[Pkg-nagios-devel] Bug#773840: nagios-nrpe: NRPE configured without --enable-command-args on build

Daniel Monotoko daniel at monotoko.net
Tue Dec 23 21:32:03 UTC 2014

Package: nagios-nrpe-server
Version: 2.15-1
Severity: important
File: nagios-nrpe
Tags: newcomer

Dear Maintainer,

* What led up to the situation? - Tried to enable dont_blame_nrpe for remote commands from Nagios server/
* What was the outcome of this action? - Command didn't work at all, NRPE still bailing because of command arguments
* What outcome did you expect instead? - NRPE to take commands

* The reason for this is --enable-command-args is missing from the package configuration (debian/rules)
* This is a security issue on some hosts that aren't properly configured - but the nrpe.cfg template has dont_blame_nrpe set to 0 by default and a warning explaining what it does. 
* Making people who need this functionality recompile is silly, as it has to be actively switched on anyway.

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nagios-nrpe-server depends on:
ii  adduser      3.113+nmu3
ii  libc6        2.19-13
ii  libssl1.0.0  1.0.1j-1
ii  libwrap0     7.6.q-25
ii  lsb-base     4.1+Debian13+nmu1

Versions of packages nagios-nrpe-server recommends:
ii  nagios-plugins  2.1.1-1

nagios-nrpe-server suggests no packages.

-- Configuration Files:
/etc/nagios/nrpe.cfg changed [not included]

-- no debconf information

More information about the Pkg-nagios-devel mailing list