From f4c587d09f20b918bc583b497cbdf17608222235 Mon Sep 17 00:00:00 2001 From: Alexander Wirt Date: Tue, 15 Jul 2014 18:30:36 +0200 Subject: [PATCH] Import Debian changes 2.15-1 nagios-nrpe (2.15-1) unstable; urgency=high . * [f2cea9f] Imported Upstream version 2.15 * [023e909] Disable command-args in nrpe. (Closes: #745272) * [6369220] Use restorecon to set SE Linux context on $PIDDIR (Closes: #679241) * [a484e7d] Switch order of nagios-plugins recommends to prefer -basic. (Closes: #752243) * [b1ef043] Don't recommend a core implementation for the plugin * [16dbf01] Remove obsolete patch * [694b804] Remove luk from uploaders. (Closes: #719636) * [28d9004] Remove obsolete patch * [86ea67e] 08_CVE-2013-1362.dpatch is now obsolete * [74e3b07] Refresh patches * [1258ab2] Reword NEWS entry * [744eec6] configure is buggy: --disable- in fact enables a feautre. * [eec54b6] Adjust README.Debian for the removal or argument processing . nagios-nrpe (2.13-4) unstable; urgency=low . * [dcffec6] Do not remove the PID file after a connection error. Original patch from Hiren Patel. (Closes: #716949) . nagios-nrpe (2.13-3) unstable; urgency=high . * [e55afd1] Add 08_CVE-2013-1362.dpatch patch. If command arguments are enabled in the NRPE configuration, it was possible to pass $() as arguments as the checking for nasty caracters was not strict enough to catch $(). This allowed executing shell commands under a subprocess and pass the output as a parameter to the called script (if run under bash). CVE-2013-1362 (Closes: #701227) . nagios-nrpe (2.13-2) unstable; urgency=high . [ Thijs Kinkhorst ] * Add warning about the inadequateness of the 'ssl' option. . nagios-nrpe (2.13-1) unstable; urgency=low . * [3e113b5] Imported Upstream version 2.13 * [acc152b] Bump standards version * [c707bce] Use dh9 for hardening * Updated patches . nagios-nrpe (2.12-6) unstable; urgency=low . * [36b1062] Add add icinga to the list of recommends * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845) * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe (Closes: #650464) . nagios-nrpe (2.12-5) unstable; urgency=low . [ Alexander Wirt ] * [e3af3bd] Bump compat to 8 * [4f9e892] Add versioned depends to dpatch for sequence support * [5ec5a3b] Install example nrpe_local.cfg * [69ea7b9] Move rules file to dh * [298f725] Use autotools_dev dh sequence helper * [10da37d] Bump debhelper dependency to 8 * [2b009ae] Bump standards version * [4d093e3] Ignore usermod failure (Closes: #538894) * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion (Closes: #548157, #639523) * [8050c97] Support multiarch in rulesfile (Closes: #642790) * [027274f] Use pidfile for start-stop-daemon in start() * [1f69c63] Support status in nrpe initscript * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg (Closes: #641933) . [ Jan Wagner ] * [0a80fdb] Update debian/README.Debian about conf.d/ . nagios-nrpe (2.12-4) unstable; urgency=low . * Build against libwrap0-dev (Closes: #412705) * Remove 'last modified header' from nrpe config (Closes: #499280) * Create /etc/nagios/nrpe.d (Closes: #505700, #474333) * Fix pidfile handling (Closes: #411046) * Add newer config.{guess,sub} (Closes: #535737) - Build-depend on autotools-dev * Delete /var/lib/nagios if empty after purge (Closes: #527069) * Bump standards version (add README.source) * Bump dh_compat version (remove -k from dh_clean) . nagios-nrpe (2.12-3.1) unstable; urgency=low . * Non-maintainer upload. * Fix bashism (Closes: #530149). . nagios-nrpe (2.12-3) unstable; urgency=low . * Sync homedirectory of the nagios user with the nagios3 package (Closes: #479051) * Removed now empty nagios-nrpe-plugins.post* scripts . nagios-nrpe (2.12-2) unstable; urgency=low . * Add myself to uploaders. * Clean buffer before use (Closes: #498749). * Remove pid file before creating a new ones (Closes: #411046). * Include inetd support (Closes: #409772). . nagios-nrpe (2.12-1) unstable; urgency=low . * Support an nrpe.d config directory in addition to nrpe_local.cfg (Closes: #474333) * Add myself to uploaders * Add watch file * New upstream version (Closes: #475081) * Acknowledge NMU from Chris Lamb (Closes: #484412) * Recommend Nagios 3 instead of Nagios 2 * Update copyright file * Use the same homedir as nagios3 (Closes: #479051) . nagios-nrpe (2.8.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Fix bashism in debian/rules (Closes: #484412) * Bump Standards-Version to 3.8.0. . nagios-nrpe (2.8.1-1) unstable; urgency=low . * New upstream release * bump Recommends to nagios2, thanks to Henning Sprang for suggesting this (closes: #399856). * fix typo in package description, thanks to Tilman Koschnick for noticing this (closes: #419130). . nagios-nrpe (2.5.1-3) unstable; urgency=high . * apparently we were already including another default file without installing it, and some people were using it. so now we include this one as well as the new default, with this one taking precedence since it was there first. thanks to Peter Palfrader for catching this (closes: #398914). . nagios-nrpe (2.5.1-2) unstable; urgency=low . * include a /etc/default/nagios-nrpe-server where variables such as DAEMON_OPTS can be set (closes: #396709). * bump standards version to 3.7.2 * add pre-depends on adduser * LSB-ize init script, and add dependency on lsb-base . nagios-nrpe (2.5.1-1) unstable; urgency=low . * new upstream release. includes fix from Peter Palfrader to catch invalid free()'s when nrpe is called with --no-ssl (closes: #361233). . nagios-nrpe (2.4-2) unstable; urgency=low . [sean finney] * removing nrpe_local.cfg caused trouble for some people, so i've added it back in (closes: #360093). . nagios-nrpe (2.4-1) unstable; urgency=low . * new upstream release. . [sean finney] * (NEEDS TESTING) move away from cdbs for my own sanity. * add build-dependency on dpatch. * no longer create nrpe_local.cfg. no reason to have it. * remove postinst script for nagios-nrpe-server, as all it did was touch the previously mentioned file. * upstream has incorporated the following patches: - 02_global-cmd-prefix.dpatch - 03_nrpe-trailing-whitespace.dpatch * check_nrpe -h provides what "-a" does, but i've gone ahead and added a comment in check_nrpe.cfg too, because it can't hurt to do so :) (closes: #351714). * no longer generate the nagios-nrpe-doc package, and move copies of the documentation into the plugin and server packages. add a Conflicts: nagios-nrpe-doc to the remaining packages to ensure that the stale package doesn't remain. NEWS.Debian also mentions this and instructs the admin to purge the package too. . nagios-nrpe (2.2-1) unstable; urgency=low . * new upstream release. . [sean finney] * debian packaging source repository is now migrated to svn. * updated 01_nodevrandom-and-docoptions.dpatch and 02_global-cmd-prefix.dpatch to apply against the latest upstream version. * nrpe.cfg has moved location in the upstream tarball. * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression in config file parsing until upstream incorporates it. . nagios-nrpe (2.0-9) unstable; urgency=low . * Sean Finney: - nagios-nrpe has now joined forces with the debian pkg-nagios project, updated Maintainer and Uploaders field accordingly. - provide check_nrpe_1arg command definition so that one can call check_nrpe both with and without arguments to the cmds (closes: #248424). - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect the upcoming new nagios-plugins layout. - changed nagios-nrpe-plugin's Depends on nagios to a Recommends. - building issues seem to be resolved on arm now (closes: #259442). - updated Standards-Version to 3.6.2 - included patch from joerg and weasel to document some cmdline options and provide a better alternative to reading a random byte from /dev/random (closes: #333552). - included "global command prefix" patch from joerg jaspert (closes: #332253). . nagios-nrpe (2.0-8) unstable; urgency=low . * debian/control: change depends on nagios-plugins, to recommends. (closes: #327199) . nagios-nrpe (2.0-7) unstable; urgency=high . * The previous upload fixes a bug that breaks the install of this package so this is a new upload with a high urgency to try and get it into sarge. . nagios-nrpe (2.0-6) unstable; urgency=low . * nagios plugin config dir changed to etc/nagios-plugins/configs/ (closes: #266826) . nagios-nrpe (2.0-5) unstable; urgency=low . * debian/nagios-nrpe-server.preinst: added code to create nagios user and group. (closes: #248995, #241168) . nagios-nrpe (2.0-4) unstable; urgency=low . * debian/nagios-nrpe-server.init.d: added missing -d to restart. (closes: #248797) * debian/nrpe.1: renamed to nrpe.8 * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8 * debian/dirs: deleted it as its not needed. . nagios-nrpe (2.0-3) unstable; urgency=low . * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which will make upgrades and purges clean. . nagios-nrpe (2.0-2) unstable; urgency=low . * debian/control: added build-depends cdbs (closes: #230943) * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server (closes: #230303) . nagios-nrpe (2.0-1) unstable; urgency=low . * Initial Release. (closes: #209124) --- debian/NEWS | 38 +++ debian/README.Debian | 23 ++ debian/README.source | 3 + debian/TODO | 5 + debian/changelog | 314 ++++++++++++++++++ debian/check_nrpe.cfg | 11 + debian/compat | 1 + debian/control | 36 ++ debian/copyright | 37 +++ debian/dirs | 1 + debian/docs | 3 + debian/nagios-nrpe-plugin.install | 2 + debian/nagios-nrpe-plugin.postrm | 9 + debian/nagios-nrpe-server.default | 12 + debian/nagios-nrpe-server.init | 85 +++++ debian/nagios-nrpe-server.install | 3 + debian/nagios-nrpe-server.manpages | 1 + debian/nagios-nrpe-server.preinst | 55 +++ debian/nrpe.8 | 52 +++ debian/nrpe_local.cfg | 3 + debian/patches/00list | 6 + .../patches/02_nrpe.cfg_local-include.dpatch | 19 ++ debian/patches/03_support_nrpe.d.dpatch | 21 ++ debian/patches/04_weird_output.dpatch | 20 ++ debian/patches/05_pid_privileges.dpatch | 27 ++ debian/patches/06_pid_directory.dpatch | 19 ++ debian/patches/07_warn_ssloption.dpatch | 30 ++ debian/patches/09_noremove_pid.dpatch | 34 ++ debian/rules | 22 ++ debian/watch | 3 + 30 files changed, 895 insertions(+) create mode 100644 debian/NEWS create mode 100644 debian/README.Debian create mode 100644 debian/README.source create mode 100644 debian/TODO create mode 100644 debian/changelog create mode 100644 debian/check_nrpe.cfg create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/dirs create mode 100644 debian/docs create mode 100644 debian/nagios-nrpe-plugin.install create mode 100644 debian/nagios-nrpe-plugin.postrm create mode 100644 debian/nagios-nrpe-server.default create mode 100644 debian/nagios-nrpe-server.init create mode 100644 debian/nagios-nrpe-server.install create mode 100644 debian/nagios-nrpe-server.manpages create mode 100644 debian/nagios-nrpe-server.preinst create mode 100644 debian/nrpe.8 create mode 100644 debian/nrpe_local.cfg create mode 100644 debian/patches/00list create mode 100644 debian/patches/02_nrpe.cfg_local-include.dpatch create mode 100644 debian/patches/03_support_nrpe.d.dpatch create mode 100644 debian/patches/04_weird_output.dpatch create mode 100644 debian/patches/05_pid_privileges.dpatch create mode 100644 debian/patches/06_pid_directory.dpatch create mode 100644 debian/patches/07_warn_ssloption.dpatch create mode 100644 debian/patches/09_noremove_pid.dpatch create mode 100755 debian/rules create mode 100644 debian/watch diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..04c44b1 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,38 @@ +nagios-nrpe (2.15-1) unstable; urgency=high + + This update disables the command-args support in nrpe. The feature + has several security problems and is often used wrong. If you have to + use this feature recompile the package with --enable-command-args + in debian/rules. + + -- Alexander Wirt Tue, 15 Jul 2014 09:52:48 +0200 + +nagios-nrpe (2.12-4) unstable; urgency=low + + The pidfile creation mechanism changed with this update. If you do not + add "pid_file=/var/run/nagios/nrpe.pid" to you nrpe config take care that + the user "nagios" is able to write to your pidfile location. You can also + change the initscript to create the pid directory on your own. + + -- Alexander Wirt Tue, 07 Jul 2009 07:42:13 +0200 + +nagios-nrpe (2.12-3) unstable; urgency=low + + The homedirectory of the nagios user moved to /var/lib/nagios + which is now common on all nagios related packages. Its recommended + that you migrate an already existing nagios user to use /var/lib/nagios + as homedirectory. + + -- Alexander Wirt Sat, 21 Mar 2009 09:08:58 +0100 + +nagios-nrpe (2.4-1) unstable; urgency=low + + the nagios-nrpe-doc package is no longer provided. the documentation + can now be found in /usr/share/doc/nagios-nrpe-{server|plugins}. new + versions of the plugin and server packages conflict with the doc + package to prevent the old (and possibly incorrect in the future) + documentation from remaining. to fully purge all information about + the package you should run: + dpkg -P nagios-nrpe-doc + + -- sean finney Mon, 13 Mar 2006 15:47:47 +0100 diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..1fbe5b7 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,23 @@ +nrpe +---- + +Put any local check command you need into /etc/nagios/nrpe_local.cfg or +as a *.cfg file in /etc/nagios/nrpe.d/ +This files are included from the /etc/nagios/nrpe.cfg + +This package is built without support for command argument processing. If you +want to enable it, you will have to rebuild this package with +--enable-command-args in debian/rules. +The feature has several security problems and should not be used. If you +really need some dynamic argument processing try check_by_ssh or something +similar. + +Do not rely on SSL mode for security +------------------------------------ + +NRPE contains an SSL mode which encrypts the data over the NRPE channel. +The current implementation does not verify client or server and uses +pregenerated key data by default. It cannot be fixed right away because +it would break the existing NRPE protocol. + +Please refer to the file SECURITY in this directory for more information. diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..98c5ea4 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,3 @@ +This package uses dpatch for its patch management, see +/usr/share/doc/dpatch/README.source.gz if you are unfamiliar with it. + diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..a0a0586 --- /dev/null +++ b/debian/TODO @@ -0,0 +1,5 @@ +TODO +==== + + +Add a nagios-common package which ships a user and homedir diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..4bb0989 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,314 @@ +nagios-nrpe (2.15-1) unstable; urgency=high + + * [f2cea9f] Imported Upstream version 2.15 + * [023e909] Disable command-args in nrpe. (Closes: #745272) + * [6369220] Use restorecon to set SE Linux context on $PIDDIR + (Closes: #679241) + * [a484e7d] Switch order of nagios-plugins recommends to prefer -basic. + (Closes: #752243) + * [b1ef043] Don't recommend a core implementation for the plugin + * [16dbf01] Remove obsolete patch + * [694b804] Remove luk from uploaders. (Closes: #719636) + * [28d9004] Remove obsolete patch + * [86ea67e] 08_CVE-2013-1362.dpatch is now obsolete + * [74e3b07] Refresh patches + * [1258ab2] Reword NEWS entry + * [744eec6] configure is buggy: --disable- in fact enables a feautre. + * [eec54b6] Adjust README.Debian for the removal or argument processing + + -- Alexander Wirt Tue, 15 Jul 2014 18:30:36 +0200 + +nagios-nrpe (2.13-4) unstable; urgency=low + + * [dcffec6] Do not remove the PID file after a connection error. + Original patch from Hiren Patel. (Closes: #716949) + + -- Bernd Zeimetz Mon, 15 Jul 2013 16:07:54 +0200 + +nagios-nrpe (2.13-3) unstable; urgency=high + + * [e55afd1] Add 08_CVE-2013-1362.dpatch patch. + If command arguments are enabled in the NRPE configuration, it was + possible to pass $() as arguments as the checking for nasty caracters + was not strict enough to catch $(). This allowed executing shell + commands under a subprocess and pass the output as a parameter to the + called script (if run under bash). CVE-2013-1362 (Closes: #701227) + + -- Alexander Wirt Sat, 09 Mar 2013 08:42:05 +0100 + +nagios-nrpe (2.13-2) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Add warning about the inadequateness of the 'ssl' option. + + -- Alexander Wirt Mon, 11 Feb 2013 17:45:20 +0100 + +nagios-nrpe (2.13-1) unstable; urgency=low + + * [3e113b5] Imported Upstream version 2.13 + * [acc152b] Bump standards version + * [c707bce] Use dh9 for hardening + * Updated patches + + -- Alexander Wirt Sat, 30 Jun 2012 11:08:22 +0200 + +nagios-nrpe (2.12-6) unstable; urgency=low + + * [36b1062] Add add icinga to the list of recommends + * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845) + * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe + (Closes: #650464) + + -- Alexander Wirt Mon, 30 Apr 2012 09:25:45 +0200 + +nagios-nrpe (2.12-5) unstable; urgency=low + + [ Alexander Wirt ] + * [e3af3bd] Bump compat to 8 + * [4f9e892] Add versioned depends to dpatch for sequence support + * [5ec5a3b] Install example nrpe_local.cfg + * [69ea7b9] Move rules file to dh + * [298f725] Use autotools_dev dh sequence helper + * [10da37d] Bump debhelper dependency to 8 + * [2b009ae] Bump standards version + * [4d093e3] Ignore usermod failure (Closes: #538894) + * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion + (Closes: #548157, #639523) + * [8050c97] Support multiarch in rulesfile (Closes: #642790) + * [027274f] Use pidfile for start-stop-daemon in start() + * [1f69c63] Support status in nrpe initscript + * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg + (Closes: #641933) + + [ Jan Wagner ] + * [0a80fdb] Update debian/README.Debian about conf.d/ + + -- Alexander Wirt Sun, 25 Sep 2011 08:35:48 +0200 + +nagios-nrpe (2.12-4) unstable; urgency=low + + * Build against libwrap0-dev (Closes: #412705) + * Remove 'last modified header' from nrpe config (Closes: #499280) + * Create /etc/nagios/nrpe.d (Closes: #505700, #474333) + * Fix pidfile handling (Closes: #411046) + * Add newer config.{guess,sub} (Closes: #535737) + - Build-depend on autotools-dev + * Delete /var/lib/nagios if empty after purge (Closes: #527069) + * Bump standards version (add README.source) + * Bump dh_compat version (remove -k from dh_clean) + + -- Alexander Wirt Mon, 06 Jul 2009 07:08:26 +0200 + +nagios-nrpe (2.12-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix bashism (Closes: #530149). + + -- Raphael Geissert Sat, 04 Jul 2009 20:23:23 -0500 + +nagios-nrpe (2.12-3) unstable; urgency=low + + * Sync homedirectory of the nagios user with the nagios3 package + (Closes: #479051) + * Removed now empty nagios-nrpe-plugins.post* scripts + + -- Alexander Wirt Sat, 21 Mar 2009 09:33:39 +0100 + +nagios-nrpe (2.12-2) unstable; urgency=low + + * Add myself to uploaders. + * Clean buffer before use (Closes: #498749). + * Remove pid file before creating a new ones (Closes: #411046). + * Include inetd support (Closes: #409772). + + -- Luk Claes Sun, 14 Sep 2008 16:04:17 +0200 + +nagios-nrpe (2.12-1) unstable; urgency=low + + * Support an nrpe.d config directory in addition to nrpe_local.cfg + (Closes: #474333) + * Add myself to uploaders + * Add watch file + * New upstream version (Closes: #475081) + * Acknowledge NMU from Chris Lamb (Closes: #484412) + * Recommend Nagios 3 instead of Nagios 2 + * Update copyright file + * Use the same homedir as nagios3 (Closes: #479051) + + -- Alexander Wirt Wed, 06 Aug 2008 20:33:57 +0200 + +nagios-nrpe (2.8.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix bashism in debian/rules (Closes: #484412) + * Bump Standards-Version to 3.8.0. + + -- Chris Lamb Sat, 12 Jul 2008 01:09:21 +0100 + +nagios-nrpe (2.8.1-1) unstable; urgency=low + + * New upstream release + * bump Recommends to nagios2, thanks to Henning Sprang + for suggesting this (closes: #399856). + * fix typo in package description, thanks to Tilman Koschnick for + noticing this (closes: #419130). + + -- sean finney Sat, 12 May 2007 12:27:30 +0200 + +nagios-nrpe (2.5.1-3) unstable; urgency=high + + * apparently we were already including another default file + without installing it, and some people were using it. so + now we include this one as well as the new default, with this + one taking precedence since it was there first. thanks to + Peter Palfrader for catching this (closes: #398914). + + -- sean finney Fri, 17 Nov 2006 09:17:55 +0100 + +nagios-nrpe (2.5.1-2) unstable; urgency=low + + * include a /etc/default/nagios-nrpe-server where variables + such as DAEMON_OPTS can be set (closes: #396709). + * bump standards version to 3.7.2 + * add pre-depends on adduser + * LSB-ize init script, and add dependency on lsb-base + + -- sean finney Sat, 04 Nov 2006 17:38:34 +0100 + +nagios-nrpe (2.5.1-1) unstable; urgency=low + + * new upstream release. includes fix from Peter Palfrader to catch + invalid free()'s when nrpe is called with --no-ssl (closes: #361233). + + -- sean finney Sun, 14 May 2006 21:38:48 -0500 + +nagios-nrpe (2.4-2) unstable; urgency=low + + [sean finney] + * removing nrpe_local.cfg caused trouble for some people, so + i've added it back in (closes: #360093). + + -- sean finney Fri, 31 Mar 2006 07:02:31 +0200 + +nagios-nrpe (2.4-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * (NEEDS TESTING) move away from cdbs for my own sanity. + * add build-dependency on dpatch. + * no longer create nrpe_local.cfg. no reason to have it. + * remove postinst script for nagios-nrpe-server, as all it + did was touch the previously mentioned file. + * upstream has incorporated the following patches: + - 02_global-cmd-prefix.dpatch + - 03_nrpe-trailing-whitespace.dpatch + * check_nrpe -h provides what "-a" does, but i've gone ahead and + added a comment in check_nrpe.cfg too, because it can't hurt + to do so :) (closes: #351714). + * no longer generate the nagios-nrpe-doc package, and move copies of + the documentation into the plugin and server packages. add a + Conflicts: nagios-nrpe-doc to the remaining packages to ensure + that the stale package doesn't remain. NEWS.Debian also mentions + this and instructs the admin to purge the package too. + + -- sean finney Tue, 24 Jan 2006 18:16:54 +0100 + +nagios-nrpe (2.2-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * debian packaging source repository is now migrated to svn. + * updated 01_nodevrandom-and-docoptions.dpatch and + 02_global-cmd-prefix.dpatch to apply against the latest + upstream version. + * nrpe.cfg has moved location in the upstream tarball. + * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression + in config file parsing until upstream incorporates it. + + -- sean finney Tue, 24 Jan 2006 17:52:54 +0100 + +nagios-nrpe (2.0-9) unstable; urgency=low + + * Sean Finney: + - nagios-nrpe has now joined forces with the debian pkg-nagios + project, updated Maintainer and Uploaders field accordingly. + - provide check_nrpe_1arg command definition so that one can call + check_nrpe both with and without arguments to the cmds + (closes: #248424). + - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect + the upcoming new nagios-plugins layout. + - changed nagios-nrpe-plugin's Depends on nagios to a Recommends. + - building issues seem to be resolved on arm now (closes: #259442). + - updated Standards-Version to 3.6.2 + - included patch from joerg and weasel to document some cmdline options + and provide a better alternative to reading a random byte from + /dev/random (closes: #333552). + - included "global command prefix" patch from joerg jaspert + (closes: #332253). + + -- sean finney Tue, 25 Oct 2005 10:04:59 -0400 + +nagios-nrpe (2.0-8) unstable; urgency=low + + * debian/control: change depends on nagios-plugins, to recommends. + (closes: #327199) + + -- Jason Thomas Mon, 10 Oct 2005 08:07:57 +1000 + +nagios-nrpe (2.0-7) unstable; urgency=high + + * The previous upload fixes a bug that breaks the install of this package so + this is a new upload with a high urgency to try and get it into sarge. + + -- Jason Thomas Thu, 19 Aug 2004 22:47:40 +1000 + +nagios-nrpe (2.0-6) unstable; urgency=low + + * nagios plugin config dir changed to etc/nagios-plugins/configs/ + (closes: #266826) + + -- Jason Thomas Thu, 19 Aug 2004 21:17:28 +1000 + +nagios-nrpe (2.0-5) unstable; urgency=low + + * debian/nagios-nrpe-server.preinst: added code to create nagios user and + group. + (closes: #248995, #241168) + + -- Jason Thomas Sat, 15 May 2004 12:02:35 +1000 + +nagios-nrpe (2.0-4) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added missing -d to restart. + (closes: #248797) + * debian/nrpe.1: renamed to nrpe.8 + * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8 + * debian/dirs: deleted it as its not needed. + + -- Jason Thomas Fri, 14 May 2004 14:05:03 +1000 + +nagios-nrpe (2.0-3) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which + will make upgrades and purges clean. + + -- Jason Thomas Wed, 24 Mar 2004 13:09:00 +1100 + +nagios-nrpe (2.0-2) unstable; urgency=low + + * debian/control: added build-depends cdbs + (closes: #230943) + * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server + (closes: #230303) + + -- Jason Thomas Wed, 11 Feb 2004 09:27:01 +1100 + +nagios-nrpe (2.0-1) unstable; urgency=low + + * Initial Release. + (closes: #209124) + + -- Jason Thomas Wed, 14 Jan 2004 16:13:36 +1100 + diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg new file mode 100644 index 0000000..0b98fa3 --- /dev/null +++ b/debian/check_nrpe.cfg @@ -0,0 +1,11 @@ +# this command runs a program $ARG1$ with arguments $ARG2$ +define command { + command_name check_nrpe + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ +} + +# this command runs a program $ARG1$ with no arguments +define command { + command_name check_nrpe_1arg + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ +} diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..2b651ee --- /dev/null +++ b/debian/control @@ -0,0 +1,36 @@ +Source: nagios-nrpe +Section: net +Priority: optional +Maintainer: Debian Nagios Maintainer Group +Uploaders: sean finney , Jason Thomas , Alexander Wirt +Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1) +Standards-Version: 3.9.5 + +Package: nagios-nrpe-server +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-3) +Pre-Depends: adduser +Conflicts: nagios-nrpe-doc +Recommends: nagios-plugins-basic | nagios-plugins +Description: Nagios Remote Plugin Executor Server + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This program runs as a background process on the remote host and processes + command execution requests from the check_nrpe plugin on the Nagios host. + +Package: nagios-nrpe-plugin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: nagios-nrpe-doc +Description: Nagios Remote Plugin Executor Plugin + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This is a plugin that is run on the Nagios host and is used to contact the + NRPE process on remote hosts. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..757e990 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,37 @@ +This package was debianized by Jason Thomas on +Wed, 14 Jan 2004 16:13:36 +1100. + +It was downloaded from http://www.nagios.org/download/extras.php + +Current Debian Maintainers: The nagios packaging team + http://alioth.debian.org/projects/pkg-nagios/ + +Mailing-List: + pkg-nagios-devel@lists.alioth.debian.org + +Upstream Author: Ethan Galstad (nagios@nagios.org) + +Copyright (c) 1999-2009 Ethan Galstad (nagios@nagios.org) + +License: + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL. + +There is an exception in the sourcecode for linking against openssl: + + This program is released under the GPL (see below) with the additional + exemption that compiling, linking, and/or using OpenSSL is allowed. + +The file src/snprintf.c is Copyright 1995 by Patrick Powell + +This code is based on code written by Patrick Powell (papowell@astart.com) +It may be used for any purpose as long as this notice remains intact +on all source code distributions + + diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..91d0516 --- /dev/null +++ b/debian/dirs @@ -0,0 +1 @@ +/etc/nagios/nrpe.d diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..6662772 --- /dev/null +++ b/debian/docs @@ -0,0 +1,3 @@ +README +LEGAL +SECURITY diff --git a/debian/nagios-nrpe-plugin.install b/debian/nagios-nrpe-plugin.install new file mode 100644 index 0000000..83318b8 --- /dev/null +++ b/debian/nagios-nrpe-plugin.install @@ -0,0 +1,2 @@ +src/check_nrpe usr/lib/nagios/plugins/ +debian/check_nrpe.cfg etc/nagios-plugins/config/ diff --git a/debian/nagios-nrpe-plugin.postrm b/debian/nagios-nrpe-plugin.postrm new file mode 100644 index 0000000..a77d21a --- /dev/null +++ b/debian/nagios-nrpe-plugin.postrm @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$1" = purge ]; then + test -d /var/lib/nagios && rmdir /var/lib/nagios || true #ignore non-failure errors +fi + +#DEBHELPER# + diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default new file mode 100644 index 0000000..a146d31 --- /dev/null +++ b/debian/nagios-nrpe-server.default @@ -0,0 +1,12 @@ +# defaults file for nagios-nrpe-server +# (this file is a /bin/sh compatible fragment) + +# DAEMON_OPTS are any extra cmdline parameters you'd like to +# pass along to the nrpe daemon +#DAEMON_OPTS="--no-ssl" + +# NICENESS is if you want to run the server at a different nice() priority +#NICENESS=5 + +# INETD is if you want to run the server via inetd (default=0, run as daemon) +#INETD=0 diff --git a/debian/nagios-nrpe-server.init b/debian/nagios-nrpe-server.init new file mode 100644 index 0000000..e0ca5c7 --- /dev/null +++ b/debian/nagios-nrpe-server.init @@ -0,0 +1,85 @@ +#! /bin/sh +# + +### BEGIN INIT INFO +# Provides: nagios-nrpe-server +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop the Nagios remote plugin execution daemon +### END INIT INFO + + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nrpe +NAME=nagios-nrpe +DESC=nagios-nrpe +CONFIG=/etc/nagios/nrpe.cfg +PIDDIR=/var/run/nagios + +test -x $DAEMON || exit 0 + +if ! [ -x "/lib/lsb/init-functions" ]; then + . /lib/lsb/init-functions +else + echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed" + exit 1 +fi + +# Include nagios-nrpe defaults if available +if [ -f /etc/default/nagios-nrpe-server ] ; then + . /etc/default/nagios-nrpe-server +fi +# we also used to include this file, so if it's there +# we include it as well +if [ -f /etc/default/nagios-nrpe ]; then + . /etc/default/nagios-nrpe +fi +if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi + +#since /var/run can be wiped completly we create our run directory here +if [ ! -d "$PIDDIR" ]; then + mkdir "$PIDDIR" + chown nagios "$PIDDIR" + [ -x /sbin/restorecon ] && /sbin/restorecon "$PIDDIR" +fi + +set -e + +case "$1" in + start) + if [ "$INETD" = 1 ]; then + exit 1 + fi + log_daemon_msg "Starting $DESC" "$NAME" + start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $DAEMON_OPTS + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDDIR/nrpe.pid --retry 15 + log_end_msg $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDDIR/nrpe.pid + log_end_msg $? + ;; + status) + status_of_proc -p $PIDDIR/nrpe.pid "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + log_failure_msg "Usage: $N {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/debian/nagios-nrpe-server.install b/debian/nagios-nrpe-server.install new file mode 100644 index 0000000..2da4764 --- /dev/null +++ b/debian/nagios-nrpe-server.install @@ -0,0 +1,3 @@ +src/nrpe usr/sbin +sample-config/nrpe.cfg etc/nagios +debian/nrpe_local.cfg etc/nagios diff --git a/debian/nagios-nrpe-server.manpages b/debian/nagios-nrpe-server.manpages new file mode 100644 index 0000000..d6530c4 --- /dev/null +++ b/debian/nagios-nrpe-server.manpages @@ -0,0 +1 @@ +debian/nrpe.8 diff --git a/debian/nagios-nrpe-server.preinst b/debian/nagios-nrpe-server.preinst new file mode 100644 index 0000000..08b348c --- /dev/null +++ b/debian/nagios-nrpe-server.preinst @@ -0,0 +1,55 @@ +#! /bin/sh +# preinst script for nagios-nrpe-server +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + if id nagios >/dev/null 2>&1 ; then + # We have a nagios user. + if [ `id nagios -g -n` != "nagios" ] ; then + addgroup --system nagios || true + #this can fail sometimes (i.e. with LDAP) so ignore it + usermod -g nagios nagios || true + fi + else + adduser --system --group --home /var/lib/nagios --quiet nagios + fi + +# if [ "$1" = "upgrade" ] +# then +# start-stop-daemon --stop --quiet --oknodo \ +# --pidfile /var/run/bud.pid \ +# --exec /usr/sbin/bud 2>/dev/null || true +# fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/nrpe.8 b/debian/nrpe.8 new file mode 100644 index 0000000..ccc9fb1 --- /dev/null +++ b/debian/nrpe.8 @@ -0,0 +1,52 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH NAGIOS-NRPE 8 "January 14, 2004" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +nrpe \- Nagios Remote Plugin Executor - Server +.SH SYNOPSIS +.B nagios-nrpe +\fI-c \fR +.SH DESCRIPTION +.PP +The purpose of this addon is to allow you to execute Nagios plugins on a +remote host in as transparent a manner as possible. +.PP +This program runs as a background process on the remote host and processes +command execution requests from the check_nrpe plugin on the Nagios host. +.SH OPTIONS +.IP + = Name of config file to use +.IP + = One of the following two operating modes: +.TP +\fB\-i\fR += Run as a service under inetd or xinetd +.TP +\fB\-d\fR += Run as a standalone daemon +.PP +Notes: +This program is designed to process requests from the check_nrpe +plugin on the host(s) running Nagios. It can run as a service +under inetd or xinetd (read the docs for info on this), or as a +standalone daemon. Once a request is received from an authorized +host, NRPE will execute the command/plugin (as defined in the +config file) and return the plugin output and return code to the +check_nrpe plugin. +.SH AUTHOR +This manual page was written by Jason Thomas , +for the Debian project (but may be used by others). diff --git a/debian/nrpe_local.cfg b/debian/nrpe_local.cfg new file mode 100644 index 0000000..9660438 --- /dev/null +++ b/debian/nrpe_local.cfg @@ -0,0 +1,3 @@ +###################################### +# Do any local nrpe configuration here +###################################### diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 0000000..bb9c4e6 --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1,6 @@ +02_nrpe.cfg_local-include.dpatch +03_support_nrpe.d.dpatch +05_pid_privileges.dpatch +06_pid_directory.dpatch +07_warn_ssloption.dpatch +09_noremove_pid.dpatch diff --git a/debian/patches/02_nrpe.cfg_local-include.dpatch b/debian/patches/02_nrpe.cfg_local-include.dpatch new file mode 100644 index 0000000..1b3252a --- /dev/null +++ b/debian/patches/02_nrpe.cfg_local-include.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_nrpe.cfg_local-include.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support nrpe_local.cfg + +@DPATCH@ +diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in 2006-02-03 23:02:32.000000000 +0100 ++++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in 2006-03-31 07:07:16.000000000 +0200 +@@ -178,3 +178,8 @@ + #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$ + #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ + #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ ++ ++# ++# local configuration: ++# if you'd prefer, you can instead place directives here ++include=/etc/nagios/nrpe_local.cfg diff --git a/debian/patches/03_support_nrpe.d.dpatch b/debian/patches/03_support_nrpe.d.dpatch new file mode 100644 index 0000000..2cdb171 --- /dev/null +++ b/debian/patches/03_support_nrpe.d.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_support_nrpe.d.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support an nrpe.d directory + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2008-04-15 23:53:48.000000000 +0200 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2008-04-15 23:54:48.000000000 +0200 +@@ -211,3 +211,9 @@ + # local configuration: + # if you'd prefer, you can instead place directives here + include=/etc/nagios/nrpe_local.cfg ++ ++# ++# you can place your config snipplets into nrpe.d/ ++# only snipplets ending in .cfg will get included ++include_dir=/etc/nagios/nrpe.d/ ++ ++ diff --git a/debian/patches/04_weird_output.dpatch b/debian/patches/04_weird_output.dpatch new file mode 100644 index 0000000..85faea1 --- /dev/null +++ b/debian/patches/04_weird_output.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_weird_output.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Clean buffer before use + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2012-04-30 09:52:47.890535825 +0200 +@@ -1107,6 +1107,9 @@ + /* disable connection alarm - a new alarm will be setup during my_system */ + alarm(0); + ++ // null buffer before using it! ++ memset(buffer,0,sizeof(buffer)); ++ + /* if this is the version check command, just spew it out */ + if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ + diff --git a/debian/patches/05_pid_privileges.dpatch b/debian/patches/05_pid_privileges.dpatch new file mode 100644 index 0000000..cfec725 --- /dev/null +++ b/debian/patches/05_pid_privileges.dpatch @@ -0,0 +1,27 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_pid_privileges.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2014-05-23 20:42:27.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2014-07-15 14:09:45.027422047 +0200 +@@ -317,13 +317,13 @@ + /* log info to syslog facility */ + syslog(LOG_NOTICE,"Starting up daemon"); + ++ /* drop privileges */ ++ drop_privileges(nrpe_user,nrpe_group); ++ + /* write pid file */ + if(write_pid_file()==ERROR) + return STATE_CRITICAL; + +- /* drop privileges */ +- drop_privileges(nrpe_user,nrpe_group); +- + /* make sure we're not root */ + check_privileges(); + diff --git a/debian/patches/06_pid_directory.dpatch b/debian/patches/06_pid_directory.dpatch new file mode 100644 index 0000000..a3b7e52 --- /dev/null +++ b/debian/patches/06_pid_directory.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_pid_directory.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2007-03-09 19:08:58.000000000 +0100 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2009-07-06 07:43:09.000000000 +0200 +@@ -16,7 +16,7 @@ + # number. The file is only written if the NRPE daemon is started by the root + # user and is running in standalone mode. + +-pid_file=/var/run/nrpe.pid ++pid_file=/var/run/nagios/nrpe.pid + + + diff --git a/debian/patches/07_warn_ssloption.dpatch b/debian/patches/07_warn_ssloption.dpatch new file mode 100644 index 0000000..5964ccc --- /dev/null +++ b/debian/patches/07_warn_ssloption.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_warn_ssloption.dpatch by Thijs Kinkhorst +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Warn against inadequateness of NRPE's own SSL option. + +--- a/SECURITY 2013-02-10 15:07:18.000000000 +0100 ++++ b/SECURITY 2013-02-10 15:08:50.000000000 +0100 +@@ -67,14 +67,17 @@ + ---------- + + If you do enable support for command arguments in the NRPE daemon, +-make sure that you encrypt communications either by using: +- +- 1. Stunnel (see http://www.stunnel.org for more info) +- 2. Native SSL support ++make sure that you encrypt communications either by using, for ++example, Stunnel (see http://www.stunnel.org for more info). + + Do NOT assume that just because the daemon is behind a firewall + that you are safe! Always encrypt NRPE traffic! + ++NOTE: the currently shipped native SSL support of NRPE is not an ++adequante protection, because it does not verify clients and ++server, and uses pregenerated key material. NRPE's SSL option is ++advised against. For more information, see Debian bug #547092. ++ + + USING ARGUMENTS + --------------- diff --git a/debian/patches/09_noremove_pid.dpatch b/debian/patches/09_noremove_pid.dpatch new file mode 100644 index 0000000..ce57531 --- /dev/null +++ b/debian/patches/09_noremove_pid.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 09_noremove_pid.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Do not remove the PID file after a connection error (original patch +## DP: from Hiren Patel) + +# Author: Hiren Patel +# From: http://comments.gmane.org/gmane.network.nagios.devel/6774 +# Bug-Debian: #716949 +# Bug-Ubuntu: https://launchpad.net/bugs/1126890 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2014-07-15 14:20:02.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2014-07-15 14:20:55.775429979 +0200 +@@ -998,7 +998,7 @@ + /* close socket prioer to exiting */ + close(sock); + +- return; ++ exit(STATE_CRITICAL); + } + + /* handle signals */ +@@ -1022,7 +1022,7 @@ + /* close socket prior to exiting */ + close(new_sd); + +- return; ++ exit(STATE_CRITICAL); + } + + /* is this is a blessed machine? */ diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..247b5d8 --- /dev/null +++ b/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +# newer dpkg set this by default. +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +# Include dpatch stuff. +include /usr/share/dpatch/dpatch.make + +%: + dh $@ --with dpatch,autotools_dev + +override_dh_auto_configure: + ./configure \ + --prefix=/usr \ + --enable-ssl \ + --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib/nagios/plugins \ + --libdir=/usr/lib/nagios + +override_dh_auto_install: diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..2d6451a --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://sf.net/nagios/nrpe-([0-9.]+).tar.gz