Changes for CentOS 6

Makefile.in

@@ -103,7 +103,7 @@ install-init:
 		echo No init file to install; \
 		exit 1; \
 	fi
-	$(INSTALL) -m 644 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE)
+	$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE)
 
 install-config:
 	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) -d $(CFGDIR)

build-aux/ax_nagios_get_files

@@ -79,7 +79,7 @@ AS_CASE([$init_type],
 		src_inetd="solaris-PKG_NAME.xml",
 
 	[upstart],
-		src_init=default-init,
+		src_init=upstart-init,
 
 	[launchd],
 		src_init="mac-org.nagios.PKG_NAME.plist"

build-aux/ax_nagios_get_paths

@@ -660,8 +660,8 @@ AS_CASE([$init_type],
 		initconf=unknown,
 
 	[upstart],
-		initdir=${initdir="/etc/init.d"}
-		initname=${initname="$PKG_NAME"}
+		initdir=${initdir="/etc/init"}
+		initname=${initname="$PKG_NAME.conf"}
 		initconfdir=${initconfdir="/etc/default"}
 		initconf=${initconf="$initconfdir/$PKG_NAME"},
 

configure

@@ -3726,8 +3726,8 @@ case $init_type in #(
 		initconfdir=unknown
 		initconf=unknown ;; #(
   upstart) :
-    initdir=${initdir="/etc/init.d"}
-		initname=${initname="$PKG_NAME"}
+    initdir=${initdir="/etc/init"}
+		initname=${initname="$PKG_NAME.conf"}
 		initconfdir=${initconfdir="/etc/default"}
 		initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
   launchd) :
@@ -3815,7 +3815,7 @@ case $init_type in #(
     src_init="solaris-PKG_NAME.xml"
 		src_inetd="solaris-PKG_NAME.xml" ;; #(
   upstart) :
-    src_init=default-init ;; #(
+    src_init=upstart-init ;; #(
   launchd) :
     src_init="mac-org.nagios.PKG_NAME.plist"
 		src_inetd="mac-org.nagios.PKG_NAME.plist" ;; #(

sample-config/nrpe.cfg.in

@@ -1,7 +1,7 @@
 #############################################################################
-# Sample NRPE Config File 
+# Sample NRPE Config File
 # Written by: Ethan Galstad (nagios@nagios.org)
-# 
+#
 # Last Modified: 11-23-2007
 #
 # NOTES:
@@ -54,9 +54,9 @@ server_port=@nrpe_port@
 
 
 # NRPE USER
-# This determines the effective user that the NRPE daemon should run as.  
+# This determines the effective user that the NRPE daemon should run as.
 # You can either supply a username or a UID.
-# 
+#
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
 nrpe_user=@nrpe_user@
@@ -64,9 +64,9 @@ nrpe_user=@nrpe_user@
 
 
 # NRPE GROUP
-# This determines the effective group that the NRPE daemon should run as.  
+# This determines the effective group that the NRPE daemon should run as.
 # You can either supply a group name or a GID.
-# 
+#
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
 nrpe_group=@nrpe_group@
@@ -74,9 +74,9 @@ nrpe_group=@nrpe_group@
 
 
 # ALLOWED HOST ADDRESSES
-# This is an optional comma-delimited list of IP address or hostnames 
+# This is an optional comma-delimited list of IP address or hostnames
 # that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
-# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently 
+# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
 # supported.
 #
 # Note: The daemon only does rudimentary checking of the client's IP
@@ -87,16 +87,16 @@ nrpe_group=@nrpe_group@
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
 allowed_hosts=127.0.0.1
- 
+
 
 
 # COMMAND ARGUMENT PROCESSING
 # This option determines whether or not the NRPE daemon will allow clients
 # to specify arguments to commands that are executed.  This option only works
 # if the daemon was configured with the --enable-command-args configure script
-# option.  
+# option.
 #
-# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
+# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
 # Read the SECURITY file for information on some of the security implications
 # of enabling this variable.
 #
@@ -109,15 +109,15 @@ dont_blame_nrpe=0
 # BASH COMMAND SUBTITUTION
 # This option determines whether or not the NRPE daemon will allow clients
 # to specify arguments that contain bash command substitutions of the form
-# $(...).  This option only works if the daemon was configured with both 
-# the --enable-command-args and --enable-bash-command-substitution configure 
+# $(...).  This option only works if the daemon was configured with both
+# the --enable-command-args and --enable-bash-command-substitution configure
 # script options.
 #
-# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** 
+# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
 # Read the SECURITY file for information on some of the security implications
 # of enabling this variable.
 #
-# Values: 0=do not allow bash command substitutions, 
+# Values: 0=do not allow bash command substitutions,
 #         1=allow bash command substitutions
 
 allow_bash_command_substitution=0
@@ -130,9 +130,9 @@ allow_bash_command_substitution=0
 # command line from the command definition.
 #
 # *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
-# Usage scenario: 
+# Usage scenario:
 # Execute restricted commmands using sudo.  For this to work, you need to add
-# the nagios user to your /etc/sudoers.  An example entry for alllowing 
+# the nagios user to your /etc/sudoers.  An example entry for alllowing
 # execution of the plugins from might be:
 #
 # nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
@@ -141,7 +141,7 @@ allow_bash_command_substitution=0
 # without asking for a password.  If you do this, make sure you don't give
 # random users write access to that directory or its contents!
 
-# command_prefix=/usr/bin/sudo 
+# command_prefix=/usr/bin/sudo
 
 
 
@@ -186,6 +186,73 @@ connection_timeout=300
 
 
 
+# SSL/TLS OPTIONS
+# These directives allow you to specify how to use SSL/TLS.
+
+# SSL VERSION
+# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
+#        SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
+#        TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
+#        TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
+#        TLSv1.2+ (use TLSv1.2 or above)
+# If an "or above" version is used, the best will be negotiated. So if both
+# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
+
+# ssl_version=SSLv2+
+ssl_version=TLSv1+
+
+# SSL USE ADH
+# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
+# ADH or 2 to require ADH. 1 is currently the default but will be changed
+# in a later version.
+
+# ssl_use_adh=1
+# ssl_use_adh=2
+
+# SSL CIPHER LIST
+# This lists which ciphers can be used. For backward compatibility, this
+# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
+# will be changed to something like the example below in a later version of NRPE.
+
+# ssl_cipher_list=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+ssl_cipher_list=ALL:!MD5:@STRENGTH
+# ssl_cipher_list=ADH
+# ssl_cipher_list=ECDH
+
+# SSL Certificate and Private Key Files
+
+#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
+#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
+#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
+ssl_cacert_file=/usr/local/nagios/etc/ssl/ca/ca_cert.pem
+ssl_cert_file=/usr/local/nagios/etc/ssl/server_certs/db_server.pem
+ssl_privatekey_file=/usr/local/nagios/etc/ssl/server_certs/db_server.key
+
+# SSL USE CLIENT CERTS
+# This options determines client certificate usage.
+# Values: 0 = Don't ask for or require client certificates
+#         1 = Ask for client certificates
+#         2 = Require client certificates
+
+ssl_client_certs=2
+
+# SSL LOGGING
+# This option determines which SSL messages are send to syslog. OR values
+# together to specify multiple options.
+
+# Values: 0x00 (0)  = No additional logging (default)
+#         0x01 (1)  = Log startup SSL/TLS parameters
+#         0x02 (2)  = Log remote IP address
+#         0x04 (4)  = Log SSL/TLS version of connections
+#         0x08 (8)  = Log which cipher is being used for the connection
+#         0x10 (26) = Log if client has a certificate
+#         0x20 (32) = Log details of client's certificate if it has one
+#         -1 or 0xff or 0x2f = All of the above
+
+ssl_logging=0x2f
+
+
+
 # INCLUDE CONFIG FILE
 # This directive allows you to include definitions from an external config file.
 
@@ -228,11 +295,11 @@ command[check_users]=@pluginsdir@/check_users -w 5 -c 10
 command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20
 command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
 command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
-command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200 
+command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
 
 
 # The following examples allow user-supplied arguments and can
-# only be used if the NRPE daemon was compiled with support for 
+# only be used if the NRPE daemon was compiled with support for
 # command arguments *AND* the dont_blame_nrpe directive in this
 # config file is set to '1'.  This poses a potential security risk, so
 # make sure you read the SECURITY file before doing this.

startup/rh-upstart-init.in

@@ -0,0 +1,17 @@
+# nrpe - the Nagios Remote Plugin Executor
+#
+# nrpe is a program that runs plugins on this host
+# and reports the results back to a nagios server
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+
+description		"the Nagios Remote Plugin Executor"
+
+oom score -800
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+respawn
+
+exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -d

startup/upstart-init.in

@@ -14,7 +14,6 @@ setuid @nrpe_user@
 start on (local-filesystems and net-device-up IFACE!=lo)
 stop on runlevel [!2345]
 
-expect daemon
 respawn
 
 exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f