Imported Upstream version 3.0.1
This commit is contained in:
Mario Fetka
144
update-cfg.pl
Executable file
144
update-cfg.pl
Executable file
@@ -0,0 +1,144 @@
|
||||
#! /usr/bin/perl -w
|
||||
|
||||
use strict;
|
||||
|
||||
my ($fname_in, $fname_out);
|
||||
|
||||
if ($#ARGV != 0) {
|
||||
&usage;
|
||||
}
|
||||
|
||||
$fname_in = $ARGV[0];
|
||||
$fname_out = $fname_in . ".new";
|
||||
|
||||
if (&check_ssl) {
|
||||
print "\n'$fname_in' already has some or all of the\n";
|
||||
print "new SSL parameters. No processing will be done.\n\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
open IN, $fname_in or die "Could not open '$fname_in' for reading: $!\n";
|
||||
open OUT, ">$fname_out" or die "Could not open '$fname_out' for writing: $!\n";
|
||||
|
||||
while (<IN>) {
|
||||
print OUT;
|
||||
&add_ssl if $_ =~ /allow_weak_random_seed/;
|
||||
}
|
||||
|
||||
print "\nConfig file '$fname_in' was read.\n";
|
||||
print "The new SSL comments and parameters were added and the output written to\n";
|
||||
print "'$fname_out'\n";
|
||||
print "Please check this file for accuracy and rename it when you are satisfied.\n\n";
|
||||
|
||||
close IN;
|
||||
close OUT;
|
||||
|
||||
# ==========================================================================
|
||||
|
||||
sub usage
|
||||
{
|
||||
print "\nUsage: update-cfg.pl <path-to-nrpe.cfg-file>\n\n";
|
||||
print "This perl script will read the nrpe configuration file\n";
|
||||
print "specified on the command line, and write out a new file\n";
|
||||
print "with the new SSL comments and parameters added.\n\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# check_ssl checks if the config file already has the ssl parameters
|
||||
# --------------------------------------------------------------------------
|
||||
sub check_ssl
|
||||
{
|
||||
my $has_ssl = 0;
|
||||
|
||||
open IN, $fname_in or die "Could not open '$fname_in' for reading: $!\n";
|
||||
|
||||
while (<IN>) {
|
||||
if ($_ =~ /ssl_version=/ or
|
||||
$_ =~ /ssl_use_adh=/ or
|
||||
$_ =~ /ssl_cipher_list=/ or
|
||||
$_ =~ /ssl_cacert_file=/ or
|
||||
$_ =~ /ssl_cert_file=/ or
|
||||
$_ =~ /ssl_privatekey_file=/ or
|
||||
$_ =~ /ssl_client_certs=/ or
|
||||
$_ =~ /ssl_logging=/)
|
||||
{
|
||||
$has_ssl = 1;
|
||||
last;
|
||||
}
|
||||
}
|
||||
|
||||
close IN;
|
||||
|
||||
return $has_ssl;
|
||||
}
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# add_ssl inserts the new SSL comments and parameters into the config file
|
||||
# --------------------------------------------------------------------------
|
||||
sub add_ssl
|
||||
{
|
||||
my $txt = <<"END_SSL";
|
||||
|
||||
|
||||
|
||||
# SSL/TLS OPTIONS
|
||||
# These directives allow you to specify how to use SSL/TLS.
|
||||
|
||||
# SSL VERSION
|
||||
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
|
||||
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
|
||||
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
|
||||
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
|
||||
# TLSv1.2+ (use TLSv1.2 or above)
|
||||
# If an "or above" version is used, the best will be negotiated. So if both
|
||||
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
|
||||
|
||||
#ssl_version=SSLv2+
|
||||
|
||||
# SSL USE ADH
|
||||
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
|
||||
# ADH or 2 to require ADH. 1 is currently the default but will be changed
|
||||
# in a later version.
|
||||
|
||||
#ssl_use_adh=1
|
||||
|
||||
# SSL CIPHER LIST
|
||||
# This lists which ciphers can be used. For backward compatibility, this
|
||||
# defaults to 'ssl_cipher_list=ALL:!MD5:\@STRENGTH' in this version but
|
||||
# will be changed to something like the example below in a later version of NRPE.
|
||||
|
||||
#ssl_cipher_list=ALL:!MD5:\@STRENGTH
|
||||
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:\@STRENGTH
|
||||
|
||||
# SSL Certificate and Private Key Files
|
||||
|
||||
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
|
||||
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
|
||||
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
|
||||
|
||||
# SSL USE CLIENT CERTS
|
||||
# This options determines client certificate usage.
|
||||
# Values: 0 = Don't ask for or require client certificates (default)
|
||||
# 1 = Ask for client certificates
|
||||
# 2 = Require client certificates
|
||||
|
||||
#ssl_client_certs=0
|
||||
|
||||
# SSL LOGGING
|
||||
# This option determines which SSL messages are send to syslog. OR values
|
||||
# together to specify multiple options.
|
||||
|
||||
# Values: 0x00 (0) = No additional logging (default)
|
||||
# 0x01 (1) = Log startup SSL/TLS parameters
|
||||
# 0x02 (2) = Log remote IP address
|
||||
# 0x04 (4) = Log SSL/TLS version of connections
|
||||
# 0x08 (8) = Log which cipher is being used for the connection
|
||||
# 0x10 (26) = Log if client has a certificate
|
||||
# 0x20 (32) = Log details of client's certificate if it has one
|
||||
# -1 or 0xff or 0x2f = All of the above
|
||||
|
||||
#ssl_logging=0x00
|
||||
END_SSL
|
||||
print OUT $txt;
|
||||
}
|
||||
Reference in New Issue
Block a user