[Pkg-nagios-changes] [pkg-nrpe] 01/01: Disable SSL support by default, requires configuration.
Bas Couwenberg
sebastic at debian.org
Thu Dec 8 22:06:31 UTC 2016
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch master
in repository pkg-nrpe.
commit 7ff529b316c3bee59fc3a1b19694b399ee6d9c7e
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Thu Dec 8 22:36:33 2016 +0100
Disable SSL support by default, requires configuration.
It also doesn't work well with old check_nrpe versions.
---
debian/NEWS | 12 ++++++++++++
debian/changelog | 2 ++
debian/check_nrpe.cfg | 8 +++++++-
debian/nagios-nrpe-server.default | 6 ++++++
debian/nagios-nrpe-server.init | 6 +++++-
5 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/debian/NEWS b/debian/NEWS
index 302978b..c7aa163 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -8,6 +8,18 @@ nagios-nrpe (3.0.1-1~exp2) experimental; urgency=medium
If you're using the check_nrpe_1arg command in your Nagios/Icinga
configuration, you need to replace it with check_nrpe.
+ SSL support is disabled by default, the reworked SSL/TLS support in
+ NRPE requires configuration before it can be used. Read the
+ instructions in /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz
+ before enabling SSL support in /etc/default/nagios-nrpe-server.
+
+ The default check_nrpe command in check_nrpe.cfg has been updated
+ to disable SSL by default too. The check_nrpe_ssl command has been
+ added to connect to the NRPE daemon over SSL.
+
+ Beware that the new NRPE daemon only works with old check_nrpe
+ plugins when SSL support is disabled on both sides.
+
-- Bas Couwenberg <sebastic at debian.org> Mon, 05 Dec 2016 01:16:46 +0100
nagios-nrpe (2.15-1) unstable; urgency=high
diff --git a/debian/changelog b/debian/changelog
index 2b8a11b..c6b2c3e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ nagios-nrpe (3.0.1-1~exp2) UNRELEASED; urgency=medium
* Update check_nrpe.cfg to remove command with arguments.
(LP: #975918)
+ * Disable SSL support by default, requires configuration.
+ It also doesn't work well with old check_nrpe versions.
-- Bas Couwenberg <sebastic at debian.org> Mon, 05 Dec 2016 00:54:14 +0100
diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg
index 31fc89a..3ae0622 100644
--- a/debian/check_nrpe.cfg
+++ b/debian/check_nrpe.cfg
@@ -1,5 +1,11 @@
-# this command runs a program $ARG1$ with no arguments
+# this command runs a program $ARG1$ with no arguments and disables SSL support
define command {
command_name check_nrpe
+ command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
+}
+
+# this command runs a program $ARG1$ with no arguments and enables SSL support
+define command {
+ command_name check_nrpe_ssl
command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default
index a146d31..689c932 100644
--- a/debian/nagios-nrpe-server.default
+++ b/debian/nagios-nrpe-server.default
@@ -10,3 +10,9 @@
# INETD is if you want to run the server via inetd (default=0, run as daemon)
#INETD=0
+
+# Enable SSL if you want to support SSL connections to the NRPE daemon.
+# Don't enable this option before configuring SSL in /etc/nagios/nrpe.cfg!
+# See /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz for instructions.
+#USE_SSL=1
+
diff --git a/debian/nagios-nrpe-server.init b/debian/nagios-nrpe-server.init
index bef12ea..0378a89 100644
--- a/debian/nagios-nrpe-server.init
+++ b/debian/nagios-nrpe-server.init
@@ -29,6 +29,8 @@ else
exit 1
fi
+NO_SSL="-n"
+
# Include nagios-nrpe defaults if available
if [ -f /etc/default/nagios-nrpe-server ] ; then
. /etc/default/nagios-nrpe-server
@@ -40,6 +42,8 @@ if [ -f /etc/default/nagios-nrpe ]; then
fi
if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi
+if [ "$USE_SSL" -eq 1 ]; then NO_SSL=""; fi
+
#since /var/run can be wiped completly we create our run directory here
if [ ! -d "$PIDDIR" ]; then
mkdir "$PIDDIR"
@@ -55,7 +59,7 @@ case "$1" in
exit 0
fi
log_daemon_msg "Starting $DESC" "$NAME"
- start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $DAEMON_OPTS
+ start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $DAEMON_OPTS $NO_SSL
log_end_msg $?
;;
stop)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git
More information about the Pkg-nagios-changes
mailing list