--- nagios-nrpe-2.13.orig/debian/check_nrpe.cfg +++ nagios-nrpe-2.13/debian/check_nrpe.cfg @@ -0,0 +1,11 @@ +# this command runs a program $ARG1$ with arguments $ARG2$ +define command { + command_name check_nrpe + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ +} + +# this command runs a program $ARG1$ with no arguments +define command { + command_name check_nrpe_1arg + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ +} --- nagios-nrpe-2.13.orig/debian/changelog +++ nagios-nrpe-2.13/debian/changelog @@ -0,0 +1,374 @@ +nagios-nrpe (2.13-3ubuntu2) saucy; urgency=low + + * debian/patches/09_noremove_pid.dpatch: + - Do not remove the PID file after a connection error + (original patch from Hiren Patel). (LP: #1126890) + + -- Michael Terry Fri, 24 May 2013 17:01:05 -0400 + +nagios-nrpe (2.13-3ubuntu1) saucy; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Michael Terry Tue, 30 Apr 2013 09:24:13 -0700 + +nagios-nrpe (2.13-3) unstable; urgency=high + + * [e55afd1] Add 08_CVE-2013-1362.dpatch patch. + If command arguments are enabled in the NRPE configuration, it was + possible to pass $() as arguments as the checking for nasty caracters + was not strict enough to catch $(). This allowed executing shell + commands under a subprocess and pass the output as a parameter to the + called script (if run under bash). CVE-2013-1362 (Closes: #701227) + + -- Alexander Wirt Sat, 09 Mar 2013 08:42:05 +0100 + +nagios-nrpe (2.13-2ubuntu1) raring; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Logan Rosen Sun, 24 Feb 2013 15:29:43 -0500 + +nagios-nrpe (2.13-2) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Add warning about the inadequateness of the 'ssl' option. + + -- Alexander Wirt Mon, 11 Feb 2013 17:45:20 +0100 + +nagios-nrpe (2.13-1ubuntu1) raring; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Logan Rosen Sat, 02 Feb 2013 18:16:48 -0500 + +nagios-nrpe (2.13-1) unstable; urgency=low + + * [3e113b5] Imported Upstream version 2.13 + * [acc152b] Bump standards version + * [c707bce] Use dh9 for hardening + * Updated patches + + -- Alexander Wirt Sat, 30 Jun 2012 11:08:22 +0200 + +nagios-nrpe (2.12-6ubuntu2) quantal; urgency=low + + * Fixed compiler hardening configuration. (LP: #1000379) + + -- Bryan D. Payne Wed, 16 May 2012 17:29:52 +0000 + +nagios-nrpe (2.12-6ubuntu1) quantal; urgency=low + + [ Dmitrijs Ledkovs ] + * Merge with Debian; remaining changes: + - debian/{rules,control}: add hardening-includes to gain PIE + security builds. + - Use dpkg-buildflags. + * Changes gained from Debian: + - [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe + (LP: #896388) + + [ Stéphane Graber ] + * Drop useless diff file in source package (xxx) that was added by + mistake in a previous merge. + + -- Stéphane Graber Thu, 03 May 2012 09:55:10 -0400 + +nagios-nrpe (2.12-6) unstable; urgency=low + + * [36b1062] Add add icinga to the list of recommends + * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845) + * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe + (Closes: #650464) + + -- Alexander Wirt Mon, 30 Apr 2012 09:25:45 +0200 + +nagios-nrpe (2.12-5ubuntu1) precise; urgency=low + + * Merge with Debian; remaining changes: + - debian/{rules,control}: add hardening-includes to gain PIE + security builds. + * Use dpkg-buildflags. + + -- Matthias Klose Tue, 18 Oct 2011 15:09:21 +0200 + +nagios-nrpe (2.12-5) unstable; urgency=low + + [ Alexander Wirt ] + * [e3af3bd] Bump compat to 8 + * [4f9e892] Add versioned depends to dpatch for sequence support + * [5ec5a3b] Install example nrpe_local.cfg + * [69ea7b9] Move rules file to dh + * [298f725] Use autotools_dev dh sequence helper + * [10da37d] Bump debhelper dependency to 8 + * [2b009ae] Bump standards version + * [4d093e3] Ignore usermod failure (Closes: #538894) + * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion + (Closes: #548157, #639523) + * [8050c97] Support multiarch in rulesfile (Closes: #642790) + * [027274f] Use pidfile for start-stop-daemon in start() + * [1f69c63] Support status in nrpe initscript + * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg + (Closes: #641933) + + [ Jan Wagner ] + * [0a80fdb] Update debian/README.Debian about conf.d/ + + -- Alexander Wirt Sun, 25 Sep 2011 08:35:48 +0200 + +nagios-nrpe (2.12-4ubuntu3) oneiric; urgency=low + + * Configure with --with-ssl-lib=. LP: #829434. + + -- Matthias Klose Thu, 25 Aug 2011 21:10:45 +0200 + +nagios-nrpe (2.12-4ubuntu2) oneiric; urgency=low + + * Rebuild for OpenSSL 1.0.0. + + -- Colin Watson Tue, 17 May 2011 12:16:15 +0100 + +nagios-nrpe (2.12-4ubuntu1) lucid; urgency=low + + * debian/{rules,control}: add hardening-includes to gain PIE + security builds. + * debian/control: Update maintainer according to spec. + + -- Chuck Short Thu, 07 Jan 2010 14:31:00 -0500 + +nagios-nrpe (2.12-4) unstable; urgency=low + + * Build against libwrap0-dev (Closes: #412705) + * Remove 'last modified header' from nrpe config (Closes: #499280) + * Create /etc/nagios/nrpe.d (Closes: #505700, #474333) + * Fix pidfile handling (Closes: #411046) + * Add newer config.{guess,sub} (Closes: #535737) + - Build-depend on autotools-dev + * Delete /var/lib/nagios if empty after purge (Closes: #527069) + * Bump standards version (add README.source) + * Bump dh_compat version (remove -k from dh_clean) + + -- Alexander Wirt Mon, 06 Jul 2009 07:08:26 +0200 + +nagios-nrpe (2.12-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix bashism (Closes: #530149). + + -- Raphael Geissert Sat, 04 Jul 2009 20:23:23 -0500 + +nagios-nrpe (2.12-3) unstable; urgency=low + + * Sync homedirectory of the nagios user with the nagios3 package + (Closes: #479051) + * Removed now empty nagios-nrpe-plugins.post* scripts + + -- Alexander Wirt Sat, 21 Mar 2009 09:33:39 +0100 + +nagios-nrpe (2.12-2) unstable; urgency=low + + * Add myself to uploaders. + * Clean buffer before use (Closes: #498749). + * Remove pid file before creating a new ones (Closes: #411046). + * Include inetd support (Closes: #409772). + + -- Luk Claes Sun, 14 Sep 2008 16:04:17 +0200 + +nagios-nrpe (2.12-1) unstable; urgency=low + + * Support an nrpe.d config directory in addition to nrpe_local.cfg + (Closes: #474333) + * Add myself to uploaders + * Add watch file + * New upstream version (Closes: #475081) + * Acknowledge NMU from Chris Lamb (Closes: #484412) + * Recommend Nagios 3 instead of Nagios 2 + * Update copyright file + * Use the same homedir as nagios3 (Closes: #479051) + + -- Alexander Wirt Wed, 06 Aug 2008 20:33:57 +0200 + +nagios-nrpe (2.8.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix bashism in debian/rules (Closes: #484412) + * Bump Standards-Version to 3.8.0. + + -- Chris Lamb Sat, 12 Jul 2008 01:09:21 +0100 + +nagios-nrpe (2.8.1-1) unstable; urgency=low + + * New upstream release + * bump Recommends to nagios2, thanks to Henning Sprang + for suggesting this (closes: #399856). + * fix typo in package description, thanks to Tilman Koschnick for + noticing this (closes: #419130). + + -- sean finney Sat, 12 May 2007 12:27:30 +0200 + +nagios-nrpe (2.5.1-3) unstable; urgency=high + + * apparently we were already including another default file + without installing it, and some people were using it. so + now we include this one as well as the new default, with this + one taking precedence since it was there first. thanks to + Peter Palfrader for catching this (closes: #398914). + + -- sean finney Fri, 17 Nov 2006 09:17:55 +0100 + +nagios-nrpe (2.5.1-2) unstable; urgency=low + + * include a /etc/default/nagios-nrpe-server where variables + such as DAEMON_OPTS can be set (closes: #396709). + * bump standards version to 3.7.2 + * add pre-depends on adduser + * LSB-ize init script, and add dependency on lsb-base + + -- sean finney Sat, 04 Nov 2006 17:38:34 +0100 + +nagios-nrpe (2.5.1-1) unstable; urgency=low + + * new upstream release. includes fix from Peter Palfrader to catch + invalid free()'s when nrpe is called with --no-ssl (closes: #361233). + + -- sean finney Sun, 14 May 2006 21:38:48 -0500 + +nagios-nrpe (2.4-2) unstable; urgency=low + + [sean finney] + * removing nrpe_local.cfg caused trouble for some people, so + i've added it back in (closes: #360093). + + -- sean finney Fri, 31 Mar 2006 07:02:31 +0200 + +nagios-nrpe (2.4-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * (NEEDS TESTING) move away from cdbs for my own sanity. + * add build-dependency on dpatch. + * no longer create nrpe_local.cfg. no reason to have it. + * remove postinst script for nagios-nrpe-server, as all it + did was touch the previously mentioned file. + * upstream has incorporated the following patches: + - 02_global-cmd-prefix.dpatch + - 03_nrpe-trailing-whitespace.dpatch + * check_nrpe -h provides what "-a" does, but i've gone ahead and + added a comment in check_nrpe.cfg too, because it can't hurt + to do so :) (closes: #351714). + * no longer generate the nagios-nrpe-doc package, and move copies of + the documentation into the plugin and server packages. add a + Conflicts: nagios-nrpe-doc to the remaining packages to ensure + that the stale package doesn't remain. NEWS.Debian also mentions + this and instructs the admin to purge the package too. + + -- sean finney Tue, 24 Jan 2006 18:16:54 +0100 + +nagios-nrpe (2.2-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * debian packaging source repository is now migrated to svn. + * updated 01_nodevrandom-and-docoptions.dpatch and + 02_global-cmd-prefix.dpatch to apply against the latest + upstream version. + * nrpe.cfg has moved location in the upstream tarball. + * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression + in config file parsing until upstream incorporates it. + + -- sean finney Tue, 24 Jan 2006 17:52:54 +0100 + +nagios-nrpe (2.0-9) unstable; urgency=low + + * Sean Finney: + - nagios-nrpe has now joined forces with the debian pkg-nagios + project, updated Maintainer and Uploaders field accordingly. + - provide check_nrpe_1arg command definition so that one can call + check_nrpe both with and without arguments to the cmds + (closes: #248424). + - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect + the upcoming new nagios-plugins layout. + - changed nagios-nrpe-plugin's Depends on nagios to a Recommends. + - building issues seem to be resolved on arm now (closes: #259442). + - updated Standards-Version to 3.6.2 + - included patch from joerg and weasel to document some cmdline options + and provide a better alternative to reading a random byte from + /dev/random (closes: #333552). + - included "global command prefix" patch from joerg jaspert + (closes: #332253). + + -- sean finney Tue, 25 Oct 2005 10:04:59 -0400 + +nagios-nrpe (2.0-8) unstable; urgency=low + + * debian/control: change depends on nagios-plugins, to recommends. + (closes: #327199) + + -- Jason Thomas Mon, 10 Oct 2005 08:07:57 +1000 + +nagios-nrpe (2.0-7) unstable; urgency=high + + * The previous upload fixes a bug that breaks the install of this package so + this is a new upload with a high urgency to try and get it into sarge. + + -- Jason Thomas Thu, 19 Aug 2004 22:47:40 +1000 + +nagios-nrpe (2.0-6) unstable; urgency=low + + * nagios plugin config dir changed to etc/nagios-plugins/configs/ + (closes: #266826) + + -- Jason Thomas Thu, 19 Aug 2004 21:17:28 +1000 + +nagios-nrpe (2.0-5) unstable; urgency=low + + * debian/nagios-nrpe-server.preinst: added code to create nagios user and + group. + (closes: #248995, #241168) + + -- Jason Thomas Sat, 15 May 2004 12:02:35 +1000 + +nagios-nrpe (2.0-4) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added missing -d to restart. + (closes: #248797) + * debian/nrpe.1: renamed to nrpe.8 + * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8 + * debian/dirs: deleted it as its not needed. + + -- Jason Thomas Fri, 14 May 2004 14:05:03 +1000 + +nagios-nrpe (2.0-3) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which + will make upgrades and purges clean. + + -- Jason Thomas Wed, 24 Mar 2004 13:09:00 +1100 + +nagios-nrpe (2.0-2) unstable; urgency=low + + * debian/control: added build-depends cdbs + (closes: #230943) + * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server + (closes: #230303) + + -- Jason Thomas Wed, 11 Feb 2004 09:27:01 +1100 + +nagios-nrpe (2.0-1) unstable; urgency=low + + * Initial Release. + (closes: #209124) + + -- Jason Thomas Wed, 14 Jan 2004 16:13:36 +1100 + --- nagios-nrpe-2.13.orig/debian/compat +++ nagios-nrpe-2.13/debian/compat @@ -0,0 +1 @@ +9 --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-server.init +++ nagios-nrpe-2.13/debian/nagios-nrpe-server.init @@ -0,0 +1,84 @@ +#! /bin/sh +# + +### BEGIN INIT INFO +# Provides: nagios-nrpe-server +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop the Nagios remote plugin execution daemon +### END INIT INFO + + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nrpe +NAME=nagios-nrpe +DESC=nagios-nrpe +CONFIG=/etc/nagios/nrpe.cfg +PIDDIR=/var/run/nagios + +test -x $DAEMON || exit 0 + +if ! [ -x "/lib/lsb/init-functions" ]; then + . /lib/lsb/init-functions +else + echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed" + exit 1 +fi + +# Include nagios-nrpe defaults if available +if [ -f /etc/default/nagios-nrpe-server ] ; then + . /etc/default/nagios-nrpe-server +fi +# we also used to include this file, so if it's there +# we include it as well +if [ -f /etc/default/nagios-nrpe ]; then + . /etc/default/nagios-nrpe +fi +if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi + +#since /var/run can be wiped completly we create our run directory here +if [ ! -d "$PIDDIR" ]; then + mkdir "$PIDDIR" + chown nagios "$PIDDIR" +fi + +set -e + +case "$1" in + start) + if [ "$INETD" = 1 ]; then + exit 1 + fi + log_daemon_msg "Starting $DESC" "$NAME" + start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $DAEMON_OPTS + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDDIR/nrpe.pid --retry 15 + log_end_msg $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDDIR/nrpe.pid + log_end_msg $? + ;; + status) + status_of_proc -p $PIDDIR/nrpe.pid "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + log_failure_msg "Usage: $N {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-server.default +++ nagios-nrpe-2.13/debian/nagios-nrpe-server.default @@ -0,0 +1,12 @@ +# defaults file for nagios-nrpe-server +# (this file is a /bin/sh compatible fragment) + +# DAEMON_OPTS are any extra cmdline parameters you'd like to +# pass along to the nrpe daemon +#DAEMON_OPTS="--no-ssl" + +# NICENESS is if you want to run the server at a different nice() priority +#NICENESS=5 + +# INETD is if you want to run the server via inetd (default=0, run as daemon) +#INETD=0 --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-server.preinst +++ nagios-nrpe-2.13/debian/nagios-nrpe-server.preinst @@ -0,0 +1,55 @@ +#! /bin/sh +# preinst script for nagios-nrpe-server +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + if id nagios >/dev/null 2>&1 ; then + # We have a nagios user. + if [ `id nagios -g -n` != "nagios" ] ; then + addgroup --system nagios || true + #this can fail sometimes (i.e. with LDAP) so ignore it + usermod -g nagios nagios || true + fi + else + adduser --system --group --home /var/lib/nagios --quiet nagios + fi + +# if [ "$1" = "upgrade" ] +# then +# start-stop-daemon --stop --quiet --oknodo \ +# --pidfile /var/run/bud.pid \ +# --exec /usr/sbin/bud 2>/dev/null || true +# fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- nagios-nrpe-2.13.orig/debian/dirs +++ nagios-nrpe-2.13/debian/dirs @@ -0,0 +1 @@ +/etc/nagios/nrpe.d --- nagios-nrpe-2.13.orig/debian/rules +++ nagios-nrpe-2.13/debian/rules @@ -0,0 +1,28 @@ +#!/usr/bin/make -f + +# newer dpkg set this by default. +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +# Include dpatch stuff. +include /usr/share/dpatch/dpatch.make + +include /usr/share/hardening-includes/hardening.make +CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(HARDENING_CFLAGS) +CXXFLAGS := $(shell dpkg-buildflags --get CXXFLAGS) $(HARDENING_CFLAGS) +LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) $(HARDENING_LDFLAGS) + +%: + dh $@ --with dpatch,autotools_dev + +override_dh_auto_configure: + CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ + --prefix=/usr \ + --enable-ssl \ + --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib/nagios/plugins \ + --libdir=/usr/lib/nagios \ + --enable-command-args + +override_dh_auto_install: --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-plugin.postrm +++ nagios-nrpe-2.13/debian/nagios-nrpe-plugin.postrm @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$1" = purge ]; then + test -d /var/lib/nagios && rmdir /var/lib/nagios || true #ignore non-failure errors +fi + +#DEBHELPER# + --- nagios-nrpe-2.13.orig/debian/control +++ nagios-nrpe-2.13/debian/control @@ -0,0 +1,38 @@ +Source: nagios-nrpe +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Nagios Maintainer Group +Uploaders: sean finney , Jason Thomas , Alexander Wirt , Luk Claes +Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1), hardening-includes +Standards-Version: 3.9.3 + +Package: nagios-nrpe-server +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-3) +Pre-Depends: adduser +Conflicts: nagios-nrpe-doc +Recommends: nagios-plugins | nagios-plugins-basic +Description: Nagios Remote Plugin Executor Server + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This program runs as a background process on the remote host and processes + command execution requests from the check_nrpe plugin on the Nagios host. + +Package: nagios-nrpe-plugin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: nagios-nrpe-doc +Recommends: nagios3 | icinga +Description: Nagios Remote Plugin Executor Plugin + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This is a plugin that is run on the Nagios host and is used to contact the + NRPE process on remote hosts. + --- nagios-nrpe-2.13.orig/debian/docs +++ nagios-nrpe-2.13/debian/docs @@ -0,0 +1,3 @@ +README +LEGAL +SECURITY --- nagios-nrpe-2.13.orig/debian/README.source +++ nagios-nrpe-2.13/debian/README.source @@ -0,0 +1,3 @@ +This package uses dpatch for its patch management, see +/usr/share/doc/dpatch/README.source.gz if you are unfamiliar with it. + --- nagios-nrpe-2.13.orig/debian/NEWS +++ nagios-nrpe-2.13/debian/NEWS @@ -0,0 +1,29 @@ +nagios-nrpe (2.12-4) unstable; urgency=low + + The pidfile creation mechanism changed with this update. If you do not + add "pid_file=/var/run/nagios/nrpe.pid" to you nrpe config take care that + the user "nagios" is able to write to your pidfile location. You can also + change the initscript to create the pid directory on your own. + + -- Alexander Wirt Tue, 07 Jul 2009 07:42:13 +0200 + +nagios-nrpe (2.12-3) unstable; urgency=low + + The homedirectory of the nagios user moved to /var/lib/nagios + which is now common on all nagios related packages. Its recommended + that you migrate an already existing nagios user to use /var/lib/nagios + as homedirectory. + + -- Alexander Wirt Sat, 21 Mar 2009 09:08:58 +0100 + +nagios-nrpe (2.4-1) unstable; urgency=low + + the nagios-nrpe-doc package is no longer provided. the documentation + can now be found in /usr/share/doc/nagios-nrpe-{server|plugins}. new + versions of the plugin and server packages conflict with the doc + package to prevent the old (and possibly incorrect in the future) + documentation from remaining. to fully purge all information about + the package you should run: + dpkg -P nagios-nrpe-doc + + -- sean finney Mon, 13 Mar 2006 15:47:47 +0100 --- nagios-nrpe-2.13.orig/debian/TODO +++ nagios-nrpe-2.13/debian/TODO @@ -0,0 +1,5 @@ +TODO +==== + + +Add a nagios-common package which ships a user and homedir --- nagios-nrpe-2.13.orig/debian/copyright +++ nagios-nrpe-2.13/debian/copyright @@ -0,0 +1,37 @@ +This package was debianized by Jason Thomas on +Wed, 14 Jan 2004 16:13:36 +1100. + +It was downloaded from http://www.nagios.org/download/extras.php + +Current Debian Maintainers: The nagios packaging team + http://alioth.debian.org/projects/pkg-nagios/ + +Mailing-List: + pkg-nagios-devel@lists.alioth.debian.org + +Upstream Author: Ethan Galstad (nagios@nagios.org) + +Copyright (c) 1999-2009 Ethan Galstad (nagios@nagios.org) + +License: + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL. + +There is an exception in the sourcecode for linking against openssl: + + This program is released under the GPL (see below) with the additional + exemption that compiling, linking, and/or using OpenSSL is allowed. + +The file src/snprintf.c is Copyright 1995 by Patrick Powell + +This code is based on code written by Patrick Powell (papowell@astart.com) +It may be used for any purpose as long as this notice remains intact +on all source code distributions + + --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-server.manpages +++ nagios-nrpe-2.13/debian/nagios-nrpe-server.manpages @@ -0,0 +1 @@ +debian/nrpe.8 --- nagios-nrpe-2.13.orig/debian/watch +++ nagios-nrpe-2.13/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://sf.net/nagios/nrpe-([0-9.]+).tar.gz --- nagios-nrpe-2.13.orig/debian/README.Debian +++ nagios-nrpe-2.13/debian/README.Debian @@ -0,0 +1,21 @@ +nrpe +---- + +Put any local check command you need into /etc/nagios/nrpe_local.cfg or +as a *.cfg file in /etc/nagios/nrpe.d/ +This files are included from the /etc/nagios/nrpe.cfg + +To enable the use of command argument processing change dont_blame_nrpe option +in nrpe.cfg then create the commands you want in nrpe_local.cfg or +/etc/nagios/nrpe.d/ +Most options can be overridden from there. + +Do not rely on SSL mode for security +------------------------------------ + +NRPE contains an SSL mode which encrypts the data over the NRPE channel. +The current implementation does not verify client or server and uses +pregenerated key data by default. It cannot be fixed right away because +it would break the existing NRPE protocol. + +Please refer to the file SECURITY in this directory for more information. --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-plugin.install +++ nagios-nrpe-2.13/debian/nagios-nrpe-plugin.install @@ -0,0 +1,2 @@ +src/check_nrpe usr/lib/nagios/plugins/ +debian/check_nrpe.cfg etc/nagios-plugins/config/ --- nagios-nrpe-2.13.orig/debian/nagios-nrpe-server.install +++ nagios-nrpe-2.13/debian/nagios-nrpe-server.install @@ -0,0 +1,3 @@ +src/nrpe usr/sbin +sample-config/nrpe.cfg etc/nagios +debian/nrpe_local.cfg etc/nagios --- nagios-nrpe-2.13.orig/debian/nrpe.8 +++ nagios-nrpe-2.13/debian/nrpe.8 @@ -0,0 +1,52 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH NAGIOS-NRPE 8 "January 14, 2004" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +nrpe \- Nagios Remote Plugin Executor - Server +.SH SYNOPSIS +.B nagios-nrpe +\fI-c \fR +.SH DESCRIPTION +.PP +The purpose of this addon is to allow you to execute Nagios plugins on a +remote host in as transparent a manner as possible. +.PP +This program runs as a background process on the remote host and processes +command execution requests from the check_nrpe plugin on the Nagios host. +.SH OPTIONS +.IP + = Name of config file to use +.IP + = One of the following two operating modes: +.TP +\fB\-i\fR += Run as a service under inetd or xinetd +.TP +\fB\-d\fR += Run as a standalone daemon +.PP +Notes: +This program is designed to process requests from the check_nrpe +plugin on the host(s) running Nagios. It can run as a service +under inetd or xinetd (read the docs for info on this), or as a +standalone daemon. Once a request is received from an authorized +host, NRPE will execute the command/plugin (as defined in the +config file) and return the plugin output and return code to the +check_nrpe plugin. +.SH AUTHOR +This manual page was written by Jason Thomas , +for the Debian project (but may be used by others). --- nagios-nrpe-2.13.orig/debian/nrpe_local.cfg +++ nagios-nrpe-2.13/debian/nrpe_local.cfg @@ -0,0 +1,3 @@ +###################################### +# Do any local nrpe configuration here +###################################### --- nagios-nrpe-2.13.orig/debian/patches/02_nrpe.cfg_local-include.dpatch +++ nagios-nrpe-2.13/debian/patches/02_nrpe.cfg_local-include.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_nrpe.cfg_local-include.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support nrpe_local.cfg + +@DPATCH@ +diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in 2006-02-03 23:02:32.000000000 +0100 ++++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in 2006-03-31 07:07:16.000000000 +0200 +@@ -178,3 +178,8 @@ + #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$ + #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ + #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ ++ ++# ++# local configuration: ++# if you'd prefer, you can instead place directives here ++include=/etc/nagios/nrpe_local.cfg --- nagios-nrpe-2.13.orig/debian/patches/00list +++ nagios-nrpe-2.13/debian/patches/00list @@ -0,0 +1,9 @@ +01_nodevrandom-and-docoptions.dpatch +02_nrpe.cfg_local-include.dpatch +03_support_nrpe.d.dpatch +04_weird_output.dpatch +05_pid_privileges.dpatch +06_pid_directory.dpatch +07_warn_ssloption.dpatch +08_CVE-2013-1362.dpatch +09_noremove_pid.dpatch --- nagios-nrpe-2.13.orig/debian/patches/03_support_nrpe.d.dpatch +++ nagios-nrpe-2.13/debian/patches/03_support_nrpe.d.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_support_nrpe.d.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support an nrpe.d directory + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2008-04-15 23:53:48.000000000 +0200 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2008-04-15 23:54:48.000000000 +0200 +@@ -211,3 +211,9 @@ + # local configuration: + # if you'd prefer, you can instead place directives here + include=/etc/nagios/nrpe_local.cfg ++ ++# ++# you can place your config snipplets into nrpe.d/ ++# only snipplets ending in .cfg will get included ++include_dir=/etc/nagios/nrpe.d/ ++ ++ --- nagios-nrpe-2.13.orig/debian/patches/05_pid_privileges.dpatch +++ nagios-nrpe-2.13/debian/patches/05_pid_privileges.dpatch @@ -0,0 +1,27 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_pid_privileges.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2012-06-30 11:03:29.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2012-06-30 11:03:46.791280548 +0200 +@@ -301,13 +301,13 @@ + /* log info to syslog facility */ + syslog(LOG_NOTICE,"Starting up daemon"); + ++ /* drop privileges */ ++ drop_privileges(nrpe_user,nrpe_group); ++ + /* write pid file */ + if(write_pid_file()==ERROR) + return STATE_CRITICAL; + +- /* drop privileges */ +- drop_privileges(nrpe_user,nrpe_group); +- + /* make sure we're not root */ + check_privileges(); + --- nagios-nrpe-2.13.orig/debian/patches/08_CVE-2013-1362.dpatch +++ nagios-nrpe-2.13/debian/patches/08_CVE-2013-1362.dpatch @@ -0,0 +1,26 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 08_CVE-2013-1362.dpatch by Salvatore Bonaccorso +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: nagios-nrpe prior to 2.14 allows the passing of $() as command +## DP: arguments to execute shell commands if command arguments are +## DP: explicitly enabled. Filtering out nasty caracters is not +## DP: strict enough to disallow $(), allowing executing shell commands +## DP: under a subprocess and pass the output as a parameter to the +## DP: called script (if run under bash). + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2013-03-09 08:12:53.000000000 +0100 ++++ pkg-nrpe/src/nrpe.c 2013-03-09 08:15:25.714710355 +0100 +@@ -1746,6 +1746,10 @@ + syslog(LOG_ERR,"Error: Request contained an empty command argument"); + return ERROR; + } ++ if(strstr(macro_argv[x],"$(")) { ++ syslog(LOG_ERR,"Error: Request contained a bash command substitution!"); ++ return ERROR; ++ } + } + } + #endif --- nagios-nrpe-2.13.orig/debian/patches/07_warn_ssloption.dpatch +++ nagios-nrpe-2.13/debian/patches/07_warn_ssloption.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_warn_ssloption.dpatch by Thijs Kinkhorst +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Warn against inadequateness of NRPE's own SSL option. + +--- a/SECURITY 2013-02-10 15:07:18.000000000 +0100 ++++ b/SECURITY 2013-02-10 15:08:50.000000000 +0100 +@@ -67,14 +67,17 @@ + ---------- + + If you do enable support for command arguments in the NRPE daemon, +-make sure that you encrypt communications either by using: +- +- 1. Stunnel (see http://www.stunnel.org for more info) +- 2. Native SSL support ++make sure that you encrypt communications either by using, for ++example, Stunnel (see http://www.stunnel.org for more info). + + Do NOT assume that just because the daemon is behind a firewall + that you are safe! Always encrypt NRPE traffic! + ++NOTE: the currently shipped native SSL support of NRPE is not an ++adequante protection, because it does not verify clients and ++server, and uses pregenerated key material. NRPE's SSL option is ++advised against. For more information, see Debian bug #547092. ++ + + USING ARGUMENTS + --------------- --- nagios-nrpe-2.13.orig/debian/patches/09_noremove_pid.dpatch +++ nagios-nrpe-2.13/debian/patches/09_noremove_pid.dpatch @@ -0,0 +1,33 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 09_noremove_pid.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Do not remove the PID file after a connection error (original patch +## DP: from Hiren Patel) + +# Author: Hiren Patel +# From: http://comments.gmane.org/gmane.network.nagios.devel/6774 +# Bug-Ubuntu: https://launchpad.net/bugs/1126890 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios-nrpe-2.13~/src/nrpe.c nagios-nrpe-2.13/src/nrpe.c +--- nagios-nrpe-2.13~/src/nrpe.c 2013-05-24 17:15:38.000000000 -0400 ++++ nagios-nrpe-2.13/src/nrpe.c 2013-05-24 17:16:16.512293650 -0400 +@@ -843,7 +843,7 @@ + /* close socket prioer to exiting */ + close(sock); + +- return; ++ exit(STATE_CRITICAL); + } + + /* handle signals */ +@@ -866,7 +866,7 @@ + /* close socket prior to exiting */ + close(new_sd); + +- return; ++ exit(STATE_CRITICAL); + } + + nptr=(struct sockaddr_in *)&addr; --- nagios-nrpe-2.13.orig/debian/patches/01_nodevrandom-and-docoptions.dpatch +++ nagios-nrpe-2.13/debian/patches/01_nodevrandom-and-docoptions.dpatch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_nodevrandom-and-docoptions.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/check_nrpe.c pkg-nrpe/src/check_nrpe.c +--- pkg-nrpe~/src/check_nrpe.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/check_nrpe.c 2012-04-30 09:45:36.129684439 +0200 +@@ -96,6 +96,9 @@ + printf(" [arglist] = Optional arguments that should be passed to the command. Multiple\n"); + printf(" arguments should be separated by a space. If provided, this must be\n"); + printf(" the last option supplied on the command line.\n"); ++ printf(" -h,--help Print this short help.\n"); ++ printf(" -l,--license Print licensing information.\n"); ++ printf(" -n,--no-ssl Do not initiate an ssl handshake with the server, talk in plaintext.\n"); + printf("\n"); + printf("Note:\n"); + printf("This plugin requires that you have the NRPE daemon running on the remote host.\n"); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/utils.c pkg-nrpe/src/utils.c +--- pkg-nrpe~/src/utils.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/utils.c 2012-04-30 09:48:03.811163608 +0200 +@@ -90,17 +90,7 @@ + ends and the rest of the buffer (padded randomly) starts. + ***************************************************************/ + +- /* try to get seed value from /dev/urandom, as its a better source of entropy */ +- fp=fopen("/dev/urandom","r"); +- if(fp!=NULL){ +- seed=fgetc(fp); +- fclose(fp); +- } +- +- /* else fallback to using the current time as the seed */ +- else +- seed=(int)time(NULL); +- ++ seed=(int)time(NULL)*311-getpid()*359+getppid()*383; + srand(seed); + for(x=0;x +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2007-03-09 19:08:58.000000000 +0100 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2009-07-06 07:43:09.000000000 +0200 +@@ -16,7 +16,7 @@ + # number. The file is only written if the NRPE daemon is started by the root + # user and is running in standalone mode. + +-pid_file=/var/run/nrpe.pid ++pid_file=/var/run/nagios/nrpe.pid + + + --- nagios-nrpe-2.13.orig/debian/patches/04_weird_output.dpatch +++ nagios-nrpe-2.13/debian/patches/04_weird_output.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_weird_output.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Clean buffer before use + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2012-04-30 09:52:47.890535825 +0200 +@@ -1107,6 +1107,9 @@ + /* disable connection alarm - a new alarm will be setup during my_system */ + alarm(0); + ++ // null buffer before using it! ++ memset(buffer,0,sizeof(buffer)); ++ + /* if this is the version check command, just spew it out */ + if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ +