[Pkg-nagios-devel] Bug#773840: Bug#773840: nagios-nrpe: NRPE configured without --enable-command-args on build
formorer at debian.org
Tue Dec 23 21:44:49 UTC 2014
On Tue, 23 Dec 2014, Daniel Monotoko wrote:
> Package: nagios-nrpe-server
> Version: 2.15-1
> Severity: important
> File: nagios-nrpe
> Tags: newcomer
> Dear Maintainer,
> * What led up to the situation? - Tried to enable dont_blame_nrpe for remote commands from Nagios server/
> * What was the outcome of this action? - Command didn't work at all, NRPE still bailing because of command arguments
> * What outcome did you expect instead? - NRPE to take commands
> * The reason for this is --enable-command-args is missing from the package configuration (debian/rules)
> * This is a security issue on some hosts that aren't properly configured - but the nrpe.cfg template has dont_blame_nrpe set to 0 by default and a warning explaining what it does.
> * Making people who need this functionality recompile is silly, as it has to be actively switched on anyway.
And people are stupid and do this without thinking.
More information about the Pkg-nagios-devel