[Pkg-nagios-changes] [pkg-nrpe] 01/01: Disable SSL support by default, requires configuration.

Bas Couwenberg sebastic at debian.org
Thu Dec 8 22:06:31 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch master
in repository pkg-nrpe.

commit 7ff529b316c3bee59fc3a1b19694b399ee6d9c7e
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Thu Dec 8 22:36:33 2016 +0100

    Disable SSL support by default, requires configuration.
    
    It also doesn't work well with old check_nrpe versions.
---
 debian/NEWS                       | 12 ++++++++++++
 debian/changelog                  |  2 ++
 debian/check_nrpe.cfg             |  8 +++++++-
 debian/nagios-nrpe-server.default |  6 ++++++
 debian/nagios-nrpe-server.init    |  6 +++++-
 5 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/debian/NEWS b/debian/NEWS
index 302978b..c7aa163 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -8,6 +8,18 @@ nagios-nrpe (3.0.1-1~exp2) experimental; urgency=medium
   If you're using the check_nrpe_1arg command in your Nagios/Icinga
   configuration, you need to replace it with check_nrpe.
 
+  SSL support is disabled by default, the reworked SSL/TLS support in
+  NRPE requires configuration before it can be used. Read the
+  instructions in /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz
+  before enabling SSL support in /etc/default/nagios-nrpe-server.
+
+  The default check_nrpe command in check_nrpe.cfg has been updated
+  to disable SSL by default too. The check_nrpe_ssl command has been
+  added to connect to the NRPE daemon over SSL.
+
+  Beware that the new NRPE daemon only works with old check_nrpe
+  plugins when SSL support is disabled on both sides.
+
  -- Bas Couwenberg <sebastic at debian.org>  Mon, 05 Dec 2016 01:16:46 +0100
 
 nagios-nrpe (2.15-1) unstable; urgency=high
diff --git a/debian/changelog b/debian/changelog
index 2b8a11b..c6b2c3e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ nagios-nrpe (3.0.1-1~exp2) UNRELEASED; urgency=medium
 
   * Update check_nrpe.cfg to remove command with arguments.
     (LP: #975918)
+  * Disable SSL support by default, requires configuration.
+    It also doesn't work well with old check_nrpe versions.
 
  -- Bas Couwenberg <sebastic at debian.org>  Mon, 05 Dec 2016 00:54:14 +0100
 
diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg
index 31fc89a..3ae0622 100644
--- a/debian/check_nrpe.cfg
+++ b/debian/check_nrpe.cfg
@@ -1,5 +1,11 @@
-# this command runs a program $ARG1$ with no arguments
+# this command runs a program $ARG1$ with no arguments and disables SSL support
 define command {
 	command_name	check_nrpe
+	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
+}
+
+# this command runs a program $ARG1$ with no arguments and enables SSL support
+define command {
+	command_name	check_nrpe_ssl
 	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
 }
diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default
index a146d31..689c932 100644
--- a/debian/nagios-nrpe-server.default
+++ b/debian/nagios-nrpe-server.default
@@ -10,3 +10,9 @@
 
 # INETD is if you want to run the server via inetd (default=0, run as daemon)
 #INETD=0
+
+# Enable SSL if you want to support SSL connections to the NRPE daemon.
+# Don't enable this option before configuring SSL in /etc/nagios/nrpe.cfg!
+# See /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz for instructions.
+#USE_SSL=1
+
diff --git a/debian/nagios-nrpe-server.init b/debian/nagios-nrpe-server.init
index bef12ea..0378a89 100644
--- a/debian/nagios-nrpe-server.init
+++ b/debian/nagios-nrpe-server.init
@@ -29,6 +29,8 @@ else
 	exit 1
 fi
 
+NO_SSL="-n"
+
 # Include nagios-nrpe defaults if available
 if [ -f /etc/default/nagios-nrpe-server ] ; then
 	. /etc/default/nagios-nrpe-server
@@ -40,6 +42,8 @@ if [ -f /etc/default/nagios-nrpe ]; then
 fi
 if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi
 
+if [ "$USE_SSL" -eq 1 ]; then NO_SSL=""; fi
+
 #since /var/run can be wiped completly we create our run directory here
 if [ ! -d "$PIDDIR" ]; then 
 	mkdir "$PIDDIR"
@@ -55,7 +59,7 @@ case "$1" in
 		exit 0
 	fi
 	log_daemon_msg "Starting $DESC" "$NAME"
-	start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON  -c $CONFIG -d $DAEMON_OPTS
+	start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON  -c $CONFIG -d $DAEMON_OPTS $NO_SSL
 	log_end_msg $?
 	;;
   stop)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git

More information about the Pkg-nagios-changes mailing list