summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/NEWS92
-rw-r--r--debian/README.Debian23
-rw-r--r--debian/TODO5
-rw-r--r--debian/changelog554
-rw-r--r--debian/check_nrpe.cfg11
-rw-r--r--debian/control46
-rw-r--r--debian/copyright79
-rw-r--r--debian/dirs1
-rw-r--r--debian/gbp.conf19
-rw-r--r--debian/nagios-nrpe-plugin.install2
-rw-r--r--debian/nagios-nrpe-plugin.postrm9
-rw-r--r--debian/nagios-nrpe-server.default16
-rw-r--r--debian/nagios-nrpe-server.doc-base6
-rw-r--r--debian/nagios-nrpe-server.docs5
-rw-r--r--debian/nagios-nrpe-server.init85
-rw-r--r--debian/nagios-nrpe-server.install3
-rw-r--r--debian/nagios-nrpe-server.manpages1
-rw-r--r--debian/nagios-nrpe-server.preinst55
-rw-r--r--debian/nagios-nrpe-server.service23
-rw-r--r--debian/nagios-nrpe-server.tmpfile2
-rw-r--r--debian/nrpe.860
-rw-r--r--debian/nrpe_local.cfg3
-rw-r--r--debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch27
-rw-r--r--debian/patches/07_warn_ssloption.patch28
-rw-r--r--debian/patches/11_reproducible_dh.h.patch70
-rw-r--r--debian/patches/series3
-rwxr-xr-xdebian/rules31
-rw-r--r--debian/source/format1
-rw-r--r--debian/upstream/metadata5
-rw-r--r--debian/watch7
30 files changed, 1272 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..2123c7e
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,92 @@
+nagios-nrpe (3.2.0-2) unstable; urgency=medium
+
+ The bug that caused the SSL support between NRPE 2.x and 3.x not
+ to work has been fixed.
+
+ Because the default SSL support without certificates configured
+ in nrpe.cfg uses pre-generated key data, configuring SSL
+ certificates is strongly advised when STunnel is not used.
+
+ The ssl-cert package can be used to generate a self-signed
+ certificate, but CA certificates like those from Let's Encrypt
+ are a better choice.
+
+ SSL support has been re-enabled by default, to be better compatible
+ with previous NRPE versions where SSL support was enabled by default
+ too.
+
+ The check_nrpe command definition has been updated to enable SSL
+ support (by removing the -n option) and the check_nrpe_ssl command
+ definition has been removed. The previous check_nrpe command
+ definition which disables SSL support is available with the new
+ check_nrpe_nossl command definition.
+
+ -- Bas Couwenberg <sebastic@debian.org> Fri, 07 Jul 2017 13:48:38 +0200
+
+nagios-nrpe (3.0.1-1) unstable; urgency=medium
+
+ The check_nrpe command definition has been updated to remove the
+ arguments option, because nagios-nrpe-server does not support
+ command arguments since 2.15-1. And the check_nrpe_1arg command
+ definition has been removed.
+
+ If you're using the check_nrpe_1arg command in your Nagios/Icinga
+ configuration, you need to replace it with check_nrpe.
+
+ SSL support is disabled by default, the reworked SSL/TLS support in
+ NRPE requires configuration before it can be used. Read the
+ instructions in /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz
+ before enabling SSL support in /etc/default/nagios-nrpe-server.
+
+ The default check_nrpe command in check_nrpe.cfg has been updated
+ to disable SSL by default too. The check_nrpe_ssl command has been
+ added to connect to the NRPE daemon over SSL.
+
+ Beware that the new NRPE daemon only works with old check_nrpe
+ plugins when SSL support is disabled on both sides, likewise the
+ new check_nrpe plugin only works with the old NRPE daemon when SSL
+ support is disabled.
+
+ To use SSL between the NRPE client and server, configuring Stunnel
+ is recommended.
+
+ -- Bas Couwenberg <sebastic@debian.org> Mon, 05 Dec 2016 01:16:46 +0100
+
+nagios-nrpe (2.15-1) unstable; urgency=high
+
+ This update disables the command-args support in nrpe. The feature
+ has several security problems and is often used wrong. If you have to
+ use this feature recompile the package with --enable-command-args
+ in debian/rules.
+
+ -- Alexander Wirt <formorer@debian.org> Tue, 15 Jul 2014 09:52:48 +0200
+
+nagios-nrpe (2.12-4) unstable; urgency=low
+
+ The pidfile creation mechanism changed with this update. If you do not
+ add "pid_file=/var/run/nagios/nrpe.pid" to you nrpe config take care that
+ the user "nagios" is able to write to your pidfile location. You can also
+ change the initscript to create the pid directory on your own.
+
+ -- Alexander Wirt <formorer@debian.org> Tue, 07 Jul 2009 07:42:13 +0200
+
+nagios-nrpe (2.12-3) unstable; urgency=low
+
+ The homedirectory of the nagios user moved to /var/lib/nagios
+ which is now common on all nagios related packages. Its recommended
+ that you migrate an already existing nagios user to use /var/lib/nagios
+ as homedirectory.
+
+ -- Alexander Wirt <formorer@debian.org> Sat, 21 Mar 2009 09:08:58 +0100
+
+nagios-nrpe (2.4-1) unstable; urgency=low
+
+ the nagios-nrpe-doc package is no longer provided. the documentation
+ can now be found in /usr/share/doc/nagios-nrpe-{server|plugins}. new
+ versions of the plugin and server packages conflict with the doc
+ package to prevent the old (and possibly incorrect in the future)
+ documentation from remaining. to fully purge all information about
+ the package you should run:
+ dpkg -P nagios-nrpe-doc
+
+ -- sean finney <seanius@debian.org> Mon, 13 Mar 2006 15:47:47 +0100
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..497b509
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,23 @@
+NRPE
+----
+
+Put any local check command you need into /etc/nagios/nrpe_local.cfg or
+as a *.cfg file in /etc/nagios/nrpe.d/
+These files are included from the /etc/nagios/nrpe.cfg
+
+This package is built without support for command argument processing. If you
+want to enable it, you will have to rebuild this package with
+--enable-command-args in debian/rules.
+The feature has several security problems and should not be used. If you
+really need some dynamic argument processing try check_by_ssh or something
+similar.
+
+Do not rely on SSL mode for security
+------------------------------------
+
+NRPE contains an SSL mode which encrypts the data over the NRPE channel.
+The current implementation does not verify client or server and uses
+pregenerated key data by default. It cannot be fixed right away because
+it would break the existing NRPE protocol.
+
+Please refer to the file SECURITY.md in this directory for more information.
diff --git a/debian/TODO b/debian/TODO
new file mode 100644
index 0000000..a0a0586
--- /dev/null
+++ b/debian/TODO
@@ -0,0 +1,5 @@
+TODO
+====
+
+
+Add a nagios-common package which ships a user and homedir
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..5758b6a
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,554 @@
+nagios-nrpe (4.1.0-1) unstable; urgency=medium
+
+ * Move from experimental to unstable.
+
+ -- Bas Couwenberg <sebastic@debian.org> Wed, 20 Jul 2022 11:16:39 +0200
+
+nagios-nrpe (4.1.0-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Bump watch file version to 4.
+ * Bump Standards-Version to 4.6.1, no changes.
+ * Update watch file for GitHub URL changes.
+ * Bump debhelper compat to 12, no changes.
+ * Add ${misc:Pre-Depends} substvar to nagios-nrpe-server.
+ * Update lintian overrides.
+ * Update Vcs-* URLs for repo rename.
+ * Refresh patches.
+
+ -- Bas Couwenberg <sebastic@debian.org> Tue, 19 Jul 2022 10:50:41 +0200
+
+nagios-nrpe (4.0.3-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Bas Couwenberg <sebastic@debian.org> Wed, 29 Apr 2020 10:38:59 +0200
+
+nagios-nrpe (4.0.2-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Bump Standards-Version to 4.5.0, no changes.
+ * Don't explicitly enable systemd, enabled by default.
+ * Drop check_nrpe-buffer-length.patch, included upstream.
+ * Refresh patches.
+
+ -- Bas Couwenberg <sebastic@debian.org> Mon, 23 Mar 2020 06:06:35 +0100
+
+nagios-nrpe (4.0.0-2) unstable; urgency=medium
+
+ * Add upstream patch to fix check_nrpe buffer length calculation.
+
+ -- Bas Couwenberg <sebastic@debian.org> Thu, 23 Jan 2020 05:40:17 +0100
+
+nagios-nrpe (4.0.0-1) unstable; urgency=medium
+
+ * Move from experimental to unstable.
+
+ -- Bas Couwenberg <sebastic@debian.org> Thu, 16 Jan 2020 08:09:17 +0100
+
+nagios-nrpe (4.0.0-1~exp1) experimental; urgency=medium
+
+ [ Bas Couwenberg ]
+ * New upstream release.
+ * Bump Standards-Version to 4.4.1, no changes.
+ * Refresh patches.
+ * Use single tab for dh command in rules.
+ * Drop --parallel dh argument, used by default with compat 10.
+
+ [ Debian Janitor ]
+ * Bump debhelper from old 9 to 10.
+ * Drop unnecessary dependency on dh-autoreconf.
+ * Remove obsolete field Name from debian/upstream/metadata (already
+ present in machine-readable debian/copyright).
+
+ -- Bas Couwenberg <sebastic@debian.org> Thu, 16 Jan 2020 06:07:37 +0100
+
+nagios-nrpe (3.2.1-3) unstable; urgency=medium
+
+ * Drop autopkgtest to test installability.
+ * Add lintian override for testsuite-autopkgtest-missing.
+ * Bump Standards-Version to 4.4.0, no changes.
+ * Update gbp.conf to use --source-only-changes by default.
+ * Use /run instead of /var/run for PID.
+ (closes: #932353)
+
+ -- Bas Couwenberg <sebastic@debian.org> Sun, 28 Jul 2019 11:17:34 +0200
+
+nagios-nrpe (3.2.1-2) unstable; urgency=medium
+
+ * Bump Standards-Version to 4.1.5, no changes.
+ * Update Vcs-* URLs for Salsa.
+ * Drop dh-systemd build dependency, use debhelper (>= 9.20160709) instead.
+ * Strip trailing whitespace from changelog file.
+
+ -- Bas Couwenberg <sebastic@debian.org> Fri, 20 Jul 2018 21:04:36 +0200
+
+nagios-nrpe (3.2.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Drop patches included upstream, refresh remaining patches.
+
+ -- Bas Couwenberg <sebastic@debian.org> Sun, 03 Sep 2017 10:52:40 +0200
+
+nagios-nrpe (3.2.0-4) unstable; urgency=medium
+
+ * Add upstream patch to turn seteuid errors into warnings.
+ (closes: #868326)
+
+ -- Bas Couwenberg <sebastic@debian.org> Fri, 14 Jul 2017 16:51:12 +0200
+
+nagios-nrpe (3.2.0-3) unstable; urgency=medium
+
+ * Re-enable SSL support by default.
+ Compatibility with older versions has been fixed.
+
+ -- Bas Couwenberg <sebastic@debian.org> Fri, 07 Jul 2017 14:08:13 +0200
+
+nagios-nrpe (3.2.0-2) unstable; urgency=medium
+
+ * Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
+ Thanks to Johan Carlquist for pointing out this issue.
+ * Drop --with-need-dh=no configure option, dh is needed.
+ * Remove deterministic "openssl dhparam" output handling,
+ dh.h not included in upstream source.
+
+ -- Bas Couwenberg <sebastic@debian.org> Thu, 06 Jul 2017 14:33:39 +0200
+
+nagios-nrpe (3.2.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ (closes: #565643)
+ * Bump Standards-Version to 4.0.0, no changes.
+ * Add autopkgtest to test installability.
+ * Set --with-logdir configure option to /var/log.
+ * Update watch file for GitHub releases.
+ * Update copyright file.
+ * Refresh patches.
+ * Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
+ * Regenerate dh.h with OpenSSL 1.1.0.
+
+ -- Bas Couwenberg <sebastic@debian.org> Wed, 05 Jul 2017 09:53:06 +0200
+
+nagios-nrpe (3.1.1-1) unstable; urgency=medium
+
+ * Move from experimental to unstable.
+
+ -- Bas Couwenberg <sebastic@debian.org> Sun, 18 Jun 2017 13:39:05 +0200
+
+nagios-nrpe (3.1.1-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Drop format-security.patch, applied upstream.
+ * Use --with-need-dh=no configure option instead of patch.
+
+ -- Bas Couwenberg <sebastic@debian.org> Sat, 27 May 2017 10:57:03 +0200
+
+nagios-nrpe (3.1.0-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ (closes: #849417, #445976, #691328)
+ * Fix typo in manpage.
+ (closes: #856658)
+ * Drop 10_reproducible_build.patch, applied upstream.
+ Refresh remaining patches.
+ * Update build dependency for OpenSSL 1.1.0.
+ (closes: #859223)
+ * Add patch to fix FTBFS with -Werror=format-security.
+
+ -- Bas Couwenberg <sebastic@debian.org> Wed, 19 Apr 2017 19:28:05 +0200
+
+nagios-nrpe (3.0.1-3) unstable; urgency=medium
+
+ * Add reload command to systemd service file.
+ * Make missing EnvironmentFile non-fatal in systemd service.
+
+ -- Bas Couwenberg <sebastic@debian.org> Sat, 24 Dec 2016 10:24:09 +0100
+
+nagios-nrpe (3.0.1-2) unstable; urgency=medium
+
+ * Add systemd service file and tmpfiles.d configuration.
+ (closes: #665422)
+ * Update nrpe manpage to include new options.
+
+ -- Bas Couwenberg <sebastic@debian.org> Fri, 23 Dec 2016 23:15:19 +0100
+
+nagios-nrpe (3.0.1-1) unstable; urgency=medium
+
+ * Update check_nrpe.cfg to remove command with arguments.
+ (LP: #975918)
+ * Disable SSL support by default, requires configuration.
+ It also doesn't work well with old check_nrpe versions.
+ * Move from experimental to unstable.
+
+ -- Bas Couwenberg <sebastic@debian.org> Fri, 09 Dec 2016 00:15:29 +0100
+
+nagios-nrpe (3.0.1-1~exp1) experimental; urgency=medium
+
+ [ Alexander Wirt ]
+ * Sync uploaders with reality.
+ (closes: #773441)
+
+ [ Bas Couwenberg ]
+ * New upstream release.
+ - Reworked SSL/TLS. See the README.SSL.md file for full info.
+ (closes: #547092)
+ * Add myself to Uploaders.
+ * Add Vcs-* fields to control file.
+ (closes: #755507)
+ * Change nagios-plugins dependencies to monitoring-plugins.
+ * Switch from dpatch to source format 3.0 (quilt).
+ (closes: #756410)
+ * Drop obsolete patch: 04_weird_output.dpatch.
+ * Restructure control file with cme.
+ * Reorder (build) dependencies.
+ * Add Homepage field to control file.
+ * Update copyright file using copyright-format 1.0.
+ * Add gbp.conf to use pristine-tar by default.
+ * Update build dependency to use openssl 1.0.
+ * Enable all hardening buildflags.
+ (closes: #728218)
+ * Enable parallel builds.
+ * Suggest xinetd | inetd.
+ (closes: #662247)
+ * Include PDF & ODT documentation in docs.
+ (closes: #662249)
+ * Update watch file to handle common issues.
+ * Add upstream metadata.
+ * Merge nrpe.cfg patches into single patch.
+ (closes: #660583)
+ * Use configure option to set custom PID directory instead of patch.
+ * Drop 09_noremove_pid.patch, fixed upstream. Refresh remaining patches.
+ * Add patch to use pre-generated dh.h for reproducible builds.
+ * Override dh_auto_build to build all targets.
+ * Use dh-autoreconf instead of autotools-dev.
+ * Use exit status 0 in init script when inetd is configured.
+ (closes: #775924)
+ * Include README.SSL.md in docs.
+ * Bump Standards-Version to 3.9.8, changes:
+ Vcs-* fields, copyright-format 1.0.
+
+ [ Benjamin Drung ]
+ * Use dh_auto_configure to enable default hardening flags.
+ (closes: #843805)
+ * Fix copyright-refers-to-symlink-license.
+ (closes: #756414)
+
+ [ Chris Lamb ]
+ * Make the build reproducible.
+ (closes: #834857)
+
+ -- Bas Couwenberg <sebastic@debian.org> Sun, 04 Dec 2016 18:36:54 +0100
+
+nagios-nrpe (2.15-1) unstable; urgency=high
+
+ * [f2cea9f] Imported Upstream version 2.15
+ * [023e909] Disable command-args in nrpe. (Closes: #745272)
+ * [6369220] Use restorecon to set SE Linux context on $PIDDIR
+ (Closes: #679241)
+ * [a484e7d] Switch order of nagios-plugins recommends to prefer -basic.
+ (Closes: #752243)
+ * [b1ef043] Don't recommend a core implementation for the plugin
+ * [16dbf01] Remove obsolete patch
+ * [694b804] Remove luk from uploaders. (Closes: #719636)
+ * [28d9004] Remove obsolete patch
+ * [86ea67e] 08_CVE-2013-1362.dpatch is now obsolete
+ * [74e3b07] Refresh patches
+ * [1258ab2] Reword NEWS entry
+ * [744eec6] configure is buggy: --disable- in fact enables a feautre.
+ * [eec54b6] Adjust README.Debian for the removal or argument processing
+
+ -- Alexander Wirt <formorer@debian.org> Tue, 15 Jul 2014 18:30:36 +0200
+
+nagios-nrpe (2.13-4) unstable; urgency=low
+
+ * [dcffec6] Do not remove the PID file after a connection error.
+ Original patch from Hiren Patel. (Closes: #716949)
+
+ -- Bernd Zeimetz <bzed@debian.org> Mon, 15 Jul 2013 16:07:54 +0200
+
+nagios-nrpe (2.13-3) unstable; urgency=high
+
+ * [e55afd1] Add 08_CVE-2013-1362.dpatch patch.
+ If command arguments are enabled in the NRPE configuration, it was
+ possible to pass $() as arguments as the checking for nasty caracters
+ was not strict enough to catch $(). This allowed executing shell
+ commands under a subprocess and pass the output as a parameter to the
+ called script (if run under bash). CVE-2013-1362 (Closes: #701227)
+
+ -- Alexander Wirt <formorer@debian.org> Sat, 09 Mar 2013 08:42:05 +0100
+
+nagios-nrpe (2.13-2) unstable; urgency=high
+
+ [ Thijs Kinkhorst ]
+ * Add warning about the inadequateness of the 'ssl' option.
+
+ -- Alexander Wirt <formorer@debian.org> Mon, 11 Feb 2013 17:45:20 +0100
+
+nagios-nrpe (2.13-1) unstable; urgency=low
+
+ * [3e113b5] Imported Upstream version 2.13
+ * [acc152b] Bump standards version
+ * [c707bce] Use dh9 for hardening
+ * Updated patches
+
+ -- Alexander Wirt <formorer@debian.org> Sat, 30 Jun 2012 11:08:22 +0200
+
+nagios-nrpe (2.12-6) unstable; urgency=low
+
+ * [36b1062] Add add icinga to the list of recommends
+ * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845)
+ * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe
+ (Closes: #650464)
+
+ -- Alexander Wirt <formorer@debian.org> Mon, 30 Apr 2012 09:25:45 +0200
+
+nagios-nrpe (2.12-5) unstable; urgency=low
+
+ [ Alexander Wirt ]
+ * [e3af3bd] Bump compat to 8
+ * [4f9e892] Add versioned depends to dpatch for sequence support
+ * [5ec5a3b] Install example nrpe_local.cfg
+ * [69ea7b9] Move rules file to dh
+ * [298f725] Use autotools_dev dh sequence helper
+ * [10da37d] Bump debhelper dependency to 8
+ * [2b009ae] Bump standards version
+ * [4d093e3] Ignore usermod failure (Closes: #538894)
+ * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion
+ (Closes: #548157, #639523)
+ * [8050c97] Support multiarch in rulesfile (Closes: #642790)
+ * [027274f] Use pidfile for start-stop-daemon in start()
+ * [1f69c63] Support status in nrpe initscript
+ * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg
+ (Closes: #641933)
+
+ [ Jan Wagner ]
+ * [0a80fdb] Update debian/README.Debian about conf.d/
+
+ -- Alexander Wirt <formorer@debian.org> Sun, 25 Sep 2011 08:35:48 +0200
+
+nagios-nrpe (2.12-4) unstable; urgency=low
+
+ * Build against libwrap0-dev (Closes: #412705)
+ * Remove 'last modified header' from nrpe config (Closes: #499280)
+ * Create /etc/nagios/nrpe.d (Closes: #505700, #474333)
+ * Fix pidfile handling (Closes: #411046)
+ * Add newer config.{guess,sub} (Closes: #535737)
+ - Build-depend on autotools-dev
+ * Delete /var/lib/nagios if empty after purge (Closes: #527069)
+ * Bump standards version (add README.source)
+ * Bump dh_compat version (remove -k from dh_clean)
+
+ -- Alexander Wirt <formorer@debian.org> Mon, 06 Jul 2009 07:08:26 +0200
+
+nagios-nrpe (2.12-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix bashism (Closes: #530149).
+
+ -- Raphael Geissert <geissert@debian.org> Sat, 04 Jul 2009 20:23:23 -0500
+
+nagios-nrpe (2.12-3) unstable; urgency=low
+
+ * Sync homedirectory of the nagios user with the nagios3 package
+ (Closes: #479051)
+ * Removed now empty nagios-nrpe-plugins.post* scripts
+
+ -- Alexander Wirt <formorer@debian.org> Sat, 21 Mar 2009 09:33:39 +0100
+
+nagios-nrpe (2.12-2) unstable; urgency=low
+
+ * Add myself to uploaders.
+ * Clean buffer before use (Closes: #498749).
+ * Remove pid file before creating a new ones (Closes: #411046).
+ * Include inetd support (Closes: #409772).
+
+ -- Luk Claes <luk@debian.org> Sun, 14 Sep 2008 16:04:17 +0200
+
+nagios-nrpe (2.12-1) unstable; urgency=low
+
+ * Support an nrpe.d config directory in addition to nrpe_local.cfg
+ (Closes: #474333)
+ * Add myself to uploaders
+ * Add watch file
+ * New upstream version (Closes: #475081)
+ * Acknowledge NMU from Chris Lamb (Closes: #484412)
+ * Recommend Nagios 3 instead of Nagios 2
+ * Update copyright file
+ * Use the same homedir as nagios3 (Closes: #479051)
+
+ -- Alexander Wirt <formorer@debian.org> Wed, 06 Aug 2008 20:33:57 +0200
+
+nagios-nrpe (2.8.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix bashism in debian/rules (Closes: #484412)
+ * Bump Standards-Version to 3.8.0.
+
+ -- Chris Lamb <chris@chris-lamb.co.uk> Sat, 12 Jul 2008 01:09:21 +0100
+
+nagios-nrpe (2.8.1-1) unstable; urgency=low
+
+ * New upstream release
+ * bump Recommends to nagios2, thanks to Henning Sprang
+ for suggesting this (closes: #399856).
+ * fix typo in package description, thanks to Tilman Koschnick for
+ noticing this (closes: #419130).
+
+ -- sean finney <seanius@debian.org> Sat, 12 May 2007 12:27:30 +0200
+
+nagios-nrpe (2.5.1-3) unstable; urgency=high
+
+ * apparently we were already including another default file
+ without installing it, and some people were using it. so
+ now we include this one as well as the new default, with this
+ one taking precedence since it was there first. thanks to
+ Peter Palfrader for catching this (closes: #398914).
+
+ -- sean finney <seanius@debian.org> Fri, 17 Nov 2006 09:17:55 +0100
+
+nagios-nrpe (2.5.1-2) unstable; urgency=low
+
+ * include a /etc/default/nagios-nrpe-server where variables
+ such as DAEMON_OPTS can be set (closes: #396709).
+ * bump standards version to 3.7.2
+ * add pre-depends on adduser
+ * LSB-ize init script, and add dependency on lsb-base
+
+ -- sean finney <seanius@debian.org> Sat, 04 Nov 2006 17:38:34 +0100
+
+nagios-nrpe (2.5.1-1) unstable; urgency=low
+
+ * new upstream release. includes fix from Peter Palfrader to catch
+ invalid free()'s when nrpe is called with --no-ssl (closes: #361233).
+
+ -- sean finney <seanius@debian.org> Sun, 14 May 2006 21:38:48 -0500
+
+nagios-nrpe (2.4-2) unstable; urgency=low
+
+ [sean finney]
+ * removing nrpe_local.cfg caused trouble for some people, so
+ i've added it back in (closes: #360093).
+
+ -- sean finney <seanius@debian.org> Fri, 31 Mar 2006 07:02:31 +0200
+
+nagios-nrpe (2.4-1) unstable; urgency=low
+
+ * new upstream release.
+
+ [sean finney]
+ * (NEEDS TESTING) move away from cdbs for my own sanity.
+ * add build-dependency on dpatch.
+ * no longer create nrpe_local.cfg. no reason to have it.
+ * remove postinst script for nagios-nrpe-server, as all it
+ did was touch the previously mentioned file.
+ * upstream has incorporated the following patches:
+ - 02_global-cmd-prefix.dpatch
+ - 03_nrpe-trailing-whitespace.dpatch
+ * check_nrpe -h provides what "-a" does, but i've gone ahead and
+ added a comment in check_nrpe.cfg too, because it can't hurt
+ to do so :) (closes: #351714).
+ * no longer generate the nagios-nrpe-doc package, and move copies of
+ the documentation into the plugin and server packages. add a
+ Conflicts: nagios-nrpe-doc to the remaining packages to ensure
+ that the stale package doesn't remain. NEWS.Debian also mentions
+ this and instructs the admin to purge the package too.
+
+ -- sean finney <seanius@debian.org> Tue, 24 Jan 2006 18:16:54 +0100
+
+nagios-nrpe (2.2-1) unstable; urgency=low
+
+ * new upstream release.
+
+ [sean finney]
+ * debian packaging source repository is now migrated to svn.
+ * updated 01_nodevrandom-and-docoptions.dpatch and
+ 02_global-cmd-prefix.dpatch to apply against the latest
+ upstream version.
+ * nrpe.cfg has moved location in the upstream tarball.
+ * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression
+ in config file parsing until upstream incorporates it.
+
+ -- sean finney <seanius@debian.org> Tue, 24 Jan 2006 17:52:54 +0100
+
+nagios-nrpe (2.0-9) unstable; urgency=low
+
+ * Sean Finney:
+ - nagios-nrpe has now joined forces with the debian pkg-nagios
+ project, updated Maintainer and Uploaders field accordingly.
+ - provide check_nrpe_1arg command definition so that one can call
+ check_nrpe both with and without arguments to the cmds
+ (closes: #248424).
+ - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect
+ the upcoming new nagios-plugins layout.
+ - changed nagios-nrpe-plugin's Depends on nagios to a Recommends.
+ - building issues seem to be resolved on arm now (closes: #259442).
+ - updated Standards-Version to 3.6.2
+ - included patch from joerg and weasel to document some cmdline options
+ and provide a better alternative to reading a random byte from
+ /dev/random (closes: #333552).
+ - included "global command prefix" patch from joerg jaspert
+ (closes: #332253).
+
+ -- sean finney <seanius@debian.org> Tue, 25 Oct 2005 10:04:59 -0400
+
+nagios-nrpe (2.0-8) unstable; urgency=low
+
+ * debian/control: change depends on nagios-plugins, to recommends.
+ (closes: #327199)
+
+ -- Jason Thomas <jason@debian.org> Mon, 10 Oct 2005 08:07:57 +1000
+
+nagios-nrpe (2.0-7) unstable; urgency=high
+
+ * The previous upload fixes a bug that breaks the install of this package so
+ this is a new upload with a high urgency to try and get it into sarge.
+
+ -- Jason Thomas <jason@debian.org> Thu, 19 Aug 2004 22:47:40 +1000
+
+nagios-nrpe (2.0-6) unstable; urgency=low
+
+ * nagios plugin config dir changed to etc/nagios-plugins/configs/
+ (closes: #266826)
+
+ -- Jason Thomas <jason@debian.org> Thu, 19 Aug 2004 21:17:28 +1000
+
+nagios-nrpe (2.0-5) unstable; urgency=low
+
+ * debian/nagios-nrpe-server.preinst: added code to create nagios user and
+ group.
+ (closes: #248995, #241168)
+
+ -- Jason Thomas <jason@debian.org> Sat, 15 May 2004 12:02:35 +1000
+
+nagios-nrpe (2.0-4) unstable; urgency=low
+
+ * debian/nagios-nrpe-server.init.d: added missing -d to restart.
+ (closes: #248797)
+ * debian/nrpe.1: renamed to nrpe.8
+ * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8
+ * debian/dirs: deleted it as its not needed.
+
+ -- Jason Thomas <jason@debian.org> Fri, 14 May 2004 14:05:03 +1000
+
+nagios-nrpe (2.0-3) unstable; urgency=low
+
+ * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which
+ will make upgrades and purges clean.
+
+ -- Jason Thomas <jason@debian.org> Wed, 24 Mar 2004 13:09:00 +1100
+
+nagios-nrpe (2.0-2) unstable; urgency=low
+
+ * debian/control: added build-depends cdbs
+ (closes: #230943)
+ * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server
+ (closes: #230303)
+
+ -- Jason Thomas <jason@debian.org> Wed, 11 Feb 2004 09:27:01 +1100
+
+nagios-nrpe (2.0-1) unstable; urgency=low
+
+ * Initial Release.
+ (closes: #209124)
+
+ -- Jason Thomas <jason@debian.org> Wed, 14 Jan 2004 16:13:36 +1100
diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg
new file mode 100644
index 0000000..2b71c31
--- /dev/null
+++ b/debian/check_nrpe.cfg
@@ -0,0 +1,11 @@
+# this command runs a program $ARG1$ with no arguments and enables SSL support
+define command {
+ command_name check_nrpe
+ command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+}
+
+# this command runs a program $ARG1$ with no arguments and disables SSL support
+define command {
+ command_name check_nrpe_nossl
+ command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
+}
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..f72262c
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,46 @@
+Source: nagios-nrpe
+Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
+Uploaders: Bas Couwenberg <sebastic@debian.org>
+Section: net
+Priority: optional
+Build-Depends: debhelper-compat (= 12),
+ libssl-dev,
+ libwrap0-dev,
+ openssl
+Standards-Version: 4.6.1
+Vcs-Browser: https://salsa.debian.org/nagios-team/nrpe
+Vcs-Git: https://salsa.debian.org/nagios-team/nrpe.git
+Homepage: https://github.com/NagiosEnterprises/nrpe
+
+Package: nagios-nrpe-server
+Architecture: any
+Depends: lsb-base,
+ ${shlibs:Depends},
+ ${misc:Depends}
+Recommends: monitoring-plugins-basic | monitoring-plugins
+Suggests: xinetd | inetd
+Pre-Depends: adduser,
+ ${misc:Pre-Depends}
+Conflicts: nagios-nrpe-doc
+Description: Nagios Remote Plugin Executor Server
+ Nagios is a host/service/network monitoring and management system.
+ .
+ The purpose of this addon is to allow you to execute Nagios plugins on a
+ remote host in as transparent a manner as possible.
+ .
+ This program runs as a background process on the remote host and processes
+ command execution requests from the check_nrpe plugin on the Nagios host.
+
+Package: nagios-nrpe-plugin
+Architecture: any
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Conflicts: nagios-nrpe-doc
+Description: Nagios Remote Plugin Executor Plugin
+ Nagios is a host/service/network monitoring and management system.
+ .
+ The purpose of this addon is to allow you to execute Nagios plugins on a
+ remote host in as transparent a manner as possible.
+ .
+ This is a plugin that is run on the Nagios host and is used to contact the
+ NRPE process on remote hosts.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..e1cb223
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,79 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: NRPE
+Upstream-Contact: Nagios Users List <nagios-users@lists.nagios.com>
+Source: https://github.com/NagiosEnterprises/nrpe
+
+Files: *
+Copyright: 2006-2017, Nagios Enterprises
+ 2016, Nagios Core Development Team
+ 1999-2008, Ethan Galstad (nagios@nagios.org)
+License: GPL-2+ with OpenSSL exception
+
+Files: include/acl.h
+ src/acl.c
+Copyright: 2011, Kaspersky Lab ZAO
+License: GPL-2+
+
+Files: src/snprintf.c
+Copyright: Patrick Powell 1995
+License: attribution
+ This code is based on code written by Patrick Powell (papowell@astart.com)
+ It may be used for any purpose as long as this notice remains intact
+ on all source code distributions
+
+Files: debian/*
+Copyright: 2004, Jason Thomas <jason@debian.org>
+License: GPL-2+
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ .
+ On Debian systems, the complete text of version 2 of the GNU General
+ Public License can be found in `/usr/share/common-licenses/GPL-2'.
+
+License: GPL-2+ with OpenSSL exception
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later
+ version.
+ .
+ In addition, as a special exception, the author of this
+ program gives permission to link the code of its
+ release with the OpenSSL project's "OpenSSL" library (or
+ with modified versions of it that use the same license as
+ the "OpenSSL" library), and distribute the linked
+ executables. You must obey the GNU General Public
+ License in all respects for all of the code used other
+ than "OpenSSL". If you modify this file, you may extend
+ this exception to your version of the file, but you are
+ not obligated to do so. If you do not wish to do so,
+ delete this exception statement from your version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2'.
+
diff --git a/debian/dirs b/debian/dirs
new file mode 100644
index 0000000..91d0516
--- /dev/null
+++ b/debian/dirs
@@ -0,0 +1 @@
+/etc/nagios/nrpe.d
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..e3daba6
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,19 @@
+[DEFAULT]
+
+# The default name for the upstream branch is "upstream".
+# Change it if the name is different (for instance, "master").
+upstream-branch = upstream
+
+# The default name for the Debian branch is "master".
+# Change it if the name is different (for instance, "debian/unstable").
+debian-branch = master
+
+# git-import-orig uses the following names for the upstream tags.
+# Change the value if you are not using git-import-orig
+upstream-tag = upstream/%(version)s
+
+# Always use pristine-tar.
+pristine-tar = True
+
+[buildpackage]
+pbuilder-options = --source-only-changes
diff --git a/debian/nagios-nrpe-plugin.install b/debian/nagios-nrpe-plugin.install
new file mode 100644
index 0000000..3afb517
--- /dev/null
+++ b/debian/nagios-nrpe-plugin.install
@@ -0,0 +1,2 @@
+src/check_nrpe usr/lib/nagios/plugins/
+debian/check_nrpe.cfg etc/nagios-plugins/config/
diff --git a/debian/nagios-nrpe-plugin.postrm b/debian/nagios-nrpe-plugin.postrm
new file mode 100644
index 0000000..a77d21a
--- /dev/null
+++ b/debian/nagios-nrpe-plugin.postrm
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = purge ]; then
+ test -d /var/lib/nagios && rmdir /var/lib/nagios || true #ignore non-failure errors
+fi
+
+#DEBHELPER#
+
diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default
new file mode 100644
index 0000000..828ef02
--- /dev/null
+++ b/debian/nagios-nrpe-server.default
@@ -0,0 +1,16 @@
+# defaults file for nagios-nrpe-server
+# (this file is a /bin/sh compatible fragment)
+
+# NRPE_OPTS are any extra cmdline parameters you'd like to pass along to the
+# nrpe daemon.
+#
+# The -n option disables SSL support.
+#NRPE_OPTS="-n"
+
+# NICENESS is if you want to run the server at a different nice() priority.
+# (only used by the init script)
+#NICENESS=5
+
+# INETD is if you want to run the server via inetd (default=0, run as daemon).
+# (only used by the init script)
+#INETD=0
diff --git a/debian/nagios-nrpe-server.doc-base b/debian/nagios-nrpe-server.doc-base
new file mode 100644
index 0000000..a153da5
--- /dev/null
+++ b/debian/nagios-nrpe-server.doc-base
@@ -0,0 +1,6 @@
+Document: nagios-nrpe
+Title: NRPE Documentation
+Section: Network/Monitoring
+
+Format: PDF
+Files: /usr/share/doc/nagios-nrpe-server/*.pdf.gz
diff --git a/debian/nagios-nrpe-server.docs b/debian/nagios-nrpe-server.docs
new file mode 100644
index 0000000..ec4a52e
--- /dev/null
+++ b/debian/nagios-nrpe-server.docs
@@ -0,0 +1,5 @@
+LEGAL
+README.md
+README.SSL.md
+SECURITY.md
+docs/*
diff --git a/debian/nagios-nrpe-server.init b/debian/nagios-nrpe-server.init
new file mode 100644
index 0000000..ae16f2d
--- /dev/null
+++ b/debian/nagios-nrpe-server.init
@@ -0,0 +1,85 @@
+#! /bin/sh
+#
+
+### BEGIN INIT INFO
+# Provides: nagios-nrpe-server
+# Required-Start: $local_fs $remote_fs $syslog $named $network $time
+# Required-Stop: $local_fs $remote_fs $syslog $named $network
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start/Stop the Nagios remote plugin execution daemon
+### END INIT INFO
+
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nrpe
+NAME=nagios-nrpe
+DESC=nagios-nrpe
+CONFIG=/etc/nagios/nrpe.cfg
+PIDDIR=/run/nagios
+
+test -x $DAEMON || exit 0
+
+if ! [ -x "/lib/lsb/init-functions" ]; then
+ . /lib/lsb/init-functions
+else
+ echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed"
+ exit 1
+fi
+
+# Include nagios-nrpe defaults if available
+if [ -f /etc/default/nagios-nrpe-server ] ; then
+ . /etc/default/nagios-nrpe-server
+fi
+# we also used to include this file, so if it's there
+# we include it as well
+if [ -f /etc/default/nagios-nrpe ]; then
+ . /etc/default/nagios-nrpe
+fi
+if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi
+
+#since /run can be wiped completly we create our run directory here
+if [ ! -d "$PIDDIR" ]; then
+ mkdir "$PIDDIR"
+ chown nagios "$PIDDIR"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$PIDDIR"
+fi
+
+set -e
+
+case "$1" in
+ start)
+ if [ "$INETD" = 1 ]; then
+ exit 0
+ fi
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $NRPE_OPTS
+ log_end_msg $?
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDDIR/nrpe.pid --retry 15
+ log_end_msg $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC configuration files" "$NAME"
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDDIR/nrpe.pid
+ log_end_msg $?
+ ;;
+ status)
+ status_of_proc -p $PIDDIR/nrpe.pid "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ log_failure_msg "Usage: $N {start|stop|restart|reload|force-reload}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/nagios-nrpe-server.install b/debian/nagios-nrpe-server.install
new file mode 100644
index 0000000..5da03c3
--- /dev/null
+++ b/debian/nagios-nrpe-server.install
@@ -0,0 +1,3 @@
+src/nrpe usr/sbin
+sample-config/nrpe.cfg etc/nagios
+debian/nrpe_local.cfg etc/nagios
diff --git a/debian/nagios-nrpe-server.manpages b/debian/nagios-nrpe-server.manpages
new file mode 100644
index 0000000..d6530c4
--- /dev/null
+++ b/debian/nagios-nrpe-server.manpages
@@ -0,0 +1 @@
+debian/nrpe.8
diff --git a/debian/nagios-nrpe-server.preinst b/debian/nagios-nrpe-server.preinst
new file mode 100644
index 0000000..d9b4fa2
--- /dev/null
+++ b/debian/nagios-nrpe-server.preinst
@@ -0,0 +1,55 @@
+#! /bin/sh
+# preinst script for nagios-nrpe-server
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ install|upgrade)
+ if id nagios >/dev/null 2>&1 ; then
+ # We have a nagios user.
+ if [ `id nagios -g -n` != "nagios" ] ; then
+ addgroup --system nagios || true
+ #this can fail sometimes (i.e. with LDAP) so ignore it
+ usermod -g nagios nagios || true
+ fi
+ else
+ adduser --system --group --home /var/lib/nagios --quiet nagios
+ fi
+
+# if [ "$1" = "upgrade" ]
+# then
+# start-stop-daemon --stop --quiet --oknodo \
+# --pidfile /var/run/bud.pid \
+# --exec /usr/sbin/bud 2>/dev/null || true
+# fi
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
diff --git a/debian/nagios-nrpe-server.service b/debian/nagios-nrpe-server.service
new file mode 100644
index 0000000..4b5ae6a
--- /dev/null
+++ b/debian/nagios-nrpe-server.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Nagios Remote Plugin Executor
+Documentation=http://www.nagios.org/documentation
+After=var-run.mount nss-lookup.target network.target local-fs.target remote-fs.target time-sync.target
+Before=getty@tty1.service plymouth-quit.service xdm.service
+Conflicts=nrpe.socket
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+Restart=on-abort
+PIDFile=/run/nagios/nrpe.pid
+EnvironmentFile=-/etc/default/nagios-nrpe-server
+ExecStart=/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f $NRPE_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStopPost=/bin/rm -f /run/nagios/nrpe.pid
+TimeoutStopSec=60
+User=nagios
+Group=nagios
+PrivateTmp=true
+OOMScoreAdjust=-500
diff --git a/debian/nagios-nrpe-server.tmpfile b/debian/nagios-nrpe-server.tmpfile
new file mode 100644
index 0000000..5a24552
--- /dev/null
+++ b/debian/nagios-nrpe-server.tmpfile
@@ -0,0 +1,2 @@
+#Type Path Mode UID GID Age Argument
+d /run/nagios 0755 nagios nagios - -
diff --git a/debian/nrpe.8 b/debian/nrpe.8
new file mode 100644
index 0000000..67e280c
--- /dev/null
+++ b/debian/nrpe.8
@@ -0,0 +1,60 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH NAGIOS-NRPE 8 "January 14, 2004"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+nrpe \- Nagios Remote Plugin Executor - Server
+.SH SYNOPSIS
+.B nagios-nrpe
+\fI[-n] -c <config_file> [-4|-6] <mode>\fR
+.SH DESCRIPTION
+.PP
+The purpose of this addon is to allow you to execute Nagios plugins on a
+remote host in as transparent a manner as possible.
+.PP
+This program runs as a background process on the remote host and processes
+command execution requests from the check_nrpe plugin on the Nagios host.
+.SH OPTIONS
+.TP
+\fB\-n\fR = Do not use SSL
+.TP
+\fB\-c\fR <config_file> = Name of config file to use
+.TP
+\fB\-4\fR = Use IPv4 only
+.TP
+\fB\-6\fR = Use IPv6 only
+.TP
+<mode> = One of the following two operating modes:
+.TP
+ \fB\-i\fR = Run as a service under inetd or xinetd
+.TP
+ \fB\-d\fR = Run as a standalone daemon
+.TP
+ \fB\-d \-s\fR = Run as a subsystem under AIX
+.TP
+ \fB\-f\fR = Don't fork() for systemd, launchd, etc.
+.PP
+Notes:
+This program is designed to process requests from the check_nrpe
+plugin on the host(s) running Nagios. It can run as a service
+under inetd or xinetd (read the docs for info on this), or as a
+standalone daemon. Once a request is received from an authorized
+host, NRPE will execute the command/plugin (as defined in the
+config file) and return the plugin output and return code to the
+check_nrpe plugin.
+.SH AUTHOR
+This manual page was written by Jason Thomas <jason@debian.org>,
+for the Debian project (but may be used by others).
diff --git a/debian/nrpe_local.cfg b/debian/nrpe_local.cfg
new file mode 100644
index 0000000..9660438
--- /dev/null
+++ b/debian/nrpe_local.cfg
@@ -0,0 +1,3 @@
+######################################
+# Do any local nrpe configuration here
+######################################
diff --git a/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch b/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
new file mode 100644
index 0000000..198954b
--- /dev/null
+++ b/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
@@ -0,0 +1,27 @@
+Description: Support nrpe_local.cfg & nrpe.d directory.
+Author: Sean Finney <seanius@debian.org>
+Author: Alexander Wirt <formorer@debian.org>
+Forwarded: not-needed
+
+--- a/sample-config/nrpe.cfg.in
++++ b/sample-config/nrpe.cfg.in
+@@ -362,6 +362,19 @@ command[check_total_procs]=@pluginsdir@/
+ #include_dir=<somedirectory>
+ #include_dir=<someotherdirectory>
+
++
++
++# local configuration:
++# if you'd prefer, you can instead place directives here
++
++include=/etc/nagios/nrpe_local.cfg
++
++# you can place your config snipplets into nrpe.d/
++# only snipplets ending in .cfg will get included
++
++include_dir=/etc/nagios/nrpe.d/
++
++
+ # KEEP ENVIRONMENT VARIABLES
+ # This directive allows you to retain specific variables from the environment
+ # when starting the NRPE daemon.
diff --git a/debian/patches/07_warn_ssloption.patch b/debian/patches/07_warn_ssloption.patch
new file mode 100644
index 0000000..a6f9686
--- /dev/null
+++ b/debian/patches/07_warn_ssloption.patch
@@ -0,0 +1,28 @@
+Description: Warn against inadequateness of NRPE's own SSL option.
+Author: Thijs Kinkhorst <thijs@debian.org>
+Forwarded: not-needed
+
+--- a/SECURITY.md
++++ b/SECURITY.md
+@@ -91,14 +91,17 @@ Encryption
+ ----------
+
+ If you do enable support for command arguments in the NRPE daemon,
+-make sure that you encrypt communications either by using:
+-
+- 1. Stunnel (see http://www.stunnel.org for more info)
+- 2. Native SSL support (See the [SSL Readme](README.SSL.md) file for more info)
++make sure that you encrypt communications by using, for example,
++Stunnel (see http://www.stunnel.org for more info).
+
+ Do **NOT** assume that just because the daemon is behind a firewall
+ that you are safe! ***Always encrypt NRPE traffic!***
+
++NOTE: the currently shipped native SSL support of NRPE is not an
++adequante protection, because it does not verify clients and
++server, and uses pregenerated key material. NRPE's SSL option is
++advised against. For more information, see Debian bug #547092.
++
+
+ Using Arguments
+ ---------------
diff --git a/debian/patches/11_reproducible_dh.h.patch b/debian/patches/11_reproducible_dh.h.patch
new file mode 100644
index 0000000..523c8d1
--- /dev/null
+++ b/debian/patches/11_reproducible_dh.h.patch
@@ -0,0 +1,70 @@
+Description: Use pre-generated dh.h for reproducible builds.
+Author: Bas Couwenberg <sebastic@debian.org>
+Bug-Debian: https://bugs.debian.org/834857
+Forwarded: not-needed
+
+--- /dev/null
++++ b/include/dh.h
+@@ -0,0 +1,36 @@
++DH *get_dh2048()
++{
++ static unsigned char dh2048_p[]={
++ 0x80,0xCF,0xFC,0xB3,0xBC,0xDD,0x17,0x11,0x00,0xFF,0x73,0x97,0x51,0x64,0xB9,
++ 0x32,0xB9,0x5E,0x91,0x42,0x11,0x31,0x6F,0xC4,0x3B,0x8A,0x80,0x87,0x08,0x3B,
++ 0x8A,0x5B,0x04,0x18,0xFA,0xEF,0x75,0xA5,0x13,0xF3,0xD6,0x3C,0x64,0x0C,0x36,
++ 0x50,0xEC,0x25,0xA1,0xCF,0x0D,0x24,0xD0,0x99,0x87,0x1C,0x3C,0x2C,0x75,0x87,
++ 0x7A,0x9F,0x21,0xEA,0x43,0x34,0x54,0x96,0xD1,0x68,0xEF,0xD2,0xC4,0xBF,0x21,
++ 0xBA,0x48,0x05,0xC8,0x3D,0x97,0xEA,0x04,0x12,0xF9,0xAC,0xE2,0xFD,0x4C,0xFE,
++ 0xF8,0x4C,0x43,0x8D,0x61,0xE5,0x0D,0xDB,0xAF,0x51,0xEF,0x17,0xA3,0x3D,0xDD,
++ 0x26,0x27,0xA8,0x90,0x12,0x99,0x83,0xC2,0x68,0xEC,0xA1,0xEC,0xFF,0x06,0x3A,
++ 0x34,0x0A,0x3C,0x59,0xF2,0xED,0x23,0x4B,0x98,0xC9,0xBC,0x9E,0x37,0xF7,0xD0,
++ 0x1A,0x9F,0x39,0x2D,0xF4,0xC1,0x4D,0x19,0xE2,0x81,0xA8,0xF6,0xBD,0xBA,0x23,
++ 0x6A,0x58,0x7A,0xBC,0x8A,0x9C,0xB7,0x4F,0x27,0xD1,0x34,0xE9,0xEC,0x03,0xDE,
++ 0xC4,0x22,0xF0,0x7F,0x56,0x8E,0x93,0xD1,0xB5,0xA6,0x9B,0x87,0x8A,0xE9,0xC4,
++ 0xDF,0x79,0xEC,0xC8,0xAA,0x17,0xDE,0x3E,0x15,0x63,0x35,0x99,0x88,0xA1,0xCA,
++ 0xE2,0xC5,0x70,0x4F,0x73,0x0A,0x41,0xFC,0xF5,0x8F,0xF8,0x5B,0x52,0x06,0x58,
++ 0x33,0x39,0xDA,0x59,0x68,0x1F,0x06,0xCE,0xD6,0xBA,0x98,0xD7,0x45,0xD9,0x22,
++ 0x35,0x81,0x35,0x40,0x03,0xF0,0xEB,0xA6,0xE3,0x6B,0x56,0x13,0x7E,0xCA,0xD3,
++ 0x55,0x7E,0x0E,0xCE,0x24,0xF6,0xEB,0xDB,0x83,0x64,0x23,0x89,0x1C,0xC0,0xEA,
++ 0xAF,
++ };
++ static unsigned char dh2048_g[]={
++ 0x02,
++ };
++ DH *dh;
++
++ if ((dh=DH_new()) == NULL) return(NULL);
++ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++ if ((p == NULL) || (g == NULL))
++ { DH_free(dh); return(NULL); }
++ int result = DH_set0_pqg(dh, p, NULL, g);
++ if (result == 0) { DH_free(dh); return(NULL); }
++ return(dh);
++}
+--- a/macros/ax_nagios_get_ssl
++++ b/macros/ax_nagios_get_ssl
+@@ -290,23 +290,11 @@ if test x$SSL_TYPE != xNONE; then
+ if test x$need_dh = xyes; then
+ AC_PATH_PROG(sslbin,openssl,value-if-not-found,$ssl_dir/sbin$PATH_SEPARATOR$ssl_dir/bin$PATH_SEPARATOR$PATH)
+ AC_DEFINE(USE_SSL_DH)
+- # Generate DH parameters
+ if test -f "$sslbin"; then
+- echo ""
+- echo "*** Generating DH Parameters for SSL/TLS ***"
+- # OpenSSL 3 removes dhparam -C
+- # check version and use our own parser if needed
+ nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1`
+
+- test -d include || mkdir include
+ if test "x$nagios_ssl_major_version" = "x3"; then
+ AC_DEFINE_UNQUOTED(OPENSSL_V3,[1],[Have OpenSSL v3])
+- test -d src || mkdir src
+- $CC ${srcdir}/src/print_c_code.c -o src/print_c_code
+- $sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h
+- else
+- # awk to strip off meta data at bottom of dhparam output
+- $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
+ fi
+ fi
+ fi
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..15e2844
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+02_nrpe.cfg_local-include_support_nrpe.d.patch
+07_warn_ssloption.patch
+11_reproducible_dh.h.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..8eacd6e
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,31 @@
+#!/usr/bin/make -f
+
+# newer dpkg set this by default.
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+
+# Enable hardening build flags
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+CFLAGS += $(CPPFLAGS)
+
+export AUTOHEADER=true
+
+%:
+ dh $@
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --libdir=/usr/lib/nagios \
+ --libexecdir=/usr/lib/nagios/plugins \
+ --localstatedir=/var \
+ --enable-ssl \
+ --with-logdir=/var/log \
+ --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
+ --with-piddir=/run/nagios
+
+override_dh_auto_build:
+ dh_auto_build -- all
+
+override_dh_auto_install:
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..c5c326d
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,5 @@
+---
+Bug-Database: https://github.com/NagiosEnterprises/nrpe/issues
+Bug-Submit: https://github.com/NagiosEnterprises/nrpe/issues/new
+Repository: https://github.com/NagiosEnterprises/nrpe.git
+Repository-Browse: https://github.com/NagiosEnterprises/nrpe
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..9c73a06
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,7 @@
+version=4
+opts=\
+dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\
+uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/-/./g,\
+filenamemangle=s/(?:.*?)?(?:rel|v|nrpe)?[\-\_]?(\d\S+)\.(tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))/nrpe-$1.$2/ \
+https://github.com/NagiosEnterprises/nrpe/tags \
+(?:.*?/archive/(?:.*?/)?)?(?:rel|v|nrpe)?[\-\_]?(\d\S+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))