Hello community,
here is the log from the commit of package nagios-nrpe.1423 for
openSUSE:12.1:Update checked in at 2013-04-04 16:27:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update/nagios-nrpe.1423 (Old)
and /work/SRC/openSUSE:12.1:Update/.nagios-nrpe.1423.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nagios-nrpe.1423", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-04-04 09:12:34.372011006 +0200
+++ /work/SRC/openSUSE:12.1:Update/.nagios-nrpe.1423.new/nagios-nrpe.changes
2013-04-04 16:27:20.000000000 +0200
@@ -0,0 +1,343 @@
+-------------------------------------------------------------------
+Mon Mar 4 15:12:21 UTC 2013 - l...@linux-schulserver.de
+
+- nagios-nrpe-CVE-2013-1362.patch: fixed shell code injection
+ via $() (bnc#807241 CVE-2013-1362)
+- only recommend the nagios-plugin packages that are used in the
+ default configuration (helps fixing bnc#778970)
+
+-------------------------------------------------------------------
+Mon May 30 14:43:59 UTC 2011 - lr...@suse.de
+
+- specfile cleanup using spec-cleaner (add comments to patches)
+
+-------------------------------------------------------------------
+Thu Feb 10 01:03:41 CET 2011 - r...@suse.de
+
+- add directory to filelist to fix build
+
+-------------------------------------------------------------------
+Mon Feb 7 21:08:55 UTC 2011 - l...@linux-schulserver.de
+
+- also package nrpe_check_control from contrib
+
+-------------------------------------------------------------------
+Tue Dec 7 21:42:01 UTC 2010 - co...@novell.com
+
+- prereq init scripts syslog and network
+
+-------------------------------------------------------------------
+Wed Sep 22 21:22:36 CEST 2010 - l...@linux-schulserver.de
+
+- use /var/lib/nagios as home directory (same as nagios package)
+
+-------------------------------------------------------------------
+Sat Jul 10 07:31:13 UTC 2010 - l...@linux-schulserver.de
+
+- fix missing operand for dirname in init script
+
+-------------------------------------------------------------------
+Mon May 24 07:58:16 UTC 2010 - l...@linux-schulserver.de
+
+- add netcfg to PreReq to have /etc/services installed
+ (fixes bnc #608164 )
+
+-------------------------------------------------------------------
+Wed May 5 15:45:05 UTC 2010 - l...@linux-schulserver.de
+
+- set default values in init script
+
+-------------------------------------------------------------------
+Mon May 3 09:36:34 UTC 2010 - l...@linux-schulserver.de
+
+- fix file ownership in /etc
+- added nrpe manpage from debian
+- added adapted patches from Debian:
+ + nrpe-more_random.patch (overwrite the buffer with better
+ randomness)
+ + nrpe-improved_help.patch (list additional commandline options)
+ + nrpe-weird_output.patch (null the buffer before using it)
+ + nrpe-drop_privileges_before_writing_pidfile.patch (name says all)
+- added the following patches to fix compilation warnings:
+ + nrpe-return_value.patch
+ + nrpe-uninitialized_variable.patch
+ + nrpe-unused_variable.patch
+
+-------------------------------------------------------------------
+Thu Apr 29 15:28:38 UTC 2010 - l...@linux-schulserver.de
+
+- use /var/run/nrpe/nrpe.pid for pidfile; nagios can be run as
+ different user/group which might cause conflicts
+- clean up the init skript and implement automatic movement/
+ creation of the pid directory
+- package /var/run/nrpe/nrpe.pid as ghost
+
+-------------------------------------------------------------------
+Sat Mar 6 20:59:09 UTC 2010 - ch...@computersalat.de
+
+- cleanup subpackages
+ o nagios-nrpe is default package and provides NRPE daemon
+ obsoletes: client
+ o nagios-plugins-nrpe provides the check plugin to be installed
+ with the nagios host
+ obsoletes: server
+- cleanup spec
+ o sort TAGS
+ o removed/added define
+ - nsusr == nrpeusr
+ - nsgrp == nrpegrp
+ - added cmdgrp
+ - redefine _libexecdir
+ o added PreReq
+ o fix pre{,un}/post{,un} sections
+ - no restart_on_update x{,inetd}, cause xinet file is
+ installed 'disabled' by default
+ - service port is needed with server, not with plugin
+ - no restart_on_update nagios when nrpe plugin is update
+ there is also no restart_on_update when nagios_plugins
+ are updated
+ o fix nrpe.cfg
+ o PID_File => /var/run/nagios/nrpe.pid
+- SOURCE mods
+ o reworked patches (Makefile,xinetd)
+ o replaced rcnrpe with nrpe.init
+ o added README.SuSE
+
+-------------------------------------------------------------------
+Wed Dec 23 08:21:50 UTC 2009 - a...@suse.de
+
+- Use -fno-strict-aliasing to CFLAGS since the code is not clean.
+- Own /etc/nagios directory.
+- Add _GNU_SOURCE to CFLAGS to get prototype of asprintf.
+
+-------------------------------------------------------------------
+Mon Dec 1 16:37:30 CET 2008 - lr...@suse.de
+
+- disable buffersize patch per default: breaks compatibility
+- run try-restart only if the service is installed
+
+-------------------------------------------------------------------
+Thu Nov 27 19:28:38 CET 2008 - lr...@suse.de
+
+- Added nagios-nrpe-buffersize.patch: support long check output
+ of plugins, which is possible since Nagios 3.0
+
+-------------------------------------------------------------------
+Mon Oct 13 07:37:34 CEST 2008 - lr...@suse.de
+
+- added cron to Should-Start/Should-Stop, so nrpe starts even on
+ curious systems
+- added nagios-nrpe-SuSEfirewall2
+- use --with-log_facility=daemon
+
+-------------------------------------------------------------------
+Wed Sep 10 13:33:25 CEST 2008 - l...@linux-schulserver.de
+
+- disable nrpe in xinetd per default
+- use a more stupid way to get the port in etc/services
+
+-------------------------------------------------------------------
+Mon Jul 28 18:48:28 CEST 2008 - l...@linux-schulserver.de
+
+- move the Requires from the main- into the subpackage
+
+-------------------------------------------------------------------
+Tue Mar 11 12:15:08 CET 2008 - l...@linux-schulserver.de
+
+- update to 2.12:
+ + Fix for unterminated multiline plugin (garbage) output
+ (Krzysztof Oledzki). Needed for nagios 3.0
+- own the docu directory
+- added rpmlintrc
+
+-------------------------------------------------------------------
+Tue Jan 29 19:39:35 CET 2008 - l...@linux-schulserver.de
+
+- Update to 2.11:
+ + Added lib64 library paths to configure script for
+ 64-bit systems (John Maag)
+ + Added --with-ssl-lib configure script option
+ + Added --with-log-facility option to control syslog logging
+ (Ryan Ordway and Brian Seklecki)
+
+-------------------------------------------------------------------
+Mon Jan 21 19:14:23 CET 2008 - l...@linux-schulserver.de
+
+- start the client automatically
+
+-------------------------------------------------------------------
+Wed Jan 9 18:06:48 CET 2008 - l...@linux-schulserver.de
+
+- split out the documenation to an extra package
+
+-------------------------------------------------------------------
+Thu Dec 27 16:42:59 CET 2007 - l...@linux-schulserver.de
+
+- use user nagios and group nagios to run as daemon (client)
+- try to add the nrpeport to /etc/services if not done already
+
+-------------------------------------------------------------------
+Wed Dec 26 23:54:20 CET 2007 - l...@linux-schulserver.de
+
+- back to nagios* again as all pathnames are now identical
+
+-------------------------------------------------------------------
+Tue Nov 27 14:55:16 CET 2007 - l...@linux-schulserver.de
+
+- rename to nagios3*
+- use new libexecdir
+
+-------------------------------------------------------------------
+Fri Nov 23 10:42:30 CET 2007 - l...@linux-schulserver.de
+
+- require krb5 for suse_version < 1000; otherwise heimdal
+
+-------------------------------------------------------------------
+Thu Oct 25 16:21:53 CEST 2007 - tsie...@suse.de
+
++++ 146 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:12.1:Update/.nagios-nrpe.1423.new/nagios-nrpe.changes
New:
----
README.SuSE
nagios-nrpe-CVE-2013-1362.patch
nagios-nrpe-SuSEfirewall2
nagios-nrpe-buffersize.patch
nagios-nrpe-rpmlintrc
nagios-nrpe.changes
nagios-nrpe.spec
nrpe-2.12-Makefile.patch
nrpe-2.12-xinetd.patch
nrpe-2.12.tar.bz2
nrpe-drop_privileges_before_writing_pidfile.patch
nrpe-improved_help.patch
nrpe-more_random.patch
nrpe-return_value.patch
nrpe-uninitialized_variable.patch
nrpe-unused_variable.patch
nrpe-weird_output.patch
nrpe.8
nrpe.init
nrpe_check_control.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nagios-nrpe.spec ++++++
#
# spec file for package nagios-nrpe
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# default
%define nagios3only 0
# Macro that print mesages to syslog at package (un)install time
%define nnmmsg logger -t %{name}/rpm
%define nsusr nagios
%define nsgrp nagios
%define nrpeport 5666
%define _libexecdir %{_prefix}/lib/nagios/plugins
Name: nagios-nrpe
Version: 2.12
Release: 0
Summary: Nagios Remote Plug-In Executor
License: GPL-2.0+
Group: System/Monitoring
Url: http://www.nagios.org/
Source0: nrpe-%{version}.tar.bz2
Source1: nrpe.init
Source2: nagios-nrpe-rpmlintrc
Source3: nagios-nrpe-SuSEfirewall2
Source4: nrpe.8
Source10: README.SuSE
# PATCH-FIX-openSUSE change the installation order
Patch0: nrpe-2.12-Makefile.patch
# PATCH-FIX-openSUSE place the service disabled in the directory
Patch1: nrpe-2.12-xinetd.patch
# PATCH-FIX-openSUSE adapts NRPE to support the standard buffersize of Nagios
3.x
Patch2: nagios-nrpe-buffersize.patch
# PATCH-FIX-UPSTREAM produce more randomness and do not reduce entropy on Linux
kernels
Patch3: nrpe-more_random.patch
# PATCH-FIX-UPSTREAM improve help output of nrpe and check_nrpe
Patch4: nrpe-improved_help.patch
# PATCH-FIX-UPSTREAM null buffer before using it
Patch5: nrpe-weird_output.patch
# PATCH-FIX-UPSTREAM drop privileges before writing the pidfile for more safety
Patch6: nrpe-drop_privileges_before_writing_pidfile.patch
# PATCH-FIX-UPSTREAM compiler complains about this unused variable
Patch7: nrpe-unused_variable.patch
# PATCH-FIX-UPSTREAM fix compiler warnings
Patch8: nrpe-return_value.patch
# PATCH-FIX-UPSTREAM fix compiler warnings
Patch9: nrpe-uninitialized_variable.patch
# PATCH-FIX-openSUSE fix pathnames for nrpe_check_control command
Patch10: nrpe_check_control.diff
# PATCH-FIX-UPSTREAM - fixes CVE-2013-1362
Patch11: nagios-nrpe-CVE-2013-1362.patch
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: /bin/logger
PreReq: coreutils
PreReq: grep
PreReq: netcfg
PreReq: pwdutils
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} > 1130
PreReq: sysvinit(network)
PreReq: sysvinit(syslog)
%endif
#
BuildRequires: nagios-plugins
BuildRequires: tcpd-devel
#
%if 0%{?suse_version} > 1000
BuildRequires: krb5-devel
%else
BuildRequires: heimdal-devel
%endif
#
%if 0%{?suse_version} > 1020
BuildRequires: libopenssl-devel
BuildRequires: openssl
%else
BuildRequires: openssl-devel
%endif
#
%if 0%{?suse_version} > 1020
Recommends: inet-daemon
Recommends: nagios-plugins-users
Recommends: nagios-plugins-load
Recommends: nagios-plugins-disk
Recommends: nagios-plugins-procs
%else
Requires: inet-daemon
Requires: nagios-plugins
%endif
#
Provides: %{name}-client = %{version}
Obsoletes: %{name}-client < %{version}
%description
NRPE can be used to run nagios plug-ins on a remote machine for
executing local checks.
This package contains the software for NRPE server.
It could be run by inet-daemon or as stand-alone daemon
%package doc
Summary: Nagios Remote Plug-In Executor documentation
Group: Documentation/Other
%description doc
This package contains the README files, OpenOffice and PDF
documentation for the remote plugin executor (NRPE) for nagios.
%package -n nagios-plugins-nrpe
Summary: Nagios NRPE plugin
Group: System/Monitoring
%if 0%{?suse_version} > 1020
Recommends: nagios
%endif
Provides: %{name}-server = %{version}
Obsoletes: %{name}-server < %{version}
%description -n nagios-plugins-nrpe
This package contains the plug-in for the host runing the Nagios
daemon.
It is used to contact the NRPE process on remote hosts. The plugin
requests that a plugin be executed on the remote host and wait for the
NRPE process to execute the plugin and return the result.
The plugin then uses the output and return code from the plugin
execution on the remote host for its own output and return code.
%prep
%setup -n nrpe-%{version}
%patch0 -p1
%patch1 -p1
%if %{nagios3only}
%patch2
%endif
%patch3 -p0
%patch4 -p0
%patch5 -p0
%patch6 -p0
%patch7 -p0
%patch8 -p0
%patch9 -p0
%patch10 -p0
%patch11 -p1
cp -a %{SOURCE10} .
%build
%configure CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \
--sbindir=%{_prefix}/lib/nagios/cgi \
--libexecdir=%{_libexecdir} \
--datadir=%{_datadir}/nagios \
--sysconfdir=%{_sysconfdir}/nagios \
--localstatedir=/var/log/nagios \
--exec-prefix=%{_sbindir} \
--bindir=%{_sbindir} \
--with-log_facility=daemon \
--with-kerberos-inc=%{_includedir} \
--with-init-dir=%{_sysconfdir}/init.d \
--with-nagios-user=%nsusr \
--with-nagios-group=%nsgrp \
--with-nrpe-user=%nsusr \
--with-nrpe-group=%nsgrp \
--with-nrpe-port=%nrpeport \
--enable-command-args \
--enable-ssl
make %{?_smp_mflags} all
gcc %{optflags} -o contrib/nrpe_check_control contrib/nrpe_check_control.c
%install
make install-all \
DESTDIR=%{buildroot} \
INSTALL_OPTS="" \
COMMAND_OPTS="" \
CGICFGDIR="%{_sysconfdir}/nagios" \
NAGIOS_INSTALL_OPTS="" \
NRPE_INSTALL_OPTS="" \
INIT_OPTS=""
install -d %{buildroot}%{_localstatedir}/run/nagios
install -Dm 644 %{SOURCE4} %{buildroot}%{_mandir}/man8/nrpe.8
install -Dm 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/init.d/nrpe
ln -s -f ../../etc/init.d/nrpe %{buildroot}%{_sbindir}/rcnrpe
# install SuSEfirewall2 script
%if 0%{?suse_version} > 1020
install -Dm644 %{SOURCE3}
%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/nrpe-service
%endif
# fix pid_file in nrpe.cfg
sed -i -e "s,^\(pid_file=\).*,\1/var/run/nrpe/nrpe.pid,"
%{buildroot}/%{_sysconfdir}/nagios/nrpe.cfg
# create directory and pidfile (package them as ghost)
mkdir -p %{buildroot}%{_localstatedir}/run/nrpe
touch %{buildroot}%{_localstatedir}/run/nrpe/nrpe.pid
# create home directory of nagios user
mkdir -p %{buildroot}%{_localstatedir}/lib/nagios
# create contrib plugin
install -m0755 contrib/nrpe_check_control
%{buildroot}%{_libexecdir}/nrpe_check_control
cat > nrpe_check_control.cfg <<'EOF'
define command {
command_name nrpe_check_control
command_line %{_libexecdir}/nrpe_check_control $SERVICESTATE$
$SERVICESTATETYPE$ $SERVICEATTEMPT$ "$HOSTNAME$"
}
EOF
install -Dm0644 nrpe_check_control.cfg
%{buildroot}%{_sysconfdir}/nagios/objects/nrpe_check_control.cfg
%pre
# Create user and group on the system if necessary
# default group: nagios
if
getent group %nsgrp >/dev/null
then
: OK group %nsgrp already present
else
groupadd -r %nsgrp 2>/dev/null || :
%nnmmsg "Added group %nsgrp for package %{name}"
fi
# default user: nagios
if
id %nsusr > /dev/null 2>&1
then
: OK user %nsusr already present
else
useradd -r -o -g %nsgrp -s /bin/false -c "User for Nagios" -d
/var/lib/nagios %nsusr 2> /dev/null || :
%nnmmsg "Added user %nsusr for package %{name}"
fi
# check if the port for nrpe is already defined in /etc/services
if grep -q %nrpeport /etc/services ; then
: OK - port already defined
else
%nnmmsg "Adding port %nrpeport to /etc/services"
echo "nrpe %nrpeport/tcp # nagios nrpe" >> etc/services
fi
%preun
%stop_on_removal nrpe
%post
%{fillup_and_insserv -fy nrpe}
%postun
%restart_on_update nrpe
%insserv_cleanup
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc README.SuSE
%{_mandir}/man8/nrpe.8*
%dir %{_sysconfdir}/nagios/
%dir %{_localstatedir}/lib/nagios
%config(noreplace) %{_sysconfdir}/nagios/nrpe.cfg
%config(noreplace) %{_sysconfdir}/xinetd.d/nrpe
%if 0%{?suse_version} > 1020
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/nrpe-service
%endif
%{_sysconfdir}/init.d/nrpe
%{_sbindir}/nrpe
%{_sbindir}/rcnrpe
%ghost %dir %{_localstatedir}/run/nrpe
%ghost %{_localstatedir}/run/nrpe/nrpe.pid
%files doc
%defattr(644,root,root,755)
%doc Changelog LEGAL README README.SSL README.SuSE SECURITY docs/*
%files -n nagios-plugins-nrpe
%defattr(-,root,root)
%doc contrib/README.nrpe_check_control
%dir %_prefix/lib/nagios
%dir %_libexecdir
%{_libexecdir}/check_nrpe
%dir %{_sysconfdir}/nagios/objects
%config(noreplace) %{_sysconfdir}/nagios/objects/nrpe_check_control.cfg
%{_libexecdir}/nrpe_check_control
%changelog
++++++ README.SuSE ++++++
README.SuSE for nagios-nrpe
===========================
The packages
- nagios-nrpe-client
- nagios-nrpe-server
are marked as obsolete:
While seeing the client/server pkg normal user would be misled to
install which package where.
When seeing "server" package you're thinking about a server-daemon
and when seeing "client" you're thinking client which is talking
with the server (NRPE).
But it was just the other way round. :(
Now:
- nagios-nrpe (obsoletes nagios-nrpe-client) and provides the NRPE
daemon which should be installed on the remote box which should
be monitored.
- nagios-plugins-nrpe (obsoletes nagios-nrpe-server) and provides
"check_nrpe" which should be installed on the server hosting nagios.
- nagios-nrpe-doc contains documentation and can be installed where
ever you want
Have a lot of fun!
++++++ nagios-nrpe-CVE-2013-1362.patch ++++++
Index: nrpe-2.12/src/nrpe.c
===================================================================
--- nrpe-2.12.orig/src/nrpe.c
+++ nrpe-2.12/src/nrpe.c
@@ -1835,6 +1835,10 @@ int validate_request(packet *pkt){
syslog(LOG_ERR,"Error: Request contained an
empty command argument");
return ERROR;
}
+ if(strstr(macro_argv[x],"$(")) {
+ syslog(LOG_ERR,"Error: Request contained a bash
command substitution!");
+ return ERROR;
+ }
}
}
#endif
++++++ nagios-nrpe-SuSEfirewall2 ++++++
## Name: NRPE Service
## Description: Opens port for NRPE Service to allow connects from Nagios.
# space separated list of allowed TCP ports
TCP="5666"
# space separated list of allowed UDP ports
UDP=""
# space separated list of allowed RPC services
RPC=""
# space separated list of allowed IP protocols
IP=""
# space separated list of allowed UDP broadcast ports
BROADCAST=""
++++++ nagios-nrpe-buffersize.patch ++++++
# Up with Version 3.0, Nagios supports long hostoutputs.
# This patch adapts nrpe to support the standard buffersize
# of Nagios 3.0 - so plugins can send (very) long output via
# NRPE to the Nagios Server.
Index: include/common.h
===================================================================
--- include/common.h.orig
+++ include/common.h
@@ -41,7 +41,7 @@
#define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */
#define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for
connection more than this time */
-#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */
+#define MAX_INPUT_BUFFER 8192 /* max size of most buffers we use */
#define MAX_FILENAME_LENGTH 256
#define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */
@@ -60,7 +60,7 @@
#define NRPE_PACKET_VERSION_2 2
#define NRPE_PACKET_VERSION_1 1 /* older packet version
identifiers (no longer supported) */
-#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data
we'll send in one query/response */
+#define MAX_PACKETBUFFER_LENGTH 8192 /* max amount of data
we'll send in one query/response */
typedef struct packet_struct{
int16_t packet_version;
++++++ nagios-nrpe-rpmlintrc ++++++
# the init script is called like the original one...
addFilter("W: incoherent-init-script-name nrpe")
# RPM doesn't allow to package the -doc package as noarch
addFilter("W: no-binary")
# better PreRequire grep as we need it for /etc/services...
addFilter("W: useless-explicit-requires grep")
++++++ nrpe-2.12-Makefile.patch ++++++
diff -ruN nrpe-2.12-orig/Makefile.in nrpe-2.12/Makefile.in
--- nrpe-2.12-orig/Makefile.in 2007-03-14 15:30:05.000000000 +0000
+++ nrpe-2.12/Makefile.in 2009-06-05 08:32:59.536100004 +0000
@@ -46,22 +46,30 @@
cd $(SRC_BASE); $(MAKE) ; cd ..
-install-plugin:
+install:
cd $(SRC_BASE) && $(MAKE) $@
-install-daemon:
+install-plugin:
cd $(SRC_BASE) && $(MAKE) $@
-install:
+install-daemon:
cd $(SRC_BASE) && $(MAKE) $@
install-xinetd:
- $(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe
+ $(INSTALL) -d $(DESTDIR)/etc/xinetd.d
+ $(INSTALL) -m 644 sample-config/nrpe.xinetd $(DESTDIR)/etc/xinetd.d/nrpe
install-daemon-config:
- $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
+ $(INSTALL) $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
$(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg
$(DESTDIR)$(CFGDIR)
+install-all:
+ $(MAKE) install
+ $(MAKE) install-daemon
+ $(MAKE) install-daemon-config
+ $(MAKE) install-plugin
+ $(MAKE) install-xinetd
+
clean:
cd $(SRC_BASE); $(MAKE) $@ ; cd ..
rm -f core
diff -ruN nrpe-2.12-orig/src/Makefile.in nrpe-2.12/src/Makefile.in
--- nrpe-2.12-orig/src/Makefile.in 2007-08-13 17:10:07.000000000 +0000
+++ nrpe-2.12/src/Makefile.in 2009-06-05 08:25:35.876231297 +0000
@@ -44,12 +44,12 @@
$(MAKE) install-daemon
install-plugin:
- $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
- $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe
$(DESTDIR)$(LIBEXECDIR)
+ $(INSTALL) $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
+ $(INSTALL) $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR)
install-daemon:
- $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 775 $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR)
+ $(INSTALL) $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
+ $(INSTALL) $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR)
clean:
rm -f core nrpe check_nrpe $(SNPRINTF_O)
++++++ nrpe-2.12-xinetd.patch ++++++
diff -ruN nrpe-2.12-orig/sample-config/nrpe.xinetd.in
nrpe-2.12/sample-config/nrpe.xinetd.in
--- nrpe-2.12-orig/sample-config/nrpe.xinetd.in 2007-03-09 19:19:17.000000000
+0000
+++ nrpe-2.12/sample-config/nrpe.xinetd.in 2009-06-05 08:37:23.143908512
+0000
@@ -1,16 +1,17 @@
-# default: on
+# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
- port = @nrpe_port@
+ type = UNLISTED
+ port = @nrpe_port@
wait = no
user = @nrpe_user@
- group = @nrpe_group@
+ group = @nrpe_group@
server = @bindir@/nrpe
server_args = -c @sysconfdir@/nrpe.cfg --inetd
log_on_failure += USERID
- disable = no
- only_from = 127.0.0.1
+ disable = yes
+ #only_from = 127.0.0.1
}
++++++ nrpe-drop_privileges_before_writing_pidfile.patch ++++++
Index: src/nrpe.c
===================================================================
--- src/nrpe.c.orig
+++ src/nrpe.c
@@ -297,13 +297,13 @@ int main(int argc, char **argv){
/* log info to syslog facility */
syslog(LOG_NOTICE,"Starting up daemon");
+ /* drop privileges */
+ drop_privileges(nrpe_user,nrpe_group);
+
/* write pid file */
if(write_pid_file()==ERROR)
return STATE_CRITICAL;
- /* drop privileges */
- drop_privileges(nrpe_user,nrpe_group);
-
/* make sure we're not root */
check_privileges();
++++++ nrpe-improved_help.patch ++++++
Index: src/check_nrpe.c
===================================================================
--- src/check_nrpe.c.orig
+++ src/check_nrpe.c
@@ -96,6 +96,9 @@ int main(int argc, char **argv){
printf(" [arglist] = Optional arguments that should be passed
to the command. Multiple\n");
printf(" arguments should be separated by a space.
If provided, this must be\n");
printf(" the last option supplied on the command
line.\n");
+ printf(" -h, --help Print this short help.\n");
+ printf(" -l,--license Print licensing information.\n");
+ printf(" -n,--no-ssl Do not initial an ssl handshake with the
server, talk in plaintext.\n");
printf("\n");
printf("Note:\n");
printf("This plugin requires that you have the NRPE daemon
running on the remote host.\n");
Index: src/nrpe.c
===================================================================
--- src/nrpe.c.orig
+++ src/nrpe.c
@@ -138,14 +138,17 @@ int main(int argc, char **argv){
else if(result!=OK || show_help==TRUE){
- printf("Usage: nrpe [-n] -c <config_file> <mode>\n");
+ printf("Usage: nrpe [-n] -c <config_file> <mode> [--help]
[--license] [--no-ssl]\n");
printf("\n");
printf("Options:\n");
printf(" -n = Do not use SSL\n");
printf(" <config_file> = Name of config file to use\n");
printf(" <mode> = One of the following two operating
modes:\n");
- printf(" -i = Run as a service under inetd or
xinetd\n");
- printf(" -d = Run as a standalone daemon\n");
+ printf(" -i, --inetd Run as a service under inetd or
xinetd\n");
+ printf(" -d, --daemon Run as a standalone daemon\n");
+ printf(" -h, --help = Print this short help.\n");
+ printf(" -l, --license = Print licensing information.\n");
+ printf(" -n, --no-ssl = Do not initial an ssl handshake with
the server, talk in plaintext.\n");
printf("\n");
printf("Notes:\n");
printf("This program is designed to process requests from the
check_nrpe\n");
++++++ nrpe-more_random.patch ++++++
Index: src/utils.c
===================================================================
--- src/utils.c.orig
+++ src/utils.c
@@ -90,17 +90,13 @@ void randomize_buffer(char *buffer,int b
ends and the rest of the buffer (padded randomly) starts.
***************************************************************/
- /* try to get seed value from /dev/urandom, as its a better source of
entropy */
- fp=fopen("/dev/urandom","r");
- if(fp!=NULL){
- seed=fgetc(fp);
- fclose(fp);
- }
-
- /* else fallback to using the current time as the seed */
- else
- seed=(int)time(NULL);
-
+ /***************************************************************
+ The randomness, produced by the original version, is just
+ between 0 and 255. The randomness generated by the line below
+ produces more randomness and does not reduce the amount of
+ entropy that the linux kernel thinks it has.
+ ***************************************************************/
+ seed=(int)time(NULL)*311-getpid()*359+getppid()*383;
srand(seed);
for(x=0;x<buffer_size;x++)
buffer[x]=(int)'0'+(int)(72.0*rand()/(RAND_MAX+1.0));
++++++ nrpe-return_value.patch ++++++
Index: src/nrpe.c
===================================================================
--- src/nrpe.c.orig
+++ src/nrpe.c
@@ -94,9 +94,15 @@ int main(int argc, char **argv){
#endif
/* set some environment variables */
- asprintf(&env_string,"NRPE_MULTILINESUPPORT=1");
+ if (asprintf(&env_string,"NRPE_MULTILINESUPPORT=1") == -1){
+ fprintf(stderr, "Failed to allocate string for
NRPE_MULTILINESUPPORT\n");
+ return STATE_CRITICAL;
+ }
putenv(env_string);
- asprintf(&env_string,"NRPE_PROGRAMVERSION=%s",PROGRAM_VERSION);
+ if (asprintf(&env_string,"NRPE_PROGRAMVERSION=%s",PROGRAM_VERSION) ==
-1){
+ fprintf(stderr,"Failed to allocate string for
NRPE_PROGRAMVERSION\n");
+ return STATE_CRITICAL;
+ }
putenv(env_string);
/* process command-line args */
@@ -179,7 +185,10 @@ int main(int argc, char **argv){
/* get absolute path of current working directory */
strcpy(config_file,"");
- getcwd(config_file,sizeof(config_file));
+ if (getcwd(config_file,sizeof(config_file)) == NULL){
+ fprintf(stderr,"Failed to get absolute path of current
working directory\n");
+ return STATE_CRITICAL;
+ }
/* append a forward slash */
strncat(config_file,"/",sizeof(config_file)-2);
@@ -286,7 +295,10 @@ int main(int argc, char **argv){
open("/dev/null",O_WRONLY);
open("/dev/null",O_WRONLY);
- chdir("/");
+ if (chdir("/") == -1){
+ fprintf(stderr,"Failed to chdir into /\n");
+ return STATE_CRITICAL;
+ }
/*umask(0);*/
/* handle signals */
@@ -1343,7 +1355,10 @@ int my_system(char *command,int timeout,
return STATE_OK;
/* create a pipe */
- pipe(fd);
+ if (pipe(fd) == -1){
+ fprintf(stderr,"Faiiled to create a pipe\n");
+ return STATE_CRITICAL;
+ }
/* make the pipe non-blocking */
fcntl(fd[0],F_SETFL,O_NONBLOCK);
@@ -1396,7 +1411,10 @@ int my_system(char *command,int timeout,
buffer[sizeof(buffer)-1]='\x0';
/* write the error back to the parent process */
- write(fd[1],buffer,strlen(buffer)+1);
+ if (write(fd[1],buffer,strlen(buffer)+1) == -1){
+ fprintf(stderr,"Failed to write the error back
to the parent process\n");
+ return STATE_CRITICAL;
+ }
result=STATE_CRITICAL;
}
@@ -1406,7 +1424,10 @@ int my_system(char *command,int timeout,
while((bytes_read=fread(buffer,1,sizeof(buffer)-1,fp))>0){
/* write the output back to the parent process
*/
- write(fd[1],buffer,bytes_read);
+ if (write(fd[1],buffer,bytes_read) == -1){
+ fprintf(stderr,"Failed to write the
output back to the parent process\n");
+ return STATE_CRITICAL;
+ }
}
/* close the command and get termination status */
@@ -1618,7 +1639,10 @@ int write_pid_file(void){
/* write new pid file */
if((fd=open(pid_file,O_WRONLY | O_CREAT,0644))>=0){
sprintf(pbuf,"%d\n",(int)getpid());
- write(fd,pbuf,strlen(pbuf));
+ if (write(fd,pbuf,strlen(pbuf)) == -1){
+ fprintf(stderr,"Failed to write new pid file\n");
+ return STATE_CRITICAL;
+ }
close(fd);
wrote_pid_file=TRUE;
}
++++++ nrpe-uninitialized_variable.patch ++++++
Index: src/nrpe.c
===================================================================
--- src/nrpe.c.orig
+++ src/nrpe.c
@@ -724,6 +724,9 @@ void wait_for_connections(void){
struct request_info req;
#endif
+ /* default: failed */
+ new_sd=-1;
+
/* create a socket for listening */
sock=socket(AF_INET,SOCK_STREAM,0);
++++++ nrpe-unused_variable.patch ++++++
Index: src/utils.c
===================================================================
--- src/utils.c.orig
+++ src/utils.c
@@ -76,7 +76,6 @@ unsigned long calculate_crc32(char *buff
/* fill a buffer with semi-random data */
void randomize_buffer(char *buffer,int buffer_size){
- FILE *fp;
int x;
int seed;
++++++ nrpe-weird_output.patch ++++++
Index: src/nrpe.c
===================================================================
--- src/nrpe.c.orig
+++ src/nrpe.c
@@ -1166,6 +1166,9 @@ void handle_connection(int sock){
/* disable connection alarm - a new alarm will be setup during
my_system */
alarm(0);
+ // null buffer before using it - Debian Patch by <luk@luknote>
+ memset(buffer,0,sizeof(buffer));
+
/* if this is the version check command, just spew it out */
if(!strcmp(command_name,NRPE_HELLO_COMMAND)){
++++++ nrpe.8 ++++++
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH NAGIOS-NRPE 8 "January 14, 2004"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
nrpe \- Nagios Remote Plugin Executor - Server
.SH SYNOPSIS
.B nagios-nrpe
\fI-c <config_file> <mode>\fR
.SH DESCRIPTION
.PP
The purpose of this addon is to allow you to execute Nagios plugins on a
remote host in as transparent a manner as possible.
.PP
This program runs as a background process on the remote host and processes
command execution requests from the check_nrpe plugin on the Nagios host.
.SH OPTIONS
.IP
<config_file> = Name of config file to use
.IP
<mode> = One of the following two operating modes:
.TP
\fB\-i\fR
= Run as a service under inetd or xinetd
.TP
\fB\-d\fR
= Run as a standalone daemon
.PP
Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios. It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.
.SH AUTHOR
This manual page was written by Jason Thomas <ja...@debian.org>,
for the Debian project (but may be used by others).
++++++ nrpe.init ++++++
#!/bin/bash
#
# Copyright (c) 2010 SUSE Linux Products GmbH
# Authors: Lars Vogdt (2010)
#
# /etc/init.d/nrpe
# and its symbolic link
# /usr/sbin/rcnrpe
#
### BEGIN INIT INFO
# Provides: nagios-nrpe
# Required-Start: $remote_fs $syslog $network
# Should-Start: cron
# Required-Stop: $remote_fs $syslog
# Should-Stop: cron
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: NRPE Nagios Remote Plugin Executor
# Description: Start NRPE to allow remote execution of
# Nagios plugins.
### END INIT INFO
NRPE_BIN="/usr/sbin/nrpe"
test -x $NRPE_BIN || { echo "$NRPE_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
NRPE_CONFIG="/etc/nagios/nrpe.cfg"
test -r $NRPE_CONFIG || { echo "$NRPE_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
DEFAULT_PIDFILE="/var/run/nrpe/nrpe.pid"
function get_value() {
if [ -n "$2" ]; then
set -- `grep ^$1 $2 | sed 's@=@ @' | tr -d '[:cntrl:]'`
else
set -- `grep ^$1 $NRPE_CONFIG | sed 's@=@ @' | tr -d '[:cntrl:]'`
fi
shift # remove first ARG => search-string
echo $*
}
# Shell functions sourced from /etc/rc.status:
. /etc/rc.status
# Reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting Nagios NRPE "
pid_file="$(get_value pid_file)"
nrpe_group="$(get_value nrpe_group)"
nrpe_user="$(get_value nrpe_user)"
: ${pid_file=:=$DEFAULT_PIDFILE}
: ${nrpe_group:=nagios}
: ${nrpe_user:=nagios}
if [ -z "$pid_file" ]; then
PIDDIR=$(dirname $pid_file)
else
PIDDIR=$(dirname $DEFAULT_PIDFILE)
fi
case "$PIDDIR" in
/var/run)
if [ x"$nrpe_user" != x"root" ]; then
DATESTRING=`date +"%Y%m%d"`
mv -f "$NRPE_CONFIG" "$NRPE_CONFIG-$DATESTRING"
sed -e "s|^pid_file.*|pid_file=$DEFAULT_PIDFILE|g"
"$NRPE_CONFIG-$DATESTRING" > "$NRPE_CONFIG"
/bin/logger -t rcnrpe "Configured $pid_file in $NRPE_CONFIG
moved to $DEFAULT_PIDFILE. Backup is $NRPE_CONFIG-$DATESTRING"
test -f "$pid_file" && rm "$pid_file"
install -d -m755 -o$nrpe_user -g$nrpe_group $(dirname
"$DEFAULT_PIDFILE")
else
test -d "$PIDDIR" || mkdir -p "$PIDDIR"
fi
;;
*)
test -d $(dirname "$DEFAULT_PIDFILE") || install -d -m755
-o$nrpe_user -g$nrpe_group $(dirname "$DEFAULT_PIDFILE")
;;
esac
/sbin/startproc $NRPE_BIN -c $NRPE_CONFIG -d
# Remember status and be verbose
rc_status -v
;;
stop)
# Stop daemons.
echo -n "Shutting down Nagios NRPE "
/sbin/killproc -TERM $NRPE_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than
condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
reload|force-reload)
echo -n "Reload service Nagios NRPE "
/sbin/killproc -HUP $NRPE_BIN
# Remember status and be verbose
rc_status -v
;;
status)
echo -n "Checking for service Nagios NRPE "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
/sbin/checkproc $NRPE_BIN
# Remember status and be verbose
rc_status -v
;;
*)
echo "Usage: $0
{start|stop|status|try-restart|restart|force-reload|reload}"
exit 1
esac
rc_exit
++++++ nrpe_check_control.diff ++++++
--- contrib/nrpe_check_control.c 2002-02-22 02:15:34.000000000 +0100
+++ contrib/nrpe_check_control.c.oden 2007-04-11 11:33:54.000000000 +0200
@@ -5,8 +5,8 @@
#define MAX_CHARS 1024
#define SERVICE_COUNT 12
-#define COMMAND_FILE "/usr/local/nagios/var/rw/nagios.cmd"
-#define SERVICES_FILE "/usr/local/nagios/etc/services.cfg"
+#define COMMAND_FILE "/var/spool/nagios/nagios.cmd"
+#define SERVICES_FILE "/etc/nagios/services.cfg"
int main(int argc, char *argv[])
{
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
