[Pkg-nagios-devel] Bug#849417: Bug#849417: nagios-nrpe-server: segfault during SSL negotiation with older NRPE 2.15 plugin
sebastic at xs4all.nl
Wed Dec 28 06:29:45 UTC 2016
On 12/28/2016 05:41 AM, Adam Di Carlo wrote:
> Sebastiaan Couwenberg <sebastic at xs4all.nl> writes:
>>> -- Configuration Files:
>>> /etc/default/nagios-nrpe-server changed:
>> Please note that the /etc/default/nagios-nrpe-server changed in
>> nagios-nrpe (3.0.1-3) because of the systemd service file.
>> The USE_SSL option is no longer used, instead the NRPE_OPTS variable is
>> used to disable SSL in both the init script and systemd service file.
>> The default content is now as attached.
> I'll work my way through your instructions, attempt to fix my interop
> issue. Its always *overconfiguration* that gets me.
As documented in /usr/share/doc/nagios-nrpe-server/NEWS.Debian.gz which
is shown to you on upgrade when you have apt-listchanges installed:
SSL support is disabled by default, the reworked SSL/TLS support in
NRPE requires configuration before it can be used. Read the
instructions in /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz
before enabling SSL support in /etc/default/nagios-nrpe-server.
The default check_nrpe command in check_nrpe.cfg has been updated
to disable SSL by default too. The check_nrpe_ssl command has been
added to connect to the NRPE daemon over SSL.
Beware that the new NRPE daemon only works with old check_nrpe
plugins when SSL support is disabled on both sides, likewise the
new check_nrpe plugin only works with the old NRPE daemon when SSL
support is disabled.
To use SSL between the NRPE client and server, configuring Stunnel
Once all systems have upgraded to NRPE 3.x using its SSL support is an
option, but that will take some time (no other distributions have
upgraded to 3.x yet).
> Thank you for taking the time to help!
> However, no matter my legacy misconfig, isn't it still problematic to
> segfault like this? Let me know if a backtrace would help.
Due to the signal handler in NRPE you won't easily get a backtrace since
SIGSEGV is caught too and NRPE just continues instead of terminating. If
you can get a backtrace (with debug symbols installed) that would be
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
More information about the Pkg-nagios-devel