[Pkg-nagios-devel] Bug#773840: nagios-nrpe: NRPE configured without --enable-command-args on build
Daniel Monotoko
daniel at monotoko.net
Tue Dec 23 21:32:03 UTC 2014
Package: nagios-nrpe-server
Version: 2.15-1
Severity: important
File: nagios-nrpe
Tags: newcomer
Dear Maintainer,
* What led up to the situation? - Tried to enable dont_blame_nrpe for remote commands from Nagios server/
* What was the outcome of this action? - Command didn't work at all, NRPE still bailing because of command arguments
* What outcome did you expect instead? - NRPE to take commands
* The reason for this is --enable-command-args is missing from the package configuration (debian/rules)
* This is a security issue on some hosts that aren't properly configured - but the nrpe.cfg template has dont_blame_nrpe set to 0 by default and a warning explaining what it does.
* Making people who need this functionality recompile is silly, as it has to be actively switched on anyway.
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nagios-nrpe-server depends on:
ii adduser 3.113+nmu3
ii libc6 2.19-13
ii libssl1.0.0 1.0.1j-1
ii libwrap0 7.6.q-25
ii lsb-base 4.1+Debian13+nmu1
Versions of packages nagios-nrpe-server recommends:
ii nagios-plugins 2.1.1-1
nagios-nrpe-server suggests no packages.
-- Configuration Files:
/etc/nagios/nrpe.cfg changed [not included]
-- no debconf information
More information about the Pkg-nagios-devel
mailing list