horok/nagios-nrpe
1
0
Fork 0
Code Activity

Adding upstream version 4.1.3.

Browse source 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
This commit is contained in:
Daniel Baumann 2025-06-22 14:36:40 +02:00
parent 0923a93f14
commit e3fe184eee
Signed by: daniel.baumann
GPG key ID: BCC918A2ABD66424
77 changed files with 28767 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
.gitignore vendored Normal file
View file

@ -0,0 +1,43 @@
Makefile
config.log
config.status
include/config.h
include/common.h
include/dh.h
nrpe.spec
paths
uninstall
.cproject
.project
nrpe.cbp
nrpe.layout
package/solaris/Makefile
sample-config/nrpe.cfg
src/Makefile
src/check_nrpe
src/generate_dh_params
src/nrpe
src/*.o
autom4te.cache/
nbproject/
.settings/
startup/bsd-init
startup/debian-init
startup/default-inetd
startup/default-init
startup/default-service
startup/default-socket
startup/default-socket-svc
startup/default-xinetd
startup/mac-init.plist
startup/mac-inetd.plist
startup/newbsd-init
startup/openbsd-init
startup/openrc-conf
startup/openrc-init
startup/rh-upstart-init
startup/solaris-inetd.xml
startup/solaris-init.xml
startup/tmpfile.conf
startup/upstart-init

13
.travis.yml Normal file
View file

@ -0,0 +1,13 @@
language: c
sudo: enabled
dist:
- trusty
compiler:
- clang
- gcc
script: ./configure && make all && sudo ./test-wrapper
arch:
- amd64
- ppc64le

581
CHANGELOG.md Normal file
View file

@ -0,0 +1,581 @@
NRPE Changelog
==============
[4.1.3](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.1.3) - 2024-12-10
------------------
**FIXES**
- Change of ssl.c and ssl.h to nrpe-ssl.c and nrpe-ssl.h
[4.1.2](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.1.2) - 2024-12-09
------------------
**FIXES**
- Fixed printing of incorrect packet version to just logging the error
- Fixed and updated SSL
[4.1.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.1.1) - 2024-08-01
------------------
**FIXES**
- Use correct HUP signal for Solaris
[4.1.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.1.0) - 2022-07-18
------------------
**ENHANCEMENTS**
- Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22)
- Allow tcpd/libwrap to be excluded from build when present on the system
- Allow loading of full certificate chains
- Change -u (connection issues return UNKNOWN) to include all SSL-layer failures.
- Disable renegotiation and enforce server cipher order when using SSL
- Verify that private keys match certificates when using SSL
**FIXES**
- Fixed incorrect default for nasty_metachars in nrpe.cfg
- Fixed incorrect help text for --use-adh
- Fixed potential out-of-bound read when used with IPv6
[4.0.3](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.3) - 2020-04-28
---------------------------------------------------------------------------------------
**FIXES**
- Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf)
[4.0.2](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.2) - 2020-03-11
---------------------------------------------------------------------------------------
**FIXES**
- Fixed buffer length calculations/writing past memory boundaries on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf)
- Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf)
[4.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.1) - 2020-01-22
---------------------------------------------------------------------------------------
**FIXES**
* Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf)
[4.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.0) - 2019-01-13
---------------------------------------------------------------------------------------
Note: This update includes security fixes which affect both the check_nrpe plugin and
the NRPE daemon. The latest version of NRPE is still able to interoperate with previous
versions, but for best results, both programs should be updated.
**ENHANCEMENTS**
* Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam)
* Added IPv6 ip address to list of default allow_from hosts (Troy Lea)
* Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf)
* Added -3 option to force check_nrpe to use NRPE v3 packets
* OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky)
* OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht)
**FIXES**
* Checks for '!' now only occur inside the command buffer (Joni Eskelinen)
* NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev)
* allowed_hosts will no longer test getaddrinfo records against the wrong protocol (dombenson)
* nasty_metachars will now handle C escape sequences properly when specified in the config file (Sebastian Wolf)
* Calculated packet sizes now struct padding/alignment when sending and receiving messages (Sebastian Wolf)
* Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf)
* When using `include_dir`, individual files' errors do not prevent the remaining files from being read (Sebastian Wolf)
[3.2.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.1) - 2017-08-31
---------------------------------------------------------------------------------------
**FIXES**
* Change seteuid error messages to warning/debug (Bryan Heden)
* Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden)
* Added additional strings to error messages to remove duplicates (Bryan Heden)
* Fix nrpe.spec for rpmbuild (Bryan Heden)
* Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)
[3.2.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.0) - 2017-06-26
---------------------------------------------------------------------------------------
**ENHANCEMENTS**
* Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden)
* Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden)
* Added support for Gentoo init (Troy Lea @box293)
* Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden)
* Added -V, --version to nrpe and fixed the output (Bryan Heden)
* Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden)
* Updated logic in al parse_allowed_hosts (Bryan Heden)
* Added builtin OpenSSL Engine support where available (Bryan Heden + @skrueger8)
* Clean up compilation warnings (Bryan Heden)
* Added more commented commands in nrpe.cfg (Bryan Heden)
**FIXES**
* Undefined check returns UNKNOWN (Bryan Heden)
* Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden)
* Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden)
* Fix improper valid/invalid certificate warnings (Bryan Heden)
[3.1.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.1) - 2017-05-24
---------------------------------------------------------------------------------------
**FIXES**
* The '--log-file=' or '-g' option is missing from the help (John Frickson)
* check_nrpe = segfault when specifying a config file (John Frickson)
* Alternate log file not being used soon enough (John Frickson)
* Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
* Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
* Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
* Fix build failure with -Werror=format-security (Bas Couwenberg)
* Fixed a typo in `nrpe.spec.in` (John Frickson)
* More detailed error logging for SSL (John Frickson)
* Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
[3.1.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.0) - 2017-04-17
---------------------------------------------------------------------------------------
**ENHANCEMENTS**
* Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
* While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
* nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
* check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
**FIXES**
* Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
* Fix help output for ssl option (configure) (Ruben Kerkhof)
* Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
* Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
* Cleanup of config.h.in suggested by Ruben Kerkhof
* Minor change to logging in check_nrpe (John Frickson)
* Solaris 11 detection is broken in configure (John Frickson)
* Removed function `b64_decode` which wasn't being used (John Frickson)
* check_nrpe ignores -a option when -f option is specified (John Frickson)
* Added missing LICENSE file (John Frickson)
* Off-by-one BO in my_system() (John Frickson)
* Got rid of some compiler warnings (Stefan Krüger / John Frickson)
* Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
* nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
* "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
* nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
* Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
* Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
* Fix systemd unit description (Bas Couwenberg)
* Add reload command to systemd service file (Bas Couwenberg)
* fix file not found error when updating version (Sven Nierlein)
* Spelling fixes (Josh Soref)
* Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
* xinetd.d parameter causes many messages in log file (John Frickson)
* Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
* PATH and other environment variables not set with numeric nrpe_user (John Frickson)
* rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
[3.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.1) - 2016-09-08
---------------------------------------------------------------------------------------
**FIXES**
* _set_rc: command not found reported by init script (John Frickson)
* Version string contains name (John Frickson)
* Changes to get 'rpmbuild' to work - nrpe.spec file outdated (John Frickson)
* typo in startup/default-xinetd.in (Philippe Kueck)
* debug output missing command name (Philippe Kueck)
* /usr/lib/tmpfiles.d/ndo2db.conf should have 'd' type, not 'D' (John Frickson)
* Fixes in parse_allowed_hosts() and called functions (Jobst Schmalenbach / John Frickson)
* nrpe.cfg: 'debug' statement needs to be first in file (Jobst Schmalenbach / John Frickson)
[3.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.0) - 2016-08-01
---------------------------------------------------------------------------------------
**SECURITY**
* Fix for CVE-2014-2913
* Added function to clean the environment before forking. (John Frickson)
**ENHANCEMENTS**
* Added support for optional config file to check_nrpe. With the new SSL
parameters, the line was getting long. The config file is specified with
--config-file=<path> or -f <path> parameters. The config file must look
like command line options, but the options can be on separate lines. It
MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any
options are in both the config file and on the command line, the command line
options are used.
* make can now add users and groups using "make install-groups-users" (John Frickson)
* Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson)
* Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X.
There should be no errors or warnings. Let me know if any errors or
warning appear (John Frickson)
* Added command-line option to prevent forking, since some of the init
replacements (such as systemd, etc.) don't want daemons to fork (John Frickson)
* Added autoconf macros and additional files to better support multi-platform
config and compile. The default will still set up to install to
/usr/local/nagios but I added a new configure option:
'--enable-install-method=<method>'. If <method> is 'opt', everything will
install to '/opt/nagios'. If <method> is 'os', installation will be to O/S-
and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios,
/etc/nagios, and so on.
* Added additional init and inetd config files to support more systems,
including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X.
* Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)
* Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)
* Added support for version 3 variable sized packets up to 64KB. nrpe will
accept either version from check_nrpe. check_nrpe will try to send a
version 3 packet first, and fall back to version 2. check_nrpe can be forced
to only send version 2 packets if the switch `-2` is used. (John Frickson)
* Added extended timeout syntax in the -t <secs>:<status> format. (ABrist)
**FIXES**
* Fixed configure to check more places for SSL headers/libs. (John Frickson)
* Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel)
* Renamed configure.in to configure.ac and added check for sigaction (John Frickson)
* Replaced all instances of signal() with sigaction() + blocking (John Frickson)
* check_nrpe does not parse passed arguments correctly (John Frickson)
* NRPE should not start if cannot write pid file (John Frickson)
* Fixed out-of-bounds error (return code 255) for some failures (John Frickson)
* Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)
* allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson)
* allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson)
* Return UNKNOWN when issues occur (Andrew Widdersheim)
* NRPE returns OK if check can't be executed (Andrew Widdersheim)
* nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus)
* compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson)
* sample configuration for check_load has crazy sample load avg (ernestoongaro)
2.15 - 09/06/2013
-----------------
* Now compiles on HP-UX (Grant Byers)
* Added support for IPv6 (Leo Baltus, Eric Stanley)
2.14 - 12/21/2012
-----------------
* Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
* Patched to shutdown SSL connection completely (Jari Takkala)
* Added SRC support on AIX (Thierry Bertaud)
* Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
* Updated logging to support compiling on AIX (Eric Stanley)
2.13 - 11/11/2011
-----------------
* Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
* Fixed bug in allowed_hosts parsing (Eric Stanley)
* Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
2.12 - 03/10/2008
-----------------
* Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
2.11 - 12/26/2007
-----------------
* Added lib64 library paths to configure script for 64-bit systems (John Maag)
* Added --with-ssl-lib configure script option
* Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
2.10 - 10/19/2007
-----------------
* Moved PDF docs to docs/ subdirectory, added OpenOffice source document
* A critical result is now returned for child processed that die due to a signal (Klas Lindfors)
2.9 - 08/13/2007
----------------
* Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
* Fixed bug with check_disk thresholds in sample config file (Patric Wust)
* Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
* Added asprintf() support for systems that are missing it (Samba team)
2.8.1 - 05/10/2007
-----------------
* Fixed configure script error with user-specified NRPE group
2.8 - 05/08/2007
---------------
* Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
2.8b1 - 03/14/2007
-----------------
* Changes to sample config files
* Added ';' as an additional prohibited metachar for command arguments
* Updated documentation and added easier installation commands
2.7.1 - 03/08/2007
------------------
* Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
2.7 - 02/18/2007
----------------
* Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
* NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
2.6 - 12/11/2006
----------------
* Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
* Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
* Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
2.5.2 - 06/30/2006
------------------
* Fixed incorrect service name in sample xinetd config file
* Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
* Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
* Fix to (re)allow week random seed (Gerhard Lausser)
2.5.1 - 04/09/2006
------------------
* Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
2.5 - 04/06/2006
----------------
* (Re)added allowed_hosts option for systems that don't support TCP wrappers
* Fix for SSL errors under Solaris 8 (Niels Endres)
* Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
2.4 - 02/22/2006
----------------
* Added option to allow week random seed (Gerhard Lausser)
* Added optional command line prefix (Sean Finney)
* Added ability to reload config file with SIGHUP
* Fixed bug with location of dh.h include file
* Fixed bug with disconnect message in debug mode
2.3 - 01/23/2006
----------------
* Spec file fixes
* Removed errant PID file debugging code
* Fixed problem with trimming command definitions
2.2 - 01/22/2006
----------------
* Spec file fix
* Patch to add Tru64 and IRIX support (Ton Voon)
* Updated config.sub and config.guess
* Fixed bug with config file lines with only whitespace
* Fixed bug with missing getopt() command line option for -V
* Removed sample FreeBSD init script (now maintained by FreeBSD port)
* Added config file option for writing a PID file
2.1 - 01/19/2004
----------------
* Replaced host access list with TCP wrapper support
* Removed length restrictions for command names and command lines
* Configure script patch for getopt_long on Solaris
* Bug fixes for accept() on HP-UX 11.0
* Init script for SUSE Linux (Subhendu Ghosh)
* SSL protocol used is now limited to TLSv1
* Any output from plugins after first line is now ignored before
plugin process is closed
2.0 - 09/08/2003
----------------
* Added support for passing arguments to command
* NRPE daemon can no longer be run as root user/group
* Added getopt support
* Added 'include' variable to config file to allow inclusion
of external config files
* Added 'include_dir' variable to allow inclusion of external
config files in directories (with recursion)
* Added native SSL support (Derrick Bennett)
* Added my_strsep(), as Solaris doesn't have strsep()
* Added license exemption for use with OpenSSL
1.8 - 01/16/2003
----------------
* Daemon now closes stdio/out/err properly (James Peterson)
* Makefile changes (James Peterson)
* Mode command line option bug fix in daemon
* Fixed incorrect command line options in check_nrpe plugin
1.7 - 01/08/2003
----------------
* Spec file updates and minor bug fixes (James Peterson)
* Bug fix with default nrpe port definition
* Added sample xinetd config file (nrpe.xinetd)
* Bug fix for command_timeout variable (James Peterson)
1.6 - 12/30/2002
----------------
* Updated sample commands to match new plugin argument format
* Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
* Syntax changes (-H option specifies host name in check_nrpe,
-c option specifies config file in nrpe)
* Added command_timeout directive to config file to allow user
to specify timeout for executing plugins
* Added spec file and misc patches for building RPMs (James Peterson)
* Added --with-nrpe-port config directive (James Peterson)
1.5 - 06/03/2002
----------------
* Added setuid/setgid option to config file (suggested by Marek Cervenka)
1.4 - 06/01/2002
----------------
* Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
* Minor doc and sample config file changes
1.3 - 02/21/2002
----------------
* Name and version change
* Ignore SIGHUP, minor cleanup (Jon Andrews)
1.2.5 - 12/22/2001
------------------
* Implemented Beej's sendall() to handle partial send()s
* Added instructions on running under xinetd to README
* Removed some old crud
1.2.4 - 02/22/2001
------------------
* I forgot what changes I made. Go figure...
1.2.3 - 12/21/2000
------------------
* A bit more documentation on configuring command definitions for the plugin
1.2.2 - 06/05/2000
------------------
* Fixed error in docs for running under inetd using TCP wrappers
* Replaced old email address in src/netutils.h with new one
1.2.1 - 05/07/2000
------------------
* Removed trapping of SIGCHLD
* Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
1.2.0 - 04/18/2000
------------------
* Server forks twice after accepting a client connection, so as to prevent the
creation of zombies
1.1.5 - 04/07/2000
------------------
* Fixed a small bug where one debug message was not getting logged properly
1.1.4 - 03/30/2000
------------------
* Added option to disable/enable debug messages using the debug option in the
config file
1.1.3 - 03/11/2000
------------------
* Changed config file to use an absolute path
* Changed all debug output to use syslog (Rene Klootwijk)
* No convert all data to network order before sending it and convert it back to
host order when receiving it. This makes it possible to mix Solaris and Linux,
e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
1.1.2 - 03/07/2000
------------------
* Removed unnecessary code in signal handler routine
* Unused signals are no longer trapper
1.1.1 - 02/28/2000 - RKL
---------------------------
* Modified syslog code to include string describing the error code.
* Changed hardcoded number in signal handler to its name. This prevented nrpe
to run on Solaris.
* Fixed race condition in accept loop. The result of accept should also be
checked for EINTR.
* Modified recv and send function calls to compile without warnings on Solaris.
* Modified configure.in,configure and Makefile.in to include nsl and socket libs
for Solaris.
* Modified the signal handler to reestablish itself after being called.
1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
-----------------
* Added ability to bind nrpe to a specific interface by specifying the address
of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
1.0 - 02/16/2000
------------------
* Added ability to run as a service under inetd
1.0b6 - 02/01/2000
------------------
* Added configure script
* Netutils functions from the NetSaint plugins is now used
* Reset SIGCHLD to default behavior before calling popen() to
prevent race condition with pclose() (Reported by Rene Klootwijk)
* Cleaned up code
1.0b5 - 01/10/2000
------------------
* Added init script contributed by Jacob L
* Incorporated syslog code and other patches contributed by Jacob L
1.0b4 - 11/04/1999
------------------
* Changed 'allowed_ip' option in configuration file to
'allowed_hosts' and added support for multiple hosts
* Minor buffer overflow protection fixes
* main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
* Added syslog support (jaclu@grm.se)

164
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,164 @@
# Contributing
Thank you for considering contributing your time and effort to this Nagios project.
This document serves as our guidelines for contribution. Keep in mind that these
are simply *guidelines* - nothing here is set in stone.
## Questions
If you have a question, you don't need to file an Issue. You can simply connect
with the Nagios Support Team via the
[Nagios Support Forum](https://support.nagios.com/forum/).
Not to say that you **can't** open an Issue - but you'll likely get a much faster
response by posting it on the forum.
## Ideas
If you have an idea your best bet is to open an Issue. This gets it on the radar much
quicker than any other method.
First, let's define what an "Idea" really is. An Idea is simply an
[Enhancement](#enhancements) request in its infancy.
There's really nothing to it!
Something as simple as "I think that this project should somehow connect with a
widget" is a valid Idea.
These are unrefined and raw. That's why you open an issue - so everyone gets a chance
to chime in and come up with a plan!
## Feedback
Feedback can be given via several methods. The *easiest* method is by opening an Issue.
You're more than welcome to leave feedback on the
[Nagios Support Forum](https://support.nagios.com/forum/) as well.
By opening an Issue, however, you're insuring that the maintainers and reviewers are
the first ones to see the feedback. In most cases, this is likely ideal.
## Bugs
Here's where it starts to get serious.
Following the guidelines outlined in this section allows the maintainers, developers, and
community to understand and reproduce your bug report.
Make sure to search existing open and closed [Issues](https://guides.github.com/features/issues/)
before opening a bug report. If you find a closed Issue that seems like it's the same
thing that you're experiencing, open a new Issue and include a link to the original Issue
in the body of the new one.
**If you have a bug, you *NEED* to open an Issue.**
Not only that, but when you open the Issue, this is what we ***absolutely require***:
* Use a clear and concise title for the Issue to identify the problem accurately
* Describe the bug with as much detail as you can
* Include the version of the project containing the bug you're reporting
* Include your operating system information (`uname -a`)
* Include a list of third party modules that are installed and/or loaded
* Explain the behavior you expected to see (and why) vs. what actually happened
Once you've got that covered - there's still more to include if you want to
make a ***killer*** report:
* Describe the ***exact steps*** that reproduce the problem
* Provide **specific** examples to demonstrate those steps
* If your bug is from an older version, make sure test against the latest (and/or the `maint` branch)
* Include any screenshots that can help explain the issue
* Include a file containing `strace` and/or `valgrind` output
* Explain when the problem started happening: was it after an upgrade? or was it always present?
* Define how reliably you can reproduce the bug
* Any other information that you decide is relevant is also welcome
## Enhancements
An enhancement is either a completely new feature or an improvement to existing
functionality. We consider it to be a bit different than idea - based solely
on the fact that it's more detailed than an idea would be.
So you've got an idea for an ehancement? Great!
Following the guidelines outlined in this section allows maintainers, developers, and
the community to understand your enhancement and determine whether or not it's worth
doing and/or what's involved in carrying it out.
Make sure to search open and closed Issues and Pull Requests to determine if
someone has either submitted the enhancement. If you feel like your enhancement
is similar to one found, make sure to link the original in your request.
Enhancements are submitted by opening an Issue.
Unlike an [Idea](#idea), when you decide to submit your enhancement and open
the Issue, we require at least the following information:
* Use a clear and descriptive title to illustrate the enhancement you're requesting
* Describe the current behavior (if it exists) and what changes you think should be made
* Explain the enhancement in detail - make sure it makes sense and is easily understandable
* Specify why the enhancement would be useful and who it would be useful to
* If there is some other project or program where this enhancement already exists, make sure
to link to it
Beyond that, there are a few more things you can do to make sure you **really** get your
point across:
* Create a mockup of the enhancement (if applicable) and attach whatever files you can
* Provide a step-by-step description of the suggested enhancement
* Generate a fully dressed use-case for the enhancement request
* Create a specification for the preferred implementation of the enhancement
* Include a timeline regarding development expectations towards the request
## Submitting Code
Everything else in this document has lead up to this moment - how can ***you*** submit
code to the **project**.
We allow code submissions via [Pull Requests](https://help.github.com/articles/about-pull-requests/).
These let you (and us) discuss and review any changes to code in any repository you've made.
How to create and manage Pull Requests is outside of the scope of this document, but make
sure to check out GitHub's official documentation ([link here](https://help.github.com/))
to get a handle on it.
While you're forking the repository to create a patch or an enhancement, create a *new
branch* to make the change - it will be easier to submit a pull request using a new
branch in your forked repository!
When you submit a Pull Request, make sure you follow the guidelines:
* Make sure you're submitting to the proper branch. Branch `maint` is used for the
**next** bugfix release. The next enhancement release branch will vary.
* ***NEVER*** submit a Pull Request to `master` branch.
* Keep commit messages as concise as possible.
* Update the appropriate files in regards to your changes:
* `CHANGES`
* `THANKS`
* End all committed files with a newline.
* Test your changes and include the results as a comment.

10
LEGAL Normal file
View file

@ -0,0 +1,10 @@
All source code, binaries, documentation, and information contained
in this distribution are provided AS IS with NO WARRANTY OF ANY KIND,
INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR
A PARTICULAR PURPOSE.
Nagios and the Nagios logo are registered trademarks of Nagios Enterprises.
All other trademarks, servicemarks, registered trademarks, and
registered servicemarks are the property of their respective owner(s).

264
LICENSE.md Normal file
View file

@ -0,0 +1,264 @@
The GNU General Public License, Version 2, June 1991 (GPLv2)
============================================================
> Copyright (C) 1989, 1991 Free Software Foundation, Inc.
> 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
Preamble
--------
The licenses for most software are designed to take away your freedom to share
and change it. By contrast, the GNU General Public License is intended to
guarantee your freedom to share and change free software--to make sure the
software is free for all its users. This General Public License applies to most
of the Free Software Foundation's software and to any other program whose
authors commit to using it. (Some other Free Software Foundation software is
covered by the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not price. Our
General Public Licenses are designed to make sure that you have the freedom to
distribute copies of free software (and charge for this service if you wish),
that you receive source code or can get it if you want it, that you can change
the software or use pieces of it in new free programs; and that you know you can
do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny
you these rights or to ask you to surrender the rights. These restrictions
translate to certain responsibilities for you if you distribute copies of the
software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a
fee, you must give the recipients all the rights that you have. You must make
sure that they, too, receive or can get the source code. And you must show them
these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer
you this license which gives you legal permission to copy, distribute and/or
modify the software.
Also, for each author's protection and ours, we want to make certain that
everyone understands that there is no warranty for this free software. If the
software is modified by someone else and passed on, we want its recipients to
know that what they have is not the original, so that any problems introduced by
others will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish
to avoid the danger that redistributors of a free program will individually
obtain patent licenses, in effect making the program proprietary. To prevent
this, we have made it clear that any patent must be licensed for everyone's free
use or not licensed at all.
The precise terms and conditions for copying, distribution and modification
follow.
Terms And Conditions For Copying, Distribution And Modification
---------------------------------------------------------------
**0.** This License applies to any program or other work which contains a notice
placed by the copyright holder saying it may be distributed under the terms of
this General Public License. The "Program", below, refers to any such program or
work, and a "work based on the Program" means either the Program or any
derivative work under copyright law: that is to say, a work containing the
Program or a portion of it, either verbatim or with modifications and/or
translated into another language. (Hereinafter, translation is included without
limitation in the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not covered by
this License; they are outside its scope. The act of running the Program is not
restricted, and the output from the Program is covered only if its contents
constitute a work based on the Program (independent of having been made by
running the Program). Whether that is true depends on what the Program does.
**1.** You may copy and distribute verbatim copies of the Program's source code
as you receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice and
disclaimer of warranty; keep intact all the notices that refer to this License
and to the absence of any warranty; and give any other recipients of the Program
a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at
your option offer warranty protection in exchange for a fee.
**2.** You may modify your copy or copies of the Program or any portion of it,
thus forming a work based on the Program, and copy and distribute such
modifications or work under the terms of Section 1 above, provided that you also
meet all of these conditions:
* **a)** You must cause the modified files to carry prominent notices stating
that you changed the files and the date of any change.
* **b)** You must cause any work that you distribute or publish, that in whole
or in part contains or is derived from the Program or any part thereof, to
be licensed as a whole at no charge to all third parties under the terms of
this License.
* **c)** If the modified program normally reads commands interactively when
run, you must cause it, when started running for such interactive use in the
most ordinary way, to print or display an announcement including an
appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute
the program under these conditions, and telling the user how to view a copy
of this License. (Exception: if the Program itself is interactive but does
not normally print such an announcement, your work based on the Program is
not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable
sections of that work are not derived from the Program, and can be reasonably
considered independent and separate works in themselves, then this License, and
its terms, do not apply to those sections when you distribute them as separate
works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the entire whole,
and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise the
right to control the distribution of derivative or collective works based on the
Program.
In addition, mere aggregation of another work not based on the Program with the
Program (or with a work based on the Program) on a volume of a storage or
distribution medium does not bring the other work under the scope of this
License.
**3.** You may copy and distribute the Program (or a work based on it, under
Section 2) in object code or executable form under the terms of Sections 1 and 2
above provided that you also do one of the following:
* **a)** Accompany it with the complete corresponding machine-readable source
code, which must be distributed under the terms of Sections 1 and 2 above on
a medium customarily used for software interchange; or,
* **b)** Accompany it with a written offer, valid for at least three years, to
give any third party, for a charge no more than your cost of physically
performing source distribution, a complete machine-readable copy of the
corresponding source code, to be distributed under the terms of Sections 1
and 2 above on a medium customarily used for software interchange; or,
* **c)** Accompany it with the information you received as to the offer to
distribute corresponding source code. (This alternative is allowed only for
noncommercial distribution and only if you received the program in object
code or executable form with such an offer, in accord with Subsection b
above.)
The source code for a work means the preferred form of the work for making
modifications to it. For an executable work, complete source code means all the
source code for all modules it contains, plus any associated interface
definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code distributed
need not include anything that is normally distributed (in either source or
binary form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component itself
accompanies the executable.
If distribution of executable or object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the source code
from the same place counts as distribution of the source code, even though third
parties are not compelled to copy the source along with the object code.
**4.** You may not copy, modify, sublicense, or distribute the Program except as
expressly provided under this License. Any attempt otherwise to copy, modify,
sublicense or distribute the Program is void, and will automatically terminate
your rights under this License. However, parties who have received copies, or
rights, from you under this License will not have their licenses terminated so
long as such parties remain in full compliance.
**5.** You are not required to accept this License, since you have not signed
it. However, nothing else grants you permission to modify or distribute the
Program or its derivative works. These actions are prohibited by law if you do
not accept this License. Therefore, by modifying or distributing the Program (or
any work based on the Program), you indicate your acceptance of this License to
do so, and all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
**6.** Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the original
licensor to copy, distribute or modify the Program subject to these terms and
conditions. You may not impose any further restrictions on the recipients'
exercise of the rights granted herein. You are not responsible for enforcing
compliance by third parties to this License.
**7.** If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues), conditions
are imposed on you (whether by court order, agreement or otherwise) that
contradict the conditions of this License, they do not excuse you from the
conditions of this License. If you cannot distribute so as to satisfy
simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of
the Program by all those who receive copies directly or indirectly through you,
then the only way you could satisfy both it and this License would be to refrain
entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply and the
section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or
other property right claims or to contest validity of any such claims; this
section has the sole purpose of protecting the integrity of the free software
distribution system, which is implemented by public license practices. Many
people have made generous contributions to the wide range of software
distributed through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing to
distribute software through any other system and a licensee cannot impose that
choice.
This section is intended to make thoroughly clear what is believed to be a
consequence of the rest of this License.
**8.** If the distribution and/or use of the Program is restricted in certain
countries either by patents or by copyrighted interfaces, the original copyright
holder who places the Program under this License may add an explicit
geographical distribution limitation excluding those countries, so that
distribution is permitted only in or among countries not thus excluded. In such
case, this License incorporates the limitation as if written in the body of this
License.
**9.** The Free Software Foundation may publish revised and/or new versions of
the General Public License from time to time. Such new versions will be similar
in spirit to the present version, but may differ in detail to address new
problems or concerns.
Each version is given a distinguishing version number. If the Program specifies
a version number of this License which applies to it and "any later version",
you have the option of following the terms and conditions either of that version
or of any later version published by the Free Software Foundation. If the
Program does not specify a version number of this License, you may choose any
version ever published by the Free Software Foundation.
**10.** If you wish to incorporate parts of the Program into other free programs
whose distribution conditions are different, write to the author to ask for
permission. For software which is copyrighted by the Free Software Foundation,
write to the Free Software Foundation; we sometimes make exceptions for this.
Our decision will be guided by the two goals of preserving the free status of
all derivatives of our free software and of promoting the sharing and reuse of
software generally.
No Warranty
-----------
**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

201
Makefile.in Normal file
View file

@ -0,0 +1,201 @@
###############################
#
# NRPE Makefile
#
###############################
# Source code directories
SRC_BASE=./src/
SRC_INCLUDE=./include/
# Mainly used for rpmbuild
# DESTDIR=
CC=@CC@
CFLAGS=@CFLAGS@ @DEFS@
LDFLAGS=@LDFLAGS@ @LIBS@
INSTALL=@INSTALL@
GREP=@GREP@
EGREP=@EGREP@
prefix=$(DESTDIR)@prefix@
exec_prefix=$(DESTDIR)@exec_prefix@
CFGDIR=$(DESTDIR)@pkgsysconfdir@
BINDIR=$(DESTDIR)@bindir@
SBINDIR=$(DESTDIR)@sbindir@
LIBEXECDIR=$(DESTDIR)@libexecdir@
NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
OPSYS=@opsys@
DIST=@dist_type@
NRPE_USER=@nrpe_user@
NRPE_GROUP=@nrpe_group@
NAGIOS_USER=@nagios_user@
NAGIOS_GROUP=@nagios_group@
INIT_TYPE=@init_type@
INIT_DIR=$(DESTDIR)@initdir@
INIT_OPTS=-o root -g root
INIT_FILE=@initname@
INETD_TYPE=@inetd_type@
INETD_DIR=$(DESTDIR)@inetddir@
INETD_FILE=@inetdname@
SRC_INETD=@src_inetd@
SRC_INIT=@src_init@
default:
@echo;\
echo Please enter 'make [option]' where [option] is one of:;\
echo;\
echo " all builds nrpe and check_nrpe";\
echo " nrpe builds nrpe only";\
echo " check_nrpe builds check_nrpe only";\
echo " install-groups-users add the users and groups if they do not exist";\
echo " install install nrpe and check_nrpe";\
echo " install-plugin install the check_nrpe plugin";\
echo " install-daemon install the nrpe daemon";\
echo " install-config install the nrpe configuration file";\
echo " install-inetd install the startup files for inetd, launchd, etc.";\
echo " install-init install the startup files for init, systemd, etc.";\
echo
all:
cd $(SRC_BASE); $(MAKE)
@echo "";\
echo "*** Compile finished ***";\
echo "";\
echo "You can now continue with the installation or upgrade process.";\
echo "";\
echo "Read the PDF documentation (docs/NRPE.pdf) for information on the next";\
echo "steps you should take to complete the installation or upgrade.";\
echo ""
nrpe:
cd $(SRC_BASE); $(MAKE)
check_nrpe:
cd $(SRC_BASE); $(MAKE)
install-plugin:
cd $(SRC_BASE); $(MAKE) $@
install-daemon:
cd $(SRC_BASE); $(MAKE) $@
install:
cd $(SRC_BASE); $(MAKE) $@
install-init:
@if test $(SRC_INIT) = unknown; then \
echo No init file to install; \
exit 1; \
fi
@if test $(INIT_TYPE) = upstart; then\
echo $(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
echo initctl reload-configuration; \
initctl reload-configuration; \
elif test $(INIT_TYPE) = systemd; then\
echo $(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
elif test $(INIT_TYPE) = smf10 -o $(INIT_TYPE) = smf11; then \
echo $(INSTALL) -m 775 -g sys -d $(INIT_DIR);\
$(INSTALL) -m 775 -g sys -d $(INIT_DIR);\
echo $(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
echo svccfg import $(INIT_DIR)/$(INIT_FILE); \
svccfg import $(INIT_DIR)/$(INIT_FILE); \
echo "*** Run 'svcadm enable nrpe' to start it"; \
elif test $(INIT_TYPE) = gentoo; then\
$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
echo rc-update add nrpe default; \
rc-update add nrpe default; \
else\
echo $(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
if test $(INIT_TYPE) = newbsd; then\
if test $(DIST) = openbsd; then\
echo "# nrpe@bsd_enable@=NO" >> /etc/rc.conf;\
echo "nrpe@bsd_enable@=\"-d -c $(CFGDIR)/nrpe.cfg\"" >> /etc/rc.conf;\
echo "Make sure to enable the nrpe daemon";\
else\
echo "nrpe@bsd_enable@=YES" >> /etc/rc.conf;\
echo "nrpe_configfile=$(CFGDIR)/nrpe.cfg" >> /etc/rc.conf;\
fi;\
elif test $(INIT_TYPE) = launchd; then\
launchctl load $(INIT_DIR)/$(INIT_FILE); \
else\
if test -f /sbin/chkconfig ; then \
case "$(DESTDIR)" in */rpmbuild/*) break;; \
*)/sbin/chkconfig nrpe on;; \
esac; \
else\
echo "Make sure to enable the nrpe daemon";\
fi;\
fi;\
fi
install-inetd:
@if test $(SRC_INETD) = unknown; then \
echo No inetd file to install; \
exit 1; \
fi
@if test $(INETD_TYPE) = inetd; then \
$(EGREP) -q "^\W*nrpe\s+" $(INETD_DIR)/$(INETD_FILE) 2>/dev/null || \
cat startup/$(SRC_INETD) >> $(INETD_DIR)/$(INETD_FILE); \
elif test $(INETD_TYPE) = systemd; then \
SRC_INETD_FILE=`echo "$(SRC_INETD)" | sed -e 's/socket/socket-svc/'`; \
echo $(INSTALL) -m 644 startup/$$SRC_INETD_FILE $(INETD_DIR)/$(INIT_FILE); \
$(INSTALL) -m 644 startup/$$SRC_INETD_FILE $(INETD_DIR)/$(INIT_FILE); \
elif test $(INETD_TYPE) = smf10 -o $(INETD_TYPE) = smf11; then \
echo $(INSTALL) -m 775 -g sys -d $(INETD_DIR);\
$(INSTALL) -m 775 -g sys -d $(INETD_DIR);\
echo $(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
$(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
$(INSTALL) -m 775 -d $(INETD_DIR);\
echo svccfg import $(INETD_DIR)/$(INETD_FILE); \
svccfg import $(INETD_DIR)/$(INETD_FILE); \
echo "*** Run 'svcadm enable nrpe' to start it"; \
elif test $(INIT_TYPE) = launchd; then\
$(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
launchctl load $(INETD_DIR)/$(INETD_FILE); \
else\
echo $(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
$(INSTALL) -m 644 startup/$(SRC_INETD) $(INETD_DIR)/$(INETD_FILE); \
fi
@$(EGREP) -q "^nrpe[\t ]+@nrpe_port@/tcp" /etc/services || \
echo "***** MAKE SURE 'nrpe @nrpe_port@/tcp' IS IN YOUR /etc/services FILE"
install-config:
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(CFGDIR)
$(INSTALL) -m 644 $(NRPE_INSTALL_OPTS) sample-config/nrpe.cfg $(CFGDIR)
install-groups-users:
@macros/add_group_user $(DIST) $(NAGIOS_USER) $(NAGIOS_GROUP)
@if test "$(NAGIOS_USER)" != "$(NRPE_USER)" -o "$(NAGIOS_GROUP)" != "$(NRPE_GROUP)"; then\
macros/add_group_user $(DIST) $(NRPE_USER) $(NRPE_GROUP);\
fi
clean:
cd $(SRC_BASE); $(MAKE) $@; cd ..
rm -f core
rm -f *~ */*~
distclean: clean
cd $(SRC_BASE); $(MAKE) $@; cd ..
rm -rf autom4te.cache
rm -f config.log config.status config.cache sample-config/nrpe.cfg $(SRC_INCLUDE)/config.h
rm -f startup/bsd-init startup/debian-init startup/default-init startup/default-inetd
rm -f startup/default-service startup/default-socket startup/default-socket-svc
rm -f startup/default-xinetd startup/mac-init.plist startup/mac-inetd.plist
rm -f startup/newbsd-init startup/openbsd-init startup/openrc-conf
rm -f startup/openrc-init startup/rh-upstart-init startup/solaris-init.xml
rm -f startup/solaris-inetd.xml startup/tmpfile.conf startup/upstart-init
rm -f nrpe.spec uninstall include/common.h
rm -f Makefile
devclean: distclean

290
README.SSL.md Normal file
View file

@ -0,0 +1,290 @@
NRPE With SSL/TLS
=================
This document covers the different methods of SSL transport
that NRPE allows for.
If there was a TL;DR here, it is these:
### Don't use NRPE without encryption
and
### Use Public Key Encryption
Contents
--------
1. [Introduction](#introduction)
2. [NRPE Changes](#nrpe-changes)
3. [check_nrpe Changes](#check_nrpe-changes)
4. [Certificate Generation Example](#certificate-generation-example)
Introduction
------------
NRPE has had basic support for SSL/TLS for some time now, but it was
severely lacking. It only allowed anonymous Diffie Hellman (ADH) key
exchange, it used a fixed 512-bit key (generated at `./configure`
time and extremely insecure) and originally allowed SSLv2. In 2004,
SSLv2 and SSLv3 support was disabled.
`nrpe` and `check_nrpe` have been updated to offer much more secure
encryption and more options. And the updates are done in a backward-
compatible way, allowing you to migrate to the newer versions
without having to do it all at once, and possibly miss updating some
machines, causing lost reporting.
NRPE Changes
------------
Running `./configure` will now create a 2048-bit DH key instead
of the old 512-bit key. The most current versions of openSSL will
still not allow it. In my testing, openSSL 1.0.1e allowed DH keys
of 512 bits, and 1.0.1k would not allow 2048 bit keys. In addition
we now call `SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE)` so a
new key is generated on each connection, based on the 2048-bit
key generated.
The NRPE configuration file has added new SSL/TLS options. The
defaults currently will allow old check_nrpe plugins to continue to
connect to the nrpe daemon, but can report on "old style"
connections, or enforce more secure communication as your migration
progresses. The new options are in the "SSL/TLS OPTIONS" section of
nrpe.cfg, about two-thirds of the way down.
If you are upgrading NRPE from a prior version, you can run the
`update-cfg.pl` script to add the new parameters to your nrpe.cfg.
The `ssl_version` directive lets you set which versions of SSL/TLS
you want to allow. SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 are
allowed, or those litereals with a `+` after them (as in TLSv1.1+).
Without the `+`, *that version only* will be used. With the `+`,
that *version or above* will be used. openSSL will always negotiate
the highest available allowed version available on both ends. This
directive currently defaults to `TLSv1+`.
The `ssl_use_adh` directive is **DEPRECATED**, even though it is new.
Possible values are `0` to not allow ADH at all, `1` to allow ADH,
and `2` to require ADH. The `2` should never be required, but it's
there just in case it's needed, for whatever reason. `1` is currently
the default, which allows older `check_nrpe` plugins to connect using
ADH. When all the plugins are migrated to the newer version, it
should be set to `0`. In an upcoming version of NRPE, ADH will no
longer be allowed at all. Note that if you use a `2` here, NRPE will
override any `ssl_cipher_list` entries (below) to *only* allow ADH.
The `ssl_cipher_list` directive lets you specify which ciphers you
want to allow. It currently defaults to `ALL:!MD5:@STRENGTH` but can
take any value allowed by openSSL. In an upcoming version of NRPE, it
will be changed to something more secure, something like
`ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH`. Note that
if you have `ssl_use_adh=2`, this string will be overridden with
`ADH` which only only allow ADH.
The `ssl_cacert_file`, `ssl_cert_file` and `ssl_privatekey_file`
directives are used to specify which *.pem files are to be used for
Public-Key Encryption (PKE). Setting these will allow clients to use
PKE to communicate with the server, similar to how the HTTPS
protocol works.
The `ssl_client_certs` directive specifies whether or not a client
certificate will be requested when a client tries to connect. A value
of `0` means the nrpe daemon will not ask for or require a client
certificate. A `1` will cause it to ask for a client certificate, but
not require one. A `2` will require the client to present a valid
certificate. This currently defaults to `0`. If you want to use
client certificates and are upgrading the clients over time, you can
set this to `1` once many have been upgraded, then set to `2` to
force the use of client certs. Note that the client certs _must_ be
signed by the CA cert specified in the `ssl_cacert_file` directive.
The `ssl_logging` directive allows you to log some additional data
to syslog. OR (or add) values together to have more than one option
enabled. Values are `0` for no additional logging (the default),
`1` to log startup SSL/TLS parameters from the nrpe.cfg file, `2` to
log the SSL/TLS version of connections, `4` to log which cipher is
being used for the connection, `8` to log if the plugin has a cert, and
`16` to log details of plugin's certificate. `-1` will enable all.
This can be especially helpful during plugin migration, so you can
tell which plugins have certificates, what SSL/TLS version is being
used, and which ciphers are being used.
check_nrpe Changes
------------------
The `check_nrpe` plugin has also been updated to provide more secure
encryption and allow the use of client certificates. The command line
has several new options, which are outlined below. Both the long and
short arguments are presented.
`--no-adh` or `-d` will disable the use of ADH. This option is
**DEPRECATED**, even though it's new. It will be removed in a
future version.
`--ssl-version=<ver>` or `-S <ver>` specifies minimum SSL/TLS version
to use. See the `ssl_version` directive above for possible values.
`--cipher-list=<value.` or `-L <value>` determines which ciphers will
and won't be allowed. See the `ssl_cipher_list` directive above.
`--client-cert=<path>` or `-C <path>` specifies an optional client
certificate to use. If this value is entered, the next one below is
required.
`--key-file=<path>` or `-K <path>` specifies the client certificate
key file to use. This goes along with `--client-cert` above.
`--ca-cert-file=<path>` or `-A <path>` specifies the CA certificate
to use in order to validate the nrpe daemon's public key.
`--no-adh` or `-d` is **DEPRECATED**
`--use-adh` or `-d [num]` is **DEPRECATED**, even though it is new.
If you use `-d` or `-d 0` it acts the same way as as the old `-d`.
Otherwise, use `1` to allow ADH, and `2` to require ADH.
`--ssl-logging=<num>` or `-s <num>` allows you to log some additional
data to syslog. OR (or add) values together to have more than one
option enabled. See the description of the `ssl_logging` directive
from NRPE above.
Certificate Generation Example
------------------------------
**Note** _The following example does not follow best practice for
creating and running a CA or creating certificates. It is for testing
or possibly for use in a small environment. Sloppy security is as bad
as no security._
In this example, we are going to put everything in the
`/usr/local/nagios/etc/ssl` directory. You may want to use the more
common `/etc/ssl` directory, or somewhere else entirely.
We are going to assume your company name is Foo Widgets, LLC; the
server running the nagios process (and thus the check_nrpe program)
is called `nag_serv`; and there are two Linux machines that will
run the nrpe daemon: `db_server` and `bobs_workstation`.
#### Set up the directories
As root, do the following:
mkdir -p -m 750 /usr/local/nagios/etc/ssl
chown root:nagios /usr/local/nagios/etc/ssl
cd /usr/local/nagios/etc/ssl
mkdir -m 750 ca
chown root:root ca
mkdir -m 750 server_certs
chown root:nagios server_certs
mkdir -m 750 client_certs
chown root:nagios client_certs
#### Create Certificate Authority
If you want to validate client or server certificates, you will need
to create a Certificate Authority (CA) that will sign all client and
server certificates. If your organization already has a CA, you can
use that.
As root, do the following:
cd /usr/local/nagios/etc/ssl/ca
openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem \
-out ca_cert.pem -utf8 -days 3650
When asked, enter a passphrase. Then follow the prompts. You will
probably want to include `CA` or `Certificate Authority` in for
`Organizational Unit Name` and `Common Name`. For example:
Organization Name (eg, company) []:Foo Widgets LLC
Organizational Unit Name (eg, section) []:Foo Certificate Authority
Common Name (e.g. server FQDN or YOUR name) []:Foo Nagios CA
#### Create NRPE Server Certificate Requests
For each of the hosts that will be running the nrpe daemon, you will
need a server certificate. You can create a key, and the CSR
(Certificate Signing Request) separately, but the following commands
will do both with one command. As root, do the following:
cd /usr/local/nagios/etc/ssl/server_certs
openssl req -new -newkey rsa:2048 -keyout db_server.key \
-out db_server.csr -nodes
openssl req -new -newkey rsa:2048 -keyout bobs_workstation.key \
-out bobs_workstation.csr -nodes
Follow the prompts. The `-nodes` at the end of the lines tells
openssl to generate the key without a passphrase. Leave it off if you
want someone to enter a passphrase whenever the machine boots.
Now you need to sign the CSRs with your CA key.
If you have the default `/etc/openssl.cnf`, either change it, or as root, do:
cd /usr/local/nagios/etc/ssl
mkdir demoCA
mkdir demoCA/newcerts
touch demoCA/index.txt
echo "01" > demoCA/serial
chown -R root:root demoCA
chmod 700 demoCA
chmod 700 demoCA/newcerts
chmod 600 demoCA/serial
chmod 600 demoCA/index.txt
Now, sign the CSRs. As root, do the following:
cd /usr/local/nagios/etc/ssl
openssl ca -days 365 -notext -md sha256 \
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in server_certs/db_server.csr \
-out server_certs/db_server.pem
chown root:nagios server_certs/db_server.pem
chmod 440 server_certs/db_server.pem
openssl ca -days 365 -notext -md sha256 \
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in server_certs/bobs_workstation.csr \
-out server_certs/bobs_workstation.pem
chown root:nagios server_certs/bobs_workstation.pem
chmod 440 server_certs/bobs_workstation.pem
Now, copy the `db_server.pem` and `db_server.key` files to the
db_server machine, and the `bobs_workstation.pem` and
`bobs_workstation.key` files to bobs_workstation. Copy the
`ca/ca_cert.pem` file to both machines.
#### Create NRPE Client Certificate Requests
Now you need to do the same thing for the machine that will be
running the check_nrpe program.
cd /usr/local/nagios/etc/ssl/client_certs
openssl req -new -newkey rsa:2048 -keyout nag_serv.key \
-out nag_serv.csr -nodes
cd /usr/local/nagios/etc/ssl
openssl ca -extensions usr_cert -days 365 -notext -md sha256 \
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in client_certs/nag_serv.csr \
-out client_certs/nag_serv.pem
chown root:nagios client_certs/nag_serv.pem
chmod 440 client_certs/nag_serv.pem
Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`
files to the nag_serv machine, if you did the above on a different
computer.
Put the location of each computers' three files in the `nrpe.cfg`
file or in the check_nrpe command line. You should now have
encryption and, if desired, key validation.

287
README.md Normal file
View file

@ -0,0 +1,287 @@
![Nagios!](https://www.nagios.com/wp-content/uploads/2015/05/Nagios-Black-500x124.png)
Nagios Remote Plugin Executor (NRPE)
====================================
For installation instructions and information on the design overview
of the NRPE addon, please read the PDF documentation that is found in
this directory: `docs/NRPE.pdf`.
If you are upgrading from a previous version, you'll want to
check the [Changelog](CHANGELOG.md) and then run `./update-cfg.pl` to
add the new SSL parameters to your config file.
TL;DR: You can jump straight to [Compiling](#compiling) and
[Installing](#installing)
You'll want to read up on the [Security](SECURITY.md) document
regarding NRPE, no doubt.
And make sure to check out the [SSL Readme](README.SSL.md) as well,
if you plan on using encryption methods to transmit `nrpe` data.
Purpose
-------
The purpose of this addon is to allow you to execute Nagios
plugins on a remote host in as transparent a manner as possible.
Contents
--------
There are two pieces to this addon:
1. `nrpe`
This program runs as a background process on the
remote host and processes command execution requests
from the check_nrpe plugin on the Nagios host.
Upon receiving a plugin request from an authorized
host, it will execute the command line associated
with the command name it received and send the
program output and return code back to the
check_nrpe plugin
2. `check_nrpe`
This is a plugin that is run on the Nagios host
and is used to contact the NRPE process on remote
hosts. The plugin requests that a plugin be
executed on the remote host and wait for the NRPE
process to execute the plugin and return the result.
The plugin then uses the output and return code
from the plugin execution on the remote host for
its own output and return code.
Compiling
---------
If you are having any problems compiling on your system,
please let us know (preferrably with fixes). Most users
should be able to compile `nrpe` and the `check_nrpe`
plugin with the following commands...
./configure
make all
***HINT:*** `./configure --help`
**NOTE:** If you're cloning from GitHub, you'll need to run
`autoconf` first.
**NOTE:** Since the check_nrpe plugin and nrpe daemon run
on different machines (the plugin runs on the Nagios host and
the daemon runs on the remote host), you will have to compile
the nrpe daemon on the target machine.
Installing
----------
You have a few options here. The binaries created from `make all`
were placed in your `src/` directory. You can either copy these
where they need to be, or you can run any of the following
`make install` options:
* `make install-groups-users`
Add the users and groups sepcified during `./configure`. Defaults
to nagios and nagios, respectively. You can override these with the
`./configure --with-nrpe-user=USER --with-nrpe-group=GROUP`.
* `make install`
This will run both `install-plugin` and `install-daemon`.
* `make install-plugin`
This will install the plugin by default in
`/usr/local/nagios/libexec`. You can override this
behavior by using the `--with-pluginsdir=DIR` flag during
`./configure`.
* `make install-daemon`
This will install the plugin by default in
`/usr/local/nagios/bin`. You can override this
behavior by using the `--prefix=DIR` or
`--bindir=DIR` flags during `./configure`.
* `make install-config`
This will install the sample config by default in
`/usr/local/nagios/etc`. You can override this
behavior by using the `--with-pkgsysconfdir=DIR`
flag during `./configure`.
* `make install-inetd`
`./configure` attempts to determine your inetd type.
If it finds it, it will install the appropriate inetd
script in the proper location. You can help it out with
`./configure --with-inetd-type=TYPE` where `TYPE` can be
one of: `inetd`, `xinetd`, `systemd`, `launchd`,
`smf10`, `smf11`.
* `make install-init`
`./configure` attempts to determine the appropriate
init type. If it figures it out, will install the
required startup script. You can help it out with
`./configure --with-init-type=TYPE` where TYPE can be
one of: `bsd`, `sysv`, `systemd`, `launchd`, `smf10`,
`smf11`, `upstart`, `openrc`.
If you used all the necessary `./configure` flags, you shouldn't
need to tweak your config file any at this point, and a simple
`service nrpe start` or `systemctl start nrpe.service` should
work just fine.
Configuring
-----------
A sample config file for the NRPE daemon are located in the
`sample-config/` subdirectory.
If you used the proper flags during `./configure`, this file
should contain all of the appropriate information as a starting
point.
Running Under `inetd` or `xinetd`
---------------------------------
If you plan on running nrpe under inetd or xinetd and making use
of TCP wrappers, you need to add a line to your `/etc/services`
file as follows (modify the port number as you see fit)
nrpe 5666/tcp # NRPE
The run `make install-inetd` to copy the appropriate file, or
add the appropriate line to your `/etc/inetd.conf`.
**NOTE:** If you run nrpe under inetd or xinetd, the server_port
and allowed_hosts variables in the nrpe configuration file are
ignored.
* `inetd`
After running `make install-inetd`, your `/etc/inetd.conf` file will
contain lines similar to the following:
# Enable the following entry to enable the nrpe daemon
#nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
# Enable the following entry if the nrpe daemon didn't link with libwrap
#nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag
Un-comment the appropriate line, then Restart inetd:
/etc/rc.d/init.d/inet restart
OpenBSD users can use the following command to restart inetd:
kill -HUP `cat /var/run/inet.pid`
Then add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
file to enable TCP wrapper protection for the nrpe service.
This is optional, although highly recommended.
* `xinetd`
If your system uses xinetd instead of inetd, `make install-inetd`
will create a file called `nrpe` in your `/etc/xinetd.d`
directory that contains a file similar to this:
# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
disable = yes
socket_type = stream
port = @NRPE_PORT@
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
only_from = 127.0.0.1
log_on_failure += USERID
}
* Replace `disable = yes` with `disable = no`
* Replace the `127.0.0.1` field with the IP addresses of hosts which
are allowed to connect to the NRPE daemon. This only works if xinetd was
compiled with support for tcpwrappers.
* Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
file to enable TCP wrapper protection for the nrpe service.
This is optional, although highly recommended.
* Restart xinetd:
/etc/rc.d/init.d/xinetd restart
Configuring Things On The Nagios Host
---------------------------------------
Examples for configuring the nrpe daemon are found in the sample
`nrpe.cfg` file included in this distribution. That config file
resides on the remote host(s) along with the nrpe daemon. The
check_nrpe plugin gets installed on the Nagios host. In order
to use the check_nrpe plugin from within Nagios, you will have
to define a few things in the host config file. An example
command definition for the check_nrpe plugin would look like this:
define command{
command_name check_nrpe
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
In any service definitions that use the nrpe plugin/daemon to
get their results, you would set the service check command portion
of the definition to something like this (sample service definition
is simplified for this example):
define service{
host_name someremotehost
service_description someremoteservice
check_command check_nrpe!yourcommand
... etc ...
}
where `yourcommand` is a name of a command that you define in
your `nrpe.cfg` file on the remote host (see the docs in the
sample nrpe.cfg file for more information).
License Notice
--------------
NRPE - Nagios Remote Plugin Executor
Copyright (c) 2017 Nagios Enterprises
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Questions?
----------
If you have questions about this addon, or encounter problems getting things
working along the way, your best bet for an answer or quick resolution is to check the
[Nagios Support Forums](https://support.nagios.com/forum/viewforum.php?f=5).

123
SECURITY.md Normal file
View file

@ -0,0 +1,123 @@
NRPE SECURITY README
====================
TCP Wrapper Support
-------------------
NRPE 2.x includes native support for TCP wrappers. Once you
compile NRPE you can check to see if it has wrapper support
built in by running the daemon from the command line without
any arguments like this:
./nrpe --help
Command Arguments
-----------------
NRPE 2.0 includes the ability for clients to supply arguments to
commands which should be run. Please note that this feature
should be considered a security risk, and you should only use
it if you know what you're doing!
Bash Command Substitution
-------------------------
Even with the metacharacter restrictions below, if command arguments
are enabled, it is still possible to send bash command substitutions
in the form `$(...)` as an argument. This is explicitly disabled by
default, but can be enabled by a configure-time option and a
configuration file option. Enabling this option is **VERY RISKY**
and its use is **HIGHLY DISCOURAGED**.
Enabling Arguments
------------------
To enable support for command argument in the daemon, you must
do two things:
1. Run the configure script with the `--enable-command-args`
option
2. Set the `dont_blame_nrpe` directive in the NRPE config
file to `1`.
Enabling Bash Command Substitution
----------------------------------
To enable support for arguments containing bash command substitutions,
you must do two things:
1. Enable arguments as described above
2. Include the `--enable-bash-command-substitution` configure
option when running the configure script
3. Set the `allow_bash_command_substitutions` directive in the
NRPE config file to `1`.
Nasty Metacharacters
--------------------
To help prevent some nasty things from being done by evil
clients, the following metacharacters are not allowed
in client command arguments:
| ` & > < ' \ [ ] { } ; ! \r \n
You can override these defaults by adjusting the `nasty_metachars`
flag in the config file.
Any client request which contains the above mentioned metachars
is discarded.
User/Group Restrictions
-----------------------
The NRPE daemon cannot be run with (effective) root user/group
privileges. You must run the daemon with an account that does
not have superuser rights. Use the `--with-nrpe-user` and
`--with-nrpe-group` flags during `./configure`, or the `nrpe_user`
and `nrpe_group` config file options to specify which user/group
the daemon should run as.
Encryption
----------
If you do enable support for command arguments in the NRPE daemon,
make sure that you encrypt communications either by using:
1. Stunnel (see http://www.stunnel.org for more info)
2. Native SSL support (See the [SSL Readme](README.SSL.md) file for more info)
Do **NOT** assume that just because the daemon is behind a firewall
that you are safe! ***Always encrypt NRPE traffic!***
Using Arguments
---------------
How do you use command arguments? Well, lets say you define a
command in the NRPE config file that looks like this:
command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
You could then call the check_nrpe plugin like this:
./check_nrpe -H <host> -c check_users -a 5 10
The arguments '5' and '10' get substituted into the appropriate
`$ARGx$` macros in the command (`$ARG1$` and `$ARG2$`, respectively).
The command that would be executed by the NRPE daemon would look
like this:
/usr/local/nagios/libexec/check_users -w 5 -c 10
You can supply up to 16 arguments to be passed to the command
for substitution in `$ARG$` macros (`$ARG1$` - `$ARG16$`).

64
THANKS Normal file
View file

@ -0,0 +1,64 @@
Alex Weber
Andrea Morgan-Brist
Andrew Boyce-Lewis
Andrew Ryder
Andrew Widdersheim
Bartosz Woronicz
Bas Couwenberg
benaryorg
Bill Mitchell
Bjoern Beutel
Brian Seklecki
Bryan Heden
Dan Church
Derrick Bennett
Doug Nazar
Elan Ruusamäe
Eric Mislivec
Eric Stanley
Gerhard Lausser
Graham Collinson
Grant Byers
Grégory Starck
jaclu@grm.se
Jaco Kroon
James Peterson
Jari Takkala
Jason Cook
Jobst Schmalenbach
John Frickson
John Maag
Jon Andrews
Josh Soref
Kaspersky Lab
Kevin Pendleton
Kishor Kunal Raj
Konstantin Malov
Krzysztof Oledzki
Leo Baltus
Manuel Leiner
Mark Plaksin
Matthew L. Daniel
Matthias Flacke
Niels Endres
Patric Wust
Pavel Rochnyak
peekjef72
Peter Palfrader
Philippe Kueck
Rene Klootwijk
Robert Peaslee
Ruben Kerkhof
Ryan McGarry
Ryan Ordway
Sean Finney
Spenser Reinhardt
Stefan Krüger
Stephen Smoogen
Subhendu Ghosh
Sven Nierlein
Thierry Bertaud
Ton Voon
Vadim Antipov
Yoda-BZH
Marcel Telka

7
aclocal.m4 vendored Executable file
View file

@ -0,0 +1,7 @@
m4_include([macros/ax_nagios_get_os])
m4_include([macros/ax_nagios_get_distrib])
m4_include([macros/ax_nagios_get_init])
m4_include([macros/ax_nagios_get_inetd])
m4_include([macros/ax_nagios_get_paths])
m4_include([macros/ax_nagios_get_files])
m4_include([macros/ax_nagios_get_ssl])

1431
build-aux/config.guess vendored Executable file
View file

File diff suppressed because it is too large Load diff

1807
build-aux/config.sub vendored Executable file
View file

File diff suppressed because it is too large Load diff

131
build-aux/custom_help.m4 Executable file
View file

@ -0,0 +1,131 @@
# _AC_INIT_HELP
# -------------
# Handle the `configure --help' message.
m4_define([_AC_INIT_HELP],
[m4_divert_push([HELP_BEGIN])dnl
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures m4_ifset([AC_PACKAGE_STRING],
[AC_PACKAGE_STRING],
[this package]) to adapt to many kinds of systems.
Usage: $[0] [[OPTION]]... [[VAR=VALUE]]...
[To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print \`checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for \`--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or \`..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local/nagios]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, \`make install' will install all the files in
\`/usr/local/nagios/bin', \`/usr/local/nagios/lib' etc. You can specify
an installation prefix other than \`/usr/local/nagios' using \`--prefix',
for instance \`--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR plugins, brokers, CGI [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR r/o arch.-independent data [DATAROOTDIR/PKG_NAME]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
_ACEOF
cat <<\_ACEOF]
m4_divert_pop([HELP_BEGIN])dnl
dnl The order of the diversions here is
dnl - HELP_BEGIN
dnl which may be extended by extra generic options such as with X or
dnl AC_ARG_PROGRAM. Displayed only in long --help.
dnl
dnl - HELP_CANON
dnl Support for cross compilation (--build, --host and --target).
dnl Display only in long --help.
dnl
dnl - HELP_ENABLE
dnl which starts with the trailer of the HELP_BEGIN, HELP_CANON section,
dnl then implements the header of the non generic options.
dnl
dnl - HELP_WITH
dnl
dnl - HELP_VAR
dnl
dnl - HELP_VAR_END
dnl
dnl - HELP_END
dnl initialized below, in which we dump the trailer (handling of the
dnl recursion for instance).
m4_divert_push([HELP_ENABLE])dnl
_ACEOF
fi
if test -n "$ac_init_help"; then
m4_ifset([AC_PACKAGE_STRING],
[ case $ac_init_help in
short | recursive ) echo "Configuration of AC_PACKAGE_STRING:";;
esac])
cat <<\_ACEOF
m4_divert_pop([HELP_ENABLE])dnl
m4_divert_push([HELP_END])dnl
Report bugs to m4_ifset([AC_PACKAGE_BUGREPORT], [<AC_PACKAGE_BUGREPORT>],
[the package provider]).dnl
m4_ifdef([AC_PACKAGE_NAME], [m4_ifset([AC_PACKAGE_URL], [
AC_PACKAGE_NAME home page: <AC_PACKAGE_URL>.])dnl
m4_if(m4_index(m4_defn([AC_PACKAGE_NAME]), [GNU ]), [0], [
General help using GNU software: <http://www.gnu.org/gethelp/>.])])
_ACEOF
ac_status=$?
fi
if test "$ac_init_help" = "recursive"; then
# If there are subdirs, report their specific --help.
for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
test -d "$ac_dir" ||
{ cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
continue
_AC_SRCDIRS(["$ac_dir"])
cd "$ac_dir" || { ac_status=$?; continue; }
# Check for guested configure.
if test -f "$ac_srcdir/configure.gnu"; then
echo &&
$SHELL "$ac_srcdir/configure.gnu" --help=recursive
elif test -f "$ac_srcdir/configure"; then
echo &&
$SHELL "$ac_srcdir/configure" --help=recursive
else
AC_MSG_WARN([no configuration information is in $ac_dir])
fi || ac_status=$?
cd "$ac_pwd" || { ac_status=$?; break; }
done
fi
test -n "$ac_init_help" && exit $ac_status
m4_divert_pop([HELP_END])dnl
])# _AC_INIT_HELP

501
build-aux/install-sh Executable file
View file

@ -0,0 +1,501 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2013-12-25.23; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# 'make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
tab=' '
nl='
'
IFS=" $tab$nl"
# Set DOITPROG to "echo" to test this script.
doit=${DOITPROG-}
doit_exec=${doit:-exec}
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
is_target_a_directory=possibly
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t)
is_target_a_directory=always
dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
# We allow the use of options -d and -T together, by making -d
# take the precedence; this is for compatibility with GNU install.
if test -n "$dir_arg"; then
if test -n "$dst_arg"; then
echo "$0: target directory not allowed when installing a directory." >&2
exit 1
fi
fi
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call 'install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
if test $# -gt 1 || test "$is_target_a_directory" = always; then
if test ! -d "$dst_arg"; then
echo "$0: $dst_arg: Is not a directory." >&2
exit 1
fi
fi
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
trap "ret=141; $do_exit" 13
trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names problematic for 'test' and other utilities.
case $src in
-* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
dstdir=`dirname "$dst"`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
oIFS=$IFS
IFS=/
set -f
set fnord $dstdir
shift
set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

9231
configure vendored Executable file
View file

File diff suppressed because it is too large Load diff

415
configure.ac Normal file
View file

@ -0,0 +1,415 @@
dnl Process this -*-m4-*- file with autoconf to produce a configure script.
dnl Disable caching
define([AC_CACHE_LOAD],)
define([AC_CACHE_SAVE],)
m4_include([build-aux/custom_help.m4])
AC_INIT([nrpe],[newdate],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
AC_CONFIG_SRCDIR([src/nrpe.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_PREFIX_DEFAULT(/usr/local/nagios)
PKG_NAME=nrpe
PKG_VERSION="4.1.3"
PKG_HOME_URL="http://www.nagios.org/"
PKG_REL_DATE="2024-12-10"
RPM_RELEASE=1
LANG=C
LC_ALL=C
LC_COLLATE=C
LC_CTYPE=C
LC_MESSAGES=C
LC_MONETARY=C
LC_NUMERIC=C
LC_TIME=C
AC_SUBST(PKG_NAME)
AC_SUBST(PKG_VERSION)
AC_SUBST(PKG_HOME_URL)
AC_SUBST(PKG_REL_DATE)
AC_SUBST(RPM_RELEASE)
AC_SUBST(INSTALL)
AC_SUBST(SNPRINTF_O)
AC_SUBST(LDFLAGS)
AC_SUBST(OTHERLIBS)
AC_SUBST(SOCKETLIBS)
AC_SUBST(LIBWRAPLIBS)
AC_SUBST(NRPE_INSTALL_OPTS)
AC_SUBST(log_facility)
AC_SUBST(nrpe_user)
AC_SUBST(nrpe_group)
AC_SUBST(nrpe_port)
AC_SUBST(nagios_user)
AC_SUBST(nagios_group)
AC_SUBST(NAGIOS_INSTALL_OPTS)
AC_SUBST(TARGET_VER)
AC_SUBST(TARGET_OS)
AC_SUBST(TARGET_ARCH)
AC_SUBST(TARGET_PLATFORM)
dnl Figure out how to invoke "install" and what install options to use.
AC_PROG_INSTALL
dnl Get O/S, Distribution, init, inetd, system-specific directories
AC_NAGIOS_GET_OS
AC_NAGIOS_GET_DISTRIB_TYPE
AC_NAGIOS_GET_INIT
AC_NAGIOS_GET_INETD
AC_NAGIOS_GET_PATHS
AC_NAGIOS_GET_FILES
if test "$dist_type" = solaris -a "$dist_ver" = 10; then
AC_DEFINE(SOLARIS_10,yes)
fi
dnl Do they just want to see where things will go?
if test x${showdirs_only} = xyes; then
AC_CONFIG_FILES([paths])
AC_OUTPUT()
chmod 755 paths
./paths
exit 0
fi
AC_CONFIG_HEADERS([include/config.h])
AC_CONFIG_FILES([Makefile
src/Makefile
nrpe.spec
uninstall
sample-config/nrpe.cfg
startup/bsd-init
startup/debian-init
startup/default-init
startup/default-inetd
startup/default-service
startup/default-socket
startup/default-socket-svc
startup/default-xinetd
startup/mac-init.plist
startup/mac-inetd.plist
startup/newbsd-init
startup/openbsd-init
startup/openrc-conf
startup/openrc-init
startup/solaris-init.xml
startup/solaris-inetd.xml
startup/tmpfile.conf
startup/upstart-init
startup/rh-upstart-init
include/common.h
])
dnl Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
dnl Checks for header files.
AC_HEADER_STDC
AC_HEADER_TIME
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h)
AC_CHECK_HEADERS(netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h)
AC_CHECK_HEADERS(tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h)
AC_CHECK_HEADERS(sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
AC_CHECK_HEADERS(paths.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_STRUCT_TM
AC_TYPE_MODE_T
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_TYPE_SIGNAL
AC_TYPE_GETGROUPS
dnl Check lengths for later tests of u_int32_t and int32_t
AC_CHECK_SIZEOF(int)
AC_CHECK_SIZEOF(short)
AC_CHECK_SIZEOF(long)
dnl Define u_int32_t if we don't have it already (Solaris, etc.)
AC_CHECK_TYPE(uint32_t,unsigned int)
AC_CHECK_TYPE(u_int32_t,unsigned int)
if test "$ac_cv_type_u_int32_t" = no ; then
if test "$ac_cv_type_u_int32_t" = yes ; then
AC_DEFINE(U_INT32_T_IS_UINT32_T,[1],[u_int32_t is uint32_t])
else
if test "$ac_cv_sizeof_int" = 4 ; then
AC_DEFINE(U_INT32_T_IS_UINT,[1],[u_int32_t is uint])
else
if test "$ac_cv_sizeof_long" = 4 ; then
AC_DEFINE(U_INT32_T_IS_ULONG,[1],[u_int32_t is ulong])
else
if test "$ac_cv_sizeof_short" = 4 ; then
AC_DEFINE(U_INT32_T_IS_USHORT,[1],[u_int32_t is ushort])
fi
fi
fi
fi
fi
dnl Define int32_t if we don't have it already
AC_CHECK_TYPE(int32_t,int)
if test "$ac_cv_type_int32_t" = no ; then
if test "$ac_cv_sizeof_int" = 4 ; then
AC_DEFINE(INT32_T_IS_UINT,[1],[int32_t is uint])
else
if test "$ac_cv_sizeof_long" = 4 ; then
AC_DEFINE(INT32_T_IS_ULONG,[1],[int32_t is ulong])
else
if test "$ac_cv_sizeof_short" = 4 ; then
AC_DEFINE(INT32_T_IS_USHORT,[1],[int32_t is ushort])
fi
fi
fi
fi
dnl Check for struct sockaddr_storate
AC_CHECK_TYPES([struct sockaddr_storage],[],[],[#include <sys/socket.h>])
dnl Should we use seteuid() or setresuid()?
AC_CHECK_FUNC(seteuid,
AC_DEFINE(SETEUID(id),[seteuid(id)]),
AC_DEFINE(SETEUID(id),[setresuid((uid_t) -1, id, (uid_t) -1)])
)
dnl Check for asprintf() and friends...
AC_CACHE_CHECK([for va_copy],ac_cv_HAVE_VA_COPY,[
AC_TRY_LINK([#include <stdarg.h>
va_list ap1,ap2;], [va_copy(ap1,ap2);],
ac_cv_HAVE_VA_COPY=yes,
ac_cv_HAVE_VA_COPY=no)])
if test x"$ac_cv_HAVE_VA_COPY" = x"yes"; then
AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
else
AC_CACHE_CHECK([for __va_copy],ac_cv_HAVE___VA_COPY,[
AC_TRY_LINK([#include <stdarg.h>
va_list ap1,ap2;], [__va_copy(ap1,ap2);],
ac_cv_HAVE___VA_COPY=yes,
ac_cv_HAVE___VA_COPY=no)])
if test x"$ac_cv_HAVE___VA_COPY" = x"yes"; then
AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
fi
fi
AC_CHECK_FUNC(vsnprintf,,SNPRINTF_O=./snprintf.o)
AC_CHECK_FUNC(snprintf,,SNPRINTF_O=./snprintf.o)
AC_CHECK_FUNC(asprintf,,SNPRINTF_O=./snprintf.o)
AC_CHECK_FUNC(vasprintf,,SNPRINTF_O=./snprintf.o)
AC_CACHE_CHECK([for C99 vsnprintf],ac_cv_HAVE_C99_VSNPRINTF,[
AC_TRY_RUN([
#include <sys/types.h>
#include <stdarg.h>
void foo(const char *format, ...) {
va_list ap;
int len;
char buf[5];
va_start(ap, format);
len = vsnprintf(buf, 0, format, ap);
va_end(ap);
if (len != 5) exit(1);
va_start(ap, format);
len = vsnprintf(0, 0, format, ap);
va_end(ap);
if (len != 5) exit(1);
if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
exit(0);
}
main() { foo("hello"); }
],
ac_cv_HAVE_C99_VSNPRINTF=yes,ac_cv_HAVE_C99_VSNPRINTF=no,ac_cv_HAVE_C99_VSNPRINTF=cross)])
if test x"$ac_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Define if system has C99 compatible vsnprintf])
fi
dnl AC_CHECK_FUNC(snprintf,AC_DEFINE(HAVE_SNPRINTF),SNPRINTF_O=./snprintf.o)
dnl Check for getopt_long (Solaris)
AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OTHERLIBS -liberty"))
dnl Checks for library functions.
AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
AC_ARG_ENABLE([tcpd],
AS_HELP_STRING([--disable-tcpd],[disables support for tcpd even if present]),[
if test x$enableval = xyes; then
check_for_tcpd=yes
else
check_for_tcpd=no
fi
],check_for_tcpd=optional)
AC_MSG_CHECKING(check_for_tcpd=$check_for_tcpd)
if test x$check_for_tcpd != xno; then
AC_CHECK_LIB(wrap,main,[
LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
AC_TRY_LINK([#include <tcpd.h>
],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
],[
if test x$check_for_tcpd = xyes; then
AC_MSG_ERROR(--enable-tcpd specified but unable to locate libwrap.)
fi
])
fi
AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir)
dnl socklen_t check - from curl
AC_CHECK_TYPE([socklen_t], ,[
AC_MSG_CHECKING([for socklen_t equivalent])
AC_CACHE_VAL([curl_cv_socklen_t_equiv],
[
# Systems have either "struct sockaddr *" or
# "void *" as the second argument to getpeername
curl_cv_socklen_t_equiv=
for arg2 in "struct sockaddr" void; do
for t in int size_t unsigned long "unsigned long"; do
AC_TRY_COMPILE([
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
int getpeername (int, $arg2 *, $t *);
],[
$t len;
getpeername(0,0,&len);
],[
curl_cv_socklen_t_equiv="$t"
break
])
done
done
if test "x$curl_cv_socklen_t_equiv" = x; then
AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
fi
])
AC_MSG_RESULT($curl_cv_socklen_t_equiv)
AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
[type to use in place of socklen_t if not defined])],
[#include <sys/types.h>
#include <sys/socket.h>])
AC_MSG_CHECKING(for type of socket size)
AC_TRY_COMPILE([#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
],
[int a = send(1, (const void *)0, (size_t *) 0, (int *) 0);],
[AC_DEFINE(SOCKET_SIZE_TYPE, size_t, [Socket Size Type]) AC_MSG_RESULT(size_t)],
[AC_DEFINE(SOCKET_SIZE_TYPE, int, [Socket Size Type]) AC_MSG_RESULT(int)])
dnl Does user want to check for SSL?
AC_ARG_ENABLE([ssl],
AS_HELP_STRING([--disable-ssl],[disables native SSL support @<:@default=check@:>@]),[
if test x$enableval = xyes; then
check_for_ssl=yes
else
check_for_ssl=no
fi
],check_for_ssl=yes)
need_dh=yes
AC_ARG_WITH([need_dh],
AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]),
[need_dh=$withval],
[nrpe_group=need_dh])
dnl Optional SSL library and include paths
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
#need_dh=yes
AC_NAGIOS_GET_SSL
fi
AC_ARG_WITH([log_facility],
AS_HELP_STRING([--with-log-facility=<facility>],
[sets NRPE syslog facility]),
[log_facility=$withval],
[log_facility=daemon])
AC_DEFINE_UNQUOTED(NRPE_LOG_FACILITY,["$log_facility"],[NRPE syslog facility])
AC_ARG_WITH([nrpe_user],
AS_HELP_STRING([--with-nrpe-user=<user>],[sets user name to run NRPE]),
[nrpe_user=$withval],
[nrpe_user=nagios])
AC_ARG_WITH([nrpe_group],
AS_HELP_STRING([--with-nrpe-group=<group>],[sets group name to run NRPE]),
[nrpe_group=$withval],
[nrpe_group=nagios])
AC_ARG_WITH([nrpe_port],
AS_HELP_STRING([--with-nrpe-port=<port>],
[sets port number for NRPE to listen on]),
[nrpe_port=$withval],
[nrpe_port=5666])
NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
AC_DEFINE_UNQUOTED(DEFAULT_SERVER_PORT,$nrpe_port,[Default port for NRPE daemon])
AC_ARG_WITH([nagios_user],
AS_HELP_STRING([--with-nagios-user=<user>],
[sets user name for file permissions]),
[nagios_user=$withval],
[nagios_user=nagios])
AC_ARG_WITH([nagios_group],
AS_HELP_STRING([--with-nagios-group=<grp>],
[sets group name file permissions]),
[nagios_group=$withval],
[nagios_group=nagios])
NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
dnl On HP-UX the compile will fail with a 'Duplicate symbol "setenv"' error
dnl in '/usr/local/lib/libwrap.a(setenv.o)' and '/usr/local/lib/libiberty.a(setenv.o)'
dnl so allow duplicate symbols, and use the first one
if test "`uname -s`" = "HP-UX" ; then
LDFLAGS="$LDFLAGS -Wl,+allowdups";
fi
AC_ARG_ENABLE([command-args],
AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
AC_ARG_ENABLE([bash-command-substitution],
AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
AC_DEFINE_UNQUOTED(ENABLE_BASH_COMMAND_SUBSTITUTION,[1],[Enable bash command substitution]))
AC_PATH_PROG(PERL,perl)
AC_OUTPUT()
dnl Review options
echo ""
echo ""
AC_MSG_RESULT([*** Configuration summary for $PKG_NAME $PKG_VERSION $PKG_REL_DATE ***:])
echo "";\
echo " General Options:";\
echo " -------------------------"
AC_MSG_RESULT([ NRPE port: $nrpe_port])
AC_MSG_RESULT([ NRPE user: $nrpe_user])
AC_MSG_RESULT([ NRPE group: $nrpe_group])
AC_MSG_RESULT([ Nagios user: $nagios_user])
AC_MSG_RESULT([ Nagios group: $nagios_group])
echo "";\
echo "";\
echo "Review the options above for accuracy. If they look okay,";\
echo "type 'make all' to compile the NRPE daemon and client";\
echo "or type 'make' to get a list of make options.";\
echo ""

64
contrib/README.nrpe_check_control Normal file
View file

@ -0,0 +1,64 @@
NOTES:
------
The service definition below assumes you have a command called "check_tcp" already setup
in your config files.
The command definition below assumes that the $USER1$ macro is used to define the location
of your Nagios plugins (i.e. "/usr/local/nagios/libexec") and that the nrpe_check_control
service is located in that directory.
SAMPLE CONFIG FILE SNIPPETS:
----------------------------
define service {
host_name <host name goes here>
description NRPE
...
event_handler nrpe_check_control
check_command check_tcp!-p 5666
}
define command {
command_name nrpe_check_control
command_line $USER1$/nrpe_check_control $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$ "$HOSTNAME$"
}
ORIGINAL EMAIL SNIPPET:
-----------------------
Date sent: Fri, 30 Mar 2001 18:51:48 -0500
From: adam.bowen@<>
Subject: Event Handler
To: [nagios@nagios.org]
I am attaching the source code for an event handler I wrote to
control checks using nrpe. I add the following check to all remote hosts
using nrpe:
<see example above>
I added this line to the commands.cfg file:
<see example above>
When the NRPE service check listed above has 3 failed connection
attempts, it will run the nrpe_check_control which will search the
services file for all services for $HOSTNAME$ that use the check_nrpe.
It will then request that all these services be disabled. When the
NRPE check returns to the OK state, it will request that all services
using check_nrpe be re-enabled. This will prevent unnecessary e-mail
when there is a problem with the NRPE daemon. This does require
that external commands be enabled.
(See attached file: nrpe_check_control.c)
I thought some other [Nagios] users might find this useful.
Adam G. Bowen

121
contrib/nrpe_check_control.c Normal file
View file

@ -0,0 +1,121 @@
#include <stdio.h>
#include <string.h>
#include <time.h>
#define MAX_CHARS 1024
#define SERVICE_COUNT 12
#define COMMAND_FILE "/usr/local/nagios/var/rw/nagios.cmd"
#define SERVICES_FILE "/usr/local/nagios/etc/services.cfg"
int main(int argc, char *argv[])
{
char check_name[MAX_CHARS];
char ent_type[MAX_CHARS];
char input_buffer[MAX_CHARS];
char host_name[MAX_CHARS];
char service_name[MAX_CHARS];
char state[MAX_CHARS];
char state_type[MAX_CHARS];
char temp_input[MAX_CHARS];
char temp_string[MAX_CHARS];
char test_host[MAX_CHARS];
char *temp_var;
FILE *command_fp;
FILE *services_fp;
int attempt;
int i;
time_t current_time;
strcpy(state,argv[1]);
strcpy(state_type,argv[2]);
attempt=atoi(argv[3]);
strcpy(host_name,argv[4]);
if(strcmp(state,"OK") == 0)
{
services_fp=fopen(SERVICES_FILE,"r");
command_fp=fopen(COMMAND_FILE,"a");
while((fgets(input_buffer,MAX_CHARS-1,services_fp)) != NULL)
{
if(input_buffer[0]=='#' || input_buffer[0]=='\x0' || input_buffer[0]=='\n' || input_buffer[0]=='\r')
{
continue;
}
else
{
strcpy(temp_input,input_buffer);
strcpy(temp_string,strtok(temp_input,"="));
strcpy(ent_type,strtok(temp_string,"["));
if(strcmp(ent_type,"service") == 0)
{
strcpy(test_host,strtok(NULL,"]"));
if(strcmp(test_host,host_name) == 0)
{
temp_var=strtok(input_buffer,"=");
strcpy(service_name,strtok(NULL,";"));
for(i=1;i<=SERVICE_COUNT;i++)
{
temp_var=strtok(NULL,";");
}
strcpy(check_name,strtok(temp_var,"!"));
if(strcmp(check_name,"check_nrpe") == 0)
{
time(&current_time);
fprintf(command_fp,"[%lu] ENABLE_SVC_CHECK;%s;%s\n",current_time,host_name,service_name);
}
}
}
}
}
fclose(command_fp);
fclose(services_fp);
}
else if(strcmp(state,"CRITICAL") == 0)
{
if(attempt == 3)
{
services_fp=fopen(SERVICES_FILE,"r");
command_fp=fopen(COMMAND_FILE,"a");
while((fgets(input_buffer,MAX_CHARS-1,services_fp)) != NULL)
{
if(input_buffer[0]=='#' || input_buffer[0]=='\x0' || input_buffer[0]=='\n' || input_buffer[0]=='\r')
{
continue;
}
else
{
strcpy(temp_input,input_buffer);
strcpy(temp_string,strtok(temp_input,"="));
strcpy(ent_type,strtok(temp_string,"["));
if(strcmp(ent_type,"service") == 0)
{
strcpy(test_host,strtok(NULL,"]"));
if(strcmp(test_host,host_name) == 0)
{
temp_var=strtok(input_buffer,"=");
strcpy(service_name,strtok(NULL,";"));
for(i=1;i<=SERVICE_COUNT;i++)
{
temp_var=strtok(NULL,";");
}
strcpy(check_name,strtok(temp_var,"!"));
if(strcmp(check_name,"check_nrpe") == 0)
{
time(&current_time);
fprintf(command_fp,"[%lu] DISABLE_SVC_CHECK;%s;%s\n",current_time,host_name,service_name);
}
}
}
}
}
fclose(command_fp);
fclose(services_fp);
}
}
return 0;
}

BIN
docs/NRPE.odt Normal file
View file

Binary file not shown.

BIN
docs/NRPE.pdf Normal file
View file

Binary file not shown.

73
include/acl.h Normal file
View file

@ -0,0 +1,73 @@
/****************************************************************************
*
* acl.h - header file for acl.c
*
* License: GPLv2
* Copyright (c) 2011 Kaspersky Lab ZAO
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#ifndef ACL_H_INCLUDED
#define ACL_H_INCLUDED 1
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <syslog.h>
#include <stdarg.h>
#define CHAR_TO_NUMBER(c) ((c) - '0')
struct ip_acl {
int family;
struct in_addr addr;
struct in_addr mask;
struct in6_addr addr6;
struct in6_addr mask6;
struct ip_acl *next;
};
struct dns_acl {
char domain[255];
struct dns_acl *next;
};
/* Pointers to head ACL structs */
static struct ip_acl *ip_acl_head, *ip_acl_prev;
static struct dns_acl *dns_acl_head, *dns_acl_prev;
/* Functions */
void parse_allowed_hosts(char *allowed_hosts);
int add_ipv4_to_acl(char *ipv4);
int add_ipv6_to_acl(char *ipv6);
int add_domain_to_acl(char *domain);
//int is_an_allowed_host(struct in_addr);
int is_an_allowed_host(int, void *);
unsigned int prefix_from_mask(struct in_addr mask);
void show_acl_lists(void);
#endif /* ACL_H_INCLUDED */

120
include/common.h.in Normal file
View file

@ -0,0 +1,120 @@
/****************************************************************************
*
* common.h - NRPE Common header file
*
* License: GPLv2
* Copyright (c) 2006-2017 Nagios Enterprises
* 1999-2006 Ethan Galstad (nagios@nagios.org)
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#include "config.h"
#define SSL_TYPE_@SSL_TYPE@
#ifdef HAVE_SSL
#include <@SSL_INC_PREFIX@@SSL_HDR@>
# ifdef SSL_TYPE_openssl
# include <@SSL_INC_PREFIX@err.h>
# include <@SSL_INC_PREFIX@rand.h>
# include <@SSL_INC_PREFIX@engine.h>
# include <@SSL_INC_PREFIX@evp.h>
# endif
#endif
#define PROGRAM_VERSION "4.1.3"
#define MODIFICATION_DATE "2024-12-10"
#define OK 0
#define ERROR -1
#define TRUE 1
#define FALSE 0
#define STATE_UNKNOWN 3 /* service state return codes */
#define STATE_CRITICAL 2
#define STATE_WARNING 1
#define STATE_OK 0
#define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */
#define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */
#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */
#define MAX_FILENAME_LENGTH 256
#define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */
#define MAX_COMMAND_ARGUMENTS 16
#define NRPE_HELLO_COMMAND "_NRPE_CHECK"
/**************** PACKET STRUCTURE DEFINITION **********/
#define QUERY_PACKET 1 /* id code for a packet containing a query */
#define RESPONSE_PACKET 2 /* id code for a packet containing a response */
/* v4 takes struct padding into account, so the buffer "takes" 4 bytes
* v3 removes the 1 byte that "should" be allocated to buffer.
*/
#define NRPE_V4_PACKET_SIZE_OFFSET 4
#define NRPE_V3_PACKET_SIZE_OFFSET 1
/* packet version identifiers */
#define NRPE_PACKET_VERSION_4 4 /* Same as version 3, but accounts for struct padding in network code */
#define NRPE_PACKET_VERSION_3 3 /* Allows for variable-length buffer */
#define NRPE_PACKET_VERSION_2 2
#define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */
#define MAX_PACKETBUFFER_LENGTH 1024 /* amount of data to send in one query/response vor version 2 */
#define NRPE_DEFAULT_PACKET_VERSION NRPE_PACKET_VERSION_4
typedef struct _v2_packet {
int16_t packet_version;
int16_t packet_type;
u_int32_t crc32_value;
int16_t result_code;
char buffer[MAX_PACKETBUFFER_LENGTH];
} v2_packet;
typedef struct _v3_packet {
int16_t packet_version;
int16_t packet_type;
u_int32_t crc32_value;
int16_t result_code;
int16_t alignment;
int32_t buffer_length;
char buffer[1];
} v3_packet;
typedef v3_packet v4_packet;
/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
#if defined(__sun) || defined(__hpux)
# ifndef LOG_AUTHPRIV
# define LOG_AUTHPRIV LOG_AUTH
# endif
# ifndef LOG_FTP
# define LOG_FTP LOG_DAEMON
# endif
#elif defined(_AIX)
# include <sys/select.h>
# ifndef LOG_FTP
# define LOG_FTP LOG_DAEMON
# endif
#endif

358
include/config.h.in Normal file
View file

@ -0,0 +1,358 @@
/****************************************************************************
*
* config.h - NRPE Configuration header file
*
* License: GPLv2
* Copyright (c) 2006-2017 Nagios Enterprises
* 1999-2006 Ethan Galstad (nagios@nagios.org)
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#ifndef _CONFIG_H
#define _CONFIG_H
#include <stdio.h>
#include <stdlib.h>
/* Default port for NRPE daemon */
#undef DEFAULT_SERVER_PORT
/* NRPE syslog facility */
#undef NRPE_LOG_FACILITY
/* Enable command-line arguments */
#undef ENABLE_COMMAND_ARGUMENTS
/* Enable bash command substitution */
#undef ENABLE_BASH_COMMAND_SUBSTITUTION
/* type to use in place of socklen_t if not defined */
#undef socklen_t
/* Define to 1 if you have the `getopt_long' function. */
#undef HAVE_GETOPT_LONG
/* Have the TCP wrappers library */
#undef HAVE_LIBWRAP
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if you have the `strdup' function. */
#undef HAVE_STRDUP
/* Define to 1 if you have the `strstr' function. */
#undef HAVE_STRSTR
/* Define to 1 if you have the `strtoul' function. */
#undef HAVE_STRTOUL
/* Define to 1 if you have the `strtok_r' function. */
#undef HAVE_STRTOK_R
/* Define to 1 if you have the `initgroups' function. */
#undef HAVE_INITGROUPS
/* Define to 1 if you have the `closesocket' function. */
#undef HAVE_CLOSESOCKET
/* Define to 1 if you have the `sigaction' function. */
#undef HAVE_SIGACTION
/* Define to 1 if you have the `scandir' function. */
#undef HAVE_SCANDIR
/* Set to 1 if you have rfc931_timeout */
#undef HAVE_RFC931_TIMEOUT
/* The size of `int', as computed by sizeof. */
#undef SIZEOF_INT
/* The size of `short', as computed by sizeof. */
#undef SIZEOF_SHORT
/* The size of `long', as computed by sizeof. */
#undef SIZEOF_LONG
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Set to 1 to use SSL DH */
#undef USE_SSL_DH
/* Define to auto configure SSL DH parameters */
#undef AUTO_SSL_DH
/* stupid stuff for u_int32_t */
#undef U_INT32_T_IS_USHORT
#undef U_INT32_T_IS_UINT
#undef U_INT32_T_IS_ULONG
#undef U_INT32_T_IS_UINT32_T
#ifdef U_INT32_T_IS_USHORT
typedef unsigned short u_int32_t;
#endif
#ifdef U_INT32_T_IS_ULONG
typedef unsigned long u_int32_t;
#endif
#ifdef U_INT32_T_IS_UINT
typedef unsigned int u_int32_t;
#endif
#ifdef U_INT32_T_IS_UINT32_t
typedef uint32_t u_int32_t;
#endif
/* stupid stuff for int32_t */
#undef INT32_T_IS_SHORT
#undef INT32_T_IS_INT
#undef INT32_T_IS_LONG
#ifdef INT32_T_IS_USHORT
typedef short int32_t;
#endif
#ifdef INT32_T_IS_ULONG
typedef long int32_t;
#endif
#ifdef INT32_T_IS_UINT
typedef int int32_t;
#endif
/***** ASPRINTF() AND FRIENDS *****/
/* Whether vsnprintf() is available */
#undef HAVE_VSNPRINTF
/* Whether snprintf() is available */
#undef HAVE_SNPRINTF
/* Whether aprintf() is available */
#undef HAVE_ASPRINTF
/* Whether vaprintf() is available */
#undef HAVE_VASPRINTF
/* Define if system has C99 compatible vsnprintf */
#undef HAVE_C99_VSNPRINTF
/* Whether va_copy() is available */
#undef HAVE_VA_COPY
/* Whether __va_copy() is available */
#undef HAVE___VA_COPY
/* Socket Size Type */
#undef SOCKET_SIZE_TYPE
/* Define to the type of elements in the array set by `getgroups'. Usually
this is either `int' or `gid_t'. */
#undef GETGROUPS_T
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
/* Define to 1 if the system has the type `struct sockaddr_storage'. */
#undef HAVE_STRUCT_SOCKADDR_STORAGE
/* Use seteuid() or setresuid() depending on the platform */
#undef SETEUID
/* Set to 1 if we are on Solaris 10 */
#undef SOLARIS_10
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
#ifdef HAVE_STRING_H
#include <string.h>
#endif
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
/* Define to 1 if you have the <signal.h> header file. */
#undef HAVE_SIGNAL_H
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
/* Define to 1 if you have the <sys/wait.h> header file. */
#undef HAVE_SYS_WAIT_H
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifndef WEXITSTATUS
# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
#endif
#ifndef WIFEXITED
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
#endif
/* Define to 1 if you have the <errno.h> header file. */
#undef HAVE_ERRNO_H
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
# endif
#endif
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
/* Define to 1 if you have the <socket.h> header file. */
#undef HAVE_SOCKET_H
#ifdef HAVE_SOCKET_H
#include <socket.h>
#endif
/* Define to 1 if you have the <tcpd.h> header file. */
#undef HAVE_TCPD_H
#ifdef HAVE_TCPD_H
#include <tcpd.h>
#endif
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
/* Define to 1 if you have the <ctype.h> header file. */
#undef HAVE_CTYPE_H
#ifdef HAVE_CTYPE_H
#include <ctype.h>
#endif
/* Define to 1 if you have the <pwd.h> header file. */
#undef HAVE_PWD_H
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
/* Define to 1 if you have the <grp.h> header file. */
#undef HAVE_GRP_H
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
/* Define to 1 if you have the <dirent.h> header file. */
#undef HAVE_DIRENT_H
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
/* Have SSL support */
#undef HAVE_SSL
#undef OPENSSL_V3
/* Have the krb5.h header file */
#undef HAVE_KRB5_H
#ifdef HAVE_KRB5_H
#include <krb5.h>
#endif
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#else
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#endif
/* Define to 1 if you have the <paths.h> header file. */
#undef HAVE_PATHS_H
/* Define to 1 if you have the <sys/resource.h> header file. */
#undef HAVE_SYS_RESOURCE_H
#endif

47
include/nrpe-ssl.h Normal file
View file

@ -0,0 +1,47 @@
/* SSL/TLS parameters */
typedef enum _SSL_VER {
SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus, TLSv1_3, TLSv1_3_plus
} SslVer;
typedef enum _CLNT_CERTS {
ClntCerts_Unknown = 0, Ask_For_Cert = 1, Require_Cert = 2
} ClntCerts;
typedef enum _SSL_LOGGING {
SSL_NoLogging = 0, SSL_LogStartup = 1, SSL_LogIpAddr = 2,
SSL_LogVersion = 4, SSL_LogCipher = 8, SSL_LogIfClientCert = 16,
SSL_LogCertDetails = 32
} SslLogging;
typedef struct _SSL_PARMS {
char *cert_file;
char *cacert_file;
char *privatekey_file;
char cipher_list[MAX_FILENAME_LENGTH];
SslVer ssl_proto_ver;
int allowDH;
ClntCerts client_certs;
SslLogging log_opts;
} SslParms;
#ifdef HAVE_SSL
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
extern SSL_METHOD *meth;
# else
extern const SSL_METHOD *meth;
# endif
extern SSL_CTX *ctx;
extern SslParms sslprm;
#endif
extern int use_ssl;
void ssl_initialize(void);
void ssl_set_protocol_version(SslVer ssl_proto_ver, unsigned long *ssl_opts);
void ssl_log_startup(int server);
int ssl_load_certificates(void);
int ssl_set_ciphers(void);
int ssl_verify_callback_common(int preverify_ok, X509_STORE_CTX * ctx, int is_invalid);

71
include/nrpe.h Normal file
View file

@ -0,0 +1,71 @@
/****************************************************************************
*
* nrpe.h - Nagios Remote Plugin Executor header file
*
* License: GPLv2
* Copyright (c) 2006-2017 Nagios Enterprises
* 1999-2006 Ethan Galstad (nagios@nagios.org)
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#include <limits.h>
typedef struct command_struct {
char *command_name;
char *command_line;
struct command_struct *next;
} command;
int init(void);
void init_ssl(void);
void log_ssl_startup(void);
void usage(int);
void run_inetd(void);
void run_src(void);
void run_daemon(void);
void set_stdio_sigs(void);
void cleanup(void);
int read_config_file(char *);
int read_config_dir(char *);
int get_log_facility(char *);
int add_command(char *,char *);
command *find_command(char *);
void create_listener(struct addrinfo *ai);
void wait_for_connections(void);
void setup_wait_conn(void);
int wait_conn_fork(int sock);
void conn_check_peer(int sock);
void handle_connection(int);
void init_handle_conn(void);
int handle_conn_ssl(int sock, void *ssl_ptr);
int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt);
void free_memory(void);
int my_system(char*, int, int*, char**); /* executes a command via popen(), but also protects against timeouts */
void my_system_sighandler(int); /* handles timeouts when executing commands via my_system() */
void my_connection_sighandler(int); /* handles timeouts of connection */
int drop_privileges(char *,char *, int);
int write_pid_file(void);
int remove_pid_file(void);
int check_privileges(void);
void sighandler(int);
void child_sighandler(int);
int validate_request(v2_packet *, v3_packet *);
int contains_nasty_metachars(char *);
int process_macros(char *,char *,int);
int process_arguments(int,char **);

54
include/utils.h Normal file
View file

@ -0,0 +1,54 @@
/****************************************************************************
*
* utils.h - NRPE Utility Functions header file
*
* License: GPLv2
* Copyright (c) 2009-2017 Nagios Enterprises
* 1999-2008 Ethan Galstad (nagios@nagios.org)
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#ifndef NRPE_UTILS_H_INCLUDED
#define NRPE_UTILS_H_INCLUDED
#include "../include/config.h"
void generate_crc32_table(void);
unsigned long calculate_crc32(char*, int);
void randomize_buffer(char*,int);
int my_tcp_connect(char*, int, int*);
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*, int);
#else
int my_connect(const char*, struct sockaddr*, u_short, int, const char*, int);
#endif
void add_listen_addr(struct addrinfo**, int, char*, int);
int clean_environ(const char *keep_env_vars, const char *nrpe_user);
char* strip(char*);
int sendall(int, char*, int*);
int recvall(int, char*, int*, int);
char *my_strsep(char**, const char*);
void open_log_file();
void logit(int priority, const char *format, ...);
void close_log_file();
void display_license(void);
extern int disable_syslog;
#endif

1
macros/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
nbproject/

7
macros/CHANGELOG.md Normal file
View file

@ -0,0 +1,7 @@
1.0.1
-----
* Fix bug determining inetd,xinetd if neither are running (Bryan Heden)
1.0.0
-----
* Initial Release (John Frickson)

264
macros/LICENSE Normal file
View file

@ -0,0 +1,264 @@
The GNU General Public License, Version 2, June 1991 (GPLv2)
============================================================
> Copyright (C) 1989, 1991 Free Software Foundation, Inc.
> 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
Preamble
--------
The licenses for most software are designed to take away your freedom to share
and change it. By contrast, the GNU General Public License is intended to
guarantee your freedom to share and change free software--to make sure the
software is free for all its users. This General Public License applies to most
of the Free Software Foundation's software and to any other program whose
authors commit to using it. (Some other Free Software Foundation software is
covered by the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not price. Our
General Public Licenses are designed to make sure that you have the freedom to
distribute copies of free software (and charge for this service if you wish),
that you receive source code or can get it if you want it, that you can change
the software or use pieces of it in new free programs; and that you know you can
do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny
you these rights or to ask you to surrender the rights. These restrictions
translate to certain responsibilities for you if you distribute copies of the
software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a
fee, you must give the recipients all the rights that you have. You must make
sure that they, too, receive or can get the source code. And you must show them
these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer
you this license which gives you legal permission to copy, distribute and/or
modify the software.
Also, for each author's protection and ours, we want to make certain that
everyone understands that there is no warranty for this free software. If the
software is modified by someone else and passed on, we want its recipients to
know that what they have is not the original, so that any problems introduced by
others will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish
to avoid the danger that redistributors of a free program will individually
obtain patent licenses, in effect making the program proprietary. To prevent
this, we have made it clear that any patent must be licensed for everyone's free
use or not licensed at all.
The precise terms and conditions for copying, distribution and modification
follow.
Terms And Conditions For Copying, Distribution And Modification
---------------------------------------------------------------
**0.** This License applies to any program or other work which contains a notice
placed by the copyright holder saying it may be distributed under the terms of
this General Public License. The "Program", below, refers to any such program or
work, and a "work based on the Program" means either the Program or any
derivative work under copyright law: that is to say, a work containing the
Program or a portion of it, either verbatim or with modifications and/or
translated into another language. (Hereinafter, translation is included without
limitation in the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not covered by
this License; they are outside its scope. The act of running the Program is not
restricted, and the output from the Program is covered only if its contents
constitute a work based on the Program (independent of having been made by
running the Program). Whether that is true depends on what the Program does.
**1.** You may copy and distribute verbatim copies of the Program's source code
as you receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice and
disclaimer of warranty; keep intact all the notices that refer to this License
and to the absence of any warranty; and give any other recipients of the Program
a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at
your option offer warranty protection in exchange for a fee.
**2.** You may modify your copy or copies of the Program or any portion of it,
thus forming a work based on the Program, and copy and distribute such
modifications or work under the terms of Section 1 above, provided that you also
meet all of these conditions:
* **a)** You must cause the modified files to carry prominent notices stating
that you changed the files and the date of any change.
* **b)** You must cause any work that you distribute or publish, that in whole
or in part contains or is derived from the Program or any part thereof, to
be licensed as a whole at no charge to all third parties under the terms of
this License.
* **c)** If the modified program normally reads commands interactively when
run, you must cause it, when started running for such interactive use in the
most ordinary way, to print or display an announcement including an
appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute
the program under these conditions, and telling the user how to view a copy
of this License. (Exception: if the Program itself is interactive but does
not normally print such an announcement, your work based on the Program is
not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable
sections of that work are not derived from the Program, and can be reasonably
considered independent and separate works in themselves, then this License, and
its terms, do not apply to those sections when you distribute them as separate
works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the entire whole,
and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise the
right to control the distribution of derivative or collective works based on the
Program.
In addition, mere aggregation of another work not based on the Program with the
Program (or with a work based on the Program) on a volume of a storage or
distribution medium does not bring the other work under the scope of this
License.
**3.** You may copy and distribute the Program (or a work based on it, under
Section 2) in object code or executable form under the terms of Sections 1 and 2
above provided that you also do one of the following:
* **a)** Accompany it with the complete corresponding machine-readable source
code, which must be distributed under the terms of Sections 1 and 2 above on
a medium customarily used for software interchange; or,
* **b)** Accompany it with a written offer, valid for at least three years, to
give any third party, for a charge no more than your cost of physically
performing source distribution, a complete machine-readable copy of the
corresponding source code, to be distributed under the terms of Sections 1
and 2 above on a medium customarily used for software interchange; or,
* **c)** Accompany it with the information you received as to the offer to
distribute corresponding source code. (This alternative is allowed only for
noncommercial distribution and only if you received the program in object
code or executable form with such an offer, in accord with Subsection b
above.)
The source code for a work means the preferred form of the work for making
modifications to it. For an executable work, complete source code means all the
source code for all modules it contains, plus any associated interface
definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code distributed
need not include anything that is normally distributed (in either source or
binary form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component itself
accompanies the executable.
If distribution of executable or object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the source code
from the same place counts as distribution of the source code, even though third
parties are not compelled to copy the source along with the object code.
**4.** You may not copy, modify, sublicense, or distribute the Program except as
expressly provided under this License. Any attempt otherwise to copy, modify,
sublicense or distribute the Program is void, and will automatically terminate
your rights under this License. However, parties who have received copies, or
rights, from you under this License will not have their licenses terminated so
long as such parties remain in full compliance.
**5.** You are not required to accept this License, since you have not signed
it. However, nothing else grants you permission to modify or distribute the
Program or its derivative works. These actions are prohibited by law if you do
not accept this License. Therefore, by modifying or distributing the Program (or
any work based on the Program), you indicate your acceptance of this License to
do so, and all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
**6.** Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the original
licensor to copy, distribute or modify the Program subject to these terms and
conditions. You may not impose any further restrictions on the recipients'
exercise of the rights granted herein. You are not responsible for enforcing
compliance by third parties to this License.
**7.** If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues), conditions
are imposed on you (whether by court order, agreement or otherwise) that
contradict the conditions of this License, they do not excuse you from the
conditions of this License. If you cannot distribute so as to satisfy
simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of
the Program by all those who receive copies directly or indirectly through you,
then the only way you could satisfy both it and this License would be to refrain
entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply and the
section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or
other property right claims or to contest validity of any such claims; this
section has the sole purpose of protecting the integrity of the free software
distribution system, which is implemented by public license practices. Many
people have made generous contributions to the wide range of software
distributed through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing to
distribute software through any other system and a licensee cannot impose that
choice.
This section is intended to make thoroughly clear what is believed to be a
consequence of the rest of this License.
**8.** If the distribution and/or use of the Program is restricted in certain
countries either by patents or by copyrighted interfaces, the original copyright
holder who places the Program under this License may add an explicit
geographical distribution limitation excluding those countries, so that
distribution is permitted only in or among countries not thus excluded. In such
case, this License incorporates the limitation as if written in the body of this
License.
**9.** The Free Software Foundation may publish revised and/or new versions of
the General Public License from time to time. Such new versions will be similar
in spirit to the present version, but may differ in detail to address new
problems or concerns.
Each version is given a distinguishing version number. If the Program specifies
a version number of this License which applies to it and "any later version",
you have the option of following the terms and conditions either of that version
or of any later version published by the Free Software Foundation. If the
Program does not specify a version number of this License, you may choose any
version ever published by the Free Software Foundation.
**10.** If you wish to incorporate parts of the Program into other free programs
whose distribution conditions are different, write to the author to ask for
permission. For software which is copyrighted by the Free Software Foundation,
write to the Free Software Foundation; we sometimes make exceptions for this.
Our decision will be guided by the two goals of preserving the free status of
all derivatives of our free software and of promoting the sharing and reuse of
software generally.
No Warranty
-----------
**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

1
macros/LICENSE.md Symbolic link
View file

@ -0,0 +1 @@
LICENSE

199
macros/README.md Normal file
View file

@ -0,0 +1,199 @@
autoconf-macros
===============
The purpose of Nagios autoconf-macros is to have a central place for
autoconf macros that can be maintained in one place, but be used by any
of the Nagios software. It is intended to be used as a git subtree.
See the [Usage](#usage) and [References](#references) sections below.
Since this project will be included in several parent projects, any
changes must be as project-neutral as possible.
Make sure to check out the [CHANGELOG](CHANGELOG.md) for relevant
information, as well.
Contents
--------
The collection consists of the following macros:
### AX_NAGIOS_GET_OS alias AC_NAGIOS_GET_OS
> Output Variable : `opsys`
This macro detects the operating system, and transforms it into a generic
label. The most common OS's that use Nagios software are recognized and
used in subsequent macros.
### AX_NAGIOS_GET_DISTRIB_TYPE alias AC_NAGIOS_GET_DISTRIB_TYPE
> Output Variables : `dist_type`, `dist_ver`
This macro detects the distribution type. For Linux, this would be rh
(for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
(Gentoo and derivitives), debian (Debian and derivitives), and so on.
For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
also be aix, solaris, osx, and so on for Unix operating systems.
### AX_NAGIOS_GET_INIT alias AC_NAGIOS_GET_INIT
> Output Variable : `init_type`
This macro detects what software is used to start daemons on bootup
or on request, generally knows as the "init system". The init_type
will generally be one of sysv (many), bsd (Slackware), newbsd (*BSD),
launchd (OS X), smf10 or smf11 (Solaris), systemd (newer Linux),
gentoo (older Gentoo), upstart (several), or unknown.
### AX_NAGIOS_GET_INETD alias AC_NAGIOS_GET_INETD
> Output Variable : `inetd_type`
This macro detects what software is used to start daemons or services
on demand, which historically has been "inetd". The inetd_type
will generally be one of inetd, xinetd, launchd (OS X), smf10 or smf11
(Solaris), systemd (newer Linux), upstart (several), or unknown.
### AX_NAGIOS_GET_PATHS alias AC_NAGIOS_GET_PATHS
> Output Variables : **many!**
This macro determines the installation paths for binaries, config files,
PID files, and so on. For a "standard" install of Nagios, NRPE, NDO Utils,
etc., most will be in the /usr/local/nagios hierarchy with startup files
located in /etc. For distributions or software repositories, the
"--enable-install-method=os" option can be used. This will determine the
O/S dependant directories, such as /usr/bin, /usr/sbin, /var/lib/nagios,
/usr/lib/nagios, etc. or for OS X, /Library/LaunchDaemons.
### AX_NAGIOS_GET_FILES alias AC_NAGIOS_GET_FILES
> Output Variables : `src_init`, `src_inetd`, `src_tmpfile`
Each Nagios project will have a top-level directory named "/startup/".
In that directory will be "*.in" files for the various "init_type" and
"inetd_type" systems. This macro will determine which file(s) from
that directory will be needed.
### AX_NAGIOS_GET_SSL alias AC_NAGIOS_GET_SSL
> Output Variables : `HAVE_KRB5_H`, `HAVE_SSL`, `SSL_INC_DIR`, `SSL_LIB_DIR`, `CFLAGS`, `LDFLAGS`, `LIBS`
This macro checks various directories for SSL libraries and header files.
The searches are based on known install locations on various operating
systems and distributions, for openssl, gnutls-openssl, and nss_compat_ossl.
If it finds the headers and libraries, it will then do an `AC_LINK_IFELSE`
on a simple program to make sure a compile and link will work correctly.
Usage
-----
This repo is intended to be used as a git subtree, so changes will
automatically propogate, and still be reasonably easy to use.
* First, Create, checkout, clone, or branch your project. If you do an
`ls -AF` it might look something like this:
.git/ .gitignore ChangeLog LICENSE Makefile.in
README configure.ac include/ src/
* Then make a reference to _this_ project inside your project.
git remote add autoconf-macros git@github.com:NagiosEnterprises/autoconf-macros
git subtree add --prefix=macros/ autoconf-macros master
* After executing the above two commands, if you do an `ls -AF` now,
it should look like this:
.git/ .gitignore ChangeLog LICENSE Makefile.in
README configure.ac include/ macros/ src/
* The `macros/` directory has been added.
* Now do a `git push` to save everything.
* If you make any changes to autoconf-macros, commit them separately
from any parent-project changes to keep from polluting the commit
history with unrelated comments.
* To submit your changes to autoconf-macros:
git subtree push --prefix=macros autoconf-macros peters-updates
This will create a new branch called `peters-updates`. You then need to
create a _pull request_ to get your changes merged into autoconf-macros
master.
* To get the latest version of `autoconf-macros` into your parent project:
git subtgree pull --squash --prefix=macros autoconf-macros master
References
----------
Now that autoconf-macros is available to your project, you will need to
reference it.
* Create (or add these lines to) file `YourProject/aclocal.m4`
m4_include([macros/ax_nagios_get_os])
m4_include([macros/ax_nagios_get_distrib])
m4_include([macros/ax_nagios_get_init])
m4_include([macros/ax_nagios_get_inetd])
m4_include([macros/ax_nagios_get_paths])
m4_include([macros/ax_nagios_get_files])
m4_include([macros/ax_nagios_get_ssl])
* In your `YourProject/configure.ac` add the following lines. A good place
to put them would be right after any `AC_PROG_*` entries:
AC_NAGIOS_GET_OS
AC_NAGIOS_GET_DISTRIB_TYPE
AC_NAGIOS_GET_INIT
AC_NAGIOS_GET_INETD
AC_NAGIOS_GET_PATHS
AC_NAGIOS_GET_FILES
* If you need SSL functionality, add the following to `YourProject/configure.ac`
where you want to check for SSL:
AC_NAGIOS_GET_SSL
* You will now be able to reference any of the variables in `config.h.in`
and any files listed in the `AC_CONFIG_FILES` macro in `configure.ac`.
License Notice
--------------
Copyright (c) 2016-2017 Nagios Enterprises, LLC
This work is made available to you under the terms of Version 2 of
the GNU General Public License. A copy of that license should have
been provided with this software, but in any event can be obtained
from http://www.fsf.org.
This work is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 or visit their web page on the internet at
http://www.fsf.org.
Questions?
----------
If you have questions about this addon, or problems getting things
working, first try searching the nagios-users mailing list archives.
Details on searching the list archives can be found at
http://www.nagios.org
If you don't find an answer there, post a message in the Nagios
Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35

140
macros/add_group_user Executable file
View file

@ -0,0 +1,140 @@
#!/bin/sh
#----------------------
# Initialize variables
#----------------------
dist="$1"
uid="$2"
gid="$3"
rc=0
#-------------------------------------
# Check if the specified group exists
#-------------------------------------
group_exists(){
case $dist in
osx) rc=`dscl . -read /Groups/$gid >/dev/null 2>&1; echo $?` ;;
hpux) rc=`grget -n $gid >/dev/null 2>&1; echo $?` ;;
aix) rc=`lsgroup -a $gid >/dev/null 2>&1; echo $?` ;;
*) rc=`getent group $gid > /dev/null 2>&1; echo $?` ;;
esac
echo $rc
}
#------------------------
# Add the specified user
#------------------------
add_user(){
rc=`id "$uid" > /dev/null 2>&1; echo $?`
if test $rc -eq 0; then
echo "User $uid already exists" > /dev/stderr
echo 0
return
fi
case $dist in
aix)
echo useradd -g $gid $uid > /dev/stderr
rc=`useradd -g $gid $uid; echo $?`
;;
hpux)
echo useradd -m -g $gid $uid > /dev/stderr
rc=`useradd -m -g $gid $uid; echo $?`
;;
solaris)
echo useradd -m -d /export/home/$uid -g $gid $uid > /dev/stderr
rc=`useradd -m -d /export/home/$uid -g $gid $uid; echo $?`
;;
osx)
newid=`dscl . -list /Users UniqueID | tr -s ' ' | cut -d' ' -f2 | sort -n | tail -1`
newid=`expr 1 + $newid`
echo dscl . -create /Users/$uid > /dev/stderr
dscl . -create /Users/$uid
echo dscl . -create /Users/$uid UniqueID $newid > /dev/stderr
dscl . -create /Users/$uid UniqueID $newid
echo dscl . -create /Users/$uid UserShell /usr/bin/false > /dev/stderr
dscl . -create /Users/$uid UserShell /usr/bin/false
echo dscl . -create /Users/$uid PrimaryGroupID 20 > /dev/stderr
dscl . -create /Users/$uid PrimaryGroupID 20
echo dscl . -append /Groups/$gid GroupMembership $uid > /dev/stderr
rc=`dscl . -append /Groups/$gid GroupMembership $uid; echo $?`
;;
freebsd)
echo pw add user $uid -g $gid -s /usr/bin/false > /dev/stderr
rc=`pw add user $uid -g $gid -s /usr/bin/false; echo $?`
;;
netbsd|openbsd)
echo useradd -g $gid $uid > /dev/stderr
rc=`useradd -g $gid $uid; echo $?`
;;
*)
echo useradd -r -g $gid $uid > /dev/stderr
rc=`useradd -r -g $gid $uid; echo $?`
;;
esac
echo $rc
}
#-------------------------
# Add the specified group
#-------------------------
add_group(){
rc=`group_exists`
if test $rc -eq 0; then
echo "Group $gid already exists" > /dev/stderr
echo 0
return
fi
case $dist in
aix)
echo mkgroup $gid > /dev/stderr
rc=`mkgroup "$gid"; echo $?`
;;
hpux|solaris)
echo groupadd $gid > /dev/stderr
rc=`groupadd "$gid"; echo $?`
;;
osx)
newid=`dscl . -list /Groups gid | tr -s ' ' | cut -d' ' -f2 | sort -n | tail -1`
newid=`expr 1 + $newid`
echo dscl . -create /Groups/$gid gid $newid > /dev/stderr
rc=`dscl . -create /Groups/$gid gid $newid; echo $?`
;;
freebsd)
echo pw add group $gid > /dev/stderr
rc=`pw add group $gid; echo $?`
;;
netbsd|openbsd)
echo groupadd $gid > /dev/stderr
rc=`groupadd $gid; echo $?`
;;
*)
echo groupadd -r $gid > /dev/stderr
rc=`groupadd -r $gid; echo $?`
;;
esac
echo $rc
}
rc=`add_group`
if test $rc -ne 0; then
exit 1;
fi
rc=`add_user`
exit $rc

160
macros/ax_nagios_get_distrib Normal file
View file

@ -0,0 +1,160 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_DISTRIB_TYPE
#
# DESCRIPTION
#
# This macro determines the O/S distribution of the computer it is run on.
# $dist_type will be set and will be one of:
# unknown (could not be determined)
# freebsd, netbsd, openbsd, dragonfly, etc (The BSDs)
# suse, rh, debian, gentoo (and possibly their descendants)
# Other major Linux distributions (and possibly their descendants)
# The O/S name for the rest
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_DISTRIB_TYPE], [AX_NAGIOS_GET_DISTRIB_TYPE])
AC_DEFUN([AX_NAGIOS_GET_DISTRIB_TYPE],
[
AC_SUBST(dist_type)
AC_SUBST(dist_ver)
#
# Get user hints for possible cross-compile
#
AC_MSG_CHECKING(what the distribution type is )
AC_ARG_WITH(dist-type, AC_HELP_STRING([--with-dist-type=type],
[specify distribution type (suse, rh, debian, etc.)]),
[
#
# Run this if --with was specified
#
if test "x$withval" = x -o x$withval = xno; then
dist_type_wanted=yes
else
dist_type_wanted=no
dist_type="$withval"
dist_ver="unknown"
AC_MSG_RESULT($dist_type)
fi
], [
#
# Run this if --with was not specified
#
dist_type_wanted=yes
])
if test x$dist_type = xno; then
dist_type_wanted=yes
elif test x$dist_type = xyes; then
AC_MSG_ERROR([you must enter a distribution type if '--with-dist-type' is specified])
fi
#
# Determine distribution type if it wasn't supplied
#
dist_ver="unknown"
if test $dist_type_wanted=yes; then
dist_type="unknown"
if test "$opsys" != "linux"; then
dist_type="$opsys"
AS_CASE([$opsys],
[bsd],
dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]`
dist_ver=`uname -r`,
[aix],
dist_ver="`uname -v`.`uname -r`",
[hp-ux],
dist_ver=`uname -r | cut -d'.' -f1-3`,
[solaris],
dist_ver=`uname -r | cut -d'.' -f2`,
[*],
dist_ver=$OSTYPE
)
else
if test -r "/etc/gentoo-release"; then
dist_type="gentoo"
dist_ver=`cat /etc/gentoo-release`
elif test -r "/etc/os-release"; then
. /etc/os-release
if test x"$ID_LIKE" != x; then
dist_type=`echo $ID_LIKE | cut -d' ' -f1 | tr ["[A-Z]" "[a-z]"]`
elif test x"$ID" = xol; then
dist_type=rh
else
dist_type=`echo $ID | tr ["[A-Z]" "[a-z]"]`
fi
if test x"$dist_type" = sles; then
dist_type=suse
fi
if test x"$VERSION_ID" != x; then
dist_ver=$VERSION_ID
elif test x"$VERSION" != x; then
dist_ver=`echo $VERSION | cut -d'.' -f1 | tr -d [:alpha:][:blank:][:punct:]`
fi
elif test -r "/etc/redhat-release"; then
dist_type=rh
dist_ver=`cat /etc/redhat-release`
elif test -r "/etc/debian_version"; then
dist_type="debian"
if test -r "/etc/lsb-release"; then
. /etc/lsb-release
dist_ver=`echo "$DISTRIB_RELEASE"`
else
dist_ver=`cat /etc/debian_version`
fi
elif test -r "/etc/SuSE-release"; then
dist_type=suse
dist_ver=`grep VERSION /etc/SuSE-release`
fi
fi
if test "$dist_ver" != "unknown"; then
dist_ver=`echo "$dist_ver" | cut -d'.' -f1 | tr -d [:alpha:][:blank:][:punct:]`
fi
fi
AC_MSG_RESULT($dist_type)
])

131
macros/ax_nagios_get_files Normal file
View file

@ -0,0 +1,131 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_FILES
#
# DESCRIPTION
#
# This macro figures out which init and/or inetd files to use based
# on the results of the AX_NAGIOS_GET_OS, AX_NAGIOS_GET_DISTRIB_TYPE,
# AX_NAGIOS_GET_INIT and AX_NAGIOS_GET_INETD macros. It will select
# the appropriate files(s) from the 'startup' directory and copy it.
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_FILES], [AX_NAGIOS_GET_FILES])
AC_DEFUN([AX_NAGIOS_GET_FILES],
[
AC_SUBST(src_init)
AC_SUBST(src_inetd)
AC_SUBST(src_tmpfile)
AC_SUBST(bsd_enable)
src_inetd=""
src_init=""
bsd_enable=""
AC_MSG_CHECKING(for which init file to use )
AS_CASE([$init_type],
[sysv],
src_init=default-init,
[systemd],
src_tmpfile=tmpfile.conf
src_init=default-service,
[bsd],
src_init=bsd-init,
[newbsd],
if test $dist_type = freebsd ; then
bsd_enable="_enable"
src_init=newbsd-init
elif test $dist_type = openbsd ; then
bsd_enable="_flags"
src_init=openbsd-init
elif test $dist_type = netbsd ; then
bsd_enable=""
src_init=newbsd-init
fi,
# [gentoo],
[openrc],
src_init=openrc-init,
[smf*],
src_init="solaris-init.xml"
src_inetd="solaris-inetd.xml",
[upstart],
if test $dist_type = rh ; then
src_init=rh-upstart-init
else
src_init=upstart-init
fi,
[launchd],
src_init="mac-init.plist",
[*],
src_init="unknown"
)
AC_MSG_RESULT($src_init)
AC_MSG_CHECKING(for which inetd files to use )
if test x$src_inetd = x; then
AS_CASE([$inetd_type],
[inetd*],
src_inetd=default-inetd,
[xinetd],
src_inetd=default-xinetd,
[systemd],
src_inetd=default-socket,
[launchd],
src_inetd="mac-inetd.plist",
[*],
src_inetd="unknown"
)
fi
AC_MSG_RESULT($src_inetd)
])

146
macros/ax_nagios_get_inetd Normal file
View file

@ -0,0 +1,146 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_INETD
#
# DESCRIPTION
#
# This macro determines whether inetd or xinetd is being used
# The argument are:
# the init type as determined by AX_NAGIOS_GET_INIT
# $inetd_type will be set and will be one of:
# unknown (could not be determined)
# launchd (Mac OS X)
# smf10 (Solaris)
# smf11 (Solaris)
# upstart (Older Debian)
# xinetd (Most Linux, BSD)
# inetd (The rest)
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_INETD], [AX_NAGIOS_GET_INETD])
AC_DEFUN([AX_NAGIOS_GET_INETD],
[
AC_SUBST(inetd_type)
#
# Get user hints for possible cross-compile
#
AC_MSG_CHECKING(what inetd is being used )
AC_ARG_WITH(inetd_type, AC_HELP_STRING([--with-inetd-type=type],
[which super-server the system runs (inetd, xinetd, systemd, launchd,
smf10, smf11, etc.)]),
[
inetd_type_wanted=yes
#
# Run this if --with was specified
#
if test "x$withval" = x -o x$withval = xno; then
inetd_type_wanted=yes
else
inetd_type_wanted=no
inetd_type="$withval"
AC_MSG_RESULT($inetd_type)
fi
], [
#
# Run this if --with was not specified
#
inetd_type_wanted=yes
])
if test x$inetd_type = xno; then
inetd_type_wanted=yes
elif test x$inetd_type = xyes; then
AC_MSG_ERROR([you must enter an inetd type if '--with-inetd-type' is specified])
fi
#
# Determine inetd type if it wasn't supplied
#
if test $inetd_type_wanted = yes; then
inetd_disabled=""
AS_CASE([$dist_type],
[solaris],
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi,
[*bsd*],
inetd_type=`ps -A -o comm -c | grep inetd`,
[osx],
inetd_type=`launchd`,
[aix|hp-ux],
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
[*],
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
if test x"$inetd_type" = x; then
if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
inetd_disabled="(Not running)"
inetd_type=xinetd
elif test -f /etc/inetd.conf -o -f /usr/sbin/inetd; then
inetd_type=inetd
inetd_disabled="(Not running)"
fi
fi
if test x"$inetd_type" = x; then
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
fi
fi
if test x"$inetd_type" = x; then
if test x"$init_type" = "xsystemd"; then
inetd_type="systemd"
else
inetd_type="unknown"
fi
fi
if test -n "$inetd_disabled"; then
AC_MSG_RESULT($inetd_type $inetd_disabled)
else
AC_MSG_RESULT($inetd_type)
fi
fi
])

200
macros/ax_nagios_get_init Normal file
View file

@ -0,0 +1,200 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_INIT
#
# DESCRIPTION
#
# This macro determines the O/S distribution of the computer it is run on.
# $init_type will be set and will be one of:
# unknown (could not be determined)
# launchd (Mac OS X)
# bsd (Slackware Linux)
# newbsd (FreeBSD, OpenBSD, NetBSD, Dragonfly, etc)
# smf10 (Solaris)
# smf11 (Solaris)
# systemd (Linux SystemD)
# gentoo (Older Gentoo)
# openrc (Recent Gentoo and some others)
# upstart (Older Debian)
# sysv (The rest)
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_INIT], [AX_NAGIOS_GET_INIT])
AC_DEFUN([AX_NAGIOS_GET_INIT],
[
AC_SUBST(init_type)
#
# Get user hints for possible cross-compile
#
AC_MSG_CHECKING(what init system is being used )
AC_ARG_WITH(init_type,AC_HELP_STRING([--with-init-type=type],
[specify init type (bsd, sysv, systemd, launchd, smf10, smf11, upstart,
openrc, etc.)]),
[
#
# Run this if --with was specified
#
if test "x$withval" = x -o x$withval = xno; then
init_type_wanted=yes
else
init_type_wanted=no
init_type="$withval"
AC_MSG_RESULT($init_type)
fi
], [
#
# Run this if --with was not specified
#
init_type_wanted=yes
])
if test x$init_type = xno; then
init_type_wanted=yes
elif test x$init_type = xyes; then
AC_MSG_ERROR([you must enter an init type if '--with-init-type' is specified])
fi
#
# Determine init type if it wasn't supplied
#
if test $init_type_wanted = yes; then
init_type=""
if test x"$opsys" = x; then
init_type="unknown"
init_type_wanted=no
elif test x"$dist_type" = x; then
init_type="unknown"
init_type_wanted=no
elif test "$opsys" = "osx"; then
init_type="launchd"
init_type_wanted=no
elif test "$opsys" = "bsd"; then
init_type="newbsd"
init_type_wanted=no
elif test "$dist_type" = "solaris"; then
if test -d "/lib/svc/manifest"; then
init_type="smf11"
init_type_wanted=no
elif test -d "/lib/svc/monitor"; then
init_type="smf10"
init_type_wanted=no
else
init_type="sysv"
init_type_wanted=no
fi
elif test "$dist_type" = "slackware"; then
init_type="bsd"
init_type_wanted=no
elif test "$dist_type" = "aix"; then
init_type="bsd"
init_type_wanted=no
elif test "$dist_type" = "hp-ux"; then
init_type="unknown"
init_type_wanted=no
fi
fi
PSCMD="ps -p1 -o args"
if test $dist_type = solaris; then
PSCMD="env UNIX95=1; ps -p1 -o args"
fi
if test "$init_type_wanted" = yes; then
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
if test x"$pid1" = "x"; then
init_type="unknown"
init_type_wanted=no
fi
if `echo $pid1 | grep "systemd" > /dev/null`; then
init_type="systemd"
init_type_wanted=no
fi
if test "$init_type_wanted" = yes; then
if test "$pid1" = "init"; then
if test -e "/sbin/init"; then
pid1="/sbin/init";
elif test -e "/usr/sbin/init"; then
pid1="/usr/sbin/init"
else
init_type="unknown"
init_type_wanted=no
fi
fi
if test -L "$pid1"; then
pid1=`readlink "$pid1"`
fi
fi
if test "$init_type_wanted" = yes; then
if `echo $pid1 | grep "systemd" > /dev/null`; then
init_type="systemd"
init_type_wanted=no
elif test -f "/sbin/rc"; then
if test -f /sbin/runscript; then
init_type_wanted=no
if `/sbin/start-stop-daemon -V | grep "OpenRC" > /dev/null`; then
init_type="openrc"
else
init_type="gentoo"
fi
fi
fi
fi
if test "$init_type_wanted" = yes; then
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
init_type="upstart"
init_type_wanted=no
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
init_type="newbsd"
init_type_wanted=no
else
init_type="sysv"
init_type_wanted=no
fi
fi
fi
if test "$init_type_wanted" = yes; then
init_type="unknown"
fi
fi
AC_MSG_RESULT($init_type)
])

101
macros/ax_nagios_get_os Normal file
View file

@ -0,0 +1,101 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_OS
#
# DESCRIPTION
#
# This macro determines the operating system of the computer it is run on.
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_OS], [AX_NAGIOS_GET_OS])
AC_DEFUN([AX_NAGIOS_GET_OS],
[
AC_SUBST(opsys)
AC_SUBST(arch)
#
# Get user hints
#
AC_MSG_CHECKING(what the operating system is )
AC_ARG_WITH(opsys, AC_HELP_STRING([--with-opsys=OS],
[specify operating system (linux, osx, bsd, solaris, irix, cygwin,
aix, hp-ux, etc.)]),
[
#
# Run this if --with was specified
#
if test "x$withval" = x -o x$withval = xno; then
opsys_wanted=yes
else
opsys_wanted=no
opsys="$withval"
AC_MSG_RESULT($opsys)
fi
], [
#
# Run this if --with was not specified
#
opsys_wanted=yes
])
if test x$opsys = xno; then
opsys=""
opsys_wanted=yes
elif test x$opsys = xyes; then
AC_MSG_ERROR([you must enter an O/S type if '--with-opsys' is specified])
fi
#
# Determine operating system if it wasn't supplied
#
if test $opsys_wanted=yes; then
opsys=`uname -s | tr ["[A-Z]" "[a-z]"]`
if test x"$opsys" = "x"; then opsys="unknown"; fi
AS_CASE([$opsys],
[darwin*], opsys="osx",
[*bsd*], opsys="bsd",
[dragonfly], opsys="bsd",
[sunos], opsys="solaris",
[gnu/hurd], opsys="linux",
[irix*], opsys="irix",
[cygwin*], opsys="cygwin",
[mingw*], opsys="mingw",
[msys*], opsys="msys")
fi
arch=`uname -m | tr ["[A-Z]" "[a-z]"]`
AC_MSG_RESULT($opsys)
])

738
macros/ax_nagios_get_paths Normal file
View file

@ -0,0 +1,738 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_PATHS
#
# DESCRIPTION
#
# This macro figures out the installation & run paths for various systems
# The argument are:
# the O/S determined by the AX_NAGIOS_GET_OS macro.
# the distribution type as determined by AX_NAGIOS_GET_DISTRIB_TYPE
# the init type as determined by AX_NAGIOS_GET_INIT
# the inetd type as determined by AX_NAGIOS_GET_INETD
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_PATHS], [AX_NAGIOS_GET_PATHS])
AC_DEFUN([AX_NAGIOS_GET_PATHS],
[
AC_SUBST(pkgsysconfdir)
AC_SUBST(objsysconfdir)
AC_SUBST(sbindir)
AC_SUBST(initname)
AC_SUBST(inetdname)
AC_SUBST(pluginsdir)
AC_SUBST(brokersdir)
AC_SUBST(cgibindir)
AC_SUBST(webdir)
AC_SUBST(privatesysconfdir)
AC_SUBST(pkglocalstatedir)
AC_SUBST(logdir)
AC_SUBST(piddir)
AC_SUBST(pipedir)
AC_SUBST(spooldir)
AC_SUBST(initdir)
AC_SUBST(inetddir)
AC_SUBST(tmpfilesd)
AC_SUBST(subsyslockdir)
AC_SUBST(subsyslockfile)
if test x$DBG_PATHS != x; then
echo
echo Incoming paths:
echo " prefix $prefix"
echo " exec_prefix $exec_prefix"
echo " bindir $bindir"
echo " sbindir $sbindir"
echo " libexecdir $libexecdir"
echo " sysconfdir $sysconfdir"
echo " localstatedir $localstatedir"
echo " datarootdir $datarootdir"
echo " datadir $datadir"
echo " localedir $localedir"
echo
fi
AC_MSG_CHECKING(for which paths to use )
AC_ARG_ENABLE(install_method,
AC_HELP_STRING([--enable-install-method=<method>],
[sets the install method to use: 'default' (the default) will install to
/usr/local/nagios, 'os' will try to determine which method to use based
on OS type and distribution. Fine tuning using the '--bindir', etc.
overrides above will still work]),
install_method=$enableval,
install_method=default
)
AC_ARG_ENABLE(showdirs_only,
AC_HELP_STRING([--enable-showdirs-only=yes],
[This option will cause 'configure' to stop after determining the install
locations based on '--enable-install-method', so you can see the
destinations before a full './configure', 'make', 'make install'
process.]),
showdirs_only=$enableval,
showdirs_only=no
)
AS_CASE([$install_method],
[yes], install_method="os",
[no], install_method="default",
[default|os], :,
[*], echo >&6; AC_MSG_ERROR(['--enable-install-method=$install_method' is invalid])
)
if test $showdirs_only != "no"; then showdirs_only="yes"; fi
AS_CASE([$dist_type],
[*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix)
# Does this package need to know:
need_cgi=no # where the cgi-bin directory is
need_web=no # where the website directory is
need_brk=no # where the event broker modules directory is
need_plg=no # where the plugins directory is
need_pipe=no # where the pipe directory is
need_spl=no # where the spool directory is
need_loc=no # where the locale directory is
need_log_subdir=no # where the loc sub-directory is
need_etc_subdir=no # where the etc sub-directory is
need_pls_dir=no # where the package locate state directory is
if test x"$INIT_PROG" = x; then
INIT_PROG="$PKG_NAME"
fi
AS_CASE([$PKG_NAME],
[nagios],
need_log_subdir=yes
need_etc_subdir=yes
need_pls_dir=yes
need_brk=yes
need_pipe=yes
need_spl=yes
need_loc=yes
need_cgi=yes
need_web=yes,
[ndoutils],
need_brk=yes
need_spl=yes,
[nrpe],
need_plg=yes,
[nsca],
need_cgi=no,
[plugins],
need_loc=yes
need_plg=yes
)
AC_ARG_WITH(pkgsysconfdir, AC_HELP_STRING([--with-pkgsysconfdir=DIR],
[where configuration files should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
pkgsysconfdir="$withval"
fi)
AC_ARG_WITH(objsysconfdir, AC_HELP_STRING([--with-objsysconfdir=DIR],
[where object configuration files should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
objsysconfdir="$withval"
fi)
AC_ARG_WITH(privatesysconfdir, AC_HELP_STRING([--with-privatesysconfdir=DIR],
[where private configuration files should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
privatesysconfdir="$withval"
fi)
AC_ARG_WITH(webdir, AC_HELP_STRING([--with-webdir=DIR],
[where the website files should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
webdir="$withval"
fi)
AC_ARG_WITH(pluginsdir, AC_HELP_STRING([--with-pluginsdir=DIR],
[where the plugins should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
pluginsdir="$withval"
fi)
AC_ARG_WITH(brokersdir, AC_HELP_STRING([--with-brokersdir=DIR],
[where the broker modules should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
brokersdir="$withval"
fi)
AC_ARG_WITH(cgibindir, AC_HELP_STRING([--with-cgibindir=DIR],
[where the CGI programs should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
cgibindir="$withval"
fi)
AC_ARG_WITH(logdir, AC_HELP_STRING([--with-logdir=DIR],
[where log files should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
logdir="$withval"
fi)
AC_ARG_WITH(piddir, AC_HELP_STRING([--with-piddir=DIR],
[where the PID file should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
piddir="$withval"
fi)
AC_ARG_WITH(pipedir, AC_HELP_STRING([--with-pipedir=DIR],
[where socket and pipe files should be placed]),
if test x$withval != x -a x$withval != xno -a x$withval != xyes; then
pipedir="$withval"
fi)
#
# Setup the base directory
#
if test $install_method = "default"; then
if test $opsys = "unix"; then
if test x"$prefix" = "xNONE"; then prefix="/usr/local/nagios"; fi
else
if test x"$prefix" = "xNONE"; then prefix=${ac_default_prefix}; fi
fi
datarootdir=${datarootdir="$prefix"}
else
if test x"$datadir" = x'${datarootdir}'; then AS_UNSET(datadir); fi
if test x"$sysconfdir" = x'${prefix}/etc'; then AS_UNSET(sysconfdir); fi
if test x"$prefix" = "xNONE"; then
if test $dist_type = freebsd -o $dist_type = openbsd -o $dist_type = osx; then
prefix="/usr/local"
elif test $dist_type = netbsd; then
prefix="/usr/pkg"
else
prefix="/usr"
fi
fi
if test x"$exec_prefix" = "xNONE"; then exec_prefix=$prefix; fi
if test x"$localstatedir" = x'${prefix}/var'; then
if test $dist_type = "osx"; then
localstatedir="/private/var"
else
localstatedir="/var"
fi
fi
if test $opsys = "unix"; then
if test x"$datarootdir" = x'${prefix}/share'; then
if test $dist_type = "hp-ux"; then
datarootdir="/usr/local/share"
if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
libexecdir="/usr/nagios"
fi
elif test $dist_type = "osx"; then
datarootdir="/usr/local/share"
if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
libexecdir="/usr/local/nagios"
fi
elif test x"$libexecdir" = x'${exec_prefix}/libexec'; then
libexecdir="/usr/lib/nagios"
fi
fi
if test $dist_type = "osx"; then
if test x"$sbindir" = x'${exec_prefix}/sbin'; then
sbindir="$libexecdir"
fi
if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
libexecdir="/usr/local/libexec/nagios"
fi
fi
elif test $opsys = "bsd"; then
if test x"$libexecdir" = x'${exec_prefix}/libexec'; then
libexecdir=${exec_prefix}/libexec/nagios;
fi
elif test x"$libexecdir" = x'${exec_prefix}/lib'; then
libexecdir=${libexecdir}/nagios;
elif test x"$libexecdir" = x'${exec_prefix}/libexec'; then
libexecdir=${exec_prefix}/lib/nagios;
fi
fi
if test x"$exec_prefix" = "xNONE"; then exec_prefix=${prefix}; fi
tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
if test ! -d "$tmpfilesd"; then
tmpfilesd="N/A"
else
tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
fi
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
if test ! -d "$subsyslockdir"; then
subsyslockdir="N/A"
subsyslockfile="N/A"
else
subsyslockfile="$subsyslockdir/$INIT_PROG"
fi
if test "$need_loc" = no; then
localedir="N/A"
fi
if test $install_method = "default" ; then
#
# Do the default setup
#
sbindir=${bindir}
datadir=${datadir="$datarootdir"}
if test $need_web = yes; then
webdir=${webdir="$datadir"}
else
webdir="N/A"
fi
if test $opsys = "unix"; then
sysconfdir=${sysconfdir="/etc/opt"}
fi
pkgsysconfdir=${pkgsysconfdir="$sysconfdir"}
if test $need_etc_subdir = yes; then
objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
else
objsysconfdir="N/A"
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir"}
logdir=${logdir="$localstatedir"}
piddir=${piddir="$localstatedir"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/rw"}
else
pipedir="N/A"
fi
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir"}
else
pkglocalstatedir="N/A"
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/var"}
else
spooldir="N/A"
fi
if test $need_brk = yes; then
brokersdir=${brokersdir="$bindir"}
else
brokersdir="N/A"
fi
if test $need_plg = yes; then
pluginsdir=${pluginsdir="$libexecdir"}
else
pluginsdir="N/A"
fi
if test $need_cgi = yes; then
cgibindir=${cgibindir="$prefix/sbin"}
else
cgibindir="N/A"
fi
elif test $opsys = "linux"; then
#
# Linux "Standard" install
#
install_method="$install_method : FHS"
datadir=${datadir="$datarootdir/nagios"}
if test $need_web = yes; then
webdir=${webdir="$datadir/html"}
else
webdir="N/A"
fi
sysconfdir=${sysconfdir="/etc"}
pkgsysconfdir=${pkgsysconfdir="$sysconfdir/nagios"}
if test $need_etc_subdir = yes; then
objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
else
objsysconfdir="N/A"
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
if test $need_brk = yes; then
brokersdir=${brokersdir="$libexecdir/brokers"}
else
brokersdir="N/A"
fi
if test $need_plg = yes; then
pluginsdir=${pluginsdir="$libexecdir/plugins"}
else
pluginsdir="N/A"
fi
if test $need_cgi = yes; then
cgibindir=${cgibindir="$libexecdir/cgi-bin"}
else
cgibindir="N/A"
fi
elif test $opsys = "unix"; then
#
# "Standard" Unix install
#
install_method="$install_method : Unix Standard"
if test $dist_type = osx; then
install_method="$install_method : OS X Standard"
sbindir=${sbindir="/usr/local/libexec"}
fi
datadir=${datadir="$datarootdir/nagios"}
if test $need_web = yes; then
webdir=${webdir="$datadir/html"}
else
webdir="N/A"
fi
if test $dist_type = osx; then
sysconfdir=${sysconfdir="/private/etc"}
else
sysconfdir=${sysconfdir="/etc"}
fi
pkgsysconfdir=${pkgsysconfdir="$sysconfdir/nagios"}
if test $need_etc_subdir = yes; then
objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
else
objsysconfdir="N/A"
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_loc" = yes; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
if test $need_brk = yes; then
brokersdir=${brokersdir="$libexecdir/brokers"}
else
brokersdir="N/A"
fi
if test $need_plg = yes; then
pluginsdir=${pluginsdir="$libexecdir/plugins"}
else
pluginsdir="N/A"
fi
if test $need_cgi = yes; then
cgibindir=${cgibindir="$libexecdir/cgi-bin"}
else
cgibindir="N/A"
fi
AS_CASE([$dist_type],
[*hp-ux*],
piddir=${piddir="$pkgsysconfdir"}
pipedir=${pipedir="$pkglocalstatedir"}
logdir=${logdir="$pkglocalstatedir/log"},
[*],
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
)
elif test $opsys = "bsd"; then
#
# "Standard" BSD install
#
install_method="$install_method : BSD"
if test $dist_type = freebsd -o $dist_type = openbsd; then
prefix=${prefix="/usr/local"}
exec_prefix=${exec_prefix="/usr/local"}
if test $dist_type = freebsd; then
install_method="$install_method : FreeBSD"
else
install_method="$install_method : OpenBSD"
fi
elif test $dist_type = netbsd; then
prefix=${prefix="/usr/pkg"}
exec_prefix=${exec_prefix="/usr/pkg"}
install_method="$install_method : NetBSD"
fi
datadir=${datadir="$datarootdir/nagios"}
if test $need_web = yes -o $need_cgi = yes; then
if test $dist_type = freebsd; then
webdir=${webdir="$prefix/www/nagios"}
elif test $dist_type = netbsd; then
webdir=${webdir="$prefix/share/nagios"}
elif test $dist_type = openbsd; then
webdir=${webdir="/var/www/nagios"}
fi
else
webdir="N/A"
fi
if test $dist_type = freebsd; then
sysconfdir=${sysconfdir="/usr/local/etc"}
else
sysconfdir=${sysconfdir="/etc"}
fi
pkgsysconfdir=${pkgsysconfdir="$sysconfdir/nagios"}
if test $need_etc_subdir = yes; then
objsysconfdir=${objsysconfdir="$pkgsysconfdir/objects"}
else
objsysconfdir="N/A"
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_loc" = yes; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
if test $need_brk = yes; then
brokersdir=${brokersdir="$libexecdir/brokers"}
else
brokersdir="N/A"
fi
if test $need_plg = yes; then
pluginsdir=${pluginsdir="$libexecdir/plugins"}
else
pluginsdir="N/A"
fi
if test $need_cgi = yes; then
if test $dist_type = freebsd; then
cgibindir=${cgibindir="$webdir/cgi-bin"}
elif test $dist_type = netbsd; then
cgibindir=${pluginsdir="$libexecdir/cgi-bin"}
elif test $dist_type = openbsd; then
cgibindir=${pluginsdir="/var/www/cgi-bin/nagios"}
fi
else
cgibindir="N/A"
fi
piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
else
#
# Unknown install
#
install_method="unknown"
webdir=unknown
pkgsysconfdir=unknown
objsysconfdir=unknown
privatesysconfdir=unknown
logdir=unknown
piddir=unknown
pipedir=unknown
pkglocalstatedir=unknown
spooldir=unknown
brokersdir=unknown
pluginsdir=unknown
cgibindir=unknown
fi
eval prefix=$prefix
eval exec_prefix=$exec_prefix
eval bindir=$bindir
eval sbindir=$sbindir
eval datarootdir=$datarootdir
eval datadir=$datadir
eval libexecdir=$libexecdir
eval brokersdir=$brokersdir
eval pluginsdir=$pluginsdir
eval cgibindir=$cgibindir
eval localstatedir=$localstatedir
eval pkglocalstatedir=$pkglocalstatedir
eval webdir=$webdir
eval localedir=$localedir
eval sysconfdir=$sysconfdir
eval pkgsysconfdir=$pkgsysconfdir
eval logdir=$logdir
eval piddir=$piddir
#
# Init scripts/files
#
AS_CASE([$init_type],
[sysv],
if test $dist_type = "hp-ux"; then
initdir=${initdir="/sbin/init.d"}
else
initdir=${initdir="/etc/init.d"}
fi
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
initconf=${initconf="$initconfdir/$INIT_PROG"},
[systemd],
if test $dist_type = "debian"; then
initdir=${initdir="/lib/systemd/system"}
else
initdir=${initdir="/usr/lib/systemd/system"}
fi
initname=${initname="$INIT_PROG.service"},
[bsd],
if test $dist_type = "aix"; then
initdir=${initdir="/sbin/rc.d/init.d"}
initname=${initname="$INIT_PROG"}
else
initdir=${initdir="/etc/rc.d"}
initname=${initname="rc.$INIT_PROG"}
fi,
[newbsd],
initdir=${initdir="/etc/rc.d"}
initname=${initname="$INIT_PROG"},
[gentoo],
initdir=${initdir="/etc/init.d"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/init.d"}
initconf=${initconf="$initconfdir/$INIT_PROG"},
[openrc],
initdir=${initdir="/etc/init.d"}
initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
initconf=${initconf="$initconfdir/$INIT_PROG"},
[smf*],
if test $init_type = smf10; then
initdir=${initdir="/var/svc/manifest/network/nagios"}
else
initdir=${initdir="/lib/svc/manifest/network/nagios"}
fi
initname=${initname="$INIT_PROG.xml"}
initconfdir=unknown
initconf=unknown,
[upstart],
initdir=${initdir="/etc/init"}
initname=${initname="$INIT_PROG.conf"}
initconfdir=${initconfdir="/etc/default"}
initconf=${initconf="$initconfdir/$INIT_PROG"},
[launchd],
initdir=${initdir="/Library/LaunchDaemons"}
initname=${initname="org.nagios.$INIT_PROG.plist"},
# initconfdir=${initconfdir="/private/etc"}
# initconf=${initconf="$initconfdir/$INIT_PROG"},
[*],
initdir=unknown
initname=unknown)
#
# Inetd (per connection) scripts/files
#
AS_CASE([$inetd_type],
[inetd*],
inetddir=${inetddir="/etc"}
inetdname=${inetdname="inetd.conf"},
[xinetd],
inetddir=${inetddir="/etc/xinetd.d"}
inetdname=${inetdname="$INIT_PROG"},
[systemd],
if test $dist_type = "debian"; then
inetddir=${inetddir="/lib/systemd/system"}
else
inetddir=${inetddir="/usr/lib/systemd/system"}
fi
netdname=${inetdname="$INIT_PROG.socket"},
[smf*],
if test $init_type = smf10; then
inetddir=${inetddir="/var/svc/manifest/network/nagios"}
else
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
fi
inetdname=${inetdname="$INIT_PROG.xml"},
# [upstart],
# inetddir=${inetddir="/etc/init.d"}
# inetdname=${inetdname="$INIT_PROG"},
[launchd],
inetddir=${inetddir="/Library/LaunchDaemons"}
inetdname=${inetdname="org.nagios.$INIT_PROG.plist"},
[*],
inetddir=${inetddir="unknown"}
inetdname=${inetdname="unknown"})
AC_MSG_RESULT($install_method)
])

360
macros/ax_nagios_get_ssl Normal file
View file

@ -0,0 +1,360 @@
# ===========================================================================
# SYNOPSIS
#
# AX_NAGIOS_GET_SSL
#
# DESCRIPTION
#
# This macro finds the openssl binary, the header files directory and
# the library files directory. It will also search for the gnutls
# compatibility library/headers and the nss compatibility library/headers.
#
# LICENSE
#
# Copyright (c) 2016 Nagios Core Development Team
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
# ===========================================================================
AU_ALIAS([AC_NAGIOS_GET_SSL], [AX_NAGIOS_GET_SSL])
AC_DEFUN([AX_NAGIOS_GET_SSL],
[
# -------------------------------
# SSL library and include paths
# -------------------------------
SSL_TYPE=openssl
try_pkg_config=1
ssl_dir=
ssl_inc_dir=
ssl_lib_dir=
SSL_INC_PREFIX=
SSL_HDR=
SSL_LIB_DIR=
AC_SUBST(HAVE_SSL)
AC_SUBST(SSL_TYPE)
AC_SUBST(SSL_HDR)
AC_SUBST(SSL_INC_PREFIX)
AC_SUBST(SSL_LIB_DIR)
AC_SUBST(SSL_DH_HEADER)
AC_SUBST(SSL_OBJS)
dnl Makefile for generating DH parameters, pre 3.0 and post 3.0
SSL_DH_HEADER_MAKE_OLD="../include/dh.h:
\$(SSLBIN) dhparam -C 2048 | awk '/^-----/ {exit} {print}' > \@S|@@"
SSL_DH_HEADER_MAKE_NEW="../include/dh.h: generate_dh_params
./generate_dh_params > \@S|@@
generate_dh_params: \$(srcdir)/generate_dh_params.c
\$(CC) \$(CFLAGS) -o \@S|@@ \$(srcdir)/generate_dh_params.c \$(LDFLAGS)"
# gnutls/openssl.h
# nss_compat_ossl/nss_compat_ossl.h
dnl # Which type - openssl, gnutls-openssl, nss
dnl AC_ARG_WITH([ssl-type],
dnl dnl AS_HELP_STRING([--with-ssl-type=TYPE],[replace TYPE with gnutls or nss to use one of these instead of openssl]),
dnl AS_HELP_STRING([--with-ssl-type=TYPE],[replace TYPE with gnutls to use that instead of openssl]),
dnl [SSL_TYPE=$withval])
AC_ARG_WITH([ssl],
AS_HELP_STRING([--with-ssl=DIR],[sets location of the SSL installation]),
[ssl_dir=$withval])
AC_ARG_WITH([ssl-inc],
AS_HELP_STRING([--with-ssl-inc=DIR],
[sets location of the SSL include files]),
[ssl_inc_dir=$withval])
AC_ARG_WITH([ssl-lib],
AS_HELP_STRING([--with-ssl-lib=DIR],[sets location of the SSL libraries]),
[ssl_lib_dir=$withval])
AC_ARG_ENABLE([auto_dh],
AS_HELP_STRING([--disable-auto-dh],[disables using builtin DH parameters (if available) and generates custom parameters]),
auto_dh=no,
auto_dh=yes)
if test x$ssl_inc_dir != x -o x$ssl_lib_dir != x; then
try_pkg_config=0
fi
AC_ARG_WITH([kerberos-inc],
AS_HELP_STRING([--with-kerberos-inc=DIR],
[sets location of the Kerberos include files]),
[kerberos_inc_dir=$withval])
if test x$SSL_TYPE = xyes; then
SSL_TYPE=openssl
fi
dflt_hdrs="$ssl_inc_dir $ssl_dir $ssl_inc_dir/include $ssl_dir/include \
/usr/local/opt/{BBB} /usr/include/{BBB} /usr/local/include/{BBB} \
/usr/local/{AAA} /usr/local/{BBB} /usr/lib/{AAA} /usr/lib/{BBB} \
/usr/{AAA} /usr/pkg /usr/local /usr /usr/freeware/lib/{BBB} \
/usr/sfw /usr/sfw/include /opt/{BBB}"
dflt_libs="$ssl_lib_dir {ssldir} {ssldir}/lib {ssldir}/lib64 /usr/lib64 \
/usr/lib /usr/lib/x86_64-linux-gnu /usr/lib/i386-linux-gnu \
/usr/local/lib /usr/lib/{AAA} /usr/{AAA}/lib /usr/{BBB}/lib \
/usr/pkg/lib /usr/freeware/lib/{BBB} /usr/sfw/lib /opt/freeware/lib \
/opt/{BBB}/lib/hpux64 /opt/{BBB}/lib/pa20_64 /opt/{BBB}/lib/hpux32 \
/opt/{BBB}/lib /opt/{BBB}";
AS_CASE([$SSL_TYPE],
[no], [SSL_TYPE=NONE],
[yes|openssl],
[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/ssl/g' | sed -e 's/{BBB}/openssl/g'`
ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/ssl/g' | sed -e 's/{BBB}/openssl/g'`
SSL_INC_PREFIX=openssl
SSL_HDR=ssl.h
ssl_lib=libssl],
[gnutls],
[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/gnutls/g' | sed -e 's/{BBB}/gnutls/g'`
ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/gnutls/g' | sed -e 's/{BBB}/gnutls/g'`
SSL_INC_PREFIX=gnutls
SSL_TYPE=gnutls_compat
SSL_HDR=compat.h
ssl_lib=libgnutls],
[nss],
[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/nss_compat_ossl/g' | sed -e 's/{BBB}/nss_compat_ossl/g'`
ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/nss_compat_ossl/g' | sed -e 's/{BBB}/nss_compat_ossl/g'`
SSL_HDR=nss_compat_ossl.h
ssl_lib=libnss_compat],
[*], echo >&6; AC_MSG_ERROR(['--with-ssl-type=$SSL_TYPE' is invalid])
)
# Check for SSL support
if test x$SSL_TYPE != xNONE; then
found_ssl=no
# RedHat 8.0 and 9.0 include openssl compiled with kerberos,
# so we must include header file
# Must come before openssl checks for Redhat EL 3
AC_MSG_CHECKING(for Kerberos include files)
found_kerberos=no
for dir in $kerberos_inc_dir /usr/kerberos/include /usr/include/krb5 \
/usr/include; do
kerbdir="$dir"
if test -f "$dir/krb5.h"; then
found_kerberos=yes
CFLAGS="$CFLAGS -I$kerbdir"
AC_DEFINE_UNQUOTED(HAVE_KRB5_H,[1],[Have the krb5.h header file])
break
fi
done
if test x_$found_kerberos != x_yes; then
AC_MSG_WARN(could not find include files)
else
AC_MSG_RESULT(found Kerberos include files in $kerbdir)
fi
# First, try using pkg_config
if test $try_pkg_config -ne 0 ; then
AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
fi
if test x"$PKG_CONFIG" != x -a $try_pkg_config -ne 0 ; then
cflags=`$PKG_CONFIG $SSL_TYPE --cflags-only-I 2>/dev/null`
if test $? -eq 0; then
CFLAGS="$CFLAGS $cflags"
LDFLAGS="$LDFLAGS `$PKG_CONFIG $SSL_TYPE --libs-only-L 2>/dev/null`"
LIBS="$LIBS `$PKG_CONFIG $SSL_TYPE --libs-only-l 2>/dev/null`"
found_ssl=yes
AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
fi
fi
if test x_$found_ssl != x_yes; then
# Find the SSL Headers
AC_MSG_CHECKING(for SSL headers)
for dir in $ssl_hdr_dirs; do
if test "$dir" = "/include"; then
continue
fi
ssldir="$dir"
sslincdir="$dir"
if test -f "$dir/$SSL_INC_PREFIX/$SSL_HDR"; then
found_ssl=yes
CFLAGS="$CFLAGS -I$dir"
ssldir="$dir/.."
break
fi
if test -f "$dir/include/$SSL_INC_PREFIX/$SSL_HDR"; then
found_ssl=yes
CFLAGS="$CFLAGS -I$dir/include"
sslincdir="$dir/include"
break
fi
if test -f "$dir/include/$SSL_HDR"; then
found_ssl=yes
if test "$SSL_HDR" != compat.h ; then
SSL_INC_PREFIX=""
fi
CFLAGS="$CFLAGS -I$dir/include"
sslincdir="$dir/include"
break
fi
if test -f "$dir/$SSL_HDR"; then
found_ssl=yes
SSL_INC_PREFIX=""
CFLAGS="$CFLAGS -I$dir"
break
fi
done
if test x_$found_ssl != x_yes; then
AC_MSG_ERROR(Cannot find ssl headers)
else
AC_MSG_RESULT(found in $sslincdir)
# Now try and find SSL libraries
AC_MSG_CHECKING(for SSL libraries)
found_ssl=no
ssl_lib_dirs=`echo "$ssl_lib_dirs" | sed -e "s|{ssldir}|$ssldir|g"`
if test "`uname -s`" = "Darwin" ; then
soext="dylib"
elif test "`uname -s`" = "HP-UX" ; then
if test x$arch = "xia64"; then
soext="so"
else
soext="sl"
fi
elif test "`uname -s`" = "AIX" ; then
soext="a"
else
soext="so a"
fi
for dir in $ssl_lib_dirs; do
for ext in $soext; do
if test -f "$dir/$ssl_lib.$ext"; then
found_ssl=yes
SSL_LIB_DIR="$dir"
break
fi
done
if test x_$found_ssl == x_yes; then
break
fi
done
if test x_$found_ssl != x_yes; then
AC_MSG_ERROR(Cannot find ssl libraries)
else
AC_MSG_RESULT(found in $SSL_LIB_DIR)
LDFLAGS="$LDFLAGS -L$SSL_LIB_DIR -Wl,-rpath,$SSL_LIB_DIR";
LIBS="$LIBS -l`echo $ssl_lib | sed -e 's/^lib//'` -lcrypto";
AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
fi
fi
fi
if test x$found_ssl = xyes ; then
if test -n "$SSL_INC_PREFIX" ; then
SSL_INC_PREFIX="${SSL_INC_PREFIX}/"
fi
# try to compile and link to see if SSL is set up properly
AC_MSG_CHECKING([whether compiling and linking against SSL works])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([#include <${SSL_INC_PREFIX}${SSL_HDR}>], [SSL_new(NULL)])],
[
AC_MSG_RESULT([yes])
SSL_OBJS="nrpe-ssl.o"
$1
], [
AC_MSG_ERROR([no])
$2
])
fi
if test x$found_ssl = xyes -a x$need_dh = xyes; then
AC_LINK_IFELSE([dnl
AC_LANG_PROGRAM(
[
#include <stdio.h>
#include <${SSL_INC_PREFIX}${SSL_HDR}>
],
[
#ifdef OPENSSL_VERSION_MAJOR
printf("%i %i", OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR);
#else
printf("%i %i", (int)((OPENSSL_VERSION_NUMBER >> 28) & 0x0f), (int)((OPENSSL_VERSION_NUMBER >> 20) & 0xff));
#endif
])],
[
nagios_ssl_version=$(./conftest$EXEEXT)
SSL_MAJOR=$(echo $nagios_ssl_version | cut -d' ' -f1)
SSL_MINOR=$(echo $nagios_ssl_version | cut -d' ' -f2)
],
AC_MSG_ERROR(Failed to detect OpenSSL version!))
if test x$auto_dh = xyes -a $SSL_MAJOR -lt 1 -o \( $SSL_MAJOR -eq 1 -a $SSL_MINOR -lt 1 \); then
# auto_dh not available before v1.1.0
auto_dh=no
fi
if test x$auto_dh = xyes; then
AC_DEFINE(AUTO_SSL_DH)
fi
dnl Do the Makefile rules here to maintain compatibility and not rely on GNU Make
if test x$need_dh = xyes ; then
if test x$auto_dh = xno ; then
if test $SSL_MAJOR -lt 3 ; then
# Find the openssl program
# Only need openssl binary if we're not using auto or using version less than 3.0
AC_PATH_PROG(sslbin,openssl,value-if-not-found,${ssldir}/sbin${PATH_SEPARATOR}${ssldir}/bin${PATH_SEPARATOR}${PATH})
AC_SUBST(SSL_DH_HEADER_MAKE, ${SSL_DH_HEADER_MAKE_OLD})
else
AC_SUBST(SSL_DH_HEADER_MAKE, ${SSL_DH_HEADER_MAKE_NEW})
fi
AC_SUBST(SSL_DH_HEADER,../include/dh.h)
fi
AC_DEFINE(USE_SSL_DH)
fi
fi
fi
])

208
nrpe.spec.in Normal file
View file

@ -0,0 +1,208 @@
%define isaix %(test "`uname -s`" = "AIX" && echo "1" || echo "0")
%define islinux %(test "`uname -s`" = "Linux" && echo "1" || echo "0")
%if %{isaix}
%define _prefix /opt/nagios
%define _docdir %{_prefix}/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@
%define nshome /opt/nagios
%define _make gmake
%endif
%if %{islinux}
%define _init_dir @initdir@
%define _init_type @init_type@
%define _exec_prefix %{_prefix}/sbin
%define _bindir %{_prefix}/sbin
%define _sbindir %{_prefix}/lib/nagios/cgi
%define _libexecdir %{_prefix}/lib/nagios/plugins
%define _datadir %{_prefix}/share/nagios
%define _localstatedir /var/log/nagios
%define nshome /var/log/nagios
%define _make make
%endif
%define _sysconfdir /etc/nagios
%define name @PACKAGE_NAME@
%define version 4.1.3
%define release @RPM_RELEASE@
%define nsusr @nrpe_user@
%define nsgrp @nrpe_group@
%define nsport @nrpe_port@
%define ns_src_tmpfile "@src_tmpfile@"
# Reserve option to override port setting with:
# rpm -ba|--rebuild --define 'nsport 5666'
%{?port:%define nsport %{port}}
# Macro that print messages to syslog at package (un)install time
%define nnmmsg logger -t %{name}/rpm
Summary: Host/service/network monitoring agent for Nagios
URL: http://www.nagios.org
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Group: Application/System
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-buildroot
Prefix: %{_prefix}
Prefix: @initdir@
Prefix: /etc/nagios
%if %{isaix}
Requires: nagios-plugins
%endif
%if %{islinux}
Requires: bash, grep, nagios-plugins, util-linux, chkconfig, shadow-utils, sed, initscripts, mktemp
%endif
%description
NPRE (Nagios Remote Plugin Executor) is a system daemon that
will execute various Nagios plugins locally on behalf of a
remote (monitoring) host that uses the check_nrpe plugin.
Various plugins that can be executed by the daemon are available
at: http://sourceforge.net/projects/nagiosplug
This package provides the client-side NRPE agent (daemon).
%package plugin
Group: Application/System
Summary: Provides nrpe plugin for Nagios.
Requires: nagios-plugins
%description plugin
NPRE (Nagios Remote Plugin Executor) is a system daemon that
will execute various Nagios plugins locally on behalf of a
remote (monitoring) host that uses the check_nrpe plugin.
Various plugins that can be executed by the daemon are available
at: http://sourceforge.net/projects/nagiosplug
This package provides the server-side NRPE plugin for
Nagios-related applications.
%prep
%setup -q
%if %{isaix}
# Check to see if the nrpe service is running and, if so, stop it.
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
if [ $? -eq 0 ] ; then
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
if [ "$status" = "active" ] ; then
/usr/bin/stopsrc -s nrpe
fi
fi
%endif
%if %{isaix}
%post
/usr/bin/lssrc -s nrpe > /dev/null 2> /dev/null
if [ $? -eq 1 ] ; then
/usr/bin/mkssys -p %{_bindir}/nrpe -s nrpe -u 0 -a "-c %{_sysconfdir}/nrpe.cfg -d -s" -Q -R -S -n 15 -f 9
fi
/usr/bin/startsrc -s nrpe
%endif
%preun
%if %{isaix}
status=`/usr/bin/lssrc -s nrpe | /usr/bin/gawk '$1=="nrpe" {print $NF}'`
if [ "$status" = "active" ] ; then
/usr/bin/stopsrc -s nrpe
fi
/usr/bin/rmssys -s nrpe
%endif
%if %{islinux}
if [ "$1" = 0 ]; then
/sbin/service nrpe stop > /dev/null 2>&1
/sbin/chkconfig --del nrpe
fi
%endif
%if %{islinux}
%postun
if [ "$1" -ge "1" ]; then
/sbin/service nrpe condrestart >/dev/null 2>&1 || :
fi
%endif
%build
export PATH=$PATH:/usr/sbin
CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
MAKE=%{_make} ./configure \
--with-init-type=%{_init_type} \
--with-nrpe-port=%{nsport} \
--with-nrpe-user=%{nsusr} \
--with-nrpe-group=%{nsgrp} \
--prefix=%{_prefix} \
--exec-prefix=%{_exec_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--libexecdir=%{_libexecdir} \
--datadir=%{_datadir} \
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_localstatedir} \
--enable-command-args
%{_make} all
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%if %{islinux}
install -d -m 0755 ${RPM_BUILD_ROOT}%{_init_dir}
%endif
DESTDIR=${RPM_BUILD_ROOT} %{_make} install-groups-users install install-config install-init
%clean
rm -rf $RPM_BUILD_ROOT
%files
%if %{islinux}
%defattr(755,root,root)
@initdir@/@initname@
%endif
%{_bindir}/nrpe
%dir %{_sysconfdir}
%defattr(600,%{nsusr},%{nsgrp})
%config(noreplace) %{_sysconfdir}/*.cfg
%defattr(755,%{nsusr},%{nsgrp})
%if %{ns_src_tmpfile} != ""
@tmpfilesd@
%endif
%{_bindir}/nrpe-uninstall
%doc CHANGELOG.md LEGAL README.md README.SSL.md SECURITY.md
%files plugin
%defattr(755,%{nsusr},%{nsgrp})
%{_libexecdir}
%defattr(644,%{nsusr},%{nsgrp})
%doc CHANGELOG.md LEGAL README.md
%changelog
* Thu Aug 18 2016 John Frickson jfrickson<@>nagios.com
- Changed 'make install-daemon-config' to 'make install-config'
- Added make targets 'install-groups-users' and 'install-init'
- Misc. changes
* Mon Mar 12 2012 Eric Stanley estanley<@>nagios.com
- Created autoconf input file
- Updated to support building on AIX
- Updated install to use make install*
* Mon Jan 23 2006 Andreas Kasenides ank<@>cs.ucy.ac.cy
- fixed nrpe.cfg relocation to sample-config
- replaced Copyright label with License
- added --enable-command-args to enable remote arg passing (if desired can be disabled by commenting out)
* Wed Nov 12 2003 Ingimar Robertsson <iar@skyrr.is>
- Added adding of nagios group if it does not exist.
* Tue Jan 07 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
- Removed the lines which removed the nagios user and group from the system
- changed the patch release version from 3 to 1
* Mon Jan 06 2003 James 'Showkilr' Peterson <showkilr@showkilr.com>
- Removed patch files required for nrpe 1.5
- Update spec file for version 1.6 (1.6-1)
* Sat Dec 28 2002 James 'Showkilr' Peterson <showkilr@showkilr.com>
- First RPM build (1.5-1)

85
paths.in Executable file
View file

@ -0,0 +1,85 @@
#!/bin/sh
wrout () {
if test "$2" != "N/A"; then printf " %-25s %s\n" "$1" "$2"; fi
}
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
echo "Detected Environment:"
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
wrout "Operating System" "@opsys@"
wrout "Architecture" "@arch@"
wrout "Distribution type" "@dist_type@ Version @dist_ver@"
wrout "Init type" "@init_type@"
wrout "Inetd type" "@inetd_type@"
echo
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
echo "Paths are:"
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
wrout "prefix" "@prefix@"
wrout "exec_prefix" "@prefix@"
if test "@PKG_NAME@" = "nagios"; then
wrout "bindir" "@bindir@"
fi
wrout "sbindir" "@sbindir@"
wrout "sysconfdir" "@sysconfdir@"
wrout "pkgsysconfdir" "@pkgsysconfdir@"
if test "@PKG_NAME@" = "nagios"; then
wrout "privatesysconfdir" "@privatesysconfdir@"
fi
wrout "localstatedir" "@localstatedir@"
wrout "pkglocalstatedir" "@pkglocalstatedir@"
wrout "datarootdir" "@datarootdir@"
wrout "datadir" "@datadir@"
wrout "webdir" "@webdir@"
wrout "localedir" "@localedir@"
wrout "logdir" "@logdir@"
wrout "piddir" "@piddir@"
wrout "pipedir" "@pipedir@"
wrout "spooldir" "@spooldir@"
wrout "libexecdir" "@libexecdir@"
wrout "brokersdir" "@brokersdir@"
wrout "pluginsdir" "@pluginsdir@"
wrout "cgibindir" "@cgibindir@"
wrout "initdir" "@initdir@"
wrout "inetddir" "@inetddir@"
wrout "subsyslockdir" "@subsyslockdir@"
echo
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
echo '@PKG_NAME@ files will be installed or created as follows:'
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
wrout "Config file" "@pkgsysconfdir@/@PKG_NAME@.cfg"
wrout "Object config dir" "@objsysconfdir@"
wrout "daemon" "@sbindir@/@PKG_NAME@"
if test "@PKG_NAME@" = "nrpe"; then
wrout "check_@PKG_NAME@" "@pluginsdir@/check_@PKG_NAME@"
fi
if test "@PKG_NAME@" = "nagios"; then
wrout "nagiostats (prog)" "@bindir@/nagiostats"
wrout "Website password file" "@pkgsysconfdir@/passwd"
wrout "resource.cfg" "@privatesysconfdir@/resource.cfg"
wrout "event handlers dir" "@brokersdir@"
wrout "cgi program dir" "@cgibindir@"
wrout "website file dir" "@webdir@"
wrout "status.dat" "@pkglocalstatedir@/status.dat"
wrout "retention.dat" "@pkglocalstatedir@/retention.dat"
wrout "object cache dir" "@pkglocalstatedir@"
wrout "log file" "@logdir@/@PKG_NAME@.log"
wrout "log archive dir" "@logdir@/archives"
wrout "@PKG_NAME@.configtest" "@logdir@/@PKG_NAME@.configtest"
wrout "@PKG_NAME@.cmd" "@pipedir@/@PKG_NAME@.cmd"
wrout "@PKG_NAME@.qh" "@pipedir@/@PKG_NAME@.qh"
wrout "perfdata file dir" "@spooldir@"
wrout "checkresult files" "@spooldir@/checkresults"
else
wrout "inetd config" "@inetddir@/@inetdname@"
fi
wrout "init script" "@initdir@/@initname@"
wrout "@PKG_NAME@.conf (tmpfiles.d)" "@tmpfilesd@"
wrout "@PKG_NAME@ lock file" "@piddir@/@PKG_NAME@.pid"
wrout "language files" "@localedir@"
wrout "init lock file" "@subsyslockfile@"
wrout "init source file" "@src_init@"
wrout "inetd source file" "@src_inetd@"
echo
echo "To show this list again, type './paths' at the prompt"

369
sample-config/nrpe.cfg.in Normal file
View file

@ -0,0 +1,369 @@
#############################################################################
#
# Sample NRPE Config File
#
# Notes:
#
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#
#############################################################################
# LOG FACILITY
# The syslog facility that should be used for logging purposes.
log_facility=@log_facility@
# LOG FILE
# If a log file is specified in this option, nrpe will write to
# that file instead of using syslog.
#log_file=@logdir@/nrpe.log
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
debug=0
# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.
pid_file=@piddir@/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-privileged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=@nrpe_port@
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#server_address=127.0.0.1
# LISTEN QUEUE SIZE
# Listen queue size (backlog) for serving incoming connections.
# You may want to increase this value under high load.
#listen_queue_size=5
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=@nrpe_user@
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=@nrpe_group@
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1,::1
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=0
# BASH COMMAND SUBSTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions
allow_bash_command_substitution=0
# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for allowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo
# MAX COMMANDS
# This specifies how many children processes may be spawned at any one
# time, essentially limiting the fork()s that occur.
# Default (0) is set to unlimited
# max_commands=0
# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.
command_timeout=60
# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.
connection_timeout=300
# WEAK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
#allow_weak_random_seed=1
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
#ssl_version=SSLv2+
# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.
#ssl_use_adh=1
# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
# greater.
#ssl_cipher_list=ALL:!MD5:@STRENGTH
#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
# SSL Certificate and Private Key Files
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
# SSL USE CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default)
# 1 = Ask for client certificates
# 2 = Require client certificates
#ssl_client_certs=0
# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
#ssl_logging=0x00
# NASTY METACHARACTERS
# This option allows you to override the list of characters that cannot
# be passed to the NRPE daemon.
# nasty_metachars=|`&><'\\[]{};\r\n
# This option allows you to enable or disable logging error messages to the syslog facilities.
# If this option is not set, the error messages will be logged.
disable_syslog=0
# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!
# The following examples use hardcoded command arguments...
# This is by far the most secure method of using NRPE
command[check_users]=@pluginsdir@/check_users -w 5 -c 10
command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.
### MISC SYSTEM METRICS ###
#command[check_users]=@pluginsdir@/check_users $ARG1$
#command[check_load]=@pluginsdir@/check_load $ARG1$
#command[check_disk]=@pluginsdir@/check_disk $ARG1$
#command[check_swap]=@pluginsdir@/check_swap $ARG1$
#command[check_cpu_stats]=@pluginsdir@/check_cpu_stats.sh $ARG1$
#command[check_mem]=@pluginsdir@/custom_check_mem -n $ARG1$
### GENERIC SERVICES ###
#command[check_init_service]=sudo @pluginsdir@/check_init_service $ARG1$
#command[check_services]=@pluginsdir@/check_services -p $ARG1$
### SYSTEM UPDATES ###
#command[check_yum]=@pluginsdir@/check_yum
#command[check_apt]=@pluginsdir@/check_apt
### PROCESSES ###
#command[check_all_procs]=@pluginsdir@/custom_check_procs
#command[check_procs]=@pluginsdir@/check_procs $ARG1$
### OPEN FILES ###
#command[check_open_files]=@pluginsdir@/check_open_files.pl $ARG1$
### NETWORK CONNECTIONS ###
#command[check_netstat]=@pluginsdir@/check_netstat.pl -p $ARG1$ $ARG2$
### ASTERISK ###
#command[check_asterisk]=@pluginsdir@/check_asterisk.pl $ARG1$
#command[check_sip]=@pluginsdir@/check_sip $ARG1$
#command[check_asterisk_sip_peers]=sudo @pluginsdir@/check_asterisk_sip_peers.sh $ARG1$
#command[check_asterisk_version]=@pluginsdir@/nagisk.pl -c version
#command[check_asterisk_peers]=@pluginsdir@/nagisk.pl -c peers
#command[check_asterisk_channels]=@pluginsdir@/nagisk.pl -c channels
#command[check_asterisk_zaptel]=@pluginsdir@/nagisk.pl -c zaptel
#command[check_asterisk_span]=@pluginsdir@/nagisk.pl -c span -s 1
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
# KEEP ENVIRONMENT VARIABLES
# This directive allows you to retain specific variables from the environment
# when starting the NRPE daemon.
#keep_env_vars=NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION

98
src/Makefile.in Normal file
View file

@ -0,0 +1,98 @@
###############################
#
# NRPE Makefile
#
###############################
srcdir=@srcdir@
# Source code directories
SRC_INCLUDE=@srcdir@/../include
CFG_INCLUDE=../include
# Mainly used for rpmbuild
# DESTDIR=
CC=@CC@
CFLAGS=@CFLAGS@ @DEFS@ -I $(CFG_INCLUDE) -I $(SRC_INCLUDE)
LDFLAGS=@LDFLAGS@ @LIBS@
SOCKETLIBS=@SOCKETLIBS@
LIBWRAPLIBS=@LIBWRAPLIBS@
OTHERLIBS=@OTHERLIBS@
prefix=$(DESTDIR)@prefix@
exec_prefix=$(DESTDIR)@exec_prefix@
CFGDIR=$(DESTDIR)@pkgsysconfdir@
BINDIR=$(DESTDIR)@bindir@
SBINDIR=$(DESTDIR)@sbindir@
LIBEXECDIR=$(DESTDIR)@libexecdir@
INSTALL=@INSTALL@
NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
PLUGINSDIR=$(DESTDIR)@pluginsdir@
PIDDIR=$(DESTDIR)@piddir@
TMPFILESDIR=$(DESTDIR)@tmpfilesd@
SRC_TMPFILE=@src_tmpfile@
# Generated automatically from configure script
SNPRINTF_O=@SNPRINTF_O@
SSLBIN=@sslbin@
SSL_DH_HEADER=@SSL_DH_HEADER@
SSL_OBJS=@SSL_OBJS@
all: nrpe check_nrpe
nrpe: $(srcdir)/nrpe.c utils.o $(srcdir)/acl.c $(SRC_INCLUDE)/nrpe.h $(SRC_INCLUDE)/utils.h $(CFG_INCLUDE)/common.h $(CFG_INCLUDE)/config.h $(SRC_INCLUDE)/acl.h $(SNPRINTF_O) $(SSL_DH_HEADER) $(SSL_OBJS)
$(CC) $(CFLAGS) -o $@ $(srcdir)/nrpe.c utils.o $(SSL_OBJS) $(srcdir)/acl.c $(LDFLAGS) $(SOCKETLIBS) $(LIBWRAPLIBS) $(SNPRINTF_O) $(OTHERLIBS)
check_nrpe: $(srcdir)/check_nrpe.c utils.o $(SRC_INCLUDE)/utils.h $(CFG_INCLUDE)/common.h $(CFG_INCLUDE)/config.h $(SSL_OBJS)
$(CC) $(CFLAGS) -o $@ $(srcdir)/check_nrpe.c utils.o $(SSL_OBJS) $(LDFLAGS) $(SOCKETLIBS) $(SNPRINTF_O) $(OTHERLIBS)
utils.o: $(srcdir)/utils.c $(SRC_INCLUDE)/utils.h $(CFG_INCLUDE)/common.h $(CFG_INCLUDE)/config.h
$(CC) $(CFLAGS) -c -o $@ $(srcdir)/utils.c
nrpe-ssl.o: $(srcdir)/nrpe-ssl.c $(SRC_INCLUDE)/nrpe-ssl.h $(CFG_INCLUDE)/common.h $(CFG_INCLUDE)/config.h
$(CC) $(CFLAGS) -c -o $@ $(srcdir)/nrpe-ssl.c
@SSL_DH_HEADER_MAKE@
install:
$(MAKE) install-plugin
$(MAKE) install-daemon
install-plugin: install-uninstall
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(LIBEXECDIR)
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(PLUGINSDIR)
$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(PLUGINSDIR)
install-daemon: install-uninstall
$(INSTALL) -m 755 nrpe $(SBINDIR)
@if test ! -d "$(PIDDIR)" ; then \
echo $(INSTALL) -m 755 $(NRPE_INSTALL_OPTS) -d $(PIDDIR); \
$(INSTALL) -m 755 $(NRPE_INSTALL_OPTS) -d $(PIDDIR); \
fi
@if test "$(TMPFILESDIR)" != "N/A" -a x$(SRC_TMPFILE) != x ; then \
echo $(INSTALL) -m 755 -d `dirname $(TMPFILESDIR)`; \
$(INSTALL) -m 755 -d `dirname $(TMPFILESDIR)`; \
echo $(INSTALL) -m 644 ../startup/$(SRC_TMPFILE) $(TMPFILESDIR); \
$(INSTALL) -m 644 ../startup/$(SRC_TMPFILE) $(TMPFILESDIR); \
fi
install-uninstall:
$(INSTALL) -m 755 -d $(SBINDIR)
$(INSTALL) -m 755 ../uninstall $(SBINDIR)/nrpe-uninstall
clean:
rm -f core nrpe check_nrpe generate_dh_params utils.o nrpe-ssl.o $(SNPRINTF_O) $(SSL_DH_HEADER)
rm -f *~ */*~
rm -rf nrpe.dSYM check_nrpe.dSYM
distclean: clean
rm -f Makefile
devclean: distclean

722
src/acl.c Normal file
View file

@ -0,0 +1,722 @@
/****************************************************************************
*
* acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
*
* License: GPLv2
* Copyright (c) 2011 Kaspersky Lab ZAO
*
* Description:
*
* acl.c creates two linked lists. One is for IPv4 hosts and networks, another
* is for domain names. All connecting hosts (if allowed_hosts is defined)
* are checked in these two lists.
*
* Note:
* Only ANCII names are supported in ACL.
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "common.h"
#include "utils.h"
#include "acl.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <stdarg.h>
extern int debug;
/* This function checks if a char argument from valid char range.
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
*
* Returns:
* 0 - char isn't from valid group
* 1 - char is a number
* 2 - char is a letter
* 3 - char is a space(' ')
* 4 - char is a dot('.')
* 5 - char is a slash('/')
* 6 - char is a dash('-')
* 7 - char is a comma(',')
*/
int isvalidchar(int c) {
if (!isascii(c))
return 0;
if (isdigit(c))
return 1;
if (isalpha(c))
return 2;
if (isspace(c))
return 3;
switch (c) {
case '.':
return 4;
case '/':
return 5;
case '-':
return 6;
case ',':
return 7;
default:
return 0;
}
}
/*
* Get substring from allowed_hosts from s position to e position.
*/
char * acl_substring(char *string, int s, int e) {
char *substring;
int len = e - s;
if (len < 0)
return NULL;
if ( (substring = malloc(len + 1)) == NULL)
return NULL;
memmove(substring, string + s, len + 1);
return substring;
}
/*
* Add IPv4 host or network to IP ACL. IPv4 format is X.X.X.X[/X].
* Host will be added to ACL only if it has passed IPv4 format check.
*
* Returns:
* 1 - on success
* 0 - on failure
*
* States for IPv4 format check:
* 0 - numbers(-> 1), dot(-> -1), slash(-> -1), other(-> -1)
* 1 - numbers(-> 1), dot(-> 2), slash(-> -1), other(-> -1)
* 2 - numbers(-> 3), dot(-> -1), slash(-> -1), other(-> -1)
* 3 - numbers(-> 3), dot(-> 4), slash(-> -1), other(-> -1)
* 4 - numbers(-> 5), dot(-> -1), slash(-> -1), other(-> -1)
* 5 - numbers(-> 5), dot(-> 6), slash(-> -1), other(-> -1)
* 6 - numbers(-> 7), dot(-> -1), slash(-> -1), other(-> -1)
* 7 - numbers(-> 7), dor(-> -1), slash(-> 8), other(-> -1)
* 8 - numbers(-> 9), dor(-> -1), slash(-> -1), other(-> -1)
* 9 - numbers(-> 9), dot(-> -1), slash(-> -1), other(-> -1)
*
* Good states are 7(IPv4 host) and 9(IPv4 network)
*/
int add_ipv4_to_acl(char *ipv4) {
int state = 0;
int octet = 0;
int index = 0; /* position in data array */
int data[5]; /* array to store ip octets and mask */
int len = strlen(ipv4);
int i, c;
unsigned long ip, mask;
struct ip_acl *ip_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
/* Check for min and max IPv4 valid length */
if (len < 7 || len > 18) {
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
return 0;
}
/* default mask for ipv4 */
data[4] = 32;
/* Basic IPv4 format check */
for (i = 0; i < len; i++) {
/* Return 0 on error state */
if (state == -1) {
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
"format, continue with next check ...", ipv4);
return 0;
}
c = ipv4[i];
switch (c) {
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
octet = octet * 10 + CHAR_TO_NUMBER(c);
switch (state) {
case 0: case 2: case 4: case 6: case 8:
state++;
break;
}
break;
case '.':
switch (state) {
case 1: case 3: case 5:
data[index++] = octet;
octet = 0;
state++;
break;
default:
state = -1;
}
break;
case '/':
switch (state) {
case 7:
data[index++] = octet;
octet = 0;
state++;
break;
default:
state = -1;
}
break;
default:
state = -1;
}
}
/* Exit state handling */
switch (state) {
case 7: case 9:
data[index] = octet;
break;
default:
/* Bad states */
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
return 0;
}
/*
* Final IPv4 format check.
*/
for (i=0; i < 4; i++) {
if (data[i] < 0 || data[i] > 255) {
logit(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
}
if (data[4] < 0 || data[4] > 32) {
logit(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
/* Convert ip and mask to unsigned long */
ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
mask = htonl(-1 << (32 - data[4]));
/* Wrong network address */
if ( (ip & mask) != ip) {
logit(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
return 0;
}
/* Add addr to ip_acl list */
if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
/* Save result in ACL ip list */
ip_acl_curr->family = AF_INET;
ip_acl_curr->addr.s_addr = ip;
ip_acl_curr->mask.s_addr = mask;
ip_acl_curr->next = NULL;
if (ip_acl_head == NULL) {
ip_acl_head = ip_acl_curr;
} else {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
return 1;
}
/*
* Add IPv6 host or network to IP ACL. Host will be added to ACL only if
* it has passed IPv6 format check.
*
*/
int add_ipv6_to_acl(char *ipv6) {
char *ipv6tmp;
char *addr_part, *mask_part;
struct in6_addr addr;
struct in6_addr mask;
int maskval;
int byte, bit;
int nbytes = sizeof(mask.s6_addr) / sizeof(mask.s6_addr[0]);
int x;
struct ip_acl *ip_acl_curr;
/* Save temporary copy of ipv6 so we can use the original in error
messages if needed */
ipv6tmp = strdup(ipv6);
if(NULL == ipv6tmp) {
logit(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
ipv6);
return 0;
}
addr_part = ipv6tmp;
mask_part = strchr(ipv6tmp, '/');
if (mask_part) {
*mask_part = '\0';
++mask_part;
}
/* Parse the address itself */
if(inet_pton(AF_INET6, addr_part, &addr) <= 0) {
free(ipv6tmp);
return 0;
}
/* Check whether there is a netmask */
if (mask_part && *mask_part) {
/* If so, build a netmask */
/* Get the number of bits in the mask */
maskval = atoi(mask_part);
if(maskval < 0 || maskval > 128) {
free(ipv6tmp);
return 0;
}
/* Initialize to zero */
for(x = 0; x < nbytes; x++) {
mask.s6_addr[x] = 0;
}
/* Set mask based on mask bits */
byte = 0;
bit = 7;
while(maskval > 0) {
mask.s6_addr[byte] |= 1 << bit;
bit -= 1;
if(bit < 0) {
bit = 7;
byte++;
}
maskval--;
}
}
else {
/* Otherwise, this is a single address */
for(x = 0; x < nbytes; x++) {
mask.s6_addr[x] = 0xFF;
}
}
/* Add address to ip_acl list */
ip_acl_curr = malloc(sizeof(*ip_acl_curr));
if(NULL == ip_acl_curr) {
logit(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
return 0;
}
/* Save result in ACL ip list */
ip_acl_curr->family = AF_INET6;
for(x = 0; x < nbytes; x++) {
ip_acl_curr->addr6.s6_addr[x] =
addr.s6_addr[x] & mask.s6_addr[x];
ip_acl_curr->mask6.s6_addr[x] = mask.s6_addr[x];
}
ip_acl_curr->next = NULL;
if(NULL == ip_acl_head) {
ip_acl_head = ip_acl_curr;
}
else {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
free(ipv6tmp);
return 1;
}
/*
* Add domain to DNS ACL list
* Domain will be added only if it has passed domain name check.
*
* In this case domain valid format is:
* 1) Domain names must use only alphanumeric characters and dashes (-).
* 2) Domain names mustn't begin or end with dashes (-).
* 3) Domain names mustn't have more than 63 characters.
*
* Return:
* 1 - for success
* 0 - for failure
*
* 0 - alpha(-> 1), number(-> 1), dot(-> -1), dash(-> -1), all other(-> -1)
* 1 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 2 - alpha(-> 3), number(-> 1), dot(-> -1), dash(-> -1), all other(-> -1)
* 3 - alpha(-> 4), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 4 - alpha(-> 5), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 5 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* 6 - alpha(-> 1), number(-> 1), dot(-> 2), dash(-> 6), all other(-> -1)
* For real FQDN only 4 and 5 states are good for exit.
* I don't check if top domain exists (com, ru and etc.)
* But in real life NRPE could work in LAN,
* with local domain zones like .local or with names like 'mars' added to /etc/hosts.
* So 1 is good state too. And maybe this check is not necessary at all...
*/
int add_domain_to_acl(char *domain) {
int state = 0;
int len = strlen(domain);
int i, c;
struct dns_acl *dns_acl_curr;
if (len > 63) {
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
domain);
return 0;
}
for (i = 0; i < len; i++) {
c = domain[i];
switch (isvalidchar(c)) {
case 1:
state = 1;
break;
case 2:
switch (state) {
case 0: case 1: case 5: case 6:
state = 1;
break;
case 2: case 3: case 4:
state++;
break;
}
break;
case 4:
switch (state) {
case 0: case 2:
state = -1;
break;
default:
state = 2;
}
break;
case 6:
switch (state) {
case 0: case 2:
state = -1;
break;
default:
state = 6;
}
break;
default:
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
"invalid chars!", domain);
/* Not valid chars */
return 0;
}
}
/* Check exit code */
switch (state) {
case 1: case 4: case 5:
/* Add name to domain ACL list */
if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
strncpy(dns_acl_curr->domain, domain, sizeof(dns_acl_curr->domain));
dns_acl_curr->domain[sizeof(dns_acl_curr->domain) - 1] = '\0';
dns_acl_curr->next = NULL;
if (dns_acl_head == NULL)
dns_acl_head = dns_acl_curr;
else
dns_acl_prev->next = dns_acl_curr;
dns_acl_prev = dns_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
return 1;
default:
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
"check allowed_host in config file!", domain);
return 0;
}
}
/* Checks connection host in ACL
*
* Returns:
* 1 - on success
* 0 - on failure
*/
int is_an_allowed_host(int family, void *host)
{
struct ip_acl *ip_acl_curr = ip_acl_head;
int nbytes;
int x;
struct dns_acl *dns_acl_curr = dns_acl_head;
struct sockaddr_in *addr;
struct sockaddr_in6 addr6;
struct addrinfo *res, *ai;
struct in_addr tmp;
while (ip_acl_curr != NULL) {
if(ip_acl_curr->family == family) {
switch(ip_acl_curr->family) {
case AF_INET:
if (debug == TRUE) {
tmp.s_addr = ((struct in_addr*)host)->s_addr;
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
"an allowed host >%s<\n",
inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
}
if((((struct in_addr *)host)->s_addr &
ip_acl_curr->mask.s_addr) ==
ip_acl_curr->addr.s_addr) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
return 1;
}
break;
case AF_INET6:
nbytes = sizeof(ip_acl_curr->mask6.s6_addr) /
sizeof(ip_acl_curr->mask6.s6_addr[0]);
for(x = 0; x < nbytes; x++) {
if((((struct in6_addr *)host)->s6_addr[x] &
ip_acl_curr->mask6.s6_addr[x]) !=
ip_acl_curr->addr6.s6_addr[x]) {
break;
}
}
if(x == nbytes) {
/* All bytes in host's address pass the netmask mask */
return 1;
}
break;
}
}
ip_acl_curr = ip_acl_curr->next;
}
while(dns_acl_curr != NULL) {
if (!getaddrinfo(dns_acl_curr->domain, NULL, NULL, &res)) {
for (ai = res; ai; ai = ai->ai_next) {
if (ai->ai_family == family) {
switch (ai->ai_family) {
case AF_INET:
if (debug == TRUE) {
tmp.s_addr = ((struct in_addr *) host)->s_addr;
logit(LOG_INFO, "is_an_allowed_host (AF_INET): test match host >%s< "
"for allowed host >%s<\n",
inet_ntoa(tmp), dns_acl_curr->domain);
}
addr = (struct sockaddr_in *) (ai->ai_addr);
if (addr->sin_addr.s_addr == ((struct in_addr *) host)->s_addr) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET): "
"host is in allowed host list!");
return 1;
}
break;
case AF_INET6:
if (debug == TRUE) {
char formattedStr[INET6_ADDRSTRLEN];
inet_ntop(ai->ai_family, (void *) &(((struct sockaddr_in6 *) (ai->ai_addr))->sin6_addr),
formattedStr, INET6_ADDRSTRLEN);
logit(LOG_INFO, "is_an_allowed_host (AF_INET6): test match host against >%s< "
"for allowed host >%s<\n",
formattedStr, dns_acl_curr->domain);
}
struct in6_addr *resolved = &(((struct sockaddr_in6 *) (ai->ai_addr))->sin6_addr);
memcpy((char *) &addr6, ai->ai_addr, sizeof(addr6));
if (!memcmp(&addr6.sin6_addr, host, sizeof(addr6.sin6_addr))) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET6): "
"host is in allowed host list!");
return 1;
}
break;
}
}
}
}
dns_acl_curr = dns_acl_curr->next;
}
return 0;
}
/* The trim() function takes a source string and copies it to the destination string,
* stripped of leading and training whitespace. The destination string must be
* allocated at least as large as the source string.
*/
void trim( char *src, char *dest) {
char *sptr, *dptr;
for( sptr = src; isspace( *sptr) && *sptr; sptr++); /* Jump past leading spaces */
for( dptr = dest; !isspace( *sptr) && *sptr; ) {
*dptr = *sptr;
sptr++;
dptr++;
}
*dptr = '\0';
return;
}
/* This function splits allowed_hosts to substrings with comma(,) as a delimiter.
* It doesn't check validness of ACL record (add_ipv4_to_acl() and add_domain_to_acl() do),
* just trims spaces from ACL records.
* After this it sends ACL records to add_ipv4_to_acl() or add_domain_to_acl().
*/
void parse_allowed_hosts(char *allowed_hosts) {
char *hosts = strdup( allowed_hosts); /* Copy since strtok* modifies original */
char *saveptr;
char *tok;
const char *delim = ",";
char *trimmed_tok;
int add_to_acl = 0;
if (debug == TRUE)
logit(LOG_INFO,
"parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
allowed_hosts);
#ifdef HAVE_STRTOK_R
tok = strtok_r(hosts, delim, &saveptr);
#else
if (debug == TRUE)
logit(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
"problems in the allowed_hosts string determination!\n");
tok = strtok(hosts, delim);
#endif
while( tok) {
trimmed_tok = malloc(sizeof(char) * (strlen(tok) + 1));
trim(tok, trimmed_tok);
if (debug == TRUE)
logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
if (strlen(trimmed_tok) > 0) {
/* lets check the type of the address before we try and add it to the acl */
if (strchr(trimmed_tok, ':') != NULL) {
/* its an ipv6 address */
add_to_acl = add_ipv6_to_acl(trimmed_tok);
} else {
/* its either a fqdn or an ipv4 address
unfortunately, i don't want to re-invent the wheel here
the logic exists inside of add_ipv4_to_acl() to detect
whether or not it is a ip or not */
add_to_acl = add_ipv4_to_acl(trimmed_tok);
}
/* but we only try to add it to a domain if the other tests have failed */
if (!add_to_acl && !add_domain_to_acl(trimmed_tok)) {
logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
} else if (debug == TRUE)
logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
}
free( trimmed_tok);
#ifdef HAVE_STRTOK_R
tok = strtok_r(NULL, delim, &saveptr);
#else
tok = strtok(NULL, delim);
#endif
}
free( hosts);
}
/*
* Converts mask in unsigned long format to two digit prefix
*/
unsigned int prefix_from_mask(struct in_addr mask) {
int prefix = 0;
unsigned long bit = 1;
int i;
for (i = 0; i < 32; i++) {
if (mask.s_addr & bit)
prefix++;
bit = bit << 1;
}
return (prefix);
}
/*
* It shows all hosts in ACL lists
*/
void show_acl_lists(void)
{
struct ip_acl *ip_acl_curr = ip_acl_head;
struct dns_acl *dns_acl_curr = dns_acl_head;
logit(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
while (ip_acl_curr != NULL) {
logit(LOG_INFO, " IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
ip_acl_curr = ip_acl_curr->next;
}
while (dns_acl_curr != NULL) {
logit(LOG_INFO, " DNS ACL: %s\n", dns_acl_curr->domain);
dns_acl_curr = dns_acl_curr->next;
}
}

1505
src/check_nrpe.c Normal file
View file

File diff suppressed because it is too large Load diff

162
src/generate_dh_params.c Normal file
View file

@ -0,0 +1,162 @@
/* generate_dh_params.c - Generate DH parameters using OpenSSL 3+ API */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/ssl.h>
static int gendh_cb(EVP_PKEY_CTX *ctx);
static EVP_PKEY *generate_key(void);
static int print_bn(EVP_PKEY *res, const char *name);
int main(void)
{
EVP_PKEY *key;
key = generate_key();
if (!key)
return 1;
printf("EVP_PKEY *get_dh2048_key(void)\n{\n");
if (!print_bn(key, "p"))
return 1;
if (!print_bn(key, "g"))
return 1;
#if 0
printf(
"#ifndef OPENSSL_CORE_H\n"
"# include <openssl/core.h>\n"
"#endif\n"
"#ifndef OPENSSL_EVP_H\n"
"# include <openssl/evp.h>\n"
"#endif\n"
);
#endif
printf(
"\tEVP_PKEY_CTX *ctx = NULL;\n"
"\tEVP_PKEY *key = NULL;\n"
"\tOSSL_PARAM params[] = {\n"
"\t\tOSSL_PARAM_BN(\"p\", dh2048_p, sizeof(dh2048_p)),\n"
"\t\tOSSL_PARAM_BN(\"g\", dh2048_g, sizeof(dh2048_g)),\n"
"\t\tOSSL_PARAM_END\n"
"\t};\n\n"
"\tctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);\n"
"\tif (ctx == NULL)\n"
"\t\treturn NULL;\n"
"\tif (EVP_PKEY_fromdata_init(ctx))\n"
"\t\tEVP_PKEY_fromdata(ctx, &key, EVP_PKEY_KEY_PARAMETERS, params);\n"
"\t\n"
"\tEVP_PKEY_CTX_free(ctx);\n"
"\treturn key;\n"
"}\n"
);
return 0;
}
static EVP_PKEY *generate_key(void)
{
int rc;
EVP_PKEY_CTX *ctx;
EVP_PKEY *res = NULL;
ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
if (ctx == NULL)
{
fprintf(stderr, "Failed EVP_PKEY_CTX_new_from_name\n");
return NULL;
}
EVP_PKEY_CTX_set_cb(ctx, gendh_cb);
rc = EVP_PKEY_paramgen_init(ctx);
if (rc == 0)
{
fprintf(stderr, "Failed EVP_PKEY_paramgen_init\n");
return NULL;
}
rc = EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, 2048);
if (rc == 0)
{
fprintf(stderr, "Failed EVP_PKEY_CTX_set_dh_paramgen_prime_len\n");
return NULL;
}
rc = EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, 2);
if (rc == 0)
{
fprintf(stderr, "Failed EVP_PKEY_CTX_set_dh_paramgen_generator\n");
return NULL;
}
fprintf(stderr, "*** Generating DH Parameters for SSL/TLS (may take some time) ***:\n");
rc = EVP_PKEY_paramgen(ctx, &res);
fprintf(stderr, "\n");
if (rc == 0)
{
fprintf(stderr, "Failed EVP_PKEY_paramgen\n");
return NULL;
}
EVP_PKEY_CTX_free(ctx);
return res;
}
static int print_bn(EVP_PKEY *res, const char *name)
{
int rc;
int i;
int size;
BIGNUM *bn = NULL;
unsigned char buffer[512];
rc = EVP_PKEY_get_bn_param(res, name, &bn);
if (rc == 0)
{
fprintf(stderr, "Failed EVP_PKEY_get_bn_param\n");
return 0;
}
rc = BN_bn2nativepad(bn, buffer, sizeof(buffer));
if (rc < 0)
{
fprintf(stderr, "Failed BN_bn2nativepad\n");
return 0;
}
size = BN_num_bytes(bn);
printf("\tstatic unsigned char dh2048_%s[]={\n\t\t", name);
for (i = 0; i < size; i += 16)
{
int j;
for (j = 0; j < 16 && i+j < size; j++)
{
printf("0x%02x", buffer[i+j]);
if (i+j < size - 1)
putchar(',');
}
if (i+j < size)
printf("\n\t\t");
}
printf("\n\t};\n");
BN_free(bn);
return 1;
}
static int gendh_cb(EVP_PKEY_CTX *ctx)
{
static const char symbols[] = ".+*\n";
int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
if (p)
{
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
fputc(c, stderr);
fflush(stderr);
}
return 1;
}

287
src/nrpe-ssl.c Normal file
View file

@ -0,0 +1,287 @@
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "common.h"
#include "nrpe-ssl.h"
#include "utils.h"
#ifdef HAVE_SSL
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
SSL_METHOD *meth;
# else
const SSL_METHOD *meth;
# endif
SSL_CTX *ctx;
int use_ssl = TRUE;
#else
int use_ssl = FALSE;
#endif
void ssl_initialize(void)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000
/* initialize SSL */
SSL_load_error_strings();
SSL_library_init();
ENGINE_load_builtin_engines();
RAND_set_rand_engine(NULL);
ENGINE_register_all_complete();
#endif
}
void ssl_set_protocol_version(SslVer ssl_proto_ver, unsigned long *ssl_opts)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000
SSL_CTX_set_max_proto_version(ctx, 0);
switch(ssl_proto_ver) {
case TLSv1_3:
#if OPENSSL_VERSION_NUMBER >= 0x10101000
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
#endif
case TLSv1_3_plus:
#if OPENSSL_VERSION_NUMBER >= 0x10101000
SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
break;
#endif
case TLSv1_2:
SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
case TLSv1_2_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
break;
case TLSv1_1:
SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
case TLSv1_1_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
break;
case TLSv1:
SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
case TLSv1_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
break;
case SSLv3:
SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
case SSLv3_plus:
SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
break;
case SSLv2:
case SSLv2_plus:
/* SSLv2 support dropped */
break;
case SSL_Ver_Invalid:
/* Should never be seen, silence warning */
break;
}
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
switch(sslprm.ssl_proto_ver) {
case SSLv2:
case SSLv2_plus:
break;
case TLSv1_3:
case TLSv1_3_plus:
#ifdef SSL_OP_NO_TLSv1_2
*ssl_opts |= SSL_OP_NO_TLSv1_2;
#endif
case TLSv1_2:
case TLSv1_2_plus:
#ifdef SSL_OP_NO_TLSv1_1
*ssl_opts |= SSL_OP_NO_TLSv1_1;
#endif
case TLSv1_1:
case TLSv1_1_plus:
*ssl_opts |= SSL_OP_NO_TLSv1;
case TLSv1:
case TLSv1_plus:
*ssl_opts |= SSL_OP_NO_SSLv3;
case SSLv3:
case SSLv3_plus:
*ssl_opts |= SSL_OP_NO_SSLv2;
break;
case SSL_Ver_Invalid:
/* Should never be seen, silence warning */
break;
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
}
void ssl_log_startup(int server)
{
char *vers;
logit(LOG_INFO, "SSL Certificate File: %s", sslprm.cert_file ? sslprm.cert_file : "None");
logit(LOG_INFO, "SSL Private Key File: %s", sslprm.privatekey_file ? sslprm.privatekey_file : "None");
logit(LOG_INFO, "SSL CA Certificate File: %s", sslprm.cacert_file ? sslprm.cacert_file : "None");
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
logit(LOG_INFO, "SSL Allow ADH: %d", sslprm.allowDH);
if (server)
{
logit(LOG_INFO, "SSL Client Certs: %s",
sslprm.client_certs == 0 ? "Don't Ask" :
(sslprm.client_certs == 1 ? "Accept" : "Require"));
}
logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
switch (sslprm.ssl_proto_ver) {
case SSLv2:
vers = "SSLv2";
break;
case SSLv2_plus:
vers = "SSLv2 And Above";
break;
case SSLv3:
vers = "SSLv3";
break;
case SSLv3_plus:
vers = "SSLv3 And Above";
break;
case TLSv1:
vers = "TLSv1";
break;
case TLSv1_plus:
vers = "TLSv1 And Above";
break;
case TLSv1_1:
vers = "TLSv1_1";
break;
case TLSv1_1_plus:
vers = "TLSv1_1 And Above";
break;
case TLSv1_2:
vers = "TLSv1_2";
break;
case TLSv1_2_plus:
vers = "TLSv1_2 And Above";
break;
case TLSv1_3:
vers = "TLSv1_3";
break;
case TLSv1_3_plus:
vers = "TLSv1_3 And Above";
break;
default:
vers = "INVALID VALUE!";
break;
}
logit(LOG_INFO, "SSL Version: %s", vers);
}
int ssl_load_certificates(void)
{
int x;
char errstr[256] = { "" };
if (sslprm.cacert_file != NULL) {
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
logit(LOG_ERR, "Error: Could not use CA certificate '%s'", sslprm.cacert_file);
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, " : %s\n", errstr);
}
return FALSE;
}
}
if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
if (!SSL_CTX_use_certificate_chain_file(ctx, sslprm.cert_file)) {
logit(LOG_ERR, "Error: Could not use certificate '%s'", sslprm.cert_file);
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, " : %s\n", errstr);
}
return FALSE;
}
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
logit(LOG_ERR, "Error: Could not use private key file '%s'", sslprm.privatekey_file);
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, " : %s\n", errstr);
}
return FALSE;
}
if (!SSL_CTX_check_private_key(ctx)) {
logit(LOG_ERR, "Error: Could not use certificate/private key pair");
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, " : %s\n", errstr);
}
return FALSE;
}
}
return TRUE;
}
int ssl_set_ciphers(void)
{
int x;
int changed = FALSE;
char errstr[256] = { "" };
if (!sslprm.allowDH) {
x = strlen(sslprm.cipher_list);
if (x < sizeof(sslprm.cipher_list) - 6) {
changed = TRUE;
strncpy(sslprm.cipher_list + x, ":!ADH", sizeof(sslprm.cipher_list) - x);
}
} else {
/* use anonymous DH ciphers */
if (sslprm.allowDH == 2) {
changed = TRUE;
#if OPENSSL_VERSION_NUMBER >= 0x10100000
strncpy(sslprm.cipher_list, "ADH:@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
#else
strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
#endif
}
}
if (changed && sslprm.log_opts & SSL_LogStartup)
logit(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
logit(LOG_ERR, "Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, " : %s\n", errstr);
}
return FALSE;
}
return TRUE;
}
int ssl_verify_callback_common(int preverify_ok, X509_STORE_CTX * ctx, int is_invalid)
{
char name[256], issuer[256];
X509 *err_cert;
int err;
if (preverify_ok || ((sslprm.log_opts & SSL_LogCertDetails) == 0))
return preverify_ok;
if (is_invalid || sslprm.log_opts & SSL_LogCertDetails) {
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
if (is_invalid) {
logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s", name, issuer, err, X509_verify_cert_error_string(err));
} else {
logit(LOG_INFO, "SSL Client certificate: %s (issuer=%s)", name, issuer);
}
}
return preverify_ok;
}

2850
src/nrpe.c Normal file
View file

File diff suppressed because it is too large Load diff

1452
src/snprintf.c Normal file
View file

File diff suppressed because it is too large Load diff

590
src/utils.c Normal file
View file

@ -0,0 +1,590 @@
/****************************************************************************
*
* utils.c - NRPE Utility Functions
*
* License: GPLv2
* Copyright (c) 2009-2017 Nagios Enterprises
* 1999-2008 Ethan Galstad (nagios@nagios.org)
*
* Description:
*
* This file contains common network functions used in nrpe and check_nrpe.
*
* License Notice:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
****************************************************************************/
#include "../include/common.h"
#include "../include/utils.h"
#include <stdarg.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifndef HAVE_ASPRINTF
extern int asprintf(char **ptr, const char *format, ...);
#endif
#ifndef HAVE_VASPRINTF
extern int vasprintf(char **ptr, const char *format, va_list ap);
#endif
#ifndef NI_MAXSERV
# define NI_MAXSERV 32
#endif
#ifndef NI_MAXHOST
# define NI_MAXHOST 1025
#endif
extern char **environ;
static unsigned long crc32_table[256];
char *log_file = NULL;
FILE *log_fp = NULL;
static int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr);
/* build the crc table - must be called before calculating the crc value */
void generate_crc32_table(void)
{
unsigned long crc, poly;
int i, j;
poly = 0xEDB88320L;
for (i = 0; i < 256; i++) {
crc = i;
for (j = 8; j > 0; j--) {
if (crc & 1)
crc = (crc >> 1) ^ poly;
else
crc >>= 1;
}
crc32_table[i] = crc;
}
return;
}
/* calculates the CRC 32 value for a buffer */
unsigned long calculate_crc32(char *buffer, int buffer_size)
{
register unsigned long crc = 0xFFFFFFFF;
int this_char;
int current_index;
for (current_index = 0; current_index < buffer_size; current_index++) {
this_char = (int)buffer[current_index];
crc = ((crc >> 8) & 0x00FFFFFF) ^ crc32_table[(crc ^ this_char) & 0xFF];
}
return (crc ^ 0xFFFFFFFF);
}
/* fill a buffer with semi-random data */
void randomize_buffer(char *buffer, int buffer_size)
{
FILE *fp;
int x;
int seed;
/**** FILL BUFFER WITH RANDOM ALPHA-NUMERIC CHARACTERS ****/
/***************************************************************
Only use alpha-numeric characters because plugins usually
only generate numbers and letters in their output. We
want the buffer to contain the same set of characters as
plugins, so its harder to distinguish where the real output
ends and the rest of the buffer (padded randomly) starts.
***************************************************************/
/* try to get seed value from /dev/urandom, as its a better source of entropy */
fp = fopen("/dev/urandom", "r");
if (fp != NULL) {
seed = fgetc(fp);
fclose(fp);
}
/* else fallback to using the current time as the seed */
else
seed = (int)time(NULL);
srand(seed);
for (x = 0; x < buffer_size; x++)
buffer[x] = (int)'0' + (int)(72.0 * rand() / (RAND_MAX + 1.0));
return;
}
/* opens a connection to a remote host */
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
int address_family, const char *bind_address, int redirect_stderr)
#else
int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
int address_family, const char *bind_address, int redirect_stderr)
#endif
{
struct addrinfo hints, *ai, *aitop;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
int gaierr;
int sock = -1;
FILE *output = stderr;
if (redirect_stderr)
output = stdout;
memset(&hints, 0, sizeof(hints));
hints.ai_family = address_family;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
fprintf(output, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
exit(1);
}
/*
* Loop through addresses for this host, and try each one in
* sequence until the connection succeeds.
*/
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
fprintf(output, "my_connect: getnameinfo failed\n");
continue;
}
/* Create a socket for connecting. */
sock = my_create_socket(ai, bind_address, redirect_stderr);
if (sock < 0)
continue; /* Any error is already output */
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
/* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
break;
} else {
fprintf(output, "connect to address %s port %s: %s\n", ntop, strport,
strerror(errno));
close(sock);
sock = -1;
}
}
freeaddrinfo(aitop);
/* Return failure if we didn't get a successful connection. */
if (sock == -1) {
fprintf(output, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
return -1;
}
return sock;
}
/* Creates a socket for the connection. */
int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr)
{
int sock, gaierr;
struct addrinfo hints, *res;
FILE *output = stderr;
if (redirect_stderr)
output = stdout;
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0)
fprintf(output, "socket: %.100s\n", strerror(errno));
/* Bind the socket to an alternative local IP address */
if (bind_address == NULL)
return sock;
memset(&hints, 0, sizeof(hints));
hints.ai_family = ai->ai_family;
hints.ai_socktype = ai->ai_socktype;
hints.ai_protocol = ai->ai_protocol;
hints.ai_flags = AI_PASSIVE;
gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
if (gaierr) {
fprintf(output, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
close(sock);
return -1;
}
if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
fprintf(output, "bind: %s: %s\n", bind_address, strerror(errno));
close(sock);
freeaddrinfo(res);
return -1;
}
freeaddrinfo(res);
return sock;
}
void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *addr, int port)
{
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr;
memset(&hints, 0, sizeof(hints));
hints.ai_family = address_family;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
logit(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
gai_strerror(gaierr));
exit(1);
}
for (ai = aitop; ai->ai_next; ai = ai->ai_next) ;
ai->ai_next = *listen_addrs;
*listen_addrs = aitop;
}
int clean_environ(const char *keep_env_vars, const char *nrpe_user)
{
#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH)
static char *path = _PATH_STDPATH;
#else
static char *path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
#endif
struct passwd *pw;
size_t len, var_sz = 0;
char **kept = NULL, *value, *var, *keep = NULL;
int i, j, keepcnt = 0;
if (keep_env_vars && *keep_env_vars)
asprintf(&keep, "%s,NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION", keep_env_vars);
else
asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
if (keep == NULL) {
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
++keepcnt;
i = strlen(keep);
while (i--) {
if (keep[i] == ',')
++keepcnt;
}
if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
kept[i++] = strip(var);
var = NULL;
i = 0;
while (environ[i]) {
value = environ[i];
if ((len = strcspn(value, "=")) == 0) {
free(keep);
free(kept);
free(var);
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
if (len >= var_sz) {
var_sz = len + 1;
var = realloc(var, var_sz);
}
strncpy(var, environ[i], var_sz);
var[len] = 0;
for (j = 0; kept[j]; ++j) {
if (!strncmp(var, kept[j], strlen(kept[j])))
break;
}
if (kept[j]) {
++i;
continue;
}
unsetenv(var);
}
free(var);
free(keep);
free(kept);
char * user = NULL;
if (nrpe_user != NULL) {
user = strdup(nrpe_user);
pw = (struct passwd *)getpwnam(nrpe_user);
}
if (nrpe_user == NULL || pw == NULL) {
pw = (struct passwd *)getpwuid(getuid());
if (pw != NULL) {
user = strdup(pw->pw_name);
}
}
if (pw == NULL) {
free(user);
return OK;
}
setenv("PATH", path, 1);
setenv("IFS", " \t\n", 1);
setenv("LOGNAME", user, 0);
setenv("USER", user, 0);
setenv("HOME", pw->pw_dir, 0);
setenv("SHELL", pw->pw_shell, 0);
free(user);
return OK;
}
char *strip(char *buffer)
{
int x;
int index;
char *buf = buffer;
for (x = strlen(buffer); x >= 1; x--) {
index = x - 1;
if (buffer[index] == ' ' || buffer[index] == '\r' || buffer[index] == '\n'
|| buffer[index] == '\t')
buffer[index] = '\x0';
else
break;
}
while (*buf == ' ' || *buf == '\r' || *buf == '\n' || *buf == '\t') {
++buf;
--x;
}
if (buf != buffer) {
memmove(buffer, buf, x);
buffer[x] = '\x0';
}
return buffer;
}
/* sends all data - thanks to Beej's Guide to Network Programming */
int sendall(int s, char *buf, int *len)
{
int total = 0;
int bytesleft = *len;
int n = 0;
/* send all the data */
while (total < *len) {
n = send(s, buf + total, bytesleft, 0); /* send some data */
if (n == -1) /* break on error */
break;
/* apply bytes we sent */
total += n;
bytesleft -= n;
}
*len = total; /* return number of bytes actually sent here */
return n == -1 ? -1 : 0; /* return -1 on failure, 0 on success */
}
/* receives all data - modelled after sendall() */
int recvall(int s, char *buf, int *len, int timeout)
{
time_t start_time;
time_t current_time;
int total = 0;
int bytesleft = *len;
int n = 0;
bzero(buf, *len); /* clear the receive buffer */
time(&start_time);
/* receive all data */
while (total < *len) {
n = recv(s, buf + total, bytesleft, 0); /* receive some data */
if (n == -1 && errno == EAGAIN) {
/* no data has arrived yet (non-blocking socket) */
time(&current_time);
if (current_time - start_time > timeout)
break;
sleep(1);
continue;
} else if (n <= 0)
break; /* receive error or client disconnect */
/* apply bytes we received */
total += n;
bytesleft -= n;
}
/* return number of bytes actually received here */
*len = total;
/* return <=0 on failure, bytes received on success */
return (n <= 0) ? n : total;
}
/* fixes compiler problems under Solaris, since strsep() isn't included */
/* this code is taken from the glibc source */
char *my_strsep(char **stringp, const char *delim)
{
char *begin, *end;
begin = *stringp;
if (begin == NULL)
return NULL;
/* A frequent case is when the delimiter string contains only one
character. Here we don't need to call the expensive `strpbrk'
function and instead work using `strchr'. */
if (delim[0] == '\0' || delim[1] == '\0') {
char ch = delim[0];
if (ch == '\0')
end = NULL;
else {
if (*begin == ch)
end = begin;
else
end = strchr(begin + 1, ch);
}
} else
end = strpbrk(begin, delim); /* Find the end of the token. */
if (end) {
/* Terminate the token and set *STRINGP past NUL character. */
*end++ = '\0';
*stringp = end;
} else
/* No more delimiters; this is the last token. */
*stringp = NULL;
return begin;
}
void open_log_file()
{
int fh;
int flags = O_RDWR|O_APPEND|O_CREAT;
struct stat st;
close_log_file();
if (!log_file)
return;
#ifdef O_NOFOLLOW
flags |= O_NOFOLLOW;
#endif
if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
}
log_fp = fdopen(fh, "a+");
if(log_fp == NULL) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
}
if ((fstat(fh, &st)) == -1) {
log_fp = NULL;
close(fh);
printf("Warning: Cannot fstat log file '%s'\n", log_file);
logit(LOG_WARNING, "Warning: Cannot fstat log file '%s'", log_file);
return;
}
if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
log_fp = NULL;
close(fh);
printf("Warning: log file '%s' has an invalid mode\n", log_file);
logit(LOG_WARNING, "Warning: log file '%s' has an invalid mode", log_file);
return;
}
(void)fcntl(fileno(log_fp), F_SETFD, FD_CLOEXEC);
}
void logit(int priority, const char *format, ...)
{
time_t log_time = 0L;
va_list ap;
char *buffer = NULL;
if (!format || !*format)
return;
va_start(ap, format);
if(vasprintf(&buffer, format, ap) > 0) {
if (log_fp) {
time(&log_time);
/* strip any newlines from the end of the buffer */
strip(buffer);
/* write the buffer to the log file */
fprintf(log_fp, "[%llu] %s\n", (unsigned long long)log_time, buffer);
fflush(log_fp);
} else if (!disable_syslog) {
syslog(priority, "%s", buffer);
}
free(buffer);
}
va_end(ap);
}
void close_log_file()
{
if(!log_fp)
return;
fflush(log_fp);
fclose(log_fp);
log_fp = NULL;
return;
}
/* show license */
void display_license(void)
{
printf("This program is released under the GPL (see below) with the additional\n");
printf("exemption that compiling, linking, and/or using OpenSSL is allowed.\n\n");
printf("This program is free software; you can redistribute it and/or modify\n");
printf("it under the terms of the GNU General Public License as published by\n");
printf("the Free Software Foundation; either version 2 of the License, or\n");
printf("(at your option) any later version.\n\n");
printf("This program is distributed in the hope that it will be useful,\n");
printf("but WITHOUT ANY WARRANTY; without even the implied warranty of\n");
printf("MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n");
printf("GNU General Public License for more details.\n\n");
printf("You should have received a copy of the GNU General Public License\n");
printf("along with this program; if not, write to the Free Software\n");
printf("Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
return;
}

90
startup/bsd-init.in Normal file
View file

@ -0,0 +1,90 @@
#!/bin/sh
# Start/stop/restart/reload nrpe
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
NRPE_BIN=@sbindir@/nrpe
NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
PID_DIR=@piddir@
PID_FILE=@piddir@/nrpe.pid
# Start nrpe
nrpe_start() {
echo -n "Starting nrpe daemon: $NRPE_BIN - "
if [ ! -d "$PID_DIR" ]; then
mkdir -p "$PID_DIR"
fi
$NRPE_BIN -c $NRPE_CFG -d
if [ $? = 0 ]; then
echo "started"
else
echo "failed"
fi
}
# Stop nrpe
nrpe_stop() {
echo -n "Stopping nrpe daemon - "
if [ -r "$PID_FILE" ]; then
kill $(cat "$PID_FILE")
else
killall nrpe
fi
if [ $? = 0 ]; then
echo "stopped"
else
echo "failed"
fi
}
# Restart nrpe
nrpe_restart() {
nrpe_stop
sleep 1
nrpe_start
}
# Reload nrpe
nrpe_reload() {
echo -n "Reloading nrpe daemon - "
if [ -r "$PID_FILE" ]; then
kill -HUP $(cat "$PID_FILE")
else
killall -HUP nrpe
fi
if [ $? = 0 ]; then
echo "reloaded"
else
echo "failed"
fi
}
# nrpe status
nrpe_status() {
if ps -C nrpe >/dev/null; then
echo "nrpe is running."
else
echo "nrpe is stopped."
fi
}
case "$1" in
'start')
nrpe_start
;;
'stop')
nrpe_stop
;;
'restart')
nrpe_restart
;;
'reload')
nrpe_reload
;;
'status')
nrpe_status
;;
*)
echo "Usage $0 start|stop|restart|reload|status"
;;
esac

47
startup/debian-init.in Normal file
View file

@ -0,0 +1,47 @@
#!/bin/sh
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
#
# Start/stop the nrpe daemon.
NRPE_BIN=@sbindir@/nrpe
NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
PID_FILE=@piddir@/nrpe.pid
test -x $NRPE_BIN || exit 0
case "$1" in
start)
echo -n "Starting nagios remote plugin daemon: nrpe"
start-stop-daemon --start --quiet --pidfile $PID_FILE --exec $NRPE_BIN -- -c $NRPE_CFG -d
echo "."
;;
stop)
echo -n "Stopping nagios remote plugin daemon: nrpe"
start-stop-daemon --stop --quiet --pidfile $PID_FILE --exec $NRPE_BIN
echo "."
;;
restart|force-reload)
echo -n "Restarting nagios remote plugin daemon: nrpe"
start-stop-daemon --stop --quiet --pidfile $PID_FILE --exec $NRPE_BIN
start-stop-daemon --start --quiet --pidfile $PID_FILE --exec $NRPE_BIN -- -c $NRPE_CFG -d
echo "."
;;
reload)
echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"
test -f $PID_FILE || exit 0
test -x /bin/kill && /bin/kill -HUP `cat $PID_FILE`
echo "."
;;
*)
echo "Usage: $0 start|stop|restart|reload|force-reload"
exit 1
;;
esac
exit 0

5
startup/default-inetd.in Normal file
View file

@ -0,0 +1,5 @@
#
# Enable the following entry to enable the nrpe daemon
#nrpe stream tcp nowait @nrpe_user@ @sbindir@/nrpe nrpe -c @pkgsysconfdir@/nrpe.cfg --inetd
# Enable the following entry if the nrpe daemon didn't link with libwrap
#nrpe stream tcp nowait @nrpe_user@ /usr/sbin/tcpd @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg --inetd

157
startup/default-init.in Normal file
View file

@ -0,0 +1,157 @@
#!/bin/sh
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
#
# chkconfig: - 80 30
# description: Starts and stops the Nagios Remote Plugin Executor \
# so a remote nagios server can run plugins on this host
#
### BEGIN INIT INFO
# Provides: nrpe
# Required-Start: $local_fs $remote_fs $time
# Required-Stop: $local_fs $remote_fs
# Should-Start: $syslog $network
# Should-Stop: $syslog $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts and stops the Nagios Remote Plugin Executor
# Description: Starts and stops the Nagios Remote Plugin Executor
# so a remote nagios server can run plugins on this host
### END INIT INFO
NRPE_BIN=@sbindir@/nrpe
NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
LOCK_DIR=@subsyslockdir@
LOCK_FILE=@subsyslockfile@
PID_FILE=@piddir@/nrpe.pid
test -x $NRPE_BIN || exit 5
RETVAL=0
_set_rc (){ return; }
# Default these commands/functions to RedHat/CentOS etc. values
MSG_CMD="echo -n"
START_CMD="daemon --pidfile $PID_FILE"
TERM_CMD="killproc -p $PID_FILE $NRPE_BIN -TERM"
HUP_CMD="killproc -p $PID_FILE $NRPE_BIN -HUP"
PRT_STAT="echo"
STAT_MSG="echo -n Checking for nrpe daemon... "
STAT_CMD="status nrpe"
EXIT_CMD="exit"
# Source the function library
if [ -f /etc/rc.status ]; then
. /etc/rc.status
_set_rc (){ return $RETVAL; }
# Set these commands/functions to SuSE etc. values
START_CMD="startproc -p $PID_FILE"
TERM_CMD="killproc -p $PID_FILE -TERM $NRPE_BIN"
HUP_CMD="killproc -p $PID_FILE -HUP $NRPE_BIN"
PRT_STAT="rc_status -v -r"
STAT_CMD="checkproc -p $PID_FILE $NRPE_BIN"
EXIT_CMD="rc_exit"
rc_reset
elif [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
elif [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /lib/lsb/init-functions ]; then
. /lib/lsb/init-functions
MSG_CMD="log_daemon_msg"
START_CMD="start_daemon -p $PID_FILE"
PRT_STAT="log_end_msg"
STAT_MSG=
STAT_CMD="status_of_proc -p $PID_FILE $NRPE_BIN nrpe"
elif [ -f /etc/rc.d/functions ]; then
. /etc/rc.d/functions
fi
# See how we were called.
case "$1" in
start)
# Start daemons.
$MSG_CMD "Starting nrpe "
$START_CMD $NRPE_BIN -c $NRPE_CFG -d
RETVAL=$?
if test "$PRT_STAT" = log_end_msg; then
$PRT_STAT $RETVAL
else
_set_rc; $PRT_STAT
fi
if [ $RETVAL = 0 ]; then
[ -d $LOCK_DIR ] && touch $LOCK_FILE || true
fi
;;
stop)
# Stop daemons.
$MSG_CMD "Shutting down nrpe "
$TERM_CMD
RETVAL=$?
if test "$PRT_STAT" = log_end_msg; then
$PRT_STAT $RETVAL
else
_set_rc; $PRT_STAT
fi
if [ $RETVAL = 0 ]; then
[ -d $LOCK_DIR ] && rm -f $LOCK_FILE
fi
;;
restart|force-reload)
$0 stop
$0 start
RETVAL=$?
;;
reload)
$MSG_CMD "Reloading nrpe "
$HUP_CMD
RETVAL=$?
if test "$PRT_STAT" = log_end_msg; then
$PRT_STAT $RETVAL
else
_set_rc; $PRT_STAT
fi
;;
try-restart|condrestart)
$STAT_CMD || exit 0
$0 stop
$0 start
RETVAL=$?
;;
status)
$STAT_MSG
$STAT_CMD
RETVAL=$?
if test "$PRT_STAT" != log_end_msg; then
_set_rc; $PRT_STAT
fi
;;
*)
echo "Usage: nrpe {start|stop|restart|reload|try-restart|condrestart|status}"
exit 1
esac
$EXIT_CMD $RETVAL

24
startup/default-service.in Normal file
View file

@ -0,0 +1,24 @@
[Unit]
Description=Nagios Remote Plugin Executor
Documentation=http://www.nagios.org/documentation
After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
Before=getty@tty1.service plymouth-quit.service xdm.service
Conflicts=nrpe.socket
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
Restart=on-abort
PIDFile=@piddir@/nrpe.pid
RuntimeDirectory=nrpe
RuntimeDirectoryMode=0755
ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
ExecReload=/bin/kill -HUP $MAINPID
ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
TimeoutStopSec=60
User=@nrpe_user@
Group=@nrpe_group@
PrivateTmp=true
OOMScoreAdjust=-500

16
startup/default-socket-svc.in Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=Nagios Remote Plugin Executor
Documentation=http://www.nagios.org/documentation
After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
[Service]
Restart=on-failure
ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg --inetd
KillMode=process
User=@nrpe_user@
Group=@nrpe_group@
PrivateTmp=true
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target

12
startup/default-socket.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=Nagios Remote Plugin Executor
Documentation=http://www.nagios.org/documentation
Before=nrpe.service
Conflicts=nrpe.service
[Socket]
ListenStream=@nrpe_port@
Accept=yes
[Install]
WantedBy=sockets.target

15
startup/default-xinetd.in Normal file
View file

@ -0,0 +1,15 @@
# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
disable = yes
socket_type = stream
port = @nrpe_port@
wait = no
user = @nrpe_user@
group = @nrpe_group@
server = @sbindir@/nrpe
server_args = -c @pkgsysconfdir@/nrpe.cfg --inetd
only_from = 127.0.0.1 ::1
log_on_success =
}

49
startup/gentoo-init.in Normal file
View file

@ -0,0 +1,49 @@
#!/sbin/openrc-run
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
#
# Start/stop the nrpe daemon.
#
# Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
extra_started_commands="reload"
NRPE_BIN="@sbindir@/nrpe"
NRPE_PID="@piddir@/nrpe.pid"
NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
depend() {
use logger dns net localmount netmount nfsmount
}
checkconfig() {
# Make sure the config file exists
if [ ! -f $NRPE_CFG ]; then
eerror "You need to setup $NRPE_CFG."
return 1
fi
return 0
}
start() {
checkconfig || return 1
ebegin "Starting nrpe"
# Make sure we have a sane current directory
cd /
start-stop-daemon --start --exec $NRPE_BIN --pidfile $NRPE_PID \
--background -- -c $NRPE_CFG -f $NRPE_OPTS
eend $?
}
stop() {
ebegin "Stopping nrpe"
start-stop-daemon --stop --exec $NRPE_BIN --pidfile $NRPE_PID
eend $?
}
reload() {
ebegin "Reloading nrpe"
start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
--pidfile $NRPE_PID --signal HUP
eend $?
}

40
startup/mac-inetd.plist.in Normal file
View file

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.nagios.nrpe</string>
<key>UserName</key>
<string>@nrpe_user@</string>
<key>GroupName</key>
<string>@nrpe_group@</string>
<key>Program</key>
<string>@sbindir@/nrpe</string>
<key>ProgramArguments</key>
<array>
<string>nrpe</string>
<string>-c</string>
<string>@pkgsysconfdir@/nrpe.cfg</string>
<string>-i</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>5666</string>
<key>SockType</key>
<string>stream</string>
<key>SockFamily</key>
<string>IPv4</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<key>ProcessType</key>
<string>Background</string>
</dict>
</plist>

32
startup/mac-init.plist.in Normal file
View file

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.nagios.nrpe</string>
<key>UserName</key>
<string>@nrpe_user@</string>
<key>GroupName</key>
<string>@nrpe_group@</string>
<key>Program</key>
<string>@sbindir@/nrpe</string>
<key>ProgramArguments</key>
<array>
<string>nrpe</string>
<string>-c</string>
<string>@pkgsysconfdir@/nrpe.cfg</string>
<string>-f</string>
</array>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
<key>NetworkState</key>
<true/>
</dict>
<key>RunAtLoad</key>
<true/>
<key>ProcessType</key>
<string>Background</string>
</dict>
</plist>

35
startup/newbsd-init.in Normal file
View file

@ -0,0 +1,35 @@
#!/bin/sh
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
#
# PROVIDE: nrpe
# REQUIRE: DAEMON
# KEYWORD: shutdown
. /etc/rc.subr
: ${nrpe@bsd_enable@:="NO"}
: ${nrpe_configfile:="@pkgsysconfdir@/nrpe.cfg"}
name=nrpe
command="@sbindir@/nrpe"
command_args="-c $nrpe_configfile -d"
pidfile="@piddir@/nrpe.pid"
extra_commands=reload
sig_reload=HUP
rcvar=nrpe@bsd_enable@
load_rc_config "$name"
required_files="$nrpe_configfile"
sig_reload=HUP
start_precmd=nrpe_prestart
nrpe_prestart()
{
[ -n "$nrpe_pidfile" ] &&
warn "No longer necessary to set nrpe_pidfile in rc.conf[.local]"
install -d -o @nrpe_user@ ${pidfile%/*}
}
run_rc_command "$1"

18
startup/openbsd-init.in Normal file
View file

@ -0,0 +1,18 @@
#!/bin/sh
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
#
daemon="@sbindir@/nrpe"
. /etc/rc.d/rc.subr
rc_pre() {
install -d -o @nrpe_user@ ${pidfile%/*}
}
rc_reload() {
pkill -HUP -xf "${pexp}"
}
rc_cmd "$1"

7
startup/openrc-conf.in Normal file
View file

@ -0,0 +1,7 @@
# /etc/conf.d/nrpe : config file for /etc/init.d/nrpe
# The configuration file to use.
NRPE_CFG="@sysconfdir@/nrpe.cfg"
# Any additional options (e.g. -n -4 -6) to pass to the nrpe daemon.
NRPE_OPTS=""

21
startup/openrc-init.in Normal file
View file

@ -0,0 +1,21 @@
#!/sbin/openrc-run
#
# Copyright (c) 2017 Nagios(R) Core(TM) Development Team
#
# Supply a default value for NRPE_CFG in case the corresponding
# conf.d file is not installed.
: ${NRPE_CFG:="@sysconfdir@/nrpe.cfg"}
command="@sbindir@/nrpe"
command_args="--config=${NRPE_CFG} ${NRPE_OPTS}"
command_args_background="--daemon"
description="Nagios Remote Plugin Executor (NRPE) daemon"
extra_started_commands="reload"
pidfile="@piddir@/${RC_SVCNAME}.pid"
reload() {
ebegin "Reloading ${RC_SVCNAME}"
start-stop-daemon --signal HUP --pidfile "${pidfile}"
eend $?
}

17
startup/rh-upstart-init.in Normal file
View file

@ -0,0 +1,17 @@
# nrpe - the Nagios Remote Plugin Executor
#
# nrpe is a program that runs plugins on this host
# and reports the results back to a nagios server
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
description "the Nagios Remote Plugin Executor"
oom -10
start on started network
stop on runlevel [!2345]
respawn
exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f

90
startup/solaris-inetd.xml.in Normal file
View file

@ -0,0 +1,90 @@
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright (c) 2016 Nagios(R) Core(TM) Development Team
-->
<service_bundle type='manifest' name='NGOS:nrpe'>
<service
name='network/nagios/nrpe'
type='service'
version='1'>
<restarter>
<service_fmri value='svc:/network/inetd:default' />
</restarter>
<dependency name='config_data'
grouping='require_all'
restart_on='restart'
type='path'>
<service_fmri
value='file://localhost@sysconfdir@/nrpe.cfg' />
</dependency>
<exec_method
type='method'
name='inetd_start'
exec='@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -i'
timeout_seconds='0'>
<method_context>
<method_credential user='@nrpe_user@' group='@nrpe_group@'/>
</method_context>
</exec_method>
<exec_method
type='method'
name='inetd_offline'
exec=':kill_process'
timeout_seconds='0'/>
<exec_method
type='method'
name='inetd_disable'
exec=':kill'
timeout_seconds='0'/>
<property_group name='inetd' type='framework'>
<stability value='Evolving' />
<propval name='name' type='astring' value='nrpe' />
<propval name='endpoint_type' type='astring' value='stream' />
<propval name='proto' type='astring' value='tcp' />
<propval name='wait' type='boolean' value='false' />
<propval name='isrpc' type='boolean' value='false' />
</property_group>
<property_group name='general' type='framework'>
<propval name='enabled'
type='boolean'
value='false'/>
<propval name='action_authorization'
type='astring'
value='solaris.smf.manage.nrpe'/>
<propval name='value_authorization'
type='astring'
value='solaris.smf.manage.nrpe'/>
</property_group>
<instance name='default' enabled='false' />
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang="C">NRPE daemon</loctext>
</common_name>
<description>
<loctext xml:lang="C">
Nagios Remote Plugin Executor daemon
</loctext>
</description>
<documentation>
<doc_link name='nagios.org' uri='http://www.nagios.org' />
</documentation>
</template>
</service>
</service_bundle>

143
startup/solaris-init.xml.in Normal file
View file

@ -0,0 +1,143 @@
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright (c) 2016 Nagios(R) Core(TM) Development Team
-->
<service_bundle type='manifest' name='NGOS:nrpe'>
<service
name='network/nagios/nrpe'
type='service'
version='1'>
<single_instance />
<dependency
name='fs-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<dependency
name='autofs'
grouping='optional_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/autofs' />
</dependency>
<dependency
name='net-loopback'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/loopback' />
</dependency>
<dependency
name='net-physical'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/physical' />
</dependency>
<dependency
name='cryptosvc'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/cryptosvc' />
</dependency>
<dependency
name='utmp'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/utmp' />
</dependency>
<dependency
name='config_data'
grouping='require_all'
restart_on='restart'
type='path'>
<service_fmri
value='file://localhost@sysconfdir@/nrpe.cfg' />
</dependency>
<dependency
name='system-log'
grouping='optional_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/system-log' />
</dependency>
<dependent
name='nrpe_multi-user-server'
grouping='optional_all'
restart_on='none'>
<service_fmri value='svc:/milestone/multi-user-server'/>
</dependent>
<exec_method
type='method'
name='start'
exec='@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -d'
timeout_seconds='5'>
<method_context>
<method_credential user='@nrpe_user@' group='@nrpe_group@'/>
</method_context>
</exec_method>
<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='60'/>
<exec_method
type='method'
name='refresh'
exec=':kill -HUP'
timeout_seconds='60'/>
<property_group name='startd' type='framework'>
<propval name='ignore_error' type='astring' value='core,signal'/>
</property_group>
<property_group name='general' type='framework'>
<propval name='enabled' type='boolean' value='false'/>
<propval name='action_authorization' type='astring'
value='solaris.smf.manage.nrpe'/>
<propval name='value_authorization' type='astring'
value='solaris.smf.manage.nrpe'/>
</property_group>
<instance name='default' enabled='false' />
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang="C">NRPE daemon</loctext>
</common_name>
<description>
<loctext xml:lang="C">
Nagios Remote Plugin Executor daemon
</loctext>
</description>
<documentation>
<doc_link name='nagios.org' uri='http://www.nagios.org' />
</documentation>
</template>
</service>
</service_bundle>

2
startup/tmpfile.conf.in Normal file
View file

@ -0,0 +1,2 @@
#Type Path Mode UID GID Age Argument
d @piddir@ 0755 @nrpe_user@ @nrpe_group@ - -

19
startup/upstart-init.in Normal file
View file

@ -0,0 +1,19 @@
# nrpe - the Nagios Remote Plugin Executor
#
# nrpe is a program that runs plugins on this host
# and reports the results back to a nagios server
#
# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
description "the Nagios Remote Plugin Executor"
oom score -800
setgid @nrpe_group@
setuid @nrpe_user@
start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [!2345]
respawn
exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f

3
test-wrapper Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
# Replace this once test is working properly.
./travis-test-1

34
travis-test-1 Executable file
View file

@ -0,0 +1,34 @@
#!/bin/bash
# Integration test for nrpe/check_nrpe
# Should be run only on machines which do NOT have Nagios installed
# and which do not have an enabled firewall.
cd sample-config
echo >> nrpe.cfg # Hopefully this is a newline! I think nrpe.cfg ends in a newling anyways.
echo 'command[check_test]=/tmp/check_yes.sh' >> nrpe.cfg
# Make sure the directory exists such that nrpe can create the nrpe.pid file in the default location
mkdir /usr/ || true
mkdir /usr/local || true
mkdir /usr/local/nagios || true
mkdir /usr/local/nagios/var || true
# Make sure nagios user exists
useradd nagios
# Make a plugin
touch /tmp/check_yes.sh
echo 'echo OK' >> /tmp/check_yes.sh
# Give nagios control of plugins
chown nagios /tmp/check_yes.sh
chmod +x /tmp/check_yes.sh
# Start running the NRPE daemon to accept commands
cd ../src
./nrpe -c ../sample-config/nrpe.cfg -d
# Try to check_nrpe with our check_test command/check_yes.sh plugin
./check_nrpe -H 127.0.0.1 -c check_test
exit 0

417
uninstall.in Executable file
View file

@ -0,0 +1,417 @@
#!/bin/sh
# Initialize variables
myname="$0"
quiet=0
prompt=0
verb=0
progs=0
config=0
start=0
delusr=0
delgrp=0
delscpt=0
force="-f"
redir=1
# Set file and path names
NAME=@PKG_NAME@
OPSYS=@opsys@
DIST=@dist_type@
SBINDIR=@sbindir@
LIBEXECDIR=@libexecdir@
PLUGINSDIR=@pluginsdir@
PIDDIR=@piddir@
CFGDIR=@pkgsysconfdir@
INIT_TYPE=@init_type@
INIT_DIR=@initdir@
INIT_FILE=@initname@
INETD_TYPE=@inetd_type@
INETD_DIR=@inetddir@
INETD_FILE=@inetdname@
SRC_INETD=@src_inetd@
SRC_INIT=@src_init@
NRPE_USER=@nrpe_user@
NRPE_GROUP=@nrpe_group@
NAGIOS_USER=@nagios_user@
NAGIOS_GROUP=@nagios_group@
# Display usage message
usage() {
echo "Usage: $0 [-q] [-p] [-v] progs|config|startup|user|group|script|all"
echo " Optional args:"
echo " -q Do not print what is happening"
echo " -p Prompt for each action"
echo " -v Be a little more verbose about what is happening"
echo " One or more of the following are required:"
echo " progs Delete the program files"
echo " config Delete configuration file(s)"
echo " startup Delete startup files (inetd, init, etc.)"
echo " user Delete the users"
echo " group Delete the groups"
echo " script Delete this uninstall script"
echo " all Do all of the above"
exit 1
}
get_opts() {
while test $# -gt 0 ; do
arg=$1
shift
case "$arg" in
-q) quiet=1 ;;
-p) prompt=1 ;;
progs) progs=1 ;;
config) config=1 ;;
startup) start=1 ;;
user) delusr=1; ;;
group) delgrp=1; ;;
script) delscpt=1; ;;
-v) verb=1; force=""; redir=0 ;;
all) progs=1; config=1; start=1; delusr=1; delgrp=1; delscpt=1 ;;
*) echo "Invalid argument: $arg"; usage ;;
esac
done
if test $prompt -eq 1 -a $quiet -eq 1 ; then
echo "The -p and -q flags are mutually exclusive"
echo Please specify one or the other
exit 1
fi
if test $verb -eq 1 -a $quiet -eq 1 ; then
echo "The -v and -q flags are mutually exclusive"
echo Please specify one or the other
exit 1
fi
if test $progs -eq 0 -a $config -eq 0 -a $start -eq 0 ; then
usage
fi
}
prt_msg() {
if test $quiet -eq 1 ; then
return 0
fi
case $1 in
0) indent="" ;;
1) indent=" " ;;
2) indent=" " ;;
*) indent="" ;;
esac
shift
if test $1 -eq 1 -a $verb -eq 0 -a $prompt -eq 0 ; then
return 0
fi
shift
if test $1 -eq 1 -a $prompt -eq 1 ; then
shift
echo -n "${indent}$*"
echo -n "? [Y|n] "
read yn
if test "x$yn" = x -o x$yn = xy -o x$yn = xY ; then
return 0
else
return 1
fi
fi
shift
echo "${indent}$*"
return 0
}
rm_progs() {
num=0
prt_msg 1 0 0 "*** Uninstalling Progs"
if test -f "$PLUGINSDIR/check_nrpe" ; then
num=1
prt_msg 2 0 1 "Delete $PLUGINSDIR/check_nrpe" && {
rm $force "$PLUGINSDIR/check_nrpe"
prt_msg 2 1 0 "Remove directory $PLUGINSDIR"
if test $redir -eq 1; then
rmdir "$PLUGINSDIR" 2>/dev/null
else
rmdir "$PLUGINSDIR"
fi
prt_msg 2 1 0 "Remove directory $LIBEXECDIR"
if test $redir -eq 1; then
rmdir "$LIBEXECDIR" 2>/dev/null
else
rmdir "$LIBEXECDIR"
fi
}
fi
if test -f "$SBINDIR/$NAME" ; then
num=1
prt_msg 2 0 1 "Delete $SBINDIR/$NAME" && {
rm $force "$SBINDIR/$NAME"
}
fi
if test -d "$PIDDIR" ; then
num=1
prt_msg 2 0 1 "Remove directory $PIDDIR" && {
if test $redir -eq 1; then
rmdir "$PIDDIR" 2>/dev/null
else
rmdir "$PIDDIR"
fi
}
fi
if test $num -eq 0; then
prt_msg 2 0 0 "There was nothing to uninstall"
fi
}
rm_startup() {
num=0
prt_msg 1 0 0 "*** Uninstalling Startup"
if test "$SRC_INETD" != unknown; then
if test "$INETD_TYPE" = inetd; then
rc=`grep -E -q "^\W*$NAME\s+" "$INETD_DIR/$INETD_FILE"`
if test $rc -eq 0; then
num=1
prt_msg 2 0 1 "($INETD_TYPE) Remove entries from $INETD_DIR/$INETD_FILE" && {
prt_msg 2 1 0 "($INETD_TYPE) Creating temp file: $INETD_DIR/$INETD_FILE.$NAME.unin"
grep -v -q "\W*$NAME\s+" "$INETD_DIR/$INETD_FILE" > "$INETD_DIR/$INETD_FILE.$NAME.unin"
prt_msg 2 1 0 "($INETD_TYPE) Renaming original to: $INETD_DIR/$INETD_FILE.$NAME_save"
mv "$INETD_DIR/$INETD_FILE" "$INETD_DIR/$INETD_FILE.$NAME_save"
prt_msg 2 1 0 "($INETD_TYPE) Renaming $INETD_DIR/$INETD_FILE.unin to $INETD_DIR/$INETD_FILE"
mv "$INETD_DIR/$INETD_FILE.unin" "$INETD_DIR/$INETD_FILE"
prt_msg 2 0 0 "($INETD_TYPE) Old $INETD_DIR/$INETD_FILE saved as $INETD_DIR/$INETD_FILE.$NAME_save"
}
fi
elif test -f "$INETD_DIR/$INETD_FILE"; then
num=1
if test "$INETD_TYPE" != xinetd; then
prt_msg 2 0 1 "($INETD_TYPE) Stop and disable $NAME)" && {
case "$INETD_TYPE" in
systemd)
systemctl stop $NAME; systemctl disable $NAME
;;
upstart)
if test $verb -eq 1; then
stop $NAME
else
stop $NAME >/dev/null 2>&1
fi
;;
launchd)
launchctl unload $INETD_FILE; launchctl remove $INETD_FILE;
;;
smf*)
svcadm disable -s $NAME
;;
esac
}
fi
prt_msg 2 0 1 "($INETD_TYPE) Delete $INETD_DIR/$INETD_FILE" && {
rm $force "$INETD_DIR/$INETD_FILE"
if test "$INETD_TYPE" = systemd; then
INETD_FILE=`echo "$INETD_FILE" | sed -e 's/socket$/service/'`
prt_msg 2 0 1 "($INETD_TYPE) Delete $INETD_DIR/$INETD_FILE" && {
rm $force "$INETD_DIR/$INETD_FILE"
}
elif test "$INETD_TYPE" = smf10 -o "$INETD_TYPE" = smf11; then
prt_msg 2 0 1 "($INIT_TYPE) svcadm restart svc:/system/manifest-import" && {
svcadm restart svc:/system/manifest-import
}
fi
}
fi
fi
if test "$SRC_INIT" != unknown; then
if test -f "$INIT_DIR/$INIT_FILE"; then
num=1
prt_msg 2 0 1 "($INIT_TYPE) Stop and disable $NAME" && {
case "$INIT_TYPE" in
systemd)
systemctl stop $NAME; systemctl disable $NAME
;;
upstart)
if test $verb -eq 1; then
stop $NAME
else
stop $NAME >/dev/null 2>&1
fi
;;
launchd)
launchctl unload $INIT_FILE; launchctl remove $INIT_FILE;
;;
*bsd)
if test -x $INIT_DIR/$INIT_FILE ; then
$INIT_DIR/$INIT_FILE stop
fi
chmod 0644 $INIT_DIR/$INIT_FILE
;;
openrc|gentoo)
/sbin/start-stop-daemon --stop $NAME
/sbin/rc-update del $NAME
;;
smf*)
svcadm disable -s $NAME
;;
sysv)
service stop $NAME; chkconfig --del $NAME
;;
esac
}
prt_msg 2 0 1 "($INIT_TYPE) Delete $INIT_DIR/$INIT_FILE" && {
rm $force "$INIT_DIR/$INIT_FILE"
if test ${OPSYS} = bsd; then
prt_msg 2 0 1 "($INITD_TYPE) Remove entries from $INETD_DIR/rc.conf" && {
prt_msg 2 1 0 "($INIT_TYPE) Creating temp file: $INETD_DIR/rc.conf.$NAME.unin"
grep -v -q "^$NAME" "$INETD_DIR/rc.conf" > "$INETD_DIR/rc.conf.$NAME.unin"
prt_msg 2 1 0 "($INIT_TYPE) Renaming original to: $INETD_DIR/rc.conf.$NAME_save"
mv "$INETD_DIR/rc.conf" "$INETD_DIR/rc.conf.$NAME_save"
prt_msg 2 1 0 "($INIT_TYPE) Renaming $INETD_DIR/rc.conf.unin to $INETD_DIR/rc.conf"
mv "$INETD_DIR/rc.conf.unin" "$INETD_DIR/rc.conf"
prt_msg 2 0 0 "($INIT_TYPE) Old $INETD_DIR/rc.conf saved as $INETD_DIR/rc.conf.$NAME_save"
}
fi
if test $INIT_TYPE = upstart; then
prt_msg 2 0 1 "($INIT_TYPE) initctl reload-configuration" && {
initctl reload-configuration
}
elif test "$INIT_TYPE" = smf10 -o "$INIT_TYPE" = smf11; then
prt_msg 2 0 1 "($INIT_TYPE) svcadm restart svc:/system/manifest-import" && {
svcadm restart svc:/system/manifest-import
}
fi
}
fi
fi
if test $num -eq 0; then
prt_msg 2 0 0 "There was nothing to uninstall"
fi
}
rm_config() {
num=0
prt_msg 1 0 0 "*** Uninstalling Config"
if test -f "$CFGDIR/$NAME.cfg"; then
num=1
prt_msg 2 0 1 "Delete $CFGDIR/$NAME.cfg" || return
rm $force "$CFGDIR/$NAME.cfg"
prt_msg 2 1 0 "Removing directory $CFGDIR"
if test $redir -eq 1; then
rmdir "$CFGDIR" 2>/dev/null
else
rmdir "$CFGDIR"
fi
fi
if test $num -eq 0; then
prt_msg 2 0 0 "There was nothing to uninstall"
fi
}
rm_user() {
prt_msg 1 0 0 "*** Removing users"
prt_msg 2 0 1 "Delete nrpe user:${NRPE_USER} and nagios user:${NAGIOS_USER}" || return
if test ${OPSYS} = aix; then
if test $redir -eq 1; then
rmuser -p ${NRPE_USER} 2>/dev/null
rmuser -p ${NAGIOS_USER} 2>/dev/null
else
rmuser -p ${NRPE_USER}
rmuser -p ${NAGIOS_USER}
fi
elif test ${OPSYS} = osx; then
dscl . -delete /Groups/${NRPE_GROUP} GroupMembership ${NRPE_USER}
dscl . -delete /Users name ${NRPE_USER}
dscl . -delete /Groups/${NAGIOS_GROUP} GroupMembership ${NAGIOS_USER}
dscl . -delete /Users name ${NAGIOS_USER}
elif test ${DIST} = "freebsd"; then
if test $redir -eq 1; then
pw del user ${NRPE_USER} 2>/dev/null
pw del user ${NAGIOS_USER} 2>/dev/null
else
pw del user ${NRPE_USER}
pw del user ${NAGIOS_USER}
fi
else
if test $redir -eq 1; then
userdel -r ${NRPE_USER} 2>/dev/null
userdel -r ${NAGIOS_USER} 2>/dev/null
else
userdel -r ${NRPE_USER}
userdel -r ${NAGIOS_USER}
fi
fi
}
rm_group() {
prt_msg 1 0 0 "*** Removing groups"
prt_msg 2 0 1 "Delete nrpe group:${NRPE_GROUP} and nagios group:${NAGIOS_GROUP}" || return
if test ${OPSYS} = aix; then
if test $redir -eq 1; then
rmgroup -p ${NRPE_GROUP} 2>/dev/null
rmgroup -p ${NAGIOS_GROUP} 2>/dev/null
else
rmgroup -p ${NRPE_GROUP}
rmgroup -p ${NAGIOS_GROUP}
fi
elif test ${OPSYS} = osx; then
if test $redir -eq 1; then
dscl . -delete /Groups/${NRPE_GROUP} 2>/dev/null
dscl . -delete /Groups/${NAGIOS_GROUP} 2>/dev/null
else
dscl . -delete /Groups/${NRPE_GROUP}
dscl . -delete /Groups/${NAGIOS_GROUP}
fi
elif test ${DIST} = "freebsd"; then
if test $redir -eq 1; then
pw del group ${NRPE_GROUP} 2>/dev/null
pw del group ${NAGIOS_GROUP} 2>/dev/null
else
pw del group ${NRPE_GROUP}
pw del group ${NAGIOS_GROUP}
fi
else
if test $redir -eq 1; then
groupdel ${NRPE_GROUP} 2>/dev/null
groupdel ${NAGIOS_GROUP} 2>/dev/null
else
groupdel ${NRPE_GROUP}
groupdel ${NAGIOS_GROUP}
fi
fi
}
rm_script() {
prt_msg 1 0 0 "*** Removing ${myname}"
prt_msg 2 0 1 "Delete ${myname}" || return
if test $redir -eq 1; then
rm "${myname}" 2>/dev/null
else
rm "${myname}"
fi
}
get_opts $@
prt_msg 0 0 0 "* * * Uninstall Starting * * *"
if test $progs -eq 1 ; then rm_progs; fi
if test $start -eq 1 ; then rm_startup; fi
if test $config -eq 1 ; then rm_config; fi
if test $delusr -eq 1; then rm_user; fi
if test $delgrp -eq 1; then rm_group; fi
if test $delscpt -eq 1; then rm_script; fi
prt_msg 0 0 0 "* * * Uninstall Complete * * *"

144
update-cfg.pl Executable file
View file

@ -0,0 +1,144 @@
#! /usr/bin/perl -w
use strict;
my ($fname_in, $fname_out);
if ($#ARGV != 0) {
&usage;
}
$fname_in = $ARGV[0];
$fname_out = $fname_in . ".new";
if (&check_ssl) {
print "\n'$fname_in' already has some or all of the\n";
print "new SSL parameters. No processing will be done.\n\n";
exit 0;
}
open IN, $fname_in or die "Could not open '$fname_in' for reading: $!\n";
open OUT, ">$fname_out" or die "Could not open '$fname_out' for writing: $!\n";
while (<IN>) {
print OUT;
&add_ssl if $_ =~ /allow_weak_random_seed/;
}
print "\nConfig file '$fname_in' was read.\n";
print "The new SSL comments and parameters were added and the output written to\n";
print "'$fname_out'\n";
print "Please check this file for accuracy and rename it when you are satisfied.\n\n";
close IN;
close OUT;
# ==========================================================================
sub usage
{
print "\nUsage: update-cfg.pl <path-to-nrpe.cfg-file>\n\n";
print "This perl script will read the nrpe configuration file\n";
print "specified on the command line, and write out a new file\n";
print "with the new SSL comments and parameters added.\n\n";
exit 1;
}
# --------------------------------------------------------------------------
# check_ssl checks if the config file already has the ssl parameters
# --------------------------------------------------------------------------
sub check_ssl
{
my $has_ssl = 0;
open IN, $fname_in or die "Could not open '$fname_in' for reading: $!\n";
while (<IN>) {
if ($_ =~ /ssl_version=/ or
$_ =~ /ssl_use_adh=/ or
$_ =~ /ssl_cipher_list=/ or
$_ =~ /ssl_cacert_file=/ or
$_ =~ /ssl_cert_file=/ or
$_ =~ /ssl_privatekey_file=/ or
$_ =~ /ssl_client_certs=/ or
$_ =~ /ssl_logging=/)
{
$has_ssl = 1;
last;
}
}
close IN;
return $has_ssl;
}
# --------------------------------------------------------------------------
# add_ssl inserts the new SSL comments and parameters into the config file
# --------------------------------------------------------------------------
sub add_ssl
{
my $txt = <<"END_SSL";
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
#ssl_version=SSLv2+
# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.
#ssl_use_adh=1
# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:\@STRENGTH' in this version but
# will be changed to something like the example below in a later version of NRPE.
#ssl_cipher_list=ALL:!MD5:\@STRENGTH
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:\@STRENGTH
# SSL Certificate and Private Key Files
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
# SSL USE CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default)
# 1 = Ask for client certificates
# 2 = Require client certificates
#ssl_client_certs=0
# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (26) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
#ssl_logging=0x00
END_SSL
print OUT $txt;
}

83
update-version Executable file
View file

@ -0,0 +1,83 @@
#!/bin/sh
# Make sure autoconf is installed and is the correct version
min_autoconf_major=2
min_autoconf_minor=59
autoconf_error="Autoconf version $min_autoconf_major.$min_autoconf_minor or later must be installed to run this script."
autoconf_version=`(autoconf -V 2> /dev/null) |\
grep "^autoconf (GNU Autoconf)" | gawk '{print $NF}'`
if [ "$autoconf_version" != "" ] ; then
autoconf_major=`echo $autoconf_version | gawk -F '.' '{print $1}'`
autoconf_minor=`echo $autoconf_version | gawk -F '.' '{print $2}'`
if [ $autoconf_major -lt $min_autoconf_major -o $autoconf_minor -lt $min_autoconf_minor ] ; then
echo $autoconf_error
exit 1
fi
else
echo $autoconf_error
exit 1
fi
# Get date (two formats)
if [ -n "$2" ]; then
LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
SHORTDATE=$(date -u -d "$2" "+%Y-%m-%d")
else
LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%Y-%m-%d")
fi
# Current version number
CURRENTVERSION=4.1.3
# Last date
LASTDATE=2024-12-10
if [ "x$1" = "x" ]
then
echo "Usage: $0 <version number | \"newdate\"> [revision date]"
echo ""
echo "Run this script with the name of the new version (i.e \"2.6\") to"
echo "update version number and modification date in files."
echo "Use the \"newdate\" argument if you want to keep the current version"
echo "number and just update the modification date."
echo "When using \"newdate\" you can specify the release date with"
echo "a second argument in the form of YYYY-MM-DD."
echo ""
echo "Current version=$CURRENTVERSION"
echo "Current Modification date=$LASTDATE"
echo ""
exit 1
fi
newversion=$1
if [ "x$newversion" = "xnewdate" ]
then
newversion=$CURRENTVERSION
fi
# Update version number and release date in common code
perl -i -p -e "s/VERSION \".*\"/VERSION \"$1\"/;" include/common.h.in
perl -i -p -e "s/MODIFICATION_DATE \".*\"/MODIFICATION_DATE \"$SHORTDATE\"/;" include/common.h.in
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" include/common.h.in
# Update version number and release date in main code
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/nrpe.c
perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/check_nrpe.c
# Update version number and release date in configure.in
perl -i -p -e "if( /^AC_INIT/) { s/$CURRENTVERSION/$1/; }" configure.ac
perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.ac
perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.ac
# Run autoconf to update configure (this is easier than updating every instance
# of the version number in configure)
autoconf
# Update RPM spec file with version number
perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec.in
perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec.in
# Update this file with version number and last date
perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version
perl -i -p -e "s/^LASTDATE=.*/LASTDATE=$SHORTDATE/;" update-version