[Pkg-nagios-changes] [pkg-nrpe] 01/02: Re-enable SSL support by default. Compatibility with older versions has been fixed.

Bas Couwenberg sebastic at debian.org
Fri Jul 7 13:05:05 UTC 2017


This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch stretch
in repository pkg-nrpe.

commit 5a13300801c2880fe9c1add81751b71aecb20e4b
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Fri Jul 7 14:08:12 2017 +0200

    Re-enable SSL support by default. Compatibility with older versions has been fixed.
---
 debian/NEWS                       | 25 +++++++++++++++++++++++++
 debian/changelog                  |  2 ++
 debian/check_nrpe.cfg             | 10 +++++-----
 debian/nagios-nrpe-server.default |  4 +---
 4 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/debian/NEWS b/debian/NEWS
index 48c57ed..2d0d584 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,28 @@
+nagios-nrpe (3.0.1-3+deb9u1) stretch; urgency=medium
+
+  The bug that caused the SSL support between NRPE 2.x and 3.x not
+  to work has been fixed.
+
+  Because the default SSL support without certificates configured
+  in nrpe.cfg uses pre-generated key data, configuring SSL
+  certificates is strongly advised when STunnel is not used.
+
+  The ssl-cert package can be used to generate a self-signed
+  certificate, but CA certificates like those from Let's Encrypt
+  are a better choice.
+
+  SSL support has been re-enabled by default, to be better compatible
+  with previous NRPE versions where SSL support was enabled by default
+  too.
+
+  The check_nrpe command definition has been updated to enable SSL
+  support (by removing the -n option) and the check_nrpe_ssl command
+  definition has been removed. The previous check_nrpe command
+  definition which disables SSL support is available with the new
+  check_nrpe_nossl command definition.
+
+ -- Bas Couwenberg <sebastic at debian.org>  Fri, 07 Jul 2017 13:48:38 +0200
+
 nagios-nrpe (3.0.1-1) unstable; urgency=medium
 
   The check_nrpe command definition has been updated to remove the
diff --git a/debian/changelog b/debian/changelog
index 941f831..3432169 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ nagios-nrpe (3.0.1-3+deb9u1) UNRELEASED; urgency=medium
   * Update branch in gbp.conf & Vcs-Git URL.
   * Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
     Thanks to Johan Carlquist for pointing out this issue.
+  * Re-enable SSL support by default.
+    Compatibility with older versions has been fixed.
 
  -- Bas Couwenberg <sebastic at debian.org>  Thu, 06 Jul 2017 15:19:51 +0200
 
diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg
index 3ae0622..2b71c31 100644
--- a/debian/check_nrpe.cfg
+++ b/debian/check_nrpe.cfg
@@ -1,11 +1,11 @@
-# this command runs a program $ARG1$ with no arguments and disables SSL support
+# this command runs a program $ARG1$ with no arguments and enables SSL support
 define command {
 	command_name	check_nrpe
-	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
+	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
 }
 
-# this command runs a program $ARG1$ with no arguments and enables SSL support
+# this command runs a program $ARG1$ with no arguments and disables SSL support
 define command {
-	command_name	check_nrpe_ssl
-	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+	command_name	check_nrpe_nossl
+	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
 }
diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default
index 4a263d2..828ef02 100644
--- a/debian/nagios-nrpe-server.default
+++ b/debian/nagios-nrpe-server.default
@@ -5,9 +5,7 @@
 # nrpe daemon.
 #
 # The -n option disables SSL support.
-# Don't remove this option before configuring SSL in /etc/nagios/nrpe.cfg!
-# See /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz for instructions.
-NRPE_OPTS="-n"
+#NRPE_OPTS="-n"
 
 # NICENESS is if you want to run the server at a different nice() priority.
 # (only used by the init script)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git



More information about the Pkg-nagios-changes mailing list