[Pkg-nagios-devel] Bug#773840: Bug#773840: nagios-nrpe: NRPE configured without --enable-command-args on build

Daniel Case daniel at monotoko.net
Tue Dec 23 21:59:30 UTC 2014


>And people are stupid and do this without thinking.

You can't protect users from idiocy, if they don't read it's their fault. Why not remove the command from the nrpe config but allow users who know about it and use it to enable it?

It sounds like you've got a case of the Microsoft bug that's going around.

>> Package: nagios-nrpe-server
>> Version: 2.15-1
>> Severity: important
>> File: nagios-nrpe
>> Tags: newcomer

________________________________________
From: Alexander Wirt <formorer at debian.org>
Sent: 23 December 2014 21:44
To: Daniel Case; 773840 at bugs.debian.org
Cc: Debian Bug Tracking System
Subject: Re: [Pkg-nagios-devel] Bug#773840: nagios-nrpe: NRPE configured without --enable-command-args on build

On Tue, 23 Dec 2014, Daniel Monotoko wrote:

> Package: nagios-nrpe-server
> Version: 2.15-1
> Severity: important
> File: nagios-nrpe
> Tags: newcomer
>
> Dear Maintainer,
>
>
> * What led up to the situation? - Tried to enable dont_blame_nrpe for remote commands from Nagios server/
> * What was the outcome of this action? - Command didn't work at all, NRPE still bailing because of command arguments
> * What outcome did you expect instead? - NRPE to take commands
>
> * The reason for this is --enable-command-args is missing from the package configuration (debian/rules)
> * This is a security issue on some hosts that aren't properly configured - but the nrpe.cfg template has dont_blame_nrpe set to 0 by default and a warning explaining what it does.
> * Making people who need this functionality recompile is silly, as it has to be actively switched on anyway.
And people are stupid and do this without thinking.

Alex




More information about the Pkg-nagios-devel mailing list