||||||
does not normally print such an announcement, your work based on
|
|
||||||
the Program is not required to print an announcement.)
|
|
||||||
|
|
||||||
These requirements apply to the modified work as a whole. If
|
|
||||||
identifiable sections of that work are not derived from the Program,
|
|
||||||
and can be reasonably considered independent and separate works in
|
|
||||||
themselves, then this License, and its terms, do not apply to those
|
|
||||||
sections when you distribute them as separate works. But when you
|
|
||||||
distribute the same sections as part of a whole which is a work based
|
|
||||||
on the Program, the distribution of the whole must be on the terms of
|
|
||||||
this License, whose permissions for other licensees extend to the
|
|
||||||
entire whole, and thus to each and every part regardless of who wrote it.
|
|
||||||
|
|
||||||
Thus, it is not the intent of this section to claim rights or contest
|
|
||||||
your rights to work written entirely by you; rather, the intent is to
|
|
||||||
exercise the right to control the distribution of derivative or
|
|
||||||
collective works based on the Program.
|
|
||||||
|
|
||||||
In addition, mere aggregation of another work not based on the Program
|
|
||||||
with the Program (or with a work based on the Program) on a volume of
|
|
||||||
a storage or distribution medium does not bring the other work under
|
|
||||||
the scope of this License.
|
|
||||||
|
|
||||||
3. You may copy and distribute the Program (or a work based on it,
|
|
||||||
under Section 2) in object code or executable form under the terms of
|
|
||||||
Sections 1 and 2 above provided that you also do one of the following:
|
|
||||||
|
|
||||||
a) Accompany it with the complete corresponding machine-readable
|
|
||||||
source code, which must be distributed under the terms of Sections
|
|
||||||
1 and 2 above on a medium customarily used for software interchange; or,
|
|
||||||
|
|
||||||
b) Accompany it with a written offer, valid for at least three
|
|
||||||
years, to give any third party, for a charge no more than your
|
|
||||||
cost of physically performing source distribution, a complete
|
|
||||||
machine-readable copy of the corresponding source code, to be
|
|
||||||
distributed under the terms of Sections 1 and 2 above on a medium
|
|
||||||
customarily used for software interchange; or,
|
|
||||||
|
|
||||||
c) Accompany it with the information you received as to the offer
|
|
||||||
to distribute corresponding source code. (This alternative is
|
|
||||||
allowed only for noncommercial distribution and only if you
|
|
||||||
received the program in object code or executable form with such
|
|
||||||
an offer, in accord with Subsection b above.)
|
|
||||||
|
|
||||||
The source code for a work means the preferred form of the work for
|
|
||||||
making modifications to it. For an executable work, complete source
|
|
||||||
code means all the source code for all modules it contains, plus any
|
|
||||||
associated interface definition files, plus the scripts used to
|
|
||||||
control compilation and installation of the executable. However, as a
|
|
||||||
special exception, the source code distributed need not include
|
|
||||||
anything that is normally distributed (in either source or binary
|
|
||||||
form) with the major components (compiler, kernel, and so on) of the
|
|
||||||
operating system on which the executable runs, unless that component
|
|
||||||
itself accompanies the executable.
|
|
||||||
|
|
||||||
If distribution of executable or object code is made by offering
|
|
||||||
access to copy from a designated place, then offering equivalent
|
|
||||||
access to copy the source code from the same place counts as
|
|
||||||
distribution of the source code, even though third parties are not
|
|
||||||
compelled to copy the source along with the object code.
|
|
||||||
|
|
||||||
4. You may not copy, modify, sublicense, or distribute the Program
|
|
||||||
except as expressly provided under this License. Any attempt
|
|
||||||
otherwise to copy, modify, sublicense or distribute the Program is
|
|
||||||
void, and will automatically terminate your rights under this License.
|
|
||||||
However, parties who have received copies, or rights, from you under
|
|
||||||
this License will not have their licenses terminated so long as such
|
|
||||||
parties remain in full compliance.
|
|
||||||
|
|
||||||
5. You are not required to accept this License, since you have not
|
|
||||||
signed it. However, nothing else grants you permission to modify or
|
|
||||||
distribute the Program or its derivative works. These actions are
|
|
||||||
prohibited by law if you do not accept this License. Therefore, by
|
|
||||||
modifying or distributing the Program (or any work based on the
|
|
||||||
Program), you indicate your acceptance of this License to do so, and
|
|
||||||
all its terms and conditions for copying, distributing or modifying
|
|
||||||
the Program or works based on it.
|
|
||||||
|
|
||||||
6. Each time you redistribute the Program (or any work based on the
|
|
||||||
Program), the recipient automatically receives a license from the
|
|
||||||
original licensor to copy, distribute or modify the Program subject to
|
|
||||||
these terms and conditions. You may not impose any further
|
|
||||||
restrictions on the recipients' exercise of the rights granted herein.
|
|
||||||
You are not responsible for enforcing compliance by third parties to
|
|
||||||
this License.
|
this License.
|
||||||
|
|
||||||
7. If, as a consequence of a court judgment or allegation of patent
|
* **c)** If the modified program normally reads commands interactively when
|
||||||
infringement or for any other reason (not limited to patent issues),
|
run, you must cause it, when started running for such interactive use in the
|
||||||
conditions are imposed on you (whether by court order, agreement or
|
most ordinary way, to print or display an announcement including an
|
||||||
otherwise) that contradict the conditions of this License, they do not
|
appropriate copyright notice and a notice that there is no warranty (or
|
||||||
excuse you from the conditions of this License. If you cannot
|
else, saying that you provide a warranty) and that users may redistribute
|
||||||
distribute so as to satisfy simultaneously your obligations under this
|
the program under these conditions, and telling the user how to view a copy
|
||||||
License and any other pertinent obligations, then as a consequence you
|
of this License. (Exception: if the Program itself is interactive but does
|
||||||
may not distribute the Program at all. For example, if a patent
|
not normally print such an announcement, your work based on the Program is
|
||||||
license would not permit royalty-free redistribution of the Program by
|
not required to print an announcement.)
|
||||||
all those who receive copies directly or indirectly through you, then
|
|
||||||
the only way you could satisfy both it and this License would be to
|
|
||||||
refrain entirely from distribution of the Program.
|
|
||||||
|
|
||||||
If any portion of this section is held invalid or unenforceable under
|
These requirements apply to the modified work as a whole. If identifiable
|
||||||
any particular circumstance, the balance of the section is intended to
|
sections of that work are not derived from the Program, and can be reasonably
|
||||||
apply and the section as a whole is intended to apply in other
|
considered independent and separate works in themselves, then this License, and
|
||||||
circumstances.
|
its terms, do not apply to those sections when you distribute them as separate
|
||||||
|
works. But when you distribute the same sections as part of a whole which is a
|
||||||
|
work based on the Program, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the entire whole,
|
||||||
|
and thus to each and every part regardless of who wrote it.
|
||||||
|
|
||||||
It is not the purpose of this section to induce you to infringe any
|
Thus, it is not the intent of this section to claim rights or contest your
|
||||||
patents or other property right claims or to contest validity of any
|
rights to work written entirely by you; rather, the intent is to exercise the
|
||||||
such claims; this section has the sole purpose of protecting the
|
right to control the distribution of derivative or collective works based on the
|
||||||
integrity of the free software distribution system, which is
|
Program.
|
||||||
implemented by public license practices. Many people have made
|
|
||||||
generous contributions to the wide range of software distributed
|
|
||||||
through that system in reliance on consistent application of that
|
|
||||||
system; it is up to the author/donor to decide if he or she is willing
|
|
||||||
to distribute software through any other system and a licensee cannot
|
|
||||||
impose that choice.
|
|
||||||
|
|
||||||
This section is intended to make thoroughly clear what is believed to
|
In addition, mere aggregation of another work not based on the Program with the
|
||||||
be a consequence of the rest of this License.
|
Program (or with a work based on the Program) on a volume of a storage or
|
||||||
|
distribution medium does not bring the other work under the scope of this
|
||||||
|
License.
|
||||||
|
|
||||||
8. If the distribution and/or use of the Program is restricted in
|
**3.** You may copy and distribute the Program (or a work based on it, under
|
||||||
certain countries either by patents or by copyrighted interfaces, the
|
Section 2) in object code or executable form under the terms of Sections 1 and 2
|
||||||
original copyright holder who places the Program under this License
|
above provided that you also do one of the following:
|
||||||
may add an explicit geographical distribution limitation excluding
|
|
||||||
those countries, so that distribution is permitted only in or among
|
|
||||||
countries not thus excluded. In such case, this License incorporates
|
|
||||||
the limitation as if written in the body of this License.
|
|
||||||
|
|
||||||
9. The Free Software Foundation may publish revised and/or new versions
|
* **a)** Accompany it with the complete corresponding machine-readable source
|
||||||
of the General Public License from time to time. Such new versions will
|
code, which must be distributed under the terms of Sections 1 and 2 above on
|
||||||
be similar in spirit to the present version, but may differ in detail to
|
a medium customarily used for software interchange; or,
|
||||||
address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Program
|
* **b)** Accompany it with a written offer, valid for at least three years, to
|
||||||
specifies a version number of this License which applies to it and "any
|
give any third party, for a charge no more than your cost of physically
|
||||||
later version", you have the option of following the terms and conditions
|
performing source distribution, a complete machine-readable copy of the
|
||||||
either of that version or of any later version published by the Free
|
corresponding source code, to be distributed under the terms of Sections 1
|
||||||
Software Foundation. If the Program does not specify a version number of
|
and 2 above on a medium customarily used for software interchange; or,
|
||||||
this License, you may choose any version ever published by the Free Software
|
|
||||||
Foundation.
|
|
||||||
|
|
||||||
10. If you wish to incorporate parts of the Program into other free
|
* **c)** Accompany it with the information you received as to the offer to
|
||||||
programs whose distribution conditions are different, write to the author
|
distribute corresponding source code. (This alternative is allowed only for
|
||||||
to ask for permission. For software which is copyrighted by the Free
|
noncommercial distribution and only if you received the program in object
|
||||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
code or executable form with such an offer, in accord with Subsection b
|
||||||
make exceptions for this. Our decision will be guided by the two goals
|
above.)
|
||||||
of preserving the free status of all derivatives of our free software and
|
|
||||||
of promoting the sharing and reuse of software generally.
|
|
||||||
|
|
||||||
NO WARRANTY
|
The source code for a work means the preferred form of the work for making
|
||||||
|
modifications to it. For an executable work, complete source code means all the
|
||||||
|
source code for all modules it contains, plus any associated interface
|
||||||
|
definition files, plus the scripts used to control compilation and installation
|
||||||
|
of the executable. However, as a special exception, the source code distributed
|
||||||
|
need not include anything that is normally distributed (in either source or
|
||||||
|
binary form) with the major components (compiler, kernel, and so on) of the
|
||||||
|
operating system on which the executable runs, unless that component itself
|
||||||
|
accompanies the executable.
|
||||||
|
|
||||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
If distribution of executable or object code is made by offering access to copy
|
||||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
from a designated place, then offering equivalent access to copy the source code
|
||||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
from the same place counts as distribution of the source code, even though third
|
||||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
parties are not compelled to copy the source along with the object code.
|
||||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
||||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
|
||||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
|
||||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
|
||||||
REPAIR OR CORRECTION.
|
|
||||||
|
|
||||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
**4.** You may not copy, modify, sublicense, or distribute the Program except as
|
||||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
expressly provided under this License. Any attempt otherwise to copy, modify,
|
||||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
sublicense or distribute the Program is void, and will automatically terminate
|
||||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
your rights under this License. However, parties who have received copies, or
|
||||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
rights, from you under this License will not have their licenses terminated so
|
||||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
long as such parties remain in full compliance.
|
||||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
|
||||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
|
||||||
POSSIBILITY OF SUCH DAMAGES.
|
|
||||||
|
|
||||||
END OF TERMS AND CONDITIONS
|
**5.** You are not required to accept this License, since you have not signed
|
||||||
|
it. However, nothing else grants you permission to modify or distribute the
|
||||||
|
Program or its derivative works. These actions are prohibited by law if you do
|
||||||
|
not accept this License. Therefore, by modifying or distributing the Program (or
|
||||||
|
any work based on the Program), you indicate your acceptance of this License to
|
||||||
|
do so, and all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Program or works based on it.
|
||||||
|
|
||||||
How to Apply These Terms to Your New Programs
|
**6.** Each time you redistribute the Program (or any work based on the
|
||||||
|
Program), the recipient automatically receives a license from the original
|
||||||
|
licensor to copy, distribute or modify the Program subject to these terms and
|
||||||
|
conditions. You may not impose any further restrictions on the recipients'
|
||||||
|
exercise of the rights granted herein. You are not responsible for enforcing
|
||||||
|
compliance by third parties to this License.
|
||||||
|
|
||||||
If you develop a new program, and you want it to be of the greatest
|
**7.** If, as a consequence of a court judgment or allegation of patent
|
||||||
possible use to the public, the best way to achieve this is to make it
|
infringement or for any other reason (not limited to patent issues), conditions
|
||||||
free software which everyone can redistribute and change under these terms.
|
are imposed on you (whether by court order, agreement or otherwise) that
|
||||||
|
contradict the conditions of this License, they do not excuse you from the
|
||||||
|
conditions of this License. If you cannot distribute so as to satisfy
|
||||||
|
simultaneously your obligations under this License and any other pertinent
|
||||||
|
obligations, then as a consequence you may not distribute the Program at all.
|
||||||
|
For example, if a patent license would not permit royalty-free redistribution of
|
||||||
|
the Program by all those who receive copies directly or indirectly through you,
|
||||||
|
then the only way you could satisfy both it and this License would be to refrain
|
||||||
|
entirely from distribution of the Program.
|
||||||
|
|
||||||
To do so, attach the following notices to the program. It is safest
|
If any portion of this section is held invalid or unenforceable under any
|
||||||
to attach them to the start of each source file to most effectively
|
particular circumstance, the balance of the section is intended to apply and the
|
||||||
convey the exclusion of warranty; and each file should have at least
|
section as a whole is intended to apply in other circumstances.
|
||||||
the "copyright" line and a pointer to where the full notice is found.
|
|
||||||
|
|
||||||
{description}
|
It is not the purpose of this section to induce you to infringe any patents or
|
||||||
Copyright (C) {year} {fullname}
|
other property right claims or to contest validity of any such claims; this
|
||||||
|
section has the sole purpose of protecting the integrity of the free software
|
||||||
|
distribution system, which is implemented by public license practices. Many
|
||||||
|
people have made generous contributions to the wide range of software
|
||||||
|
distributed through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing to
|
||||||
|
distribute software through any other system and a licensee cannot impose that
|
||||||
|
choice.
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This section is intended to make thoroughly clear what is believed to be a
|
||||||
it under the terms of the GNU General Public License as published by
|
consequence of the rest of this License.
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
**8.** If the distribution and/or use of the Program is restricted in certain
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
countries either by patents or by copyrighted interfaces, the original copyright
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
holder who places the Program under this License may add an explicit
|
||||||
GNU General Public License for more details.
|
geographical distribution limitation excluding those countries, so that
|
||||||
|
distribution is permitted only in or among countries not thus excluded. In such
|
||||||
|
case, this License incorporates the limitation as if written in the body of this
|
||||||
|
License.
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License along
|
**9.** The Free Software Foundation may publish revised and/or new versions of
|
||||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
the General Public License from time to time. Such new versions will be similar
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
in spirit to the present version, but may differ in detail to address new
|
||||||
|
problems or concerns.
|
||||||
|
|
||||||
Also add information on how to contact you by electronic and paper mail.
|
Each version is given a distinguishing version number. If the Program specifies
|
||||||
|
a version number of this License which applies to it and "any later version",
|
||||||
|
you have the option of following the terms and conditions either of that version
|
||||||
|
or of any later version published by the Free Software Foundation. If the
|
||||||
|
Program does not specify a version number of this License, you may choose any
|
||||||
|
version ever published by the Free Software Foundation.
|
||||||
|
|
||||||
If the program is interactive, make it output a short notice like this
|
**10.** If you wish to incorporate parts of the Program into other free programs
|
||||||
when it starts in an interactive mode:
|
whose distribution conditions are different, write to the author to ask for
|
||||||
|
permission. For software which is copyrighted by the Free Software Foundation,
|
||||||
|
write to the Free Software Foundation; we sometimes make exceptions for this.
|
||||||
|
Our decision will be guided by the two goals of preserving the free status of
|
||||||
|
all derivatives of our free software and of promoting the sharing and reuse of
|
||||||
|
software generally.
|
||||||
|
|
||||||
Gnomovision version 69, Copyright (C) year name of author
|
|
||||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
|
||||||
This is free software, and you are welcome to redistribute it
|
|
||||||
under certain conditions; type `show c' for details.
|
|
||||||
|
|
||||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
No Warranty
|
||||||
parts of the General Public License. Of course, the commands you use may
|
-----------
|
||||||
be called something other than `show w' and `show c'; they could even be
|
|
||||||
mouse-clicks or menu items--whatever suits your program.
|
|
||||||
|
|
||||||
You should also get your employer (if you work as a programmer) or your
|
**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
|
||||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
|
||||||
necessary. Here is a sample; alter the names:
|
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
|
||||||
|
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
|
||||||
|
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
|
||||||
|
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||||
|
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
|
|
||||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
|
||||||
|
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||||
{signature of Ty Coon}, 1 April 1989
|
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
|
||||||
Ty Coon, President of Vice
|
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
|
||||||
|
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
|
||||||
This General Public License does not permit incorporating your program into
|
FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
|
||||||
proprietary programs. If your program is a subroutine library, you may
|
OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||||
consider it more useful to permit linking proprietary applications with the
|
|
||||||
library. If this is what you want to do, use the GNU Lesser General
|
|
||||||
Public License instead of this License.
|
|
1
macros/LICENSE.md
Symbolic link
1
macros/LICENSE.md
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
LICENSE
|
@ -1,29 +1,26 @@
|
|||||||
autoconf-macros README
|
autoconf-macros
|
||||||
======================
|
===============
|
||||||
|
|
||||||
Sections below are: Purpose, Contents, Usage, References
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##Purpose
|
|
||||||
|
|
||||||
The purpose of Nagios autoconf-macros is to have a central place for
|
The purpose of Nagios autoconf-macros is to have a central place for
|
||||||
autoconf macros that can be maintained in one place, but be used by any
|
autoconf macros that can be maintained in one place, but be used by any
|
||||||
of the Nagios software. It is intended to be used as a git subtree.
|
of the Nagios software. It is intended to be used as a git subtree.
|
||||||
See the Usage and References section below.
|
See the [Usage](#usage) and [References](#references) sections below.
|
||||||
|
|
||||||
Since this project will be included in several parent projects, any
|
Since this project will be included in several parent projects, any
|
||||||
changes must be as project-neutral as possible.
|
changes must be as project-neutral as possible.
|
||||||
|
|
||||||
|
Make sure to check out the [CHANGELOG](CHANGELOG.md) for relevant
|
||||||
|
information, as well.
|
||||||
|
|
||||||
|
|
||||||
## Contents
|
Contents
|
||||||
|
--------
|
||||||
|
|
||||||
The collection consists of the following macros:
|
The collection consists of the following macros:
|
||||||
|
|
||||||
### AX_NAGIOS_GET_OS alias AC_NAGIOS_GET_OS
|
### AX_NAGIOS_GET_OS alias AC_NAGIOS_GET_OS
|
||||||
|
|
||||||
> Output Variable : opsys
|
> Output Variable : `opsys`
|
||||||
|
|
||||||
This macro detects the operating system, and transforms it into a generic
|
This macro detects the operating system, and transforms it into a generic
|
||||||
label. The most common OS's that use Nagios software are recognized and
|
label. The most common OS's that use Nagios software are recognized and
|
||||||
@ -31,17 +28,17 @@ used in subsequent macros.
|
|||||||
|
|
||||||
### AX_NAGIOS_GET_DISTRIB_TYPE alias AC_NAGIOS_GET_DISTRIB_TYPE
|
### AX_NAGIOS_GET_DISTRIB_TYPE alias AC_NAGIOS_GET_DISTRIB_TYPE
|
||||||
|
|
||||||
> Output Variables : dist_type, dist_ver
|
> Output Variables : `dist_type`, `dist_ver`
|
||||||
|
|
||||||
This macro detects the distribution type. For Linux, this would be rh
|
This macro detects the distribution type. For Linux, this would be rh
|
||||||
(for Red Hat and derivatives), suse (OpenSUSE, SLES, derivatives), gentoo
|
(for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
|
||||||
(Gentoo and derivatives), debian (Debian and derivatives), and so on.
|
(Gentoo and derivitives), debian (Debian and derivitives), and so on.
|
||||||
For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
|
For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
|
||||||
also be aix, solaris, osx, and so on for Unix operating systems.
|
also be aix, solaris, osx, and so on for Unix operating systems.
|
||||||
|
|
||||||
### AX_NAGIOS_GET_INIT alias AC_NAGIOS_GET_INIT
|
### AX_NAGIOS_GET_INIT alias AC_NAGIOS_GET_INIT
|
||||||
|
|
||||||
> Output Variable : init_type
|
> Output Variable : `init_type`
|
||||||
|
|
||||||
This macro detects what software is used to start daemons on bootup
|
This macro detects what software is used to start daemons on bootup
|
||||||
or on request, generally knows as the "init system". The init_type
|
or on request, generally knows as the "init system". The init_type
|
||||||
@ -51,7 +48,7 @@ gentoo (older Gentoo), upstart (several), or unknown.
|
|||||||
|
|
||||||
### AX_NAGIOS_GET_INETD alias AC_NAGIOS_GET_INETD
|
### AX_NAGIOS_GET_INETD alias AC_NAGIOS_GET_INETD
|
||||||
|
|
||||||
> Output Variable : inetd_type
|
> Output Variable : `inetd_type`
|
||||||
|
|
||||||
This macro detects what software is used to start daemons or services
|
This macro detects what software is used to start daemons or services
|
||||||
on demand, which historically has been "inetd". The inetd_type
|
on demand, which historically has been "inetd". The inetd_type
|
||||||
@ -60,7 +57,7 @@ will generally be one of inetd, xinetd, launchd (OS X), smf10 or smf11
|
|||||||
|
|
||||||
### AX_NAGIOS_GET_PATHS alias AC_NAGIOS_GET_PATHS
|
### AX_NAGIOS_GET_PATHS alias AC_NAGIOS_GET_PATHS
|
||||||
|
|
||||||
> Output Variables : many!
|
> Output Variables : **many!**
|
||||||
|
|
||||||
This macro determines the installation paths for binaries, config files,
|
This macro determines the installation paths for binaries, config files,
|
||||||
PID files, and so on. For a "standard" install of Nagios, NRPE, NDO Utils,
|
PID files, and so on. For a "standard" install of Nagios, NRPE, NDO Utils,
|
||||||
@ -72,7 +69,7 @@ O/S dependant directories, such as /usr/bin, /usr/sbin, /var/lib/nagios,
|
|||||||
|
|
||||||
### AX_NAGIOS_GET_FILES alias AC_NAGIOS_GET_FILES
|
### AX_NAGIOS_GET_FILES alias AC_NAGIOS_GET_FILES
|
||||||
|
|
||||||
> Output Variables : src_init, src_inetd, src_tmpfile
|
> Output Variables : `src_init`, `src_inetd`, `src_tmpfile`
|
||||||
|
|
||||||
Each Nagios project will have a top-level directory named "/startup/".
|
Each Nagios project will have a top-level directory named "/startup/".
|
||||||
In that directory will be "*.in" files for the various "init_type" and
|
In that directory will be "*.in" files for the various "init_type" and
|
||||||
@ -81,7 +78,7 @@ that directory will be needed.
|
|||||||
|
|
||||||
### AX_NAGIOS_GET_SSL alias AC_NAGIOS_GET_SSL
|
### AX_NAGIOS_GET_SSL alias AC_NAGIOS_GET_SSL
|
||||||
|
|
||||||
> Output Variables : HAVE_KRB5_H, HAVE_SSL, SSL_INC_DIR, SSL_LIB_DIR, CFLAGS, LDFLAGS, LIBS
|
> Output Variables : `HAVE_KRB5_H`, `HAVE_SSL`, `SSL_INC_DIR`, `SSL_LIB_DIR`, `CFLAGS`, `LDFLAGS`, `LIBS`
|
||||||
|
|
||||||
This macro checks various directories for SSL libraries and header files.
|
This macro checks various directories for SSL libraries and header files.
|
||||||
The searches are based on known install locations on various operating
|
The searches are based on known install locations on various operating
|
||||||
@ -90,11 +87,11 @@ If it finds the headers and libraries, it will then do an `AC_LINK_IFELSE`
|
|||||||
on a simple program to make sure a compile and link will work correctly.
|
on a simple program to make sure a compile and link will work correctly.
|
||||||
|
|
||||||
|
|
||||||
|
Usage
|
||||||
## Usage
|
-----
|
||||||
|
|
||||||
This repo is intended to be used as a git subtree, so changes will
|
This repo is intended to be used as a git subtree, so changes will
|
||||||
automatically propagate, and still be reasonably easy to use.
|
automatically propogate, and still be reasonably easy to use.
|
||||||
|
|
||||||
* First, Create, checkout, clone, or branch your project. If you do an
|
* First, Create, checkout, clone, or branch your project. If you do an
|
||||||
`ls -AF` it might look something like this:
|
`ls -AF` it might look something like this:
|
||||||
@ -112,7 +109,8 @@ it should look like this:
|
|||||||
|
|
||||||
.git/ .gitignore ChangeLog LICENSE Makefile.in
|
.git/ .gitignore ChangeLog LICENSE Makefile.in
|
||||||
README configure.ac include/ macros/ src/
|
README configure.ac include/ macros/ src/
|
||||||
The `macros/` directory has been added.
|
|
||||||
|
* The `macros/` directory has been added.
|
||||||
|
|
||||||
* Now do a `git push` to save everything.
|
* Now do a `git push` to save everything.
|
||||||
|
|
||||||
@ -129,11 +127,11 @@ master.
|
|||||||
|
|
||||||
* To get the latest version of `autoconf-macros` into your parent project:
|
* To get the latest version of `autoconf-macros` into your parent project:
|
||||||
|
|
||||||
git subtree pull --squash --prefix=macros autoconf-macros master
|
git subtgree pull --squash --prefix=macros autoconf-macros master
|
||||||
|
|
||||||
|
|
||||||
|
References
|
||||||
## References
|
----------
|
||||||
|
|
||||||
Now that autoconf-macros is available to your project, you will need to
|
Now that autoconf-macros is available to your project, you will need to
|
||||||
reference it.
|
reference it.
|
||||||
@ -165,3 +163,37 @@ where you want to check for SSL:
|
|||||||
|
|
||||||
* You will now be able to reference any of the variables in `config.h.in`
|
* You will now be able to reference any of the variables in `config.h.in`
|
||||||
and any files listed in the `AC_CONFIG_FILES` macro in `configure.ac`.
|
and any files listed in the `AC_CONFIG_FILES` macro in `configure.ac`.
|
||||||
|
|
||||||
|
|
||||||
|
License Notice
|
||||||
|
--------------
|
||||||
|
|
||||||
|
Copyright (c) 2016-2017 Nagios Enterprises, LLC
|
||||||
|
|
||||||
|
This work is made available to you under the terms of Version 2 of
|
||||||
|
the GNU General Public License. A copy of that license should have
|
||||||
|
been provided with this software, but in any event can be obtained
|
||||||
|
from http://www.fsf.org.
|
||||||
|
|
||||||
|
This work is distributed in the hope that it will be useful, but
|
||||||
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||||
|
02110-1301 or visit their web page on the internet at
|
||||||
|
http://www.fsf.org.
|
||||||
|
|
||||||
|
|
||||||
|
Questions?
|
||||||
|
----------
|
||||||
|
|
||||||
|
If you have questions about this addon, or problems getting things
|
||||||
|
working, first try searching the nagios-users mailing list archives.
|
||||||
|
Details on searching the list archives can be found at
|
||||||
|
http://www.nagios.org
|
||||||
|
|
||||||
|
If you don't find an answer there, post a message in the Nagios
|
||||||
|
Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35
|
||||||
|
@ -113,12 +113,6 @@ AC_SUBST(inetd_type)
|
|||||||
[*],
|
[*],
|
||||||
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
|
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
|
||||||
|
|
||||||
if test x"$inetd_type" = x; then
|
|
||||||
if test x"$init_type" = "xupstart"; then
|
|
||||||
inetd_type="upstart"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test x"$inetd_type" = x; then
|
if test x"$inetd_type" = x; then
|
||||||
if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
|
if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
|
||||||
inetd_disabled="(Not running)"
|
inetd_disabled="(Not running)"
|
||||||
@ -129,6 +123,12 @@ AC_SUBST(inetd_type)
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test x"$inetd_type" = x; then
|
||||||
|
if test x"$init_type" = "xupstart"; then
|
||||||
|
inetd_type="upstart"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if test x"$inetd_type" = x; then
|
if test x"$inetd_type" = x; then
|
||||||
if test x"$init_type" = "xsystemd"; then
|
if test x"$init_type" = "xsystemd"; then
|
||||||
inetd_type="systemd"
|
inetd_type="systemd"
|
||||||
|
@ -616,6 +616,7 @@ eval webdir=$webdir
|
|||||||
eval localedir=$localedir
|
eval localedir=$localedir
|
||||||
eval sysconfdir=$sysconfdir
|
eval sysconfdir=$sysconfdir
|
||||||
eval pkgsysconfdir=$pkgsysconfdir
|
eval pkgsysconfdir=$pkgsysconfdir
|
||||||
|
eval logdir=$logdir
|
||||||
eval piddir=$piddir
|
eval piddir=$piddir
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
%define _sysconfdir /etc/nagios
|
%define _sysconfdir /etc/nagios
|
||||||
|
|
||||||
%define name @PACKAGE_NAME@
|
%define name @PACKAGE_NAME@
|
||||||
%define version 3.1.1
|
%define version 3.2.1
|
||||||
%define release @RPM_RELEASE@
|
%define release @RPM_RELEASE@
|
||||||
%define nsusr @nrpe_user@
|
%define nsusr @nrpe_user@
|
||||||
%define nsgrp @nrpe_group@
|
%define nsgrp @nrpe_group@
|
||||||
@ -169,13 +169,13 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
@tmpfilesd@
|
@tmpfilesd@
|
||||||
%endif
|
%endif
|
||||||
%{_bindir}/nrpe-uninstall
|
%{_bindir}/nrpe-uninstall
|
||||||
%doc Changelog LEGAL README.md README.SSL.md SECURITY.md
|
%doc CHANGELOG.md LEGAL README.md README.SSL.md SECURITY.md
|
||||||
|
|
||||||
%files plugin
|
%files plugin
|
||||||
%defattr(755,%{nsusr},%{nsgrp})
|
%defattr(755,%{nsusr},%{nsgrp})
|
||||||
%{_libexecdir}
|
%{_libexecdir}
|
||||||
%defattr(644,%{nsusr},%{nsgrp})
|
%defattr(644,%{nsusr},%{nsgrp})
|
||||||
%doc Changelog LEGAL README.md
|
%doc CHANGELOG.md LEGAL README.md
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Aug 18 2016 John Frickson jfrickson<@>nagios.com
|
* Thu Aug 18 2016 John Frickson jfrickson<@>nagios.com
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
#############################################################################
|
#############################################################################
|
||||||
|
#
|
||||||
# Sample NRPE Config File
|
# Sample NRPE Config File
|
||||||
# Written by: Ethan Galstad (nagios@nagios.org)
|
|
||||||
#
|
#
|
||||||
# Last Modified: 2016-05-10
|
# Notes:
|
||||||
#
|
#
|
||||||
# NOTES:
|
|
||||||
# This is a sample configuration file for the NRPE daemon. It needs to be
|
# This is a sample configuration file for the NRPE daemon. It needs to be
|
||||||
# located on the remote host that is running the NRPE daemon, not the host
|
# located on the remote host that is running the NRPE daemon, not the host
|
||||||
# from which the check_nrpe client is being executed.
|
# from which the check_nrpe client is being executed.
|
||||||
|
#
|
||||||
#############################################################################
|
#############################################################################
|
||||||
|
|
||||||
|
|
||||||
@ -161,6 +161,13 @@ allow_bash_command_substitution=0
|
|||||||
# command_prefix=/usr/bin/sudo
|
# command_prefix=/usr/bin/sudo
|
||||||
|
|
||||||
|
|
||||||
|
# MAX COMMANDS
|
||||||
|
# This specifies how many children processes may be spawned at any one
|
||||||
|
# time, essentially limiting the fork()s that occur.
|
||||||
|
# Default (0) is set to unlimited
|
||||||
|
# max_commands=0
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# COMMAND TIMEOUT
|
# COMMAND TIMEOUT
|
||||||
# This specifies the maximum number of seconds that the NRPE daemon will
|
# This specifies the maximum number of seconds that the NRPE daemon will
|
||||||
@ -218,10 +225,12 @@ connection_timeout=300
|
|||||||
|
|
||||||
# SSL CIPHER LIST
|
# SSL CIPHER LIST
|
||||||
# This lists which ciphers can be used. For backward compatibility, this
|
# This lists which ciphers can be used. For backward compatibility, this
|
||||||
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
|
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
|
||||||
# will be changed to something like the example below in a later version of NRPE.
|
# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
|
||||||
|
# greater.
|
||||||
|
|
||||||
#ssl_cipher_list=ALL:!MD5:@STRENGTH
|
#ssl_cipher_list=ALL:!MD5:@STRENGTH
|
||||||
|
#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
|
||||||
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
|
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
|
||||||
|
|
||||||
# SSL Certificate and Private Key Files
|
# SSL Certificate and Private Key Files
|
||||||
@ -262,21 +271,6 @@ connection_timeout=300
|
|||||||
# nasty_metachars="|`&><'\\[]{};\r\n"
|
# nasty_metachars="|`&><'\\[]{};\r\n"
|
||||||
|
|
||||||
|
|
||||||
# INCLUDE CONFIG FILE
|
|
||||||
# This directive allows you to include definitions from an external config file.
|
|
||||||
|
|
||||||
#include=<somefile.cfg>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# INCLUDE CONFIG DIRECTORY
|
|
||||||
# This directive allows you to include definitions from config files (with a
|
|
||||||
# .cfg extension) in one or more directories (with recursion).
|
|
||||||
|
|
||||||
#include_dir=<somedirectory>
|
|
||||||
#include_dir=<someotherdirectory>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# COMMAND DEFINITIONS
|
# COMMAND DEFINITIONS
|
||||||
# Command definitions that this daemon will run. Definitions
|
# Command definitions that this daemon will run. Definitions
|
||||||
@ -299,6 +293,7 @@ connection_timeout=300
|
|||||||
|
|
||||||
|
|
||||||
# The following examples use hardcoded command arguments...
|
# The following examples use hardcoded command arguments...
|
||||||
|
# This is by far the most secure method of using NRPE
|
||||||
|
|
||||||
command[check_users]=@pluginsdir@/check_users -w 5 -c 10
|
command[check_users]=@pluginsdir@/check_users -w 5 -c 10
|
||||||
command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
|
command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
|
||||||
@ -313,7 +308,54 @@ command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
|
|||||||
# config file is set to '1'. This poses a potential security risk, so
|
# config file is set to '1'. This poses a potential security risk, so
|
||||||
# make sure you read the SECURITY file before doing this.
|
# make sure you read the SECURITY file before doing this.
|
||||||
|
|
||||||
#command[check_users]=@pluginsdir@/check_users -w $ARG1$ -c $ARG2$
|
### MISC SYSTEM METRICS ###
|
||||||
#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
|
#command[check_users]=@pluginsdir@/check_users $ARG1$
|
||||||
#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
|
#command[check_load]=@pluginsdir@/check_load $ARG1$
|
||||||
#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
|
#command[check_disk]=@pluginsdir@/check_disk $ARG1$
|
||||||
|
#command[check_swap]=@pluginsdir@/check_swap $ARG1$
|
||||||
|
#command[check_cpu_stats]=@pluginsdir@/check_cpu_stats.sh $ARG1$
|
||||||
|
#command[check_mem]=@pluginsdir@/custom_check_mem -n $ARG1$
|
||||||
|
|
||||||
|
### GENERIC SERVICES ###
|
||||||
|
#command[check_init_service]=sudo @pluginsdir@/check_init_service $ARG1$
|
||||||
|
#command[check_services]=@pluginsdir@/check_services -p $ARG1$
|
||||||
|
|
||||||
|
### SYSTEM UPDATES ###
|
||||||
|
#command[check_yum]=@pluginsdir@/check_yum
|
||||||
|
#command[check_apt]=@pluginsdir@/check_apt
|
||||||
|
|
||||||
|
### PROCESSES ###
|
||||||
|
#command[check_all_procs]=@pluginsdir@/custom_check_procs
|
||||||
|
#command[check_procs]=@pluginsdir@/check_procs $ARG1$
|
||||||
|
|
||||||
|
### OPEN FILES ###
|
||||||
|
#command[check_open_files]=@pluginsdir@/check_open_files.pl $ARG1$
|
||||||
|
|
||||||
|
### NETWORK CONNECTIONS ###
|
||||||
|
#command[check_netstat]=@pluginsdir@/check_netstat.pl -p $ARG1$ $ARG2$
|
||||||
|
|
||||||
|
### ASTERISK ###
|
||||||
|
#command[check_asterisk]=@pluginsdir@/check_asterisk.pl $ARG1$
|
||||||
|
#command[check_sip]=@pluginsdir@/check_sip $ARG1$
|
||||||
|
#command[check_asterisk_sip_peers]=sudo @pluginsdir@/check_asterisk_sip_peers.sh $ARG1$
|
||||||
|
#command[check_asterisk_version]=@pluginsdir@/nagisk.pl -c version
|
||||||
|
#command[check_asterisk_peers]=@pluginsdir@/nagisk.pl -c peers
|
||||||
|
#command[check_asterisk_channels]=@pluginsdir@/nagisk.pl -c channels
|
||||||
|
#command[check_asterisk_zaptel]=@pluginsdir@/nagisk.pl -c zaptel
|
||||||
|
#command[check_asterisk_span]=@pluginsdir@/nagisk.pl -c span -s 1
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# INCLUDE CONFIG FILE
|
||||||
|
# This directive allows you to include definitions from an external config file.
|
||||||
|
|
||||||
|
#include=<somefile.cfg>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# INCLUDE CONFIG DIRECTORY
|
||||||
|
# This directive allows you to include definitions from config files (with a
|
||||||
|
# .cfg extension) in one or more directories (with recursion).
|
||||||
|
|
||||||
|
#include_dir=<somedirectory>
|
||||||
|
#include_dir=<someotherdirectory>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
###############################
|
###############################
|
||||||
# Makefile for NRPE
|
|
||||||
#
|
#
|
||||||
# Last Modified: 08-13-2007
|
# NRPE Makefile
|
||||||
|
#
|
||||||
###############################
|
###############################
|
||||||
|
|
||||||
srcdir=@srcdir@
|
srcdir=@srcdir@
|
||||||
|
46
src/acl.c
46
src/acl.c
@ -1,17 +1,20 @@
|
|||||||
/*-
|
/****************************************************************************
|
||||||
|
*
|
||||||
* acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
|
* acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
|
||||||
|
*
|
||||||
|
* License: GPLv2
|
||||||
* Copyright (c) 2011 Kaspersky Lab ZAO
|
* Copyright (c) 2011 Kaspersky Lab ZAO
|
||||||
* Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help
|
|
||||||
*
|
*
|
||||||
* Description:
|
* Description:
|
||||||
* acl.c creates two linked lists. One is for IPv4 hosts and networks, another is for domain names.
|
|
||||||
* All connecting hosts (if allowed_hosts is defined) are checked in these two lists.
|
|
||||||
*
|
*
|
||||||
* Some notes:
|
* acl.c creates two linked lists. One is for IPv4 hosts and networks, another
|
||||||
* 1) IPv6 isn't supported in ACL.
|
* is for domain names. All connecting hosts (if allowed_hosts is defined)
|
||||||
* 2) Only ANCII names are supported in ACL.
|
* are checked in these two lists.
|
||||||
*
|
*
|
||||||
* License: GPL
|
* Note:
|
||||||
|
* Only ANCII names are supported in ACL.
|
||||||
|
*
|
||||||
|
* License Notice:
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -26,10 +29,12 @@
|
|||||||
* You should have received a copy of the GNU General Public License
|
* You should have received a copy of the GNU General Public License
|
||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
*/
|
*
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
#include "../include/config.h"
|
#include "../include/config.h"
|
||||||
#include "../include/common.h"
|
#include "../include/common.h"
|
||||||
|
#include "../include/utils.h"
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
@ -131,6 +136,7 @@ char * acl_substring(char *string, int s, int e) {
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
int add_ipv4_to_acl(char *ipv4) {
|
int add_ipv4_to_acl(char *ipv4) {
|
||||||
|
|
||||||
int state = 0;
|
int state = 0;
|
||||||
int octet = 0;
|
int octet = 0;
|
||||||
int index = 0; /* position in data array */
|
int index = 0; /* position in data array */
|
||||||
@ -602,6 +608,7 @@ void parse_allowed_hosts(char *allowed_hosts) {
|
|||||||
char *tok;
|
char *tok;
|
||||||
const char *delim = ",";
|
const char *delim = ",";
|
||||||
char *trimmed_tok;
|
char *trimmed_tok;
|
||||||
|
int add_to_acl = 0;
|
||||||
|
|
||||||
if (debug == TRUE)
|
if (debug == TRUE)
|
||||||
logit(LOG_INFO,
|
logit(LOG_INFO,
|
||||||
@ -622,8 +629,25 @@ void parse_allowed_hosts(char *allowed_hosts) {
|
|||||||
if (debug == TRUE)
|
if (debug == TRUE)
|
||||||
logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
|
logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
|
||||||
if (strlen(trimmed_tok) > 0) {
|
if (strlen(trimmed_tok) > 0) {
|
||||||
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
|
|
||||||
&& !add_domain_to_acl(trimmed_tok)) {
|
/* lets check the type of the address before we try and add it to the acl */
|
||||||
|
|
||||||
|
if (strchr(trimmed_tok, ':') != NULL) {
|
||||||
|
|
||||||
|
/* its an ipv6 address */
|
||||||
|
add_to_acl = add_ipv6_to_acl(trimmed_tok);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
/* its either a fqdn or an ipv4 address
|
||||||
|
unfortunately, i don't want to re-invent the wheel here
|
||||||
|
the logic exists inside of add_ipv4_to_acl() to detect
|
||||||
|
whether or not it is a ip or not */
|
||||||
|
add_to_acl = add_ipv4_to_acl(trimmed_tok);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* but we only try to add it to a domain if the other tests have failed */
|
||||||
|
if (!add_to_acl && !add_domain_to_acl(trimmed_tok)) {
|
||||||
logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
|
logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
|
||||||
} else if (debug == TRUE)
|
} else if (debug == TRUE)
|
||||||
logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
|
logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
|
||||||
|
412
src/check_nrpe.c
412
src/check_nrpe.c
@ -1,21 +1,40 @@
|
|||||||
/********************************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* CHECK_NRPE.C - NRPE Plugin For Nagios
|
* check_nrpe.c - NRPE Plugin For Nagios
|
||||||
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
|
|
||||||
* License: GPL
|
|
||||||
*
|
*
|
||||||
* Last Modified: 2017-05-24
|
* License: GPLv2
|
||||||
|
* Copyright (c) 2009-2017 Nagios Enterprises
|
||||||
|
* 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||||
*
|
*
|
||||||
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
|
* Command line:
|
||||||
|
*
|
||||||
|
* check_nrpe -H <host_address> [-p port] [-c command] [-to to_sec]
|
||||||
*
|
*
|
||||||
* Description:
|
* Description:
|
||||||
*
|
*
|
||||||
* This plugin will attempt to connect to the NRPE daemon on the specified server and port.
|
* This plugin will attempt to connect to the NRPE daemon on the specified
|
||||||
* The daemon will attempt to run the command defined as [command]. Program output and
|
* server and port. The daemon will attempt to run the command
|
||||||
* return code are sent back from the daemon and displayed as this plugin's own output and
|
* defined as [command]. Program output and return code are sent back
|
||||||
* return code.
|
* from the daemon and displayed as this plugin's own
|
||||||
|
* output and return code.
|
||||||
*
|
*
|
||||||
********************************************************************************************/
|
* License Notice:
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
@ -37,6 +56,7 @@ char *command_name = NULL;
|
|||||||
int socket_timeout = DEFAULT_SOCKET_TIMEOUT;
|
int socket_timeout = DEFAULT_SOCKET_TIMEOUT;
|
||||||
char timeout_txt[10];
|
char timeout_txt[10];
|
||||||
int timeout_return_code = -1;
|
int timeout_return_code = -1;
|
||||||
|
int stderr_to_stdout = 0;
|
||||||
int sd;
|
int sd;
|
||||||
|
|
||||||
char rem_host[MAX_HOST_ADDRESS_LENGTH];
|
char rem_host[MAX_HOST_ADDRESS_LENGTH];
|
||||||
@ -128,7 +148,11 @@ int main(int argc, char **argv)
|
|||||||
if (timeout_return_code == -1)
|
if (timeout_return_code == -1)
|
||||||
timeout_return_code = STATE_CRITICAL;
|
timeout_return_code = STATE_CRITICAL;
|
||||||
if (sslprm.cipher_list[0] == '\0')
|
if (sslprm.cipher_list[0] == '\0')
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
|
strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH:@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
|
||||||
|
#else
|
||||||
strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
|
strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
|
||||||
|
#endif
|
||||||
if (sslprm.ssl_proto_ver == SSL_Ver_Invalid)
|
if (sslprm.ssl_proto_ver == SSL_Ver_Invalid)
|
||||||
sslprm.ssl_proto_ver = TLSv1_plus;
|
sslprm.ssl_proto_ver = TLSv1_plus;
|
||||||
if (sslprm.allowDH == -1)
|
if (sslprm.allowDH == -1)
|
||||||
@ -215,6 +239,8 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
{"log-file", required_argument, 0, 'g'},
|
{"log-file", required_argument, 0, 'g'},
|
||||||
{"help", no_argument, 0, 'h'},
|
{"help", no_argument, 0, 'h'},
|
||||||
{"license", no_argument, 0, 'l'},
|
{"license", no_argument, 0, 'l'},
|
||||||
|
{"version", no_argument, 0, 'V'},
|
||||||
|
{"stderr-to-stdout", no_argument, 0, 'E'},
|
||||||
{0, 0, 0, 0}
|
{0, 0, 0, 0}
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
@ -224,7 +250,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
return ERROR;
|
return ERROR;
|
||||||
|
|
||||||
optind = 0;
|
optind = 0;
|
||||||
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuV");
|
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuVE");
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
if (argindex > 0)
|
if (argindex > 0)
|
||||||
@ -267,8 +293,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 't':
|
case 't':
|
||||||
if (from_config_file && socket_timeout != -1) {
|
if (from_config_file && socket_timeout != -1) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
|
logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides the config file option.");
|
||||||
"the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
socket_timeout=parse_timeout_string(optarg);
|
socket_timeout=parse_timeout_string(optarg);
|
||||||
@ -278,8 +303,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'p':
|
case 'p':
|
||||||
if (from_config_file && server_port != 0) {
|
if (from_config_file && server_port != 0) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line server port overrides "
|
logit(LOG_WARNING, "WARNING: Command-line server port overrides the config file option.");
|
||||||
"the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
server_port = atoi(optarg);
|
server_port = atoi(optarg);
|
||||||
@ -289,8 +313,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'P':
|
case 'P':
|
||||||
if (from_config_file && payload_size > 0) {
|
if (from_config_file && payload_size > 0) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
|
logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides the config file option.");
|
||||||
"the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
payload_size = atoi(optarg);
|
payload_size = atoi(optarg);
|
||||||
@ -300,13 +323,20 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'H':
|
case 'H':
|
||||||
if (from_config_file && server_name != NULL) {
|
if (from_config_file && server_name != NULL) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line server name overrides "
|
logit(LOG_WARNING, "WARNING: Command-line server name overrides the config file option.");
|
||||||
"the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
server_name = strdup(optarg);
|
server_name = strdup(optarg);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'E':
|
||||||
|
if (from_config_file && stderr_to_stdout != 0) {
|
||||||
|
logit(LOG_WARNING, "WARNING: Command-line stderr redirection overrides the config file option.");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
stderr_to_stdout = 1;
|
||||||
|
break;
|
||||||
|
|
||||||
case 'c':
|
case 'c':
|
||||||
if (from_config_file) {
|
if (from_config_file) {
|
||||||
printf("Error: The config file should not have a command (-c) option.\n");
|
printf("Error: The config file should not have a command (-c) option.\n");
|
||||||
@ -329,8 +359,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'u':
|
case 'u':
|
||||||
if (from_config_file && timeout_return_code != -1) {
|
if (from_config_file && timeout_return_code != -1) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
|
logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
timeout_return_code = STATE_UNKNOWN;
|
timeout_return_code = STATE_UNKNOWN;
|
||||||
@ -338,8 +367,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case '2':
|
case '2':
|
||||||
if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
|
if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
|
logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
packet_ver = NRPE_PACKET_VERSION_2;
|
packet_ver = NRPE_PACKET_VERSION_2;
|
||||||
@ -348,8 +376,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case '4':
|
case '4':
|
||||||
if (from_config_file && address_family != AF_UNSPEC) {
|
if (from_config_file && address_family != AF_UNSPEC) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
|
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) or ipv6 (-6) overrides the config file option.");
|
||||||
"or ipv6 (-6) overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
address_family = AF_INET;
|
address_family = AF_INET;
|
||||||
@ -357,8 +384,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case '6':
|
case '6':
|
||||||
if (from_config_file && address_family != AF_UNSPEC) {
|
if (from_config_file && address_family != AF_UNSPEC) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
|
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) or ipv6 (-6) overrides the config file option.");
|
||||||
"or ipv6 (-6) overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
address_family = AF_INET6;
|
address_family = AF_INET6;
|
||||||
@ -366,8 +392,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'd':
|
case 'd':
|
||||||
if (from_config_file && sslprm.allowDH != -1) {
|
if (from_config_file && sslprm.allowDH != -1) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
|
logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!optarg || optarg[0] < '0' || optarg[0] > '2')
|
if (!optarg || optarg[0] < '0' || optarg[0] > '2')
|
||||||
@ -377,8 +402,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'A':
|
case 'A':
|
||||||
if (from_config_file && sslprm.cacert_file != NULL) {
|
if (from_config_file && sslprm.cacert_file != NULL) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
|
logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
sslprm.cacert_file = strdup(optarg);
|
sslprm.cacert_file = strdup(optarg);
|
||||||
@ -386,8 +410,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'C':
|
case 'C':
|
||||||
if (from_config_file && sslprm.cert_file != NULL) {
|
if (from_config_file && sslprm.cert_file != NULL) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
|
logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
sslprm.cert_file = strdup(optarg);
|
sslprm.cert_file = strdup(optarg);
|
||||||
@ -396,8 +419,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'K':
|
case 'K':
|
||||||
if (from_config_file && sslprm.privatekey_file != NULL) {
|
if (from_config_file && sslprm.privatekey_file != NULL) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line key-file (-K) "
|
logit(LOG_WARNING, "WARNING: Command-line key-file (-K) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
sslprm.privatekey_file = strdup(optarg);
|
sslprm.privatekey_file = strdup(optarg);
|
||||||
@ -406,8 +428,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'S':
|
case 'S':
|
||||||
if (from_config_file && sslprm.ssl_proto_ver != SSL_Ver_Invalid) {
|
if (from_config_file && sslprm.ssl_proto_ver != SSL_Ver_Invalid) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
|
logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -439,8 +460,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'L':
|
case 'L':
|
||||||
if (from_config_file && sslprm.cipher_list[0] != '\0') {
|
if (from_config_file && sslprm.cipher_list[0] != '\0') {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
|
logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
strncpy(sslprm.cipher_list, optarg, sizeof(sslprm.cipher_list) - 1);
|
strncpy(sslprm.cipher_list, optarg, sizeof(sslprm.cipher_list) - 1);
|
||||||
@ -449,8 +469,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 's':
|
case 's':
|
||||||
if (from_config_file && have_log_opts == TRUE) {
|
if (from_config_file && have_log_opts == TRUE) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
|
logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
sslprm.log_opts = strtoul(optarg, NULL, 0);
|
sslprm.log_opts = strtoul(optarg, NULL, 0);
|
||||||
@ -459,8 +478,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
|
|
||||||
case 'g':
|
case 'g':
|
||||||
if (from_config_file && log_file != NULL) {
|
if (from_config_file && log_file != NULL) {
|
||||||
logit(LOG_WARNING, "WARNING: Command-line log-file (-g) "
|
logit(LOG_WARNING, "WARNING: Command-line log-file (-g) overrides the config file option.");
|
||||||
"overrides the config file option.");
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
log_file = strdup(optarg);
|
log_file = strdup(optarg);
|
||||||
@ -499,14 +517,12 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((has_cert && !has_priv_key) || (!has_cert && has_priv_key)) {
|
if ((has_cert && !has_priv_key) || (!has_cert && has_priv_key)) {
|
||||||
printf("Error: the client certificate and the private key "
|
printf("Error: the client certificate and the private key must both be given or neither\n");
|
||||||
"must both be given or neither\n");
|
|
||||||
return ERROR;
|
return ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (payload_size > 0 && packet_ver != NRPE_PACKET_VERSION_2) {
|
if (payload_size > 0 && packet_ver != NRPE_PACKET_VERSION_2) {
|
||||||
printf("Error: if a fixed payload size is specified, "
|
printf("Error: if a fixed payload size is specified, '-2' must also be specified\n");
|
||||||
"'-2' must also be specified\n");
|
|
||||||
return ERROR;
|
return ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -564,6 +580,8 @@ int read_config_file(char *fname)
|
|||||||
argv[argc] = my_strsep(&bufp, delims);
|
argv[argc] = my_strsep(&bufp, delims);
|
||||||
if (!argv[argc++])
|
if (!argv[argc++])
|
||||||
break;
|
break;
|
||||||
|
if (!bufp)
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
fclose(f);
|
fclose(f);
|
||||||
@ -609,8 +627,7 @@ int translate_state (char *state_text) {
|
|||||||
|
|
||||||
void set_timeout_state (char *state) {
|
void set_timeout_state (char *state) {
|
||||||
if ((timeout_return_code = translate_state(state)) == ERROR)
|
if ((timeout_return_code = translate_state(state)) == ERROR)
|
||||||
printf("Timeout state must be a valid state name (OK, "
|
printf("Timeout state must be a valid state name (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3).\n");
|
||||||
"WARNING, CRITICAL, UNKNOWN) or integer (0-3).\n");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int parse_timeout_string (char *timeout_str)
|
int parse_timeout_string (char *timeout_str)
|
||||||
@ -649,87 +666,95 @@ int parse_timeout_string (char *timeout_str)
|
|||||||
|
|
||||||
void usage(int result)
|
void usage(int result)
|
||||||
{
|
{
|
||||||
if (result != OK)
|
if (result != OK) {
|
||||||
|
printf("\n");
|
||||||
printf("Incorrect command line arguments supplied\n");
|
printf("Incorrect command line arguments supplied\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
}
|
||||||
printf("NRPE Plugin for Nagios\n");
|
printf("NRPE Plugin for Nagios\n");
|
||||||
printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
|
|
||||||
printf("Version: %s\n", PROGRAM_VERSION);
|
printf("Version: %s\n", PROGRAM_VERSION);
|
||||||
printf("Last Modified: %s\n", MODIFICATION_DATE);
|
|
||||||
printf("License: GPL v2 with exemptions (-l for more info)\n");
|
|
||||||
#ifdef HAVE_SSL
|
|
||||||
printf("SSL/TLS Available: OpenSSL 0.9.6 or higher required\n");
|
|
||||||
#endif
|
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
if (result != OK || show_help == TRUE) {
|
if (result != OK || show_help == TRUE) {
|
||||||
printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
|
printf("Copyright (c) 2009-2017 Nagios Enterprises\n");
|
||||||
" [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n"
|
printf(" 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
|
||||||
" [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
|
printf("\n");
|
||||||
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n"
|
printf("Last Modified: %s\n", MODIFICATION_DATE);
|
||||||
" [-c <command>] [-a <arglist...>]\n");
|
printf("\n");
|
||||||
|
printf("License: GPL v2 with exemptions (-l for more info)\n");
|
||||||
|
printf("\n");
|
||||||
|
#ifdef HAVE_SSL
|
||||||
|
printf("SSL/TLS Available: OpenSSL 0.9.6 or higher required\n");
|
||||||
|
printf("\n");
|
||||||
|
#endif
|
||||||
|
printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n");
|
||||||
|
printf(" [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n");
|
||||||
|
printf(" [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n");
|
||||||
|
printf(" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n");
|
||||||
|
printf(" [-c <command>] [-E] [-a <arglist...>]\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
printf("Options:\n");
|
printf("Options:\n");
|
||||||
printf(" <host> = The address of the host running the NRPE daemon\n");
|
printf(" -H, --host=HOST The address of the host running the NRPE daemon\n");
|
||||||
printf(" -2 = Only use Version 2 packets, not Version 3\n");
|
printf(" -2, --v2-packets-only Only use version 2 packets, not version 3\n");
|
||||||
printf(" -4 = bind to ipv4 only\n");
|
printf(" -4, --ipv4 Bind to ipv4 only\n");
|
||||||
printf(" -6 = bind to ipv6 only\n");
|
printf(" -6, --ipv6 Bind to ipv6 only\n");
|
||||||
printf(" -n = Do no use SSL\n");
|
printf(" -n, --no-ssl Do no use SSL\n");
|
||||||
printf
|
printf(" -u, --unknown-timeout Make connection problems return UNKNOWN instead of CRITICAL\n");
|
||||||
(" -u = Make connection problems return UNKNOWN instead of CRITICAL\n");
|
printf(" -V, --version Print version info and quit\n");
|
||||||
printf(" -V = Show version\n");
|
printf(" -l, --license Show license\n");
|
||||||
printf(" -l = Show license\n");
|
printf(" -E, --stderr-to-stdout Redirect stderr to stdout\n");
|
||||||
printf(" <dhopt> = Anonymous Diffie Hellman use:\n");
|
printf(" -d, --use-dh=DHOPT Anonymous Diffie Hellman use:\n");
|
||||||
printf(" 0 = Don't use Anonymous Diffie Hellman\n");
|
printf(" 0 Don't use Anonymous Diffie Hellman\n");
|
||||||
printf(" (This will be the default in a future release.)\n");
|
printf(" (This will be the default in a future release.)\n");
|
||||||
printf(" 1 = Allow Anonymous Diffie Hellman (default)\n");
|
printf(" 1 Allow Anonymous Diffie Hellman (default)\n");
|
||||||
printf(" 2 = Force Anonymous Diffie Hellman\n");
|
printf(" 2 Force Anonymous Diffie Hellman\n");
|
||||||
printf(" <size> = Specify non-default payload size for NSClient++\n");
|
printf(" -P, --payload-size=SIZE Specify non-default payload size for NSClient++\n");
|
||||||
printf
|
printf(" -S, --ssl-version=VERSION The SSL/TLS version to use. Can be any one of:\n");
|
||||||
(" <ssl ver> = The SSL/TLS version to use. Can be any one of:\n");
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||||
printf(" SSLv2 (only), SSLv2+ (or above),\n");
|
printf(" SSLv2 SSL v2 only\n");
|
||||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
|
printf(" SSLv2+ SSL v2 or above\n");
|
||||||
printf(" SSLv3 (only), SSLv3+ (or above),\n");
|
#endif
|
||||||
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT),\n");
|
printf(" SSLv3 SSL v3 only\n");
|
||||||
printf(" TLSv1.1 (only), TLSv1.1+ (or above),\n");
|
printf(" SSLv3+ SSL v3 or above \n");
|
||||||
printf(" TLSv1.2 (only), TLSv1.2+ (or above)\n");
|
printf(" TLSv1 TLS v1 only\n");
|
||||||
printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
|
printf(" TLSv1+ TLS v1 or above (DEFAULT)\n");
|
||||||
printf
|
printf(" TLSv1.1 TLS v1.1 only\n");
|
||||||
(" to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
|
printf(" TLSv1.1+ TLS v1.1 or above\n");
|
||||||
printf(" <clientcert> = The client certificate to use for PKI\n");
|
printf(" TLSv1.2 TLS v1.2 only\n");
|
||||||
printf(" <key> = The private key to use with the client certificate\n");
|
printf(" TLSv1.2+ TLS v1.2 or above\n");
|
||||||
printf(" <ca-cert> = The CA certificate to use for PKI\n");
|
printf(" -L, --cipher-list=LIST The list of SSL ciphers to use (currently defaults\n");
|
||||||
printf(" <logopts> = SSL Logging Options\n");
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
printf(" <bindaddr> = bind to local address\n");
|
printf(" to \"ALL:!MD5:@STRENGTH:@SECLEVEL=0\". THIS WILL change in a future release.)\n");
|
||||||
printf(" <cfg-file> = configuration file to use\n");
|
#else
|
||||||
printf(" <log-file> = full path to the log file to write to\n");
|
printf(" to \"ALL:!MD5:@STRENGTH\". THIS WILL change in a future release.)\n");
|
||||||
printf(" [port] = The port on which the daemon is running (default=%d)\n",
|
#endif
|
||||||
DEFAULT_SERVER_PORT);
|
printf(" -C, --client-cert=FILE The client certificate to use for PKI\n");
|
||||||
printf(" [command] = The name of the command that the remote daemon should run\n");
|
printf(" -K, --key-file=FILE The private key to use with the client certificate\n");
|
||||||
printf(" [arglist] = Optional arguments that should be passed to the command,\n");
|
printf(" -A, --ca-cert-file=FILE The CA certificate to use for PKI\n");
|
||||||
|
printf(" -s, --ssl-logging=OPTIONS SSL Logging Options\n");
|
||||||
|
printf(" -b, --bind=IPADDR Local address to bind to\n");
|
||||||
|
printf(" -f, --config-file=FILE Configuration file to use\n");
|
||||||
|
printf(" -g, --log-file=FILE Log file to write to\n");
|
||||||
|
printf(" -p, --port=PORT The port on which the daemon is running (default=%d)\n", DEFAULT_SERVER_PORT);
|
||||||
|
printf(" -c, --command=COMMAND The name of the command that the remote daemon should run\n");
|
||||||
|
printf(" -a, --args=LIST Optional arguments that should be passed to the command,\n");
|
||||||
printf(" separated by a space. If provided, this must be the last\n");
|
printf(" separated by a space. If provided, this must be the last\n");
|
||||||
printf(" option supplied on the command line.\n");
|
printf(" option supplied on the command line.\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
printf(" NEW TIMEOUT SYNTAX\n");
|
printf(" NEW TIMEOUT SYNTAX\n");
|
||||||
printf(" -t <interval>:<state>\n");
|
printf(" -t, --timeout=INTERVAL:STATE\n");
|
||||||
printf(" <interval> = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
|
printf(" INTERVAL Number of seconds before connection times out (default=%d)\n", DEFAULT_SOCKET_TIMEOUT);
|
||||||
printf(" <state> = Check state to exit with in the event of a timeout (default=CRITICAL)\n");
|
printf(" STATE Check state to exit with in the event of a timeout (default=CRITICAL)\n");
|
||||||
printf(" Timeout state must be a valid state name (case-insensitive) or integer:\n");
|
printf(" Timeout STATE must be a valid state name (case-insensitive) or integer:\n");
|
||||||
printf(" (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)\n");
|
printf(" (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
printf("Note:\n");
|
printf("Note:\n");
|
||||||
printf
|
printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
|
||||||
("This plugin requires that you have the NRPE daemon running on the remote host.\n");
|
printf("You must also have configured the daemon to associate a specific plugin command\n");
|
||||||
printf
|
|
||||||
("You must also have configured the daemon to associate a specific plugin command\n");
|
|
||||||
printf("with the [command] option you are specifying here. Upon receipt of the\n");
|
printf("with the [command] option you are specifying here. Upon receipt of the\n");
|
||||||
printf
|
printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
|
||||||
("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
|
printf("send the plugin output and return code back to *this* plugin. This allows you\n");
|
||||||
printf
|
printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
|
||||||
("send the plugin output and return code back to *this* plugin. This allows you\n");
|
|
||||||
printf
|
|
||||||
("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
|
|
||||||
printf("the plugin is being run locally.\n");
|
printf("the plugin is being run locally.\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
@ -748,18 +773,11 @@ void setup_ssl()
|
|||||||
if (sslprm.log_opts & SSL_LogStartup) {
|
if (sslprm.log_opts & SSL_LogStartup) {
|
||||||
char *val;
|
char *val;
|
||||||
|
|
||||||
logit(LOG_INFO, "SSL Certificate File: %s",
|
logit(LOG_INFO, "SSL Certificate File: %s", sslprm.cert_file ? sslprm.cert_file : "None");
|
||||||
sslprm.cert_file ? sslprm.cert_file : "None");
|
logit(LOG_INFO, "SSL Private Key File: %s", sslprm.privatekey_file ? sslprm.privatekey_file : "None");
|
||||||
logit(LOG_INFO, "SSL Private Key File: %s",
|
logit(LOG_INFO, "SSL CA Certificate File: %s", sslprm.cacert_file ? sslprm.cacert_file : "None");
|
||||||
sslprm.privatekey_file ? sslprm.privatekey_file : "None");
|
|
||||||
logit(LOG_INFO, "SSL CA Certificate File: %s",
|
|
||||||
sslprm.cacert_file ? sslprm.cacert_file : "None");
|
|
||||||
if (sslprm.allowDH < 2)
|
|
||||||
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
|
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
|
||||||
else
|
logit(LOG_INFO, "SSL Allow ADH: %d", sslprm.allowDH);
|
||||||
logit(LOG_INFO, "SSL Cipher List: ADH");
|
|
||||||
logit(LOG_INFO, "SSL Allow ADH: %s",
|
|
||||||
sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
|
|
||||||
logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
|
logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
|
||||||
|
|
||||||
switch (sslprm.ssl_proto_ver) {
|
switch (sslprm.ssl_proto_ver) {
|
||||||
@ -804,6 +822,9 @@ void setup_ssl()
|
|||||||
if (use_ssl == TRUE) {
|
if (use_ssl == TRUE) {
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
|
ENGINE_load_builtin_engines();
|
||||||
|
RAND_set_rand_engine(NULL);
|
||||||
|
ENGINE_register_all_complete();
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
|
|
||||||
@ -901,19 +922,16 @@ void setup_ssl()
|
|||||||
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
|
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
|
||||||
printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
|
printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
printf("Error: could not use certificate file '%s': %s\n",
|
printf("Error: could not use certificate file '%s': %s\n", sslprm.cert_file, ERR_reason_error_string(x));
|
||||||
sslprm.cert_file, ERR_reason_error_string(x));
|
|
||||||
}
|
}
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
exit(STATE_CRITICAL);
|
exit(STATE_CRITICAL);
|
||||||
}
|
}
|
||||||
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
|
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
printf("Error: could not use private key file '%s'.\n",
|
printf("Error: could not use private key file '%s'.\n", sslprm.privatekey_file);
|
||||||
sslprm.privatekey_file);
|
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
printf("Error: could not use private key file '%s': %s\n",
|
printf("Error: could not use private key file '%s': %s\n", sslprm.privatekey_file, ERR_reason_error_string(x));
|
||||||
sslprm.privatekey_file, ERR_reason_error_string(x));
|
|
||||||
}
|
}
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
exit(STATE_CRITICAL);
|
exit(STATE_CRITICAL);
|
||||||
@ -926,8 +944,7 @@ void setup_ssl()
|
|||||||
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
||||||
printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
|
printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
printf("Error: could not use CA certificate '%s': %s\n",
|
printf("Error: could not use CA certificate '%s': %s\n", sslprm.privatekey_file, ERR_reason_error_string(x));
|
||||||
sslprm.privatekey_file, ERR_reason_error_string(x));
|
|
||||||
}
|
}
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
exit(STATE_CRITICAL);
|
exit(STATE_CRITICAL);
|
||||||
@ -942,15 +959,19 @@ void setup_ssl()
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* use anonymous DH ciphers */
|
/* use anonymous DH ciphers */
|
||||||
if (sslprm.allowDH == 2)
|
if (sslprm.allowDH == 2) {
|
||||||
strcpy(sslprm.cipher_list, "ADH");
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
|
strncpy(sslprm.cipher_list, "ADH@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
|
||||||
|
#else
|
||||||
|
strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
|
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
|
||||||
printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
|
printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
printf("Could not set SSL/TLS cipher list '%s': %s\n",
|
printf("Could not set SSL/TLS cipher list '%s': %s\n", sslprm.cipher_list, ERR_reason_error_string(x));
|
||||||
sslprm.cipher_list, ERR_reason_error_string(x));
|
|
||||||
}
|
}
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
exit(STATE_CRITICAL);
|
exit(STATE_CRITICAL);
|
||||||
@ -987,8 +1008,7 @@ int connect_to_remote()
|
|||||||
int result, rc, ssl_err, ern, x, nerrs = 0;
|
int result, rc, ssl_err, ern, x, nerrs = 0;
|
||||||
|
|
||||||
/* try to connect to the host at the given port number */
|
/* try to connect to the host at the given port number */
|
||||||
if ((sd =
|
if ((sd = my_connect(server_name, &hostaddr, server_port, address_family, bind_address, stderr_to_stdout)) < 0)
|
||||||
my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
|
|
||||||
exit(timeout_return_code);
|
exit(timeout_return_code);
|
||||||
|
|
||||||
result = STATE_OK;
|
result = STATE_OK;
|
||||||
@ -1025,36 +1045,31 @@ int connect_to_remote()
|
|||||||
if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
|
if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
|
||||||
rc = 0;
|
rc = 0;
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
logit(LOG_ERR, "Error: (ERR_get_error_line_data = %d), Could not complete SSL handshake with %s: %s", x, rem_host, ERR_reason_error_string(x));
|
||||||
rem_host, ERR_reason_error_string(x));
|
|
||||||
++nerrs;
|
++nerrs;
|
||||||
}
|
}
|
||||||
if (nerrs == 0)
|
if (nerrs == 0) {
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
|
logit(LOG_ERR, "Error: (nerrs = 0) Could not complete SSL handshake with %s: rc=%d SSL-error=%d", rem_host, rc, ssl_err);
|
||||||
rem_host, rc, ssl_err);
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
logit(LOG_ERR, "Error: (!log_opts) Could not complete SSL handshake with %s: %s", rem_host, ERR_reason_error_string(x));
|
||||||
rem_host, ERR_reason_error_string(x));
|
|
||||||
++nerrs;
|
++nerrs;
|
||||||
}
|
}
|
||||||
if (nerrs == 0)
|
if (nerrs == 0) {
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: "
|
logit(LOG_ERR, "Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with %s: rc=%d SSL-error=%d", rem_host, rc, ssl_err);
|
||||||
"rc=%d SSL-error=%d", rem_host, rc, ssl_err);
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssl_err == 5) {
|
if (ssl_err == 5) {
|
||||||
/* Often, errno will be zero, so print a generic message here */
|
/* Often, errno will be zero, so print a generic message here */
|
||||||
if (ern == 0)
|
if (ern == 0)
|
||||||
printf("CHECK_NRPE: Error - Could not connect to %s. Check system logs on %s\n",
|
printf("CHECK_NRPE: Error - Could not connect to %s. Check system logs on %s\n", rem_host, rem_host);
|
||||||
rem_host, rem_host);
|
|
||||||
else
|
else
|
||||||
printf("CHECK_NRPE: Error - Could not connect to %s: %s\n",
|
printf("CHECK_NRPE: Error - Could not connect to %s: %s\n", rem_host, strerror(ern));
|
||||||
rem_host, strerror(ern));
|
} else {
|
||||||
} else
|
printf("CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with %s: %d\n", rem_host, ssl_err);
|
||||||
printf("CHECK_NRPE: Error - Could not complete SSL handshake with %s: %d\n",
|
}
|
||||||
rem_host, ssl_err);
|
|
||||||
|
|
||||||
# ifdef DEBUG
|
# ifdef DEBUG
|
||||||
printf("SSL_connect=%d\n", rc);
|
printf("SSL_connect=%d\n", rc);
|
||||||
@ -1089,8 +1104,8 @@ int connect_to_remote()
|
|||||||
|
|
||||||
if (peer) {
|
if (peer) {
|
||||||
if (sslprm.log_opts & SSL_LogIfClientCert)
|
if (sslprm.log_opts & SSL_LogIfClientCert)
|
||||||
logit(LOG_NOTICE, "SSL %s has %s certificate",
|
logit(LOG_NOTICE, "SSL %s has %s certificate", rem_host, SSL_get_verify_result(ssl) == X509_V_OK ? "a valid" : "an invalid");
|
||||||
rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
|
|
||||||
if (sslprm.log_opts & SSL_LogCertDetails) {
|
if (sslprm.log_opts & SSL_LogCertDetails) {
|
||||||
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
|
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
|
||||||
logit(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
|
logit(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
|
||||||
@ -1240,13 +1255,14 @@ int read_response()
|
|||||||
} else if (rc == 0) {
|
} else if (rc == 0) {
|
||||||
|
|
||||||
/* server disconnected */
|
/* server disconnected */
|
||||||
printf("CHECK_NRPE: Received 0 bytes from daemon. Check "
|
printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n");
|
||||||
"the remote server logs for error messages.\n");
|
|
||||||
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
||||||
if (v3_receive_packet)
|
if (v3_receive_packet) {
|
||||||
free(v3_receive_packet);
|
free(v3_receive_packet);
|
||||||
} else if (v2_receive_packet)
|
}
|
||||||
|
} else if (v2_receive_packet) {
|
||||||
free(v2_receive_packet);
|
free(v2_receive_packet);
|
||||||
|
}
|
||||||
return STATE_UNKNOWN;
|
return STATE_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1259,8 +1275,9 @@ int read_response()
|
|||||||
calculated_crc32 = calculate_crc32((char *)v3_receive_packet, pkt_size);
|
calculated_crc32 = calculate_crc32((char *)v3_receive_packet, pkt_size);
|
||||||
} else {
|
} else {
|
||||||
pkt_size = sizeof(v2_packet);
|
pkt_size = sizeof(v2_packet);
|
||||||
if (payload_size > 0)
|
if (payload_size > 0) {
|
||||||
pkt_size = sizeof(v2_packet) - MAX_PACKETBUFFER_LENGTH + payload_size;
|
pkt_size = sizeof(v2_packet) - MAX_PACKETBUFFER_LENGTH + payload_size;
|
||||||
|
}
|
||||||
packet_crc32 = ntohl(v2_receive_packet->crc32_value);
|
packet_crc32 = ntohl(v2_receive_packet->crc32_value);
|
||||||
v2_receive_packet->crc32_value = 0L;
|
v2_receive_packet->crc32_value = 0L;
|
||||||
calculated_crc32 = calculate_crc32((char *)v2_receive_packet, pkt_size);
|
calculated_crc32 = calculate_crc32((char *)v2_receive_packet, pkt_size);
|
||||||
@ -1270,10 +1287,12 @@ int read_response()
|
|||||||
printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
|
printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
|
||||||
close(sd);
|
close(sd);
|
||||||
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
||||||
if (v3_receive_packet)
|
if (v3_receive_packet) {
|
||||||
free(v3_receive_packet);
|
free(v3_receive_packet);
|
||||||
} else if (v2_receive_packet)
|
}
|
||||||
|
} else if (v2_receive_packet) {
|
||||||
free(v2_receive_packet);
|
free(v2_receive_packet);
|
||||||
|
}
|
||||||
return STATE_UNKNOWN;
|
return STATE_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1281,30 +1300,35 @@ int read_response()
|
|||||||
/* and print the output returned by the daemon */
|
/* and print the output returned by the daemon */
|
||||||
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
||||||
result = ntohs(v3_receive_packet->result_code);
|
result = ntohs(v3_receive_packet->result_code);
|
||||||
if (v3_receive_packet->buffer_length == 0)
|
if (v3_receive_packet->buffer_length == 0) {
|
||||||
printf("CHECK_NRPE: No output returned from daemon.\n");
|
printf("CHECK_NRPE: No output returned from daemon.\n");
|
||||||
else
|
} else {
|
||||||
printf("%s\n", v3_receive_packet->buffer);
|
printf("%s\n", v3_receive_packet->buffer);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
result = ntohs(v2_receive_packet->result_code);
|
result = ntohs(v2_receive_packet->result_code);
|
||||||
if (payload_size > 0)
|
if (payload_size > 0) {
|
||||||
v2_receive_packet->buffer[payload_size - 1] = '\x0';
|
v2_receive_packet->buffer[payload_size - 1] = '\x0';
|
||||||
else
|
} else {
|
||||||
v2_receive_packet->buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
|
v2_receive_packet->buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
|
||||||
if (!strcmp(v2_receive_packet->buffer, ""))
|
}
|
||||||
|
if (!strcmp(v2_receive_packet->buffer, "")) {
|
||||||
printf("CHECK_NRPE: No output returned from daemon.\n");
|
printf("CHECK_NRPE: No output returned from daemon.\n");
|
||||||
else if (strstr(v2_receive_packet->buffer, "Invalid packet version.3") != NULL)
|
} else if (strstr(v2_receive_packet->buffer, "Invalid packet version.3") != NULL) {
|
||||||
/* NSClient++ doesn't recognize it */
|
/* NSClient++ doesn't recognize it */
|
||||||
return -1;
|
return -1;
|
||||||
else
|
} else {
|
||||||
printf("%s\n", v2_receive_packet->buffer);
|
printf("%s\n", v2_receive_packet->buffer);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
||||||
if (v3_receive_packet)
|
if (v3_receive_packet) {
|
||||||
free(v3_receive_packet);
|
free(v3_receive_packet);
|
||||||
} else if (v2_receive_packet)
|
}
|
||||||
|
} else if (v2_receive_packet) {
|
||||||
free(v2_receive_packet);
|
free(v2_receive_packet);
|
||||||
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@ -1325,9 +1349,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
|||||||
if (rc <= 0 || rc != bytes_to_recv) {
|
if (rc <= 0 || rc != bytes_to_recv) {
|
||||||
if (rc < bytes_to_recv) {
|
if (rc < bytes_to_recv) {
|
||||||
if (packet_ver != NRPE_PACKET_VERSION_3)
|
if (packet_ver != NRPE_PACKET_VERSION_3)
|
||||||
printf("CHECK_NRPE: Receive header underflow - "
|
printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_recv));
|
||||||
"only %d bytes received (%ld expected).\n",
|
|
||||||
rc, sizeof(bytes_to_recv));
|
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -1348,8 +1370,9 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
|||||||
if (payload_size > 0) {
|
if (payload_size > 0) {
|
||||||
pkt_size = common_size + payload_size;
|
pkt_size = common_size + payload_size;
|
||||||
buffer_size = payload_size;
|
buffer_size = payload_size;
|
||||||
} else
|
} else {
|
||||||
buffer_size = pkt_size - common_size;
|
buffer_size = pkt_size - common_size;
|
||||||
|
}
|
||||||
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
|
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
|
||||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
||||||
return -1;
|
return -1;
|
||||||
@ -1398,8 +1421,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
|||||||
*v2_pkt = NULL;
|
*v2_pkt = NULL;
|
||||||
}
|
}
|
||||||
if (rc < buffer_size)
|
if (rc < buffer_size)
|
||||||
printf("CHECK_NRPE: Receive underflow - only %d bytes received "
|
printf("CHECK_NRPE: Receive underflow - only %d bytes received (%ld expected).\n", rc, sizeof(buffer_size));
|
||||||
"(%ld expected).\n", rc, sizeof(buffer_size));
|
|
||||||
return -1;
|
return -1;
|
||||||
} else
|
} else
|
||||||
tot_bytes += rc;
|
tot_bytes += rc;
|
||||||
@ -1415,8 +1437,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
|||||||
if (rc <= 0 || rc != bytes_to_recv) {
|
if (rc <= 0 || rc != bytes_to_recv) {
|
||||||
if (rc < bytes_to_recv) {
|
if (rc < bytes_to_recv) {
|
||||||
if (packet_ver != NRPE_PACKET_VERSION_3)
|
if (packet_ver != NRPE_PACKET_VERSION_3)
|
||||||
printf("CHECK_NRPE: Receive header underflow - only %d bytes "
|
printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_recv));
|
||||||
"received (%ld expected).\n", rc, sizeof(bytes_to_recv));
|
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -1504,12 +1525,11 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
|
|||||||
*v2_pkt = NULL;
|
*v2_pkt = NULL;
|
||||||
}
|
}
|
||||||
if (bytes_read != buffer_size) {
|
if (bytes_read != buffer_size) {
|
||||||
if (packet_ver == NRPE_PACKET_VERSION_3)
|
if (packet_ver == NRPE_PACKET_VERSION_3) {
|
||||||
printf("CHECK_NRPE: Receive buffer size - %ld bytes received "
|
printf("CHECK_NRPE: Receive buffer size - %ld bytes received (%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
|
||||||
"(%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
|
} else {
|
||||||
else
|
printf("CHECK_NRPE: Receive underflow - only %ld bytes received (%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
|
||||||
printf("CHECK_NRPE: Receive underflow - only %ld bytes received "
|
}
|
||||||
"(%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
|
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
} else
|
} else
|
||||||
@ -1542,8 +1562,8 @@ int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
|
|||||||
|
|
||||||
if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
|
if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
|
||||||
&& (sslprm.log_opts & SSL_LogCertDetails)) {
|
&& (sslprm.log_opts & SSL_LogCertDetails)) {
|
||||||
logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
|
|
||||||
name, issuer, err, X509_verify_cert_error_string(err));
|
logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s", name, issuer, err, X509_verify_cert_error_string(err));
|
||||||
}
|
}
|
||||||
|
|
||||||
return preverify_ok;
|
return preverify_ok;
|
||||||
@ -1565,11 +1585,15 @@ void alarm_handler(int sig)
|
|||||||
if (timeout_txt[lth2] == 0)
|
if (timeout_txt[lth2] == 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
write(STDOUT_FILENO, msg1, sizeof(msg1) - 1);
|
|
||||||
write(STDOUT_FILENO, text, lth1);
|
if ((write(STDOUT_FILENO, msg1, sizeof(msg1) - 1) == -1)
|
||||||
write(STDOUT_FILENO, msg2, sizeof(msg2) - 1);
|
|| (write(STDOUT_FILENO, text, lth1) == -1)
|
||||||
write(STDOUT_FILENO, timeout_txt, lth2);
|
|| (write(STDOUT_FILENO, msg2, sizeof(msg2) - 1) == -1)
|
||||||
write(STDOUT_FILENO, msg3, sizeof(msg3) - 1);
|
|| (write(STDOUT_FILENO, timeout_txt, lth2) == -1)
|
||||||
|
|| (write(STDOUT_FILENO, msg3, sizeof(msg3) - 1) == -1)) {
|
||||||
|
|
||||||
|
logit(LOG_ERR, "ERROR: alarm_handler() write(): %s", strerror(errno));
|
||||||
|
}
|
||||||
|
|
||||||
exit(timeout_return_code);
|
exit(timeout_return_code);
|
||||||
}
|
}
|
||||||
|
259
src/nrpe.c
259
src/nrpe.c
@ -1,10 +1,10 @@
|
|||||||
/*******************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* NRPE.C - Nagios Remote Plugin Executor
|
* nrpe.c - Nagios Remote Plugin Executor
|
||||||
*
|
*
|
||||||
* Copyright (c) 2009 Nagios Core Development Team and Community Contributors
|
* License: GPLv2
|
||||||
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
|
* Copyright (c) 2009-2017 Nagios Enterprises
|
||||||
* License: GPL
|
* 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||||
*
|
*
|
||||||
* Command line: nrpe -c <config_file> [--inetd | --daemon]
|
* Command line: nrpe -c <config_file> [--inetd | --daemon]
|
||||||
*
|
*
|
||||||
@ -16,13 +16,23 @@
|
|||||||
* such as check_users, check_load, check_disk, etc. without
|
* such as check_users, check_load, check_disk, etc. without
|
||||||
* having to use rsh or ssh.
|
* having to use rsh or ssh.
|
||||||
*
|
*
|
||||||
******************************************************************************/
|
* License Notice:
|
||||||
|
*
|
||||||
/*
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* 08-10-2011 IPv4 subnetworks support added.
|
* it under the terms of the GNU General Public License as published by
|
||||||
* Main change in nrpe.c is that is_an_allowed_host() moved to acl.c.
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
* now allowed_hosts is parsed by parse_allowed_hosts() from acl.c.
|
* (at your option) any later version.
|
||||||
*/
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
@ -102,6 +112,8 @@ int show_help = FALSE;
|
|||||||
int show_license = FALSE;
|
int show_license = FALSE;
|
||||||
int show_version = FALSE;
|
int show_version = FALSE;
|
||||||
int use_inetd = TRUE;
|
int use_inetd = TRUE;
|
||||||
|
int commands_running = 0;
|
||||||
|
int max_commands = 0;
|
||||||
int debug = FALSE;
|
int debug = FALSE;
|
||||||
int use_src = FALSE; /* Define parameter for SRC option */
|
int use_src = FALSE; /* Define parameter for SRC option */
|
||||||
int no_forking = FALSE;
|
int no_forking = FALSE;
|
||||||
@ -135,7 +147,11 @@ struct _SSL_PARMS {
|
|||||||
ClntCerts client_certs;
|
ClntCerts client_certs;
|
||||||
SslLogging log_opts;
|
SslLogging log_opts;
|
||||||
} sslprm = {
|
} sslprm = {
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
|
NULL, NULL, NULL, "ALL:!MD5:@STRENGTH:@SECLEVEL=0", TLSv1_plus, TRUE, 0, SSL_NoLogging};
|
||||||
|
#else
|
||||||
NULL, NULL, NULL, "ALL:!MD5:@STRENGTH", TLSv1_plus, TRUE, 0, SSL_NoLogging};
|
NULL, NULL, NULL, "ALL:!MD5:@STRENGTH", TLSv1_plus, TRUE, 0, SSL_NoLogging};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#ifdef HAVE_SSL
|
#ifdef HAVE_SSL
|
||||||
@ -167,7 +183,10 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
/* get absolute path of current working directory */
|
/* get absolute path of current working directory */
|
||||||
strcpy(config_file, "");
|
strcpy(config_file, "");
|
||||||
getcwd(config_file, sizeof(config_file));
|
if (getcwd(config_file, sizeof(config_file)) == NULL) {
|
||||||
|
printf("ERROR: getcwd(): %s, bailing out...\n", strerror(errno));
|
||||||
|
exit(STATE_CRITICAL);
|
||||||
|
}
|
||||||
|
|
||||||
/* append a forward slash */
|
/* append a forward slash */
|
||||||
strncat(config_file, "/", sizeof(config_file) - 2);
|
strncat(config_file, "/", sizeof(config_file) - 2);
|
||||||
@ -263,6 +282,9 @@ void init_ssl(void)
|
|||||||
/* initialize SSL */
|
/* initialize SSL */
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
|
ENGINE_load_builtin_engines();
|
||||||
|
RAND_set_rand_engine(NULL);
|
||||||
|
ENGINE_register_all_complete();
|
||||||
|
|
||||||
meth = SSLv23_server_method();
|
meth = SSLv23_server_method();
|
||||||
|
|
||||||
@ -408,7 +430,7 @@ void init_ssl(void)
|
|||||||
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
|
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
|
||||||
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
logit(LOG_ERR, "Error: could not use certificate file '%s': %s\n",
|
logit(LOG_ERR, "Error: could not use CA certificate file '%s': %s\n",
|
||||||
sslprm.cacert_file, ERR_reason_error_string(x));
|
sslprm.cacert_file, ERR_reason_error_string(x));
|
||||||
}
|
}
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
@ -422,8 +444,14 @@ void init_ssl(void)
|
|||||||
strcat(sslprm.cipher_list, ":!ADH");
|
strcat(sslprm.cipher_list, ":!ADH");
|
||||||
} else {
|
} else {
|
||||||
/* use anonymous DH ciphers */
|
/* use anonymous DH ciphers */
|
||||||
if (sslprm.allowDH == 2)
|
if (sslprm.allowDH == 2) {
|
||||||
strcpy(sslprm.cipher_list, "ADH");
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
|
strncpy(sslprm.cipher_list, "ADH@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
|
||||||
|
#else
|
||||||
|
strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef USE_SSL_DH
|
#ifdef USE_SSL_DH
|
||||||
dh = get_dh2048();
|
dh = get_dh2048();
|
||||||
SSL_CTX_set_tmp_dh(ctx, dh);
|
SSL_CTX_set_tmp_dh(ctx, dh);
|
||||||
@ -452,12 +480,8 @@ void log_ssl_startup(void)
|
|||||||
sslprm.privatekey_file ? sslprm.privatekey_file : "None");
|
sslprm.privatekey_file ? sslprm.privatekey_file : "None");
|
||||||
logit(LOG_INFO, "SSL CA Certificate File: %s",
|
logit(LOG_INFO, "SSL CA Certificate File: %s",
|
||||||
sslprm.cacert_file ? sslprm.cacert_file : "None");
|
sslprm.cacert_file ? sslprm.cacert_file : "None");
|
||||||
if (sslprm.allowDH < 2)
|
|
||||||
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
|
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
|
||||||
else
|
logit(LOG_INFO, "SSL Allow ADH: %d", sslprm.allowDH == 0);
|
||||||
logit(LOG_INFO, "SSL Cipher List: ADH");
|
|
||||||
logit(LOG_INFO, "SSL Allow ADH: %s",
|
|
||||||
sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
|
|
||||||
logit(LOG_INFO, "SSL Client Certs: %s",
|
logit(LOG_INFO, "SSL Client Certs: %s",
|
||||||
sslprm.client_certs == 0 ? "Don't Ask" : (sslprm.client_certs ==
|
sslprm.client_certs == 0 ? "Don't Ask" : (sslprm.client_certs ==
|
||||||
1 ? "Accept" : "Require"));
|
1 ? "Accept" : "Require"));
|
||||||
@ -503,19 +527,30 @@ void log_ssl_startup(void)
|
|||||||
|
|
||||||
void usage(int result)
|
void usage(int result)
|
||||||
{
|
{
|
||||||
|
if (result != OK) {
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
printf("Incorrect command line arguments supplied\n");
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
printf("NRPE - Nagios Remote Plugin Executor\n");
|
printf("NRPE - Nagios Remote Plugin Executor\n");
|
||||||
printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
|
|
||||||
printf("Version: %s\n", PROGRAM_VERSION);
|
printf("Version: %s\n", PROGRAM_VERSION);
|
||||||
|
printf("\n");
|
||||||
|
if (result != OK || show_help == TRUE) {
|
||||||
|
printf("Copyright (c) 2009-2017 Nagios Enterprises\n");
|
||||||
|
printf(" 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
|
||||||
|
printf("\n");
|
||||||
printf("Last Modified: %s\n", MODIFICATION_DATE);
|
printf("Last Modified: %s\n", MODIFICATION_DATE);
|
||||||
|
printf("\n");
|
||||||
printf("License: GPL v2 with exemptions (-l for more info)\n");
|
printf("License: GPL v2 with exemptions (-l for more info)\n");
|
||||||
|
printf("\n");
|
||||||
#ifdef HAVE_SSL
|
#ifdef HAVE_SSL
|
||||||
printf("SSL/TLS Available, OpenSSL 0.9.6 or higher required\n");
|
printf("SSL/TLS Available, OpenSSL 0.9.6 or higher required\n");
|
||||||
|
printf("\n");
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_LIBWRAP
|
#ifdef HAVE_LIBWRAP
|
||||||
printf("TCP Wrappers Available\n");
|
printf("TCP Wrappers Available\n");
|
||||||
#endif
|
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
#endif
|
||||||
#ifdef ENABLE_COMMAND_ARGUMENTS
|
#ifdef ENABLE_COMMAND_ARGUMENTS
|
||||||
printf("***************************************************************\n");
|
printf("***************************************************************\n");
|
||||||
printf("** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **\n");
|
printf("** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **\n");
|
||||||
@ -530,23 +565,19 @@ void usage(int result)
|
|||||||
printf("***************************************************************\n");
|
printf("***************************************************************\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
#endif
|
#endif
|
||||||
|
printf("Usage: nrpe [-V] [-n] -c <config_file> [-4|-6] <mode>\n");
|
||||||
if (show_license == TRUE)
|
|
||||||
display_license();
|
|
||||||
|
|
||||||
if (result != OK || show_help == TRUE) {
|
|
||||||
printf("Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>\n");
|
|
||||||
printf("\n");
|
printf("\n");
|
||||||
printf("Options:\n");
|
printf("Options:\n");
|
||||||
printf(" -n = Do not use SSL\n");
|
printf(" -V, --version Print version info and quit\n");
|
||||||
printf(" -c <config_file> = Name of config file to use\n");
|
printf(" -n, --no-ssl Do not use SSL\n");
|
||||||
printf(" -4 = use ipv4 only\n");
|
printf(" -c, --config=FILE Name of config file to use\n");
|
||||||
printf(" -6 = use ipv6 only\n");
|
printf(" -4, --ipv4 Use ipv4 only\n");
|
||||||
printf(" <mode> = One of the following operating modes:\n");
|
printf(" -6, --ipv6 Use ipv6 only\n");
|
||||||
printf(" -i = Run as a service under inetd or xinetd\n");
|
printf(" <mode> (One of the following operating modes)\n");
|
||||||
printf(" -d = Run as a standalone daemon\n");
|
printf(" -i, --inetd Run as a service under inetd or xinetd\n");
|
||||||
printf(" -d -s = Run as a subsystem under AIX\n");
|
printf(" -d, --daemon Run as a standalone daemon\n");
|
||||||
printf(" -f = Don't fork() for systemd, launchd, etc.\n");
|
printf(" -s, --src Run as a subsystem under AIX\n");
|
||||||
|
printf(" -f, --no-forking Don't fork() (for systemd, launchd, etc.)\n");
|
||||||
printf("\n");
|
printf("\n");
|
||||||
printf("Notes:\n");
|
printf("Notes:\n");
|
||||||
printf("This program is designed to process requests from the check_nrpe\n");
|
printf("This program is designed to process requests from the check_nrpe\n");
|
||||||
@ -559,6 +590,9 @@ void usage(int result)
|
|||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (show_license == TRUE)
|
||||||
|
display_license();
|
||||||
|
|
||||||
exit(STATE_UNKNOWN);
|
exit(STATE_UNKNOWN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -621,6 +655,11 @@ void set_stdio_sigs(void)
|
|||||||
struct sigaction sig_action;
|
struct sigaction sig_action;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (chdir("/") == -1) {
|
||||||
|
printf("ERROR: chdir(): %s, bailing out...\n", strerror(errno));
|
||||||
|
exit(STATE_CRITICAL);
|
||||||
|
}
|
||||||
|
|
||||||
close(0); /* close standard file descriptors */
|
close(0); /* close standard file descriptors */
|
||||||
close(1);
|
close(1);
|
||||||
close(2);
|
close(2);
|
||||||
@ -628,8 +667,6 @@ void set_stdio_sigs(void)
|
|||||||
open("/dev/null", O_WRONLY);
|
open("/dev/null", O_WRONLY);
|
||||||
open("/dev/null", O_WRONLY);
|
open("/dev/null", O_WRONLY);
|
||||||
|
|
||||||
chdir("/");
|
|
||||||
|
|
||||||
/* handle signals */
|
/* handle signals */
|
||||||
#ifdef HAVE_SIGACTION
|
#ifdef HAVE_SIGACTION
|
||||||
sig_action.sa_sigaction = NULL;
|
sig_action.sa_sigaction = NULL;
|
||||||
@ -650,8 +687,10 @@ void set_stdio_sigs(void)
|
|||||||
exit(STATE_CRITICAL);
|
exit(STATE_CRITICAL);
|
||||||
|
|
||||||
clean_environ(keep_env_vars, nrpe_user);
|
clean_environ(keep_env_vars, nrpe_user);
|
||||||
drop_privileges(nrpe_user, nrpe_group, 0); /* drop privileges */
|
|
||||||
check_privileges(); /* make sure we're not root */
|
/* drop and then check privileges */
|
||||||
|
drop_privileges(nrpe_user, nrpe_group, 0);
|
||||||
|
check_privileges();
|
||||||
}
|
}
|
||||||
|
|
||||||
void cleanup(void)
|
void cleanup(void)
|
||||||
@ -786,6 +825,14 @@ int read_config_file(char *filename)
|
|||||||
if (read_config_file(varvalue) == ERROR)
|
if (read_config_file(varvalue) == ERROR)
|
||||||
logit(LOG_ERR, "Continuing with errors...");
|
logit(LOG_ERR, "Continuing with errors...");
|
||||||
|
|
||||||
|
} else if (!strcmp(varname, "max_commands")) {
|
||||||
|
|
||||||
|
max_commands = atoi(varvalue);
|
||||||
|
if (max_commands < 0) {
|
||||||
|
logit(LOG_WARNING, "max_commands set too low, setting to 0\n");
|
||||||
|
max_commands = 0;
|
||||||
|
}
|
||||||
|
|
||||||
} else if (!strcmp(varname, "server_port")) {
|
} else if (!strcmp(varname, "server_port")) {
|
||||||
server_port = atoi(varvalue);
|
server_port = atoi(varvalue);
|
||||||
if (server_port < 1024) {
|
if (server_port < 1024) {
|
||||||
@ -1407,7 +1454,7 @@ int wait_conn_fork(int sock)
|
|||||||
pid = fork();
|
pid = fork();
|
||||||
|
|
||||||
if (pid < 0) {
|
if (pid < 0) {
|
||||||
logit(LOG_ERR, "fork() failed with error %d, bailing out...", errno);
|
logit(LOG_ERR, "Second fork() failed with error %d, bailing out...", errno);
|
||||||
exit(STATE_CRITICAL);
|
exit(STATE_CRITICAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1500,10 +1547,10 @@ void conn_check_peer(int sock)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (debug == TRUE)
|
if (debug == TRUE)
|
||||||
logit(LOG_INFO, "CONN_CHECK_PEER: is this a blessed machine: %s port %d\n",
|
logit(LOG_INFO, "CONN_CHECK_PEER: checking if host is allowed: %s port %d\n",
|
||||||
remote_host, nptr->sin_port);
|
remote_host, nptr->sin_port);
|
||||||
|
|
||||||
/* is this is a blessed machine? */
|
/* is this host allowed? */
|
||||||
if (allowed_hosts) {
|
if (allowed_hosts) {
|
||||||
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
|
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
|
||||||
switch (addr.ss_family) {
|
switch (addr.ss_family) {
|
||||||
@ -1707,7 +1754,7 @@ void handle_connection(int sock)
|
|||||||
send_buff = calloc(1, sizeof(buffer));
|
send_buff = calloc(1, sizeof(buffer));
|
||||||
strcpy(send_buff, buffer);
|
strcpy(send_buff, buffer);
|
||||||
}
|
}
|
||||||
result = STATE_CRITICAL;
|
result = STATE_UNKNOWN;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
@ -1882,22 +1929,20 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
|
|||||||
rc = 0;
|
rc = 0;
|
||||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||||
errmsg = ERR_reason_error_string(x);
|
errmsg = ERR_reason_error_string(x);
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
logit(LOG_ERR, "Error: (ERR_get_error_line_data = %d), Could not complete SSL handshake with %s: %s", x, remote_host, errmsg);
|
||||||
remote_host, errmsg);
|
|
||||||
if (errmsg && !strcmp(errmsg, "no shared cipher")) {
|
if (errmsg && !strcmp(errmsg, "no shared cipher") && (sslprm.cert_file == NULL || sslprm.cacert_file == NULL))
|
||||||
if (sslprm.cert_file == NULL || sslprm.cacert_file == NULL)
|
logit(LOG_ERR, "Error: This could be because you have not specified certificate or ca-certificate files");
|
||||||
logit(LOG_ERR, "Error: This could be because you have not "
|
|
||||||
"specified certificate or ca-certificate files");
|
|
||||||
}
|
|
||||||
++nerrs;
|
++nerrs;
|
||||||
}
|
}
|
||||||
if (nerrs == 0)
|
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %d",
|
|
||||||
remote_host, SSL_get_error(ssl, rc));
|
|
||||||
|
|
||||||
} else
|
if (nerrs == 0) {
|
||||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %d",
|
logit(LOG_ERR, "Error: (nerrs = 0) Could not complete SSL handshake with %s: %d", remote_host, SSL_get_error(ssl, rc));
|
||||||
remote_host, SSL_get_error(ssl, rc));
|
}
|
||||||
|
} else {
|
||||||
|
logit(LOG_ERR, "Error: (!log_opts) Could not complete SSL handshake with %s: %d", remote_host, SSL_get_error(ssl, rc));
|
||||||
|
}
|
||||||
# ifdef DEBUG
|
# ifdef DEBUG
|
||||||
errfp = fopen("/tmp/err.log", "a");
|
errfp = fopen("/tmp/err.log", "a");
|
||||||
ERR_print_errors_fp(errfp);
|
ERR_print_errors_fp(errfp);
|
||||||
@ -1908,27 +1953,30 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
|
|||||||
|
|
||||||
/* successful handshake */
|
/* successful handshake */
|
||||||
if (sslprm.log_opts & SSL_LogVersion)
|
if (sslprm.log_opts & SSL_LogVersion)
|
||||||
logit(LOG_NOTICE, "Remote %s - SSL Version: %s",
|
logit(LOG_NOTICE, "Remote %s - SSL Version: %s", remote_host, SSL_get_version(ssl));
|
||||||
remote_host, SSL_get_version(ssl));
|
|
||||||
if (sslprm.log_opts & SSL_LogCipher) {
|
if (sslprm.log_opts & SSL_LogCipher) {
|
||||||
c = SSL_get_current_cipher(ssl);
|
c = SSL_get_current_cipher(ssl);
|
||||||
logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", remote_host,
|
logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", remote_host, SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
|
||||||
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((sslprm.log_opts & SSL_LogIfClientCert)
|
if ((sslprm.log_opts & SSL_LogIfClientCert)
|
||||||
|| (sslprm.log_opts & SSL_LogCertDetails))
|
|| (sslprm.log_opts & SSL_LogCertDetails)) {
|
||||||
{
|
|
||||||
|
|
||||||
peer = SSL_get_peer_certificate(ssl);
|
peer = SSL_get_peer_certificate(ssl);
|
||||||
|
|
||||||
if (peer) {
|
if (peer) {
|
||||||
if (sslprm.log_opts & SSL_LogIfClientCert)
|
if (sslprm.log_opts & SSL_LogIfClientCert)
|
||||||
logit(LOG_NOTICE, "SSL Client %s has %svalid certificate",
|
logit(LOG_NOTICE, "SSL Client %s has %s certificate",
|
||||||
remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
|
remote_host, SSL_get_verify_result(ssl) == X509_V_OK ? "a valid" : "an invalid");
|
||||||
|
|
||||||
if (sslprm.log_opts & SSL_LogCertDetails) {
|
if (sslprm.log_opts & SSL_LogCertDetails) {
|
||||||
|
|
||||||
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
|
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
|
||||||
logit(LOG_NOTICE, "SSL Client %s Cert Name: %s",
|
logit(LOG_NOTICE, "SSL Client %s Cert Name: %s",
|
||||||
remote_host, buffer);
|
remote_host, buffer);
|
||||||
|
|
||||||
X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
|
X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
|
||||||
logit(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
|
logit(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
|
||||||
remote_host, buffer);
|
remote_host, buffer);
|
||||||
@ -1963,7 +2011,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt
|
|||||||
|
|
||||||
packet_ver = ntohs(v2_pkt->packet_version);
|
packet_ver = ntohs(v2_pkt->packet_version);
|
||||||
if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_3) {
|
if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_3) {
|
||||||
logit(LOG_ERR, "Error: Request packet version was invalid!");
|
logit(LOG_ERR, "Error: (use_ssl == false): Request packet version was invalid!");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1991,7 +2039,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt
|
|||||||
buffer_size = ntohl(buffer_size);
|
buffer_size = ntohl(buffer_size);
|
||||||
pkt_size += buffer_size;
|
pkt_size += buffer_size;
|
||||||
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
|
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
|
||||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
logit(LOG_ERR, "Error: (use_ssl == false): Could not allocate memory for packet");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2025,7 +2073,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt
|
|||||||
|
|
||||||
packet_ver = ntohs(v2_pkt->packet_version);
|
packet_ver = ntohs(v2_pkt->packet_version);
|
||||||
if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_3) {
|
if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_3) {
|
||||||
logit(LOG_ERR, "Error: Request packet version was invalid!");
|
logit(LOG_ERR, "Error: (use_ssl == true): Request packet version was invalid!");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2058,7 +2106,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt
|
|||||||
buffer_size = ntohl(buffer_size);
|
buffer_size = ntohl(buffer_size);
|
||||||
pkt_size += buffer_size;
|
pkt_size += buffer_size;
|
||||||
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
|
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
|
||||||
logit(LOG_ERR, "Error: Could not allocate memory for packet");
|
logit(LOG_ERR, "Error: (use_ssl == true): Could not allocate memory for packet");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2129,7 +2177,19 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
|
|||||||
if (command == NULL) /* if no command was passed, return with no error */
|
if (command == NULL) /* if no command was passed, return with no error */
|
||||||
return STATE_OK;
|
return STATE_OK;
|
||||||
|
|
||||||
pipe(fd); /* create a pipe */
|
/* make sure that we are within max_commands boundaries before attempting */
|
||||||
|
if (max_commands != 0) {
|
||||||
|
while (commands_running >= max_commands) {
|
||||||
|
logit(LOG_WARNING, "Commands choked. Sleeping 1s - commands_running: %d, max_commands: %d", commands_running, max_commands);
|
||||||
|
sleep(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* create a pipe */
|
||||||
|
if (pipe(fd) == -1) {
|
||||||
|
logit(LOG_ERR, "ERROR: pipe(): %s, bailing out...", strerror(errno));
|
||||||
|
exit(STATE_CRITICAL);
|
||||||
|
}
|
||||||
|
|
||||||
/* make the pipe non-blocking */
|
/* make the pipe non-blocking */
|
||||||
fcntl(fd[0], F_SETFL, O_NONBLOCK);
|
fcntl(fd[0], F_SETFL, O_NONBLOCK);
|
||||||
@ -2161,7 +2221,11 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
|
|||||||
|
|
||||||
/* execute the command in the child process */
|
/* execute the command in the child process */
|
||||||
if (pid == 0) {
|
if (pid == 0) {
|
||||||
SETEUID(0); /* get root back so the next call works correctly */
|
|
||||||
|
/* get root back so the next call works correctly */
|
||||||
|
if (SETEUID(0) == -1 && debug)
|
||||||
|
logit(LOG_WARNING, "WARNING: my_system() seteuid(0): %s", strerror(errno));
|
||||||
|
|
||||||
drop_privileges(nrpe_user, nrpe_group, 1); /* drop privileges */
|
drop_privileges(nrpe_user, nrpe_group, 1); /* drop privileges */
|
||||||
close(fd[0]); /* close pipe for reading */
|
close(fd[0]); /* close pipe for reading */
|
||||||
setpgid(0, 0); /* become process group leader */
|
setpgid(0, 0); /* become process group leader */
|
||||||
@ -2184,8 +2248,11 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
|
|||||||
if (fp == NULL) {
|
if (fp == NULL) {
|
||||||
strncpy(buffer, "NRPE: Call to popen() failed\n", sizeof(buffer) - 1);
|
strncpy(buffer, "NRPE: Call to popen() failed\n", sizeof(buffer) - 1);
|
||||||
buffer[sizeof(buffer) - 1] = '\x0';
|
buffer[sizeof(buffer) - 1] = '\x0';
|
||||||
|
|
||||||
/* write the error back to the parent process */
|
/* write the error back to the parent process */
|
||||||
write(fd[1], buffer, strlen(buffer) + 1);
|
if (write(fd[1], buffer, strlen(buffer) + 1) == -1)
|
||||||
|
logit(LOG_ERR, "ERROR: my_system() write(fd, buffer)-1 failed...");
|
||||||
|
|
||||||
result = STATE_CRITICAL;
|
result = STATE_CRITICAL;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
@ -2193,10 +2260,13 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
|
|||||||
/* read all lines of output - supports Nagios 3.x multiline output */
|
/* read all lines of output - supports Nagios 3.x multiline output */
|
||||||
while ((bytes_read = fread(buffer, 1, sizeof(buffer) - 1, fp)) > 0) {
|
while ((bytes_read = fread(buffer, 1, sizeof(buffer) - 1, fp)) > 0) {
|
||||||
/* write the output back to the parent process */
|
/* write the output back to the parent process */
|
||||||
write(fd[1], buffer, bytes_read);
|
if (write(fd[1], buffer, bytes_read) == -1)
|
||||||
|
logit(LOG_ERR, "ERROR: my_system() write(fd, buffer)-2 failed...");
|
||||||
}
|
}
|
||||||
|
|
||||||
write(fd[1], "\0", 1);
|
if (write(fd[1], "\0", 1) == -1)
|
||||||
|
logit(LOG_ERR, "ERROR: my_system() write(fd, NULL) failed...");
|
||||||
|
|
||||||
status = pclose(fp); /* close the command and get termination status */
|
status = pclose(fp); /* close the command and get termination status */
|
||||||
|
|
||||||
/* report an error if we couldn't close the command */
|
/* report an error if we couldn't close the command */
|
||||||
@ -2216,6 +2286,8 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
|
|||||||
} else {
|
} else {
|
||||||
/* parent waits for child to finish executing command */
|
/* parent waits for child to finish executing command */
|
||||||
|
|
||||||
|
commands_running++;
|
||||||
|
|
||||||
close(fd[1]); /* close pipe for writing */
|
close(fd[1]); /* close pipe for writing */
|
||||||
waitpid(pid, &status, 0); /* wait for child to exit */
|
waitpid(pid, &status, 0); /* wait for child to exit */
|
||||||
time(&end_time); /* get the end time for running the command */
|
time(&end_time); /* get the end time for running the command */
|
||||||
@ -2266,6 +2338,8 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
|
|||||||
}
|
}
|
||||||
|
|
||||||
close(fd[0]); /* close the pipe for reading */
|
close(fd[0]); /* close the pipe for reading */
|
||||||
|
|
||||||
|
commands_running--;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
@ -2296,6 +2370,9 @@ int drop_privileges(char *user, char *group, int full_drop)
|
|||||||
struct group *grp;
|
struct group *grp;
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
|
|
||||||
|
if (use_inetd == TRUE)
|
||||||
|
return OK;
|
||||||
|
|
||||||
/* set effective group ID */
|
/* set effective group ID */
|
||||||
if (group != NULL) {
|
if (group != NULL) {
|
||||||
|
|
||||||
@ -2342,11 +2419,9 @@ int drop_privileges(char *user, char *group, int full_drop)
|
|||||||
/* initialize supplementary groups */
|
/* initialize supplementary groups */
|
||||||
if (initgroups(user, gid) == -1) {
|
if (initgroups(user, gid) == -1) {
|
||||||
if (errno == EPERM)
|
if (errno == EPERM)
|
||||||
logit(LOG_ERR,
|
logit(LOG_ERR, "Warning: Unable to change supplementary groups using initgroups()");
|
||||||
"Warning: Unable to change supplementary groups using initgroups()");
|
|
||||||
else {
|
else {
|
||||||
logit(LOG_ERR,
|
logit(LOG_ERR, "Warning: Possibly root user failed dropping privileges with initgroups()");
|
||||||
"Warning: Possibly root user failed dropping privileges with initgroups()");
|
|
||||||
return ERROR;
|
return ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2391,9 +2466,7 @@ int write_pid_file(void)
|
|||||||
|
|
||||||
else {
|
else {
|
||||||
/* previous process is still running */
|
/* previous process is still running */
|
||||||
logit(LOG_ERR,
|
logit(LOG_ERR, "There's already an NRPE server running (PID %lu). Bailing out...", (unsigned long)pid);
|
||||||
"There's already an NRPE server running (PID %lu). Bailing out...",
|
|
||||||
(unsigned long)pid);
|
|
||||||
return ERROR;
|
return ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2402,7 +2475,10 @@ int write_pid_file(void)
|
|||||||
/* write new pid file */
|
/* write new pid file */
|
||||||
if ((fd = open(pid_file, O_WRONLY | O_CREAT, 0644)) >= 0) {
|
if ((fd = open(pid_file, O_WRONLY | O_CREAT, 0644)) >= 0) {
|
||||||
sprintf(pbuf, "%d\n", (int)getpid());
|
sprintf(pbuf, "%d\n", (int)getpid());
|
||||||
write(fd, pbuf, strlen(pbuf));
|
|
||||||
|
if (write(fd, pbuf, strlen(pbuf)) == -1)
|
||||||
|
logit(LOG_ERR, "ERROR: write_pid_file() write(fd, pbuf) failed...");
|
||||||
|
|
||||||
close(fd);
|
close(fd);
|
||||||
wrote_pid_file = TRUE;
|
wrote_pid_file = TRUE;
|
||||||
} else {
|
} else {
|
||||||
@ -2421,7 +2497,10 @@ int remove_pid_file(void)
|
|||||||
if (wrote_pid_file == FALSE)
|
if (wrote_pid_file == FALSE)
|
||||||
return OK; /* pid file was not written */
|
return OK; /* pid file was not written */
|
||||||
|
|
||||||
SETEUID(0); /* get root back so we can delete the pid file */
|
/* get root back so we can delete the pid file */
|
||||||
|
if (SETEUID(0) == -1 && debug)
|
||||||
|
logit(LOG_WARNING, "WARNING: remove_pid_file() seteuid(0): %s", strerror(errno));
|
||||||
|
|
||||||
if (unlink(pid_file) == -1) {
|
if (unlink(pid_file) == -1) {
|
||||||
logit(LOG_ERR, "Cannot remove pidfile '%s' - check your privileges.", pid_file);
|
logit(LOG_ERR, "Cannot remove pidfile '%s' - check your privileges.", pid_file);
|
||||||
return ERROR;
|
return ERROR;
|
||||||
@ -2587,8 +2666,7 @@ int validate_request(v2_packet * v2pkt, v3_packet * v3pkt)
|
|||||||
if (strchr(v2pkt->buffer, '!')) {
|
if (strchr(v2pkt->buffer, '!')) {
|
||||||
#ifdef ENABLE_COMMAND_ARGUMENTS
|
#ifdef ENABLE_COMMAND_ARGUMENTS
|
||||||
if (allow_arguments == FALSE) {
|
if (allow_arguments == FALSE) {
|
||||||
logit(LOG_ERR,
|
logit(LOG_ERR, "Error: Request contained command arguments, but argument option is not enabled!");
|
||||||
"Error: Request contained command arguments, but argument option is not enabled!");
|
|
||||||
return ERROR;
|
return ERROR;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
@ -2631,8 +2709,7 @@ int validate_request(v2_packet * v2pkt, v3_packet * v3pkt)
|
|||||||
return ERROR;
|
return ERROR;
|
||||||
# else
|
# else
|
||||||
if (FALSE == allow_bash_cmd_subst) {
|
if (FALSE == allow_bash_cmd_subst) {
|
||||||
logit(LOG_ERR,
|
logit(LOG_ERR, "Error: Request contained a bash command substitution, but they are disallowed!");
|
||||||
"Error: Request contained a bash command substitution, but they are disallowed!");
|
|
||||||
return ERROR;
|
return ERROR;
|
||||||
}
|
}
|
||||||
# endif
|
# endif
|
||||||
@ -2737,11 +2814,12 @@ int process_arguments(int argc, char **argv)
|
|||||||
{"src", no_argument, 0, 's'},
|
{"src", no_argument, 0, 's'},
|
||||||
{"no-forking", no_argument, 0, 'f'},
|
{"no-forking", no_argument, 0, 'f'},
|
||||||
{"4", no_argument, 0, '4'},
|
{"4", no_argument, 0, '4'},
|
||||||
{"6", no_argument, 0, '4'},
|
{"ipv6", no_argument, 0, '6'},
|
||||||
{"daemon", no_argument, 0, 'd'},
|
{"daemon", no_argument, 0, 'd'},
|
||||||
{"no-ssl", no_argument, 0, 'n'},
|
{"no-ssl", no_argument, 0, 'n'},
|
||||||
{"help", no_argument, 0, 'h'},
|
{"help", no_argument, 0, 'h'},
|
||||||
{"license", no_argument, 0, 'l'},
|
{"license", no_argument, 0, 'l'},
|
||||||
|
{"version", no_argument, 0, 'V'},
|
||||||
{0, 0, 0, 0}
|
{0, 0, 0, 0}
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
@ -2771,6 +2849,7 @@ int process_arguments(int argc, char **argv)
|
|||||||
|
|
||||||
case 'V':
|
case 'V':
|
||||||
show_version = TRUE;
|
show_version = TRUE;
|
||||||
|
have_mode = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'l':
|
case 'l':
|
||||||
|
72
src/utils.c
72
src/utils.c
@ -1,17 +1,16 @@
|
|||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
*
|
*
|
||||||
* UTILS.C - NRPE Utility Functions
|
* utils.c - NRPE Utility Functions
|
||||||
*
|
*
|
||||||
* License: GPL
|
* License: GPLv2
|
||||||
* Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
|
* Copyright (c) 2009-2017 Nagios Enterprises
|
||||||
*
|
* 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||||
* Last Modified: 12-11-2006
|
|
||||||
*
|
*
|
||||||
* Description:
|
* Description:
|
||||||
*
|
*
|
||||||
* This file contains common network functions used in nrpe and check_nrpe.
|
* This file contains common network functions used in nrpe and check_nrpe.
|
||||||
*
|
*
|
||||||
* License Information:
|
* License Notice:
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
@ -58,7 +57,7 @@ static unsigned long crc32_table[256];
|
|||||||
char *log_file = NULL;
|
char *log_file = NULL;
|
||||||
FILE *log_fp = NULL;
|
FILE *log_fp = NULL;
|
||||||
|
|
||||||
static int my_create_socket(struct addrinfo *ai, const char *bind_address);
|
static int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr);
|
||||||
|
|
||||||
|
|
||||||
/* build the crc table - must be called before calculating the crc value */
|
/* build the crc table - must be called before calculating the crc value */
|
||||||
@ -134,10 +133,10 @@ void randomize_buffer(char *buffer, int buffer_size)
|
|||||||
/* opens a connection to a remote host */
|
/* opens a connection to a remote host */
|
||||||
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
|
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
|
||||||
int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
|
int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
|
||||||
int address_family, const char *bind_address)
|
int address_family, const char *bind_address, int redirect_stderr)
|
||||||
#else
|
#else
|
||||||
int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
|
int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
int address_family, const char *bind_address)
|
int address_family, const char *bind_address, int redirect_stderr)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
struct addrinfo hints, *ai, *aitop;
|
struct addrinfo hints, *ai, *aitop;
|
||||||
@ -145,12 +144,16 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
|
|||||||
int gaierr;
|
int gaierr;
|
||||||
int sock = -1;
|
int sock = -1;
|
||||||
|
|
||||||
|
FILE *output = stderr;
|
||||||
|
if (redirect_stderr)
|
||||||
|
output = stdout;
|
||||||
|
|
||||||
memset(&hints, 0, sizeof(hints));
|
memset(&hints, 0, sizeof(hints));
|
||||||
hints.ai_family = address_family;
|
hints.ai_family = address_family;
|
||||||
hints.ai_socktype = SOCK_STREAM;
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
snprintf(strport, sizeof strport, "%u", port);
|
snprintf(strport, sizeof strport, "%u", port);
|
||||||
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
|
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
|
||||||
fprintf(stderr, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
|
fprintf(output, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -163,12 +166,12 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
|
|||||||
continue;
|
continue;
|
||||||
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
|
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
|
||||||
strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
|
strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
|
||||||
fprintf(stderr, "my_connect: getnameinfo failed\n");
|
fprintf(output, "my_connect: getnameinfo failed\n");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create a socket for connecting. */
|
/* Create a socket for connecting. */
|
||||||
sock = my_create_socket(ai, bind_address);
|
sock = my_create_socket(ai, bind_address, redirect_stderr);
|
||||||
if (sock < 0)
|
if (sock < 0)
|
||||||
continue; /* Any error is already output */
|
continue; /* Any error is already output */
|
||||||
|
|
||||||
@ -177,7 +180,7 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
|
|||||||
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
|
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
|
||||||
break;
|
break;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "connect to address %s port %s: %s\n", ntop, strport,
|
fprintf(output, "connect to address %s port %s: %s\n", ntop, strport,
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
close(sock);
|
close(sock);
|
||||||
sock = -1;
|
sock = -1;
|
||||||
@ -188,21 +191,25 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
|
|||||||
|
|
||||||
/* Return failure if we didn't get a successful connection. */
|
/* Return failure if we didn't get a successful connection. */
|
||||||
if (sock == -1) {
|
if (sock == -1) {
|
||||||
fprintf(stderr, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
|
fprintf(output, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return sock;
|
return sock;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Creates a socket for the connection. */
|
/* Creates a socket for the connection. */
|
||||||
int my_create_socket(struct addrinfo *ai, const char *bind_address)
|
int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr)
|
||||||
{
|
{
|
||||||
int sock, gaierr;
|
int sock, gaierr;
|
||||||
struct addrinfo hints, *res;
|
struct addrinfo hints, *res;
|
||||||
|
|
||||||
|
FILE *output = stderr;
|
||||||
|
if (redirect_stderr)
|
||||||
|
output = stdout;
|
||||||
|
|
||||||
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
||||||
if (sock < 0)
|
if (sock < 0)
|
||||||
fprintf(stderr, "socket: %.100s\n", strerror(errno));
|
fprintf(output, "socket: %.100s\n", strerror(errno));
|
||||||
|
|
||||||
/* Bind the socket to an alternative local IP address */
|
/* Bind the socket to an alternative local IP address */
|
||||||
if (bind_address == NULL)
|
if (bind_address == NULL)
|
||||||
@ -215,12 +222,12 @@ int my_create_socket(struct addrinfo *ai, const char *bind_address)
|
|||||||
hints.ai_flags = AI_PASSIVE;
|
hints.ai_flags = AI_PASSIVE;
|
||||||
gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
|
gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
|
||||||
if (gaierr) {
|
if (gaierr) {
|
||||||
fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
|
fprintf(output, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
|
||||||
close(sock);
|
close(sock);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
|
if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
|
||||||
fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
|
fprintf(output, "bind: %s: %s\n", bind_address, strerror(errno));
|
||||||
close(sock);
|
close(sock);
|
||||||
freeaddrinfo(res);
|
freeaddrinfo(res);
|
||||||
return -1;
|
return -1;
|
||||||
@ -319,24 +326,35 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
|
|||||||
free(keep);
|
free(keep);
|
||||||
free(kept);
|
free(kept);
|
||||||
|
|
||||||
setenv("PATH", path, 1);
|
|
||||||
setenv("IFS", " \t\n", 1);
|
|
||||||
setenv("LOGNAME", nrpe_user, 0);
|
|
||||||
setenv("USER", nrpe_user, 0);
|
|
||||||
|
|
||||||
|
char * user = NULL;
|
||||||
|
|
||||||
|
if (nrpe_user != NULL) {
|
||||||
|
user = strdup(nrpe_user);
|
||||||
pw = (struct passwd *)getpwnam(nrpe_user);
|
pw = (struct passwd *)getpwnam(nrpe_user);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (nrpe_user == NULL || pw == NULL) {
|
||||||
|
pw = (struct passwd *)getpwuid(getuid());
|
||||||
|
if (pw != NULL) {
|
||||||
|
user = strdup(pw->pw_name);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (pw == NULL) {
|
if (pw == NULL) {
|
||||||
char *end = NULL;
|
free(user);
|
||||||
uid_t uid = strtol(nrpe_user, &end, 10);
|
|
||||||
if (uid > 0)
|
|
||||||
pw = (struct passwd *)getpwuid(uid);
|
|
||||||
if (pw == NULL || *end != '\0')
|
|
||||||
return OK;
|
return OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setenv("PATH", path, 1);
|
||||||
|
setenv("IFS", " \t\n", 1);
|
||||||
|
setenv("LOGNAME", user, 0);
|
||||||
|
setenv("USER", user, 0);
|
||||||
setenv("HOME", pw->pw_dir, 0);
|
setenv("HOME", pw->pw_dir, 0);
|
||||||
setenv("SHELL", pw->pw_shell, 0);
|
setenv("SHELL", pw->pw_shell, 0);
|
||||||
|
|
||||||
|
free(user);
|
||||||
|
|
||||||
return OK;
|
return OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
49
startup/gentoo-init.in
Normal file
49
startup/gentoo-init.in
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
#!/sbin/openrc-run
|
||||||
|
#
|
||||||
|
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
|
||||||
|
#
|
||||||
|
# Start/stop the nrpe daemon.
|
||||||
|
#
|
||||||
|
# Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
|
||||||
|
|
||||||
|
extra_started_commands="reload"
|
||||||
|
|
||||||
|
NRPE_BIN="@sbindir@/nrpe"
|
||||||
|
NRPE_PID="@piddir@/nrpe.pid"
|
||||||
|
NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
use logger dns net localmount netmount nfsmount
|
||||||
|
}
|
||||||
|
|
||||||
|
checkconfig() {
|
||||||
|
# Make sure the config file exists
|
||||||
|
if [ ! -f $NRPE_CFG ]; then
|
||||||
|
eerror "You need to setup $NRPE_CFG."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
checkconfig || return 1
|
||||||
|
ebegin "Starting nrpe"
|
||||||
|
# Make sure we have a sane current directory
|
||||||
|
cd /
|
||||||
|
start-stop-daemon --start --exec $NRPE_BIN --pidfile $NRPE_PID \
|
||||||
|
--background -- -c $NRPE_CFG -f $NRPE_OPTS
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
ebegin "Stopping nrpe"
|
||||||
|
start-stop-daemon --stop --exec $NRPE_BIN --pidfile $NRPE_PID
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
reload() {
|
||||||
|
ebegin "Reloading nrpe"
|
||||||
|
start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
|
||||||
|
--pidfile $NRPE_PID --signal HUP
|
||||||
|
eend $?
|
||||||
|
}
|
@ -1,7 +1,7 @@
|
|||||||
# /etc/conf.d/nrpe : config file for /etc/init.d/nrpe
|
# /etc/conf.d/nrpe : config file for /etc/init.d/nrpe
|
||||||
|
|
||||||
# Configuration file - default is @sysconfdir@/nrpe.cfg
|
# The configuration file to use.
|
||||||
NRPE_CFG="@pgksysconfdir@/nrpe.cfg"
|
NRPE_CFG="@sysconfdir@/nrpe.cfg"
|
||||||
|
|
||||||
# Any additional nrpe options (-n -4 -6)
|
# Any additional options (e.g. -n -4 -6) to pass to the nrpe daemon.
|
||||||
NRPE_OPTS=""
|
NRPE_OPTS=""
|
||||||
|
@ -1,49 +1,17 @@
|
|||||||
#!/sbin/runscript
|
#!/sbin/openrc-run
|
||||||
#
|
#
|
||||||
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
|
# Copyright (c) 2017 Nagios(R) Core(TM) Development Team
|
||||||
#
|
#
|
||||||
# Start/stop the nrpe daemon.
|
|
||||||
#
|
|
||||||
# Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
|
|
||||||
|
|
||||||
opts="reload"
|
command="@sbindir@/nrpe"
|
||||||
# extra_started_commands="reload" use this if OpenRC >= 0.9.4
|
command_args="--config=${NRPE_CFG} ${NRPE_OPTS}"
|
||||||
|
command_args_background="--daemon"
|
||||||
NRPE_BIN="@sbindir@/nrpe"
|
description="Nagios Remote Plugin Executor (NRPE) daemon"
|
||||||
NRPE_PID="@piddir@/nrpe.pid"
|
extra_started_commands="reload"
|
||||||
|
pidfile="@piddir@/nrpe.pid"
|
||||||
depend() {
|
|
||||||
use logger dns net localmount netmount nfsmount
|
|
||||||
}
|
|
||||||
|
|
||||||
checkconfig() {
|
|
||||||
# Make sure the config file exists
|
|
||||||
if [ ! -f $NRPE_CFG ]; then
|
|
||||||
eerror "You need to setup $NRPE_CFG.
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
start() {
|
|
||||||
checkconfig || return 1
|
|
||||||
ebegin "Starting nrpe"
|
|
||||||
# Make sure we have a sane current directory
|
|
||||||
cd /
|
|
||||||
start-stop-daemon --start --exec $NRPE_BIN --pidfile $PID_FILE \
|
|
||||||
-- -c $NRPE_CFG -f $NRPE_OPTS
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
stop() {
|
|
||||||
ebegin "Stopping nrpe"
|
|
||||||
start-stop-daemon --stop --exec $NRPE_BIN --pidfile $PID_FILE
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
reload() {
|
reload() {
|
||||||
ebegin "Reloading nrpe"
|
ebegin "Reloading ${SVCNAME}"
|
||||||
start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
|
start-stop-daemon --signal HUP --pidfile "${pidfile}"
|
||||||
--pidfile $PID_FILE --signal HUP
|
|
||||||
eend $?
|
eend $?
|
||||||
}
|
}
|
||||||
|
3
test-wrapper
Executable file
3
test-wrapper
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Replace this once test is working properly.
|
||||||
|
./travis-test-1
|
34
travis-test-1
Executable file
34
travis-test-1
Executable file
@ -0,0 +1,34 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Integration test for nrpe/check_nrpe
|
||||||
|
# Should be run only on machines which do NOT have Nagios installed
|
||||||
|
# and which do not have an enabled firewall.
|
||||||
|
cd sample-config
|
||||||
|
echo >> nrpe.cfg # Hopefully this is a newline! I think nrpe.cfg ends in a newling anyways.
|
||||||
|
echo 'command[check_test]=/tmp/check_yes.sh' >> nrpe.cfg
|
||||||
|
|
||||||
|
# Make sure the directory exists such that nrpe can create the nrpe.pid file in the default location
|
||||||
|
mkdir /usr/ || true
|
||||||
|
mkdir /usr/local || true
|
||||||
|
mkdir /usr/local/nagios || true
|
||||||
|
mkdir /usr/local/nagios/var || true
|
||||||
|
|
||||||
|
# Make sure nagios user exists
|
||||||
|
useradd nagios
|
||||||
|
|
||||||
|
# Make a plugin
|
||||||
|
touch /tmp/check_yes.sh
|
||||||
|
echo 'echo OK' >> /tmp/check_yes.sh
|
||||||
|
|
||||||
|
# Give nagios control of plugins
|
||||||
|
chown nagios /tmp/check_yes.sh
|
||||||
|
chmod +x /tmp/check_yes.sh
|
||||||
|
|
||||||
|
# Start running the NRPE daemon to accept commands
|
||||||
|
cd ../src
|
||||||
|
./nrpe -c ../sample-config/nrpe.cfg -d
|
||||||
|
|
||||||
|
# Try to check_nrpe with our check_test command/check_yes.sh plugin
|
||||||
|
./check_nrpe -H 127.0.0.1 -c check_test
|
||||||
|
|
||||||
|
exit 0
|
@ -28,10 +28,10 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Current version number
|
# Current version number
|
||||||
CURRENTVERSION=3.1.1
|
CURRENTVERSION=3.2.1
|
||||||
|
|
||||||
# Last date
|
# Last date
|
||||||
LASTDATE=2017-05-24
|
LASTDATE=2017-09-01
|
||||||
|
|
||||||
if [ "x$1" = "x" ]
|
if [ "x$1" = "x" ]
|
||||||
then
|
then
|
||||||
@ -41,6 +41,8 @@ then
|
|||||||
echo "update version number and modification date in files."
|
echo "update version number and modification date in files."
|
||||||
echo "Use the \"newdate\" argument if you want to keep the current version"
|
echo "Use the \"newdate\" argument if you want to keep the current version"
|
||||||
echo "number and just update the modification date."
|
echo "number and just update the modification date."
|
||||||
|
echo "When using \"newdate\" you can specify the release date with"
|
||||||
|
echo "a second argument in the form of YYYY-MM-DD."
|
||||||
echo ""
|
echo ""
|
||||||
echo "Current version=$CURRENTVERSION"
|
echo "Current version=$CURRENTVERSION"
|
||||||
echo "Current Modification date=$LASTDATE"
|
echo "Current Modification date=$LASTDATE"
|
||||||
|
Loading…
Reference in New Issue
Block a user