Hello community, here is the log from the commit of package nagios-nrpe.1423 for openSUSE:12.1:Update checked in at 2013-04-04 16:27:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/nagios-nrpe.1423 (Old) and /work/SRC/openSUSE:12.1:Update/.nagios-nrpe.1423.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nagios-nrpe.1423", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-04-04 09:12:34.372011006 +0200 +++ /work/SRC/openSUSE:12.1:Update/.nagios-nrpe.1423.new/nagios-nrpe.changes 2013-04-04 16:27:20.000000000 +0200 @@ -0,0 +1,343 @@ +------------------------------------------------------------------- +Mon Mar 4 15:12:21 UTC 2013 - l...@linux-schulserver.de + +- nagios-nrpe-CVE-2013-1362.patch: fixed shell code injection + via $() (bnc#807241 CVE-2013-1362) +- only recommend the nagios-plugin packages that are used in the + default configuration (helps fixing bnc#778970) + +------------------------------------------------------------------- +Mon May 30 14:43:59 UTC 2011 - lr...@suse.de + +- specfile cleanup using spec-cleaner (add comments to patches) + +------------------------------------------------------------------- +Thu Feb 10 01:03:41 CET 2011 - r...@suse.de + +- add directory to filelist to fix build + +------------------------------------------------------------------- +Mon Feb 7 21:08:55 UTC 2011 - l...@linux-schulserver.de + +- also package nrpe_check_control from contrib + +------------------------------------------------------------------- +Tue Dec 7 21:42:01 UTC 2010 - co...@novell.com + +- prereq init scripts syslog and network + +------------------------------------------------------------------- +Wed Sep 22 21:22:36 CEST 2010 - l...@linux-schulserver.de + +- use /var/lib/nagios as home directory (same as nagios package) + +------------------------------------------------------------------- +Sat Jul 10 07:31:13 UTC 2010 - l...@linux-schulserver.de + +- fix missing operand for dirname in init script + +------------------------------------------------------------------- +Mon May 24 07:58:16 UTC 2010 - l...@linux-schulserver.de + +- add netcfg to PreReq to have /etc/services installed + (fixes bnc #608164 ) + +------------------------------------------------------------------- +Wed May 5 15:45:05 UTC 2010 - l...@linux-schulserver.de + +- set default values in init script + +------------------------------------------------------------------- +Mon May 3 09:36:34 UTC 2010 - l...@linux-schulserver.de + +- fix file ownership in /etc +- added nrpe manpage from debian +- added adapted patches from Debian: + + nrpe-more_random.patch (overwrite the buffer with better + randomness) + + nrpe-improved_help.patch (list additional commandline options) + + nrpe-weird_output.patch (null the buffer before using it) + + nrpe-drop_privileges_before_writing_pidfile.patch (name says all) +- added the following patches to fix compilation warnings: + + nrpe-return_value.patch + + nrpe-uninitialized_variable.patch + + nrpe-unused_variable.patch + +------------------------------------------------------------------- +Thu Apr 29 15:28:38 UTC 2010 - l...@linux-schulserver.de + +- use /var/run/nrpe/nrpe.pid for pidfile; nagios can be run as + different user/group which might cause conflicts +- clean up the init skript and implement automatic movement/ + creation of the pid directory +- package /var/run/nrpe/nrpe.pid as ghost + +------------------------------------------------------------------- +Sat Mar 6 20:59:09 UTC 2010 - ch...@computersalat.de + +- cleanup subpackages + o nagios-nrpe is default package and provides NRPE daemon + obsoletes: client + o nagios-plugins-nrpe provides the check plugin to be installed + with the nagios host + obsoletes: server +- cleanup spec + o sort TAGS + o removed/added define + - nsusr == nrpeusr + - nsgrp == nrpegrp + - added cmdgrp + - redefine _libexecdir + o added PreReq + o fix pre{,un}/post{,un} sections + - no restart_on_update x{,inetd}, cause xinet file is + installed 'disabled' by default + - service port is needed with server, not with plugin + - no restart_on_update nagios when nrpe plugin is update + there is also no restart_on_update when nagios_plugins + are updated + o fix nrpe.cfg + o PID_File => /var/run/nagios/nrpe.pid +- SOURCE mods + o reworked patches (Makefile,xinetd) + o replaced rcnrpe with nrpe.init + o added README.SuSE + +------------------------------------------------------------------- +Wed Dec 23 08:21:50 UTC 2009 - a...@suse.de + +- Use -fno-strict-aliasing to CFLAGS since the code is not clean. +- Own /etc/nagios directory. +- Add _GNU_SOURCE to CFLAGS to get prototype of asprintf. + +------------------------------------------------------------------- +Mon Dec 1 16:37:30 CET 2008 - lr...@suse.de + +- disable buffersize patch per default: breaks compatibility +- run try-restart only if the service is installed + +------------------------------------------------------------------- +Thu Nov 27 19:28:38 CET 2008 - lr...@suse.de + +- Added nagios-nrpe-buffersize.patch: support long check output + of plugins, which is possible since Nagios 3.0 + +------------------------------------------------------------------- +Mon Oct 13 07:37:34 CEST 2008 - lr...@suse.de + +- added cron to Should-Start/Should-Stop, so nrpe starts even on + curious systems +- added nagios-nrpe-SuSEfirewall2 +- use --with-log_facility=daemon + +------------------------------------------------------------------- +Wed Sep 10 13:33:25 CEST 2008 - l...@linux-schulserver.de + +- disable nrpe in xinetd per default +- use a more stupid way to get the port in etc/services + +------------------------------------------------------------------- +Mon Jul 28 18:48:28 CEST 2008 - l...@linux-schulserver.de + +- move the Requires from the main- into the subpackage + +------------------------------------------------------------------- +Tue Mar 11 12:15:08 CET 2008 - l...@linux-schulserver.de + +- update to 2.12: + + Fix for unterminated multiline plugin (garbage) output + (Krzysztof Oledzki). Needed for nagios 3.0 +- own the docu directory +- added rpmlintrc + +------------------------------------------------------------------- +Tue Jan 29 19:39:35 CET 2008 - l...@linux-schulserver.de + +- Update to 2.11: + + Added lib64 library paths to configure script for + 64-bit systems (John Maag) + + Added --with-ssl-lib configure script option + + Added --with-log-facility option to control syslog logging + (Ryan Ordway and Brian Seklecki) + +------------------------------------------------------------------- +Mon Jan 21 19:14:23 CET 2008 - l...@linux-schulserver.de + +- start the client automatically + +------------------------------------------------------------------- +Wed Jan 9 18:06:48 CET 2008 - l...@linux-schulserver.de + +- split out the documenation to an extra package + +------------------------------------------------------------------- +Thu Dec 27 16:42:59 CET 2007 - l...@linux-schulserver.de + +- use user nagios and group nagios to run as daemon (client) +- try to add the nrpeport to /etc/services if not done already + +------------------------------------------------------------------- +Wed Dec 26 23:54:20 CET 2007 - l...@linux-schulserver.de + +- back to nagios* again as all pathnames are now identical + +------------------------------------------------------------------- +Tue Nov 27 14:55:16 CET 2007 - l...@linux-schulserver.de + +- rename to nagios3* +- use new libexecdir + +------------------------------------------------------------------- +Fri Nov 23 10:42:30 CET 2007 - l...@linux-schulserver.de + +- require krb5 for suse_version < 1000; otherwise heimdal + +------------------------------------------------------------------- +Thu Oct 25 16:21:53 CEST 2007 - tsie...@suse.de + ++++ 146 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.nagios-nrpe.1423.new/nagios-nrpe.changes New: ---- README.SuSE nagios-nrpe-CVE-2013-1362.patch nagios-nrpe-SuSEfirewall2 nagios-nrpe-buffersize.patch nagios-nrpe-rpmlintrc nagios-nrpe.changes nagios-nrpe.spec nrpe-2.12-Makefile.patch nrpe-2.12-xinetd.patch nrpe-2.12.tar.bz2 nrpe-drop_privileges_before_writing_pidfile.patch nrpe-improved_help.patch nrpe-more_random.patch nrpe-return_value.patch nrpe-uninitialized_variable.patch nrpe-unused_variable.patch nrpe-weird_output.patch nrpe.8 nrpe.init nrpe_check_control.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nagios-nrpe.spec ++++++ # # spec file for package nagios-nrpe # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # default %define nagios3only 0 # Macro that print mesages to syslog at package (un)install time %define nnmmsg logger -t %{name}/rpm %define nsusr nagios %define nsgrp nagios %define nrpeport 5666 %define _libexecdir %{_prefix}/lib/nagios/plugins Name: nagios-nrpe Version: 2.12 Release: 0 Summary: Nagios Remote Plug-In Executor License: GPL-2.0+ Group: System/Monitoring Url: http://www.nagios.org/ Source0: nrpe-%{version}.tar.bz2 Source1: nrpe.init Source2: nagios-nrpe-rpmlintrc Source3: nagios-nrpe-SuSEfirewall2 Source4: nrpe.8 Source10: README.SuSE # PATCH-FIX-openSUSE change the installation order Patch0: nrpe-2.12-Makefile.patch # PATCH-FIX-openSUSE place the service disabled in the directory Patch1: nrpe-2.12-xinetd.patch # PATCH-FIX-openSUSE adapts NRPE to support the standard buffersize of Nagios 3.x Patch2: nagios-nrpe-buffersize.patch # PATCH-FIX-UPSTREAM produce more randomness and do not reduce entropy on Linux kernels Patch3: nrpe-more_random.patch # PATCH-FIX-UPSTREAM improve help output of nrpe and check_nrpe Patch4: nrpe-improved_help.patch # PATCH-FIX-UPSTREAM null buffer before using it Patch5: nrpe-weird_output.patch # PATCH-FIX-UPSTREAM drop privileges before writing the pidfile for more safety Patch6: nrpe-drop_privileges_before_writing_pidfile.patch # PATCH-FIX-UPSTREAM compiler complains about this unused variable Patch7: nrpe-unused_variable.patch # PATCH-FIX-UPSTREAM fix compiler warnings Patch8: nrpe-return_value.patch # PATCH-FIX-UPSTREAM fix compiler warnings Patch9: nrpe-uninitialized_variable.patch # PATCH-FIX-openSUSE fix pathnames for nrpe_check_control command Patch10: nrpe_check_control.diff # PATCH-FIX-UPSTREAM - fixes CVE-2013-1362 Patch11: nagios-nrpe-CVE-2013-1362.patch PreReq: %fillup_prereq PreReq: %insserv_prereq PreReq: /bin/logger PreReq: coreutils PreReq: grep PreReq: netcfg PreReq: pwdutils PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 1130 PreReq: sysvinit(network) PreReq: sysvinit(syslog) %endif # BuildRequires: nagios-plugins BuildRequires: tcpd-devel # %if 0%{?suse_version} > 1000 BuildRequires: krb5-devel %else BuildRequires: heimdal-devel %endif # %if 0%{?suse_version} > 1020 BuildRequires: libopenssl-devel BuildRequires: openssl %else BuildRequires: openssl-devel %endif # %if 0%{?suse_version} > 1020 Recommends: inet-daemon Recommends: nagios-plugins-users Recommends: nagios-plugins-load Recommends: nagios-plugins-disk Recommends: nagios-plugins-procs %else Requires: inet-daemon Requires: nagios-plugins %endif # Provides: %{name}-client = %{version} Obsoletes: %{name}-client < %{version} %description NRPE can be used to run nagios plug-ins on a remote machine for executing local checks. This package contains the software for NRPE server. It could be run by inet-daemon or as stand-alone daemon %package doc Summary: Nagios Remote Plug-In Executor documentation Group: Documentation/Other %description doc This package contains the README files, OpenOffice and PDF documentation for the remote plugin executor (NRPE) for nagios. %package -n nagios-plugins-nrpe Summary: Nagios NRPE plugin Group: System/Monitoring %if 0%{?suse_version} > 1020 Recommends: nagios %endif Provides: %{name}-server = %{version} Obsoletes: %{name}-server < %{version} %description -n nagios-plugins-nrpe This package contains the plug-in for the host runing the Nagios daemon. It is used to contact the NRPE process on remote hosts. The plugin requests that a plugin be executed on the remote host and wait for the NRPE process to execute the plugin and return the result. The plugin then uses the output and return code from the plugin execution on the remote host for its own output and return code. %prep %setup -n nrpe-%{version} %patch0 -p1 %patch1 -p1 %if %{nagios3only} %patch2 %endif %patch3 -p0 %patch4 -p0 %patch5 -p0 %patch6 -p0 %patch7 -p0 %patch8 -p0 %patch9 -p0 %patch10 -p0 %patch11 -p1 cp -a %{SOURCE10} . %build %configure CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \ --sbindir=%{_prefix}/lib/nagios/cgi \ --libexecdir=%{_libexecdir} \ --datadir=%{_datadir}/nagios \ --sysconfdir=%{_sysconfdir}/nagios \ --localstatedir=/var/log/nagios \ --exec-prefix=%{_sbindir} \ --bindir=%{_sbindir} \ --with-log_facility=daemon \ --with-kerberos-inc=%{_includedir} \ --with-init-dir=%{_sysconfdir}/init.d \ --with-nagios-user=%nsusr \ --with-nagios-group=%nsgrp \ --with-nrpe-user=%nsusr \ --with-nrpe-group=%nsgrp \ --with-nrpe-port=%nrpeport \ --enable-command-args \ --enable-ssl make %{?_smp_mflags} all gcc %{optflags} -o contrib/nrpe_check_control contrib/nrpe_check_control.c %install make install-all \ DESTDIR=%{buildroot} \ INSTALL_OPTS="" \ COMMAND_OPTS="" \ CGICFGDIR="%{_sysconfdir}/nagios" \ NAGIOS_INSTALL_OPTS="" \ NRPE_INSTALL_OPTS="" \ INIT_OPTS="" install -d %{buildroot}%{_localstatedir}/run/nagios install -Dm 644 %{SOURCE4} %{buildroot}%{_mandir}/man8/nrpe.8 install -Dm 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/init.d/nrpe ln -s -f ../../etc/init.d/nrpe %{buildroot}%{_sbindir}/rcnrpe # install SuSEfirewall2 script %if 0%{?suse_version} > 1020 install -Dm644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/nrpe-service %endif # fix pid_file in nrpe.cfg sed -i -e "s,^\(pid_file=\).*,\1/var/run/nrpe/nrpe.pid," %{buildroot}/%{_sysconfdir}/nagios/nrpe.cfg # create directory and pidfile (package them as ghost) mkdir -p %{buildroot}%{_localstatedir}/run/nrpe touch %{buildroot}%{_localstatedir}/run/nrpe/nrpe.pid # create home directory of nagios user mkdir -p %{buildroot}%{_localstatedir}/lib/nagios # create contrib plugin install -m0755 contrib/nrpe_check_control %{buildroot}%{_libexecdir}/nrpe_check_control cat > nrpe_check_control.cfg <<'EOF' define command { command_name nrpe_check_control command_line %{_libexecdir}/nrpe_check_control $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$ "$HOSTNAME$" } EOF install -Dm0644 nrpe_check_control.cfg %{buildroot}%{_sysconfdir}/nagios/objects/nrpe_check_control.cfg %pre # Create user and group on the system if necessary # default group: nagios if getent group %nsgrp >/dev/null then : OK group %nsgrp already present else groupadd -r %nsgrp 2>/dev/null || : %nnmmsg "Added group %nsgrp for package %{name}" fi # default user: nagios if id %nsusr > /dev/null 2>&1 then : OK user %nsusr already present else useradd -r -o -g %nsgrp -s /bin/false -c "User for Nagios" -d /var/lib/nagios %nsusr 2> /dev/null || : %nnmmsg "Added user %nsusr for package %{name}" fi # check if the port for nrpe is already defined in /etc/services if grep -q %nrpeport /etc/services ; then : OK - port already defined else %nnmmsg "Adding port %nrpeport to /etc/services" echo "nrpe %nrpeport/tcp # nagios nrpe" >> etc/services fi %preun %stop_on_removal nrpe %post %{fillup_and_insserv -fy nrpe} %postun %restart_on_update nrpe %insserv_cleanup %clean rm -rf %{buildroot} %files %defattr(-,root,root) %doc README.SuSE %{_mandir}/man8/nrpe.8* %dir %{_sysconfdir}/nagios/ %dir %{_localstatedir}/lib/nagios %config(noreplace) %{_sysconfdir}/nagios/nrpe.cfg %config(noreplace) %{_sysconfdir}/xinetd.d/nrpe %if 0%{?suse_version} > 1020 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/nrpe-service %endif %{_sysconfdir}/init.d/nrpe %{_sbindir}/nrpe %{_sbindir}/rcnrpe %ghost %dir %{_localstatedir}/run/nrpe %ghost %{_localstatedir}/run/nrpe/nrpe.pid %files doc %defattr(644,root,root,755) %doc Changelog LEGAL README README.SSL README.SuSE SECURITY docs/* %files -n nagios-plugins-nrpe %defattr(-,root,root) %doc contrib/README.nrpe_check_control %dir %_prefix/lib/nagios %dir %_libexecdir %{_libexecdir}/check_nrpe %dir %{_sysconfdir}/nagios/objects %config(noreplace) %{_sysconfdir}/nagios/objects/nrpe_check_control.cfg %{_libexecdir}/nrpe_check_control %changelog ++++++ README.SuSE ++++++ README.SuSE for nagios-nrpe =========================== The packages - nagios-nrpe-client - nagios-nrpe-server are marked as obsolete: While seeing the client/server pkg normal user would be misled to install which package where. When seeing "server" package you're thinking about a server-daemon and when seeing "client" you're thinking client which is talking with the server (NRPE). But it was just the other way round. :( Now: - nagios-nrpe (obsoletes nagios-nrpe-client) and provides the NRPE daemon which should be installed on the remote box which should be monitored. - nagios-plugins-nrpe (obsoletes nagios-nrpe-server) and provides "check_nrpe" which should be installed on the server hosting nagios. - nagios-nrpe-doc contains documentation and can be installed where ever you want Have a lot of fun! ++++++ nagios-nrpe-CVE-2013-1362.patch ++++++ Index: nrpe-2.12/src/nrpe.c =================================================================== --- nrpe-2.12.orig/src/nrpe.c +++ nrpe-2.12/src/nrpe.c @@ -1835,6 +1835,10 @@ int validate_request(packet *pkt){ syslog(LOG_ERR,"Error: Request contained an empty command argument"); return ERROR; } + if(strstr(macro_argv[x],"$(")) { + syslog(LOG_ERR,"Error: Request contained a bash command substitution!"); + return ERROR; + } } } #endif ++++++ nagios-nrpe-SuSEfirewall2 ++++++ ## Name: NRPE Service ## Description: Opens port for NRPE Service to allow connects from Nagios. # space separated list of allowed TCP ports TCP="5666" # space separated list of allowed UDP ports UDP="" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" ++++++ nagios-nrpe-buffersize.patch ++++++ # Up with Version 3.0, Nagios supports long hostoutputs. # This patch adapts nrpe to support the standard buffersize # of Nagios 3.0 - so plugins can send (very) long output via # NRPE to the Nagios Server. Index: include/common.h =================================================================== --- include/common.h.orig +++ include/common.h @@ -41,7 +41,7 @@ #define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */ #define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */ -#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ +#define MAX_INPUT_BUFFER 8192 /* max size of most buffers we use */ #define MAX_FILENAME_LENGTH 256 #define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */ @@ -60,7 +60,7 @@ #define NRPE_PACKET_VERSION_2 2 #define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */ -#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */ +#define MAX_PACKETBUFFER_LENGTH 8192 /* max amount of data we'll send in one query/response */ typedef struct packet_struct{ int16_t packet_version; ++++++ nagios-nrpe-rpmlintrc ++++++ # the init script is called like the original one... addFilter("W: incoherent-init-script-name nrpe") # RPM doesn't allow to package the -doc package as noarch addFilter("W: no-binary") # better PreRequire grep as we need it for /etc/services... addFilter("W: useless-explicit-requires grep") ++++++ nrpe-2.12-Makefile.patch ++++++ diff -ruN nrpe-2.12-orig/Makefile.in nrpe-2.12/Makefile.in --- nrpe-2.12-orig/Makefile.in 2007-03-14 15:30:05.000000000 +0000 +++ nrpe-2.12/Makefile.in 2009-06-05 08:32:59.536100004 +0000 @@ -46,22 +46,30 @@ cd $(SRC_BASE); $(MAKE) ; cd .. -install-plugin: +install: cd $(SRC_BASE) && $(MAKE) $@ -install-daemon: +install-plugin: cd $(SRC_BASE) && $(MAKE) $@ -install: +install-daemon: cd $(SRC_BASE) && $(MAKE) $@ install-xinetd: - $(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe + $(INSTALL) -d $(DESTDIR)/etc/xinetd.d + $(INSTALL) -m 644 sample-config/nrpe.xinetd $(DESTDIR)/etc/xinetd.d/nrpe install-daemon-config: - $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR) + $(INSTALL) $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR) $(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg $(DESTDIR)$(CFGDIR) +install-all: + $(MAKE) install + $(MAKE) install-daemon + $(MAKE) install-daemon-config + $(MAKE) install-plugin + $(MAKE) install-xinetd + clean: cd $(SRC_BASE); $(MAKE) $@ ; cd .. rm -f core diff -ruN nrpe-2.12-orig/src/Makefile.in nrpe-2.12/src/Makefile.in --- nrpe-2.12-orig/src/Makefile.in 2007-08-13 17:10:07.000000000 +0000 +++ nrpe-2.12/src/Makefile.in 2009-06-05 08:25:35.876231297 +0000 @@ -44,12 +44,12 @@ $(MAKE) install-daemon install-plugin: - $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR) - $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR) + $(INSTALL) $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR) + $(INSTALL) $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR) install-daemon: - $(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR) - $(INSTALL) -m 775 $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR) + $(INSTALL) $(NAGIOS_INSTALL_OPTS) -d $(DESTDIR)$(BINDIR) + $(INSTALL) $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR) clean: rm -f core nrpe check_nrpe $(SNPRINTF_O) ++++++ nrpe-2.12-xinetd.patch ++++++ diff -ruN nrpe-2.12-orig/sample-config/nrpe.xinetd.in nrpe-2.12/sample-config/nrpe.xinetd.in --- nrpe-2.12-orig/sample-config/nrpe.xinetd.in 2007-03-09 19:19:17.000000000 +0000 +++ nrpe-2.12/sample-config/nrpe.xinetd.in 2009-06-05 08:37:23.143908512 +0000 @@ -1,16 +1,17 @@ -# default: on +# default: off # description: NRPE (Nagios Remote Plugin Executor) service nrpe { flags = REUSE socket_type = stream - port = @nrpe_port@ + type = UNLISTED + port = @nrpe_port@ wait = no user = @nrpe_user@ - group = @nrpe_group@ + group = @nrpe_group@ server = @bindir@/nrpe server_args = -c @sysconfdir@/nrpe.cfg --inetd log_on_failure += USERID - disable = no - only_from = 127.0.0.1 + disable = yes + #only_from = 127.0.0.1 } ++++++ nrpe-drop_privileges_before_writing_pidfile.patch ++++++ Index: src/nrpe.c =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c @@ -297,13 +297,13 @@ int main(int argc, char **argv){ /* log info to syslog facility */ syslog(LOG_NOTICE,"Starting up daemon"); + /* drop privileges */ + drop_privileges(nrpe_user,nrpe_group); + /* write pid file */ if(write_pid_file()==ERROR) return STATE_CRITICAL; - /* drop privileges */ - drop_privileges(nrpe_user,nrpe_group); - /* make sure we're not root */ check_privileges(); ++++++ nrpe-improved_help.patch ++++++ Index: src/check_nrpe.c =================================================================== --- src/check_nrpe.c.orig +++ src/check_nrpe.c @@ -96,6 +96,9 @@ int main(int argc, char **argv){ printf(" [arglist] = Optional arguments that should be passed to the command. Multiple\n"); printf(" arguments should be separated by a space. If provided, this must be\n"); printf(" the last option supplied on the command line.\n"); + printf(" -h, --help Print this short help.\n"); + printf(" -l,--license Print licensing information.\n"); + printf(" -n,--no-ssl Do not initial an ssl handshake with the server, talk in plaintext.\n"); printf("\n"); printf("Note:\n"); printf("This plugin requires that you have the NRPE daemon running on the remote host.\n"); Index: src/nrpe.c =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c @@ -138,14 +138,17 @@ int main(int argc, char **argv){ else if(result!=OK || show_help==TRUE){ - printf("Usage: nrpe [-n] -c <config_file> <mode>\n"); + printf("Usage: nrpe [-n] -c <config_file> <mode> [--help] [--license] [--no-ssl]\n"); printf("\n"); printf("Options:\n"); printf(" -n = Do not use SSL\n"); printf(" <config_file> = Name of config file to use\n"); printf(" <mode> = One of the following two operating modes:\n"); - printf(" -i = Run as a service under inetd or xinetd\n"); - printf(" -d = Run as a standalone daemon\n"); + printf(" -i, --inetd Run as a service under inetd or xinetd\n"); + printf(" -d, --daemon Run as a standalone daemon\n"); + printf(" -h, --help = Print this short help.\n"); + printf(" -l, --license = Print licensing information.\n"); + printf(" -n, --no-ssl = Do not initial an ssl handshake with the server, talk in plaintext.\n"); printf("\n"); printf("Notes:\n"); printf("This program is designed to process requests from the check_nrpe\n"); ++++++ nrpe-more_random.patch ++++++ Index: src/utils.c =================================================================== --- src/utils.c.orig +++ src/utils.c @@ -90,17 +90,13 @@ void randomize_buffer(char *buffer,int b ends and the rest of the buffer (padded randomly) starts. ***************************************************************/ - /* try to get seed value from /dev/urandom, as its a better source of entropy */ - fp=fopen("/dev/urandom","r"); - if(fp!=NULL){ - seed=fgetc(fp); - fclose(fp); - } - - /* else fallback to using the current time as the seed */ - else - seed=(int)time(NULL); - + /*************************************************************** + The randomness, produced by the original version, is just + between 0 and 255. The randomness generated by the line below + produces more randomness and does not reduce the amount of + entropy that the linux kernel thinks it has. + ***************************************************************/ + seed=(int)time(NULL)*311-getpid()*359+getppid()*383; srand(seed); for(x=0;x<buffer_size;x++) buffer[x]=(int)'0'+(int)(72.0*rand()/(RAND_MAX+1.0)); ++++++ nrpe-return_value.patch ++++++ Index: src/nrpe.c =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c @@ -94,9 +94,15 @@ int main(int argc, char **argv){ #endif /* set some environment variables */ - asprintf(&env_string,"NRPE_MULTILINESUPPORT=1"); + if (asprintf(&env_string,"NRPE_MULTILINESUPPORT=1") == -1){ + fprintf(stderr, "Failed to allocate string for NRPE_MULTILINESUPPORT\n"); + return STATE_CRITICAL; + } putenv(env_string); - asprintf(&env_string,"NRPE_PROGRAMVERSION=%s",PROGRAM_VERSION); + if (asprintf(&env_string,"NRPE_PROGRAMVERSION=%s",PROGRAM_VERSION) == -1){ + fprintf(stderr,"Failed to allocate string for NRPE_PROGRAMVERSION\n"); + return STATE_CRITICAL; + } putenv(env_string); /* process command-line args */ @@ -179,7 +185,10 @@ int main(int argc, char **argv){ /* get absolute path of current working directory */ strcpy(config_file,""); - getcwd(config_file,sizeof(config_file)); + if (getcwd(config_file,sizeof(config_file)) == NULL){ + fprintf(stderr,"Failed to get absolute path of current working directory\n"); + return STATE_CRITICAL; + } /* append a forward slash */ strncat(config_file,"/",sizeof(config_file)-2); @@ -286,7 +295,10 @@ int main(int argc, char **argv){ open("/dev/null",O_WRONLY); open("/dev/null",O_WRONLY); - chdir("/"); + if (chdir("/") == -1){ + fprintf(stderr,"Failed to chdir into /\n"); + return STATE_CRITICAL; + } /*umask(0);*/ /* handle signals */ @@ -1343,7 +1355,10 @@ int my_system(char *command,int timeout, return STATE_OK; /* create a pipe */ - pipe(fd); + if (pipe(fd) == -1){ + fprintf(stderr,"Faiiled to create a pipe\n"); + return STATE_CRITICAL; + } /* make the pipe non-blocking */ fcntl(fd[0],F_SETFL,O_NONBLOCK); @@ -1396,7 +1411,10 @@ int my_system(char *command,int timeout, buffer[sizeof(buffer)-1]='\x0'; /* write the error back to the parent process */ - write(fd[1],buffer,strlen(buffer)+1); + if (write(fd[1],buffer,strlen(buffer)+1) == -1){ + fprintf(stderr,"Failed to write the error back to the parent process\n"); + return STATE_CRITICAL; + } result=STATE_CRITICAL; } @@ -1406,7 +1424,10 @@ int my_system(char *command,int timeout, while((bytes_read=fread(buffer,1,sizeof(buffer)-1,fp))>0){ /* write the output back to the parent process */ - write(fd[1],buffer,bytes_read); + if (write(fd[1],buffer,bytes_read) == -1){ + fprintf(stderr,"Failed to write the output back to the parent process\n"); + return STATE_CRITICAL; + } } /* close the command and get termination status */ @@ -1618,7 +1639,10 @@ int write_pid_file(void){ /* write new pid file */ if((fd=open(pid_file,O_WRONLY | O_CREAT,0644))>=0){ sprintf(pbuf,"%d\n",(int)getpid()); - write(fd,pbuf,strlen(pbuf)); + if (write(fd,pbuf,strlen(pbuf)) == -1){ + fprintf(stderr,"Failed to write new pid file\n"); + return STATE_CRITICAL; + } close(fd); wrote_pid_file=TRUE; } ++++++ nrpe-uninitialized_variable.patch ++++++ Index: src/nrpe.c =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c @@ -724,6 +724,9 @@ void wait_for_connections(void){ struct request_info req; #endif + /* default: failed */ + new_sd=-1; + /* create a socket for listening */ sock=socket(AF_INET,SOCK_STREAM,0); ++++++ nrpe-unused_variable.patch ++++++ Index: src/utils.c =================================================================== --- src/utils.c.orig +++ src/utils.c @@ -76,7 +76,6 @@ unsigned long calculate_crc32(char *buff /* fill a buffer with semi-random data */ void randomize_buffer(char *buffer,int buffer_size){ - FILE *fp; int x; int seed; ++++++ nrpe-weird_output.patch ++++++ Index: src/nrpe.c =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c @@ -1166,6 +1166,9 @@ void handle_connection(int sock){ /* disable connection alarm - a new alarm will be setup during my_system */ alarm(0); + // null buffer before using it - Debian Patch by <luk@luknote> + memset(buffer,0,sizeof(buffer)); + /* if this is the version check command, just spew it out */ if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ ++++++ nrpe.8 ++++++ .\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH NAGIOS-NRPE 8 "January 14, 2004" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp <n> insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME nrpe \- Nagios Remote Plugin Executor - Server .SH SYNOPSIS .B nagios-nrpe \fI-c <config_file> <mode>\fR .SH DESCRIPTION .PP The purpose of this addon is to allow you to execute Nagios plugins on a remote host in as transparent a manner as possible. .PP This program runs as a background process on the remote host and processes command execution requests from the check_nrpe plugin on the Nagios host. .SH OPTIONS .IP <config_file> = Name of config file to use .IP <mode> = One of the following two operating modes: .TP \fB\-i\fR = Run as a service under inetd or xinetd .TP \fB\-d\fR = Run as a standalone daemon .PP Notes: This program is designed to process requests from the check_nrpe plugin on the host(s) running Nagios. It can run as a service under inetd or xinetd (read the docs for info on this), or as a standalone daemon. Once a request is received from an authorized host, NRPE will execute the command/plugin (as defined in the config file) and return the plugin output and return code to the check_nrpe plugin. .SH AUTHOR This manual page was written by Jason Thomas <ja...@debian.org>, for the Debian project (but may be used by others). ++++++ nrpe.init ++++++ #!/bin/bash # # Copyright (c) 2010 SUSE Linux Products GmbH # Authors: Lars Vogdt (2010) # # /etc/init.d/nrpe # and its symbolic link # /usr/sbin/rcnrpe # ### BEGIN INIT INFO # Provides: nagios-nrpe # Required-Start: $remote_fs $syslog $network # Should-Start: cron # Required-Stop: $remote_fs $syslog # Should-Stop: cron # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: NRPE Nagios Remote Plugin Executor # Description: Start NRPE to allow remote execution of # Nagios plugins. ### END INIT INFO NRPE_BIN="/usr/sbin/nrpe" test -x $NRPE_BIN || { echo "$NRPE_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it NRPE_CONFIG="/etc/nagios/nrpe.cfg" test -r $NRPE_CONFIG || { echo "$NRPE_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } DEFAULT_PIDFILE="/var/run/nrpe/nrpe.pid" function get_value() { if [ -n "$2" ]; then set -- `grep ^$1 $2 | sed 's@=@ @' | tr -d '[:cntrl:]'` else set -- `grep ^$1 $NRPE_CONFIG | sed 's@=@ @' | tr -d '[:cntrl:]'` fi shift # remove first ARG => search-string echo $* } # Shell functions sourced from /etc/rc.status: . /etc/rc.status # Reset status of this service rc_reset case "$1" in start) echo -n "Starting Nagios NRPE " pid_file="$(get_value pid_file)" nrpe_group="$(get_value nrpe_group)" nrpe_user="$(get_value nrpe_user)" : ${pid_file=:=$DEFAULT_PIDFILE} : ${nrpe_group:=nagios} : ${nrpe_user:=nagios} if [ -z "$pid_file" ]; then PIDDIR=$(dirname $pid_file) else PIDDIR=$(dirname $DEFAULT_PIDFILE) fi case "$PIDDIR" in /var/run) if [ x"$nrpe_user" != x"root" ]; then DATESTRING=`date +"%Y%m%d"` mv -f "$NRPE_CONFIG" "$NRPE_CONFIG-$DATESTRING" sed -e "s|^pid_file.*|pid_file=$DEFAULT_PIDFILE|g" "$NRPE_CONFIG-$DATESTRING" > "$NRPE_CONFIG" /bin/logger -t rcnrpe "Configured $pid_file in $NRPE_CONFIG moved to $DEFAULT_PIDFILE. Backup is $NRPE_CONFIG-$DATESTRING" test -f "$pid_file" && rm "$pid_file" install -d -m755 -o$nrpe_user -g$nrpe_group $(dirname "$DEFAULT_PIDFILE") else test -d "$PIDDIR" || mkdir -p "$PIDDIR" fi ;; *) test -d $(dirname "$DEFAULT_PIDFILE") || install -d -m755 -o$nrpe_user -g$nrpe_group $(dirname "$DEFAULT_PIDFILE") ;; esac /sbin/startproc $NRPE_BIN -c $NRPE_CONFIG -d # Remember status and be verbose rc_status -v ;; stop) # Stop daemons. echo -n "Shutting down Nagios NRPE " /sbin/killproc -TERM $NRPE_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; reload|force-reload) echo -n "Reload service Nagios NRPE " /sbin/killproc -HUP $NRPE_BIN # Remember status and be verbose rc_status -v ;; status) echo -n "Checking for service Nagios NRPE " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Status has a slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running /sbin/checkproc $NRPE_BIN # Remember status and be verbose rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 esac rc_exit ++++++ nrpe_check_control.diff ++++++ --- contrib/nrpe_check_control.c 2002-02-22 02:15:34.000000000 +0100 +++ contrib/nrpe_check_control.c.oden 2007-04-11 11:33:54.000000000 +0200 @@ -5,8 +5,8 @@ #define MAX_CHARS 1024 #define SERVICE_COUNT 12 -#define COMMAND_FILE "/usr/local/nagios/var/rw/nagios.cmd" -#define SERVICES_FILE "/usr/local/nagios/etc/services.cfg" +#define COMMAND_FILE "/var/spool/nagios/nagios.cmd" +#define SERVICES_FILE "/etc/nagios/services.cfg" int main(int argc, char *argv[]) { -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org