New installation commands, updated sample config files

Changelog

@@ -3,6 +3,13 @@ NRPE Changelog
 **************
 
 
+2.8b1 - 03/??/2007
+-----------------
+- Changes to sample config files
+- Added ';' as an additional prohibited metachar for command arguments
+- Updated documentation and added easier installation commands
+
+
 2.7.1 - 03/08/2007
 ------------------
 - Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)

Makefile.in

@@ -1,7 +1,7 @@
 ###############################
 # Makefile for NRPE
 #
-# Last Modified: 10-14-2003
+# Last Modified: 03-09-2007
 ###############################
 
 
@@ -9,6 +9,24 @@
 SRC_BASE=./src/
 SRC_INCLUDE=./include/
 
+CC=@CC@
+CFLAGS=@CFLAGS@ @DEFS@
+LDFLAGS=@LDFLAGS@ @LIBS@
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+CFGDIR=@sysconfdir@
+BINDIR=@bindir@
+SBINDIR=@sbindir@
+LIBEXECDIR=@libexecdir@
+INSTALL=@INSTALL@
+NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
+NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
+
+INIT_DIR=@init_dir@
+INIT_OPTS=-o root -g root
+
+
 all:
 	cd $(SRC_BASE); $(MAKE) ; cd ..
 
@@ -44,6 +62,21 @@ check_nrpe:
 	cd $(SRC_BASE); $(MAKE) ; cd ..
 
 
+install-plugin:
+	cd $(SRC_BASE) && $(MAKE) $@
+
+install-daemon:
+	cd $(SRC_BASE) && $(MAKE) $@
+
+install:
+	cd $(SRC_BASE) && $(MAKE) $@
+
+install-xinetd:
+	$(INSTALL) -m 644 sample-config/nrpe-xinetd /etc/xinetd.d/nrpe 
+
+install-daemon-config:
+	$(INSTALL) -m 644 sample-config/nrpe.xinetd /etc/xinetd.d/nrpe 
+
 clean:
 	cd $(SRC_BASE); $(MAKE) $@ ; cd ..
 	rm -f core

SECURITY

@@ -44,14 +44,13 @@ ILLEGAL METACHARS
 -----------------
 
 To help prevent some nasty things from being done by evil 
-clients, the following twelve metacharacters are not allowed
+clients, the following metacharacters are not allowed
 in client command arguments:
 
-   | ` & > < ' " \ [ ] { }
+   | ` & > < ' " \ [ ] { } ; !
 
 Any client request which contains the abovementioned metachars
-is discarded.  Also, the bang character (!) is not allowed, as
-it is used internally as a delimiter between command arguments.
+is discarded.
 
 
 USER/GROUP RESTRICTIONS

configure

@@ -310,7 +310,7 @@ ac_includes_default="\
 # include <unistd.h>
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA INSTALL build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT SET_MAKE CPP EGREP OTHERLIBS SOCKETLIBS LIBWRAPLIBS HAVE_SSL nrpe_user nrpe_grp nrpe_port PERL LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA INSTALL build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT SET_MAKE CPP EGREP OTHERLIBS SOCKETLIBS LIBWRAPLIBS HAVE_SSL nrpe_user nrpe_group NRPE_INSTALL_OPTS nrpe_port nagios_user nagios_group NAGIOS_INSTALL_OPTS PERL LIBOBJS LTLIBOBJS'
 ac_subst_files=''
 
 # Initialize some variables set by options.
@@ -857,6 +857,8 @@ Optional Packages:
 --with-nrpe-user=<user> sets user name to run NRPE
 --with-nrpe-group=<group> sets group name to run NRPE
 --with-nrpe-port=<port> sets port number for NRPE to listen on
+--with-nagios-user=<user> sets user name forfile permissions
+--with-nagios-group=<grp> sets group name file permissions
 
 Some influential environment variables:
   CC          C compiler command
@@ -6119,7 +6121,7 @@ if test "${with_nrpe_group+set}" = set; then
   withval="$with_nrpe_group"
   nrpe_grp=$withval
 else
-  nrpe_grp=nagios
+  nrpe_group=nagios
 fi;
 
 # Check whether --with-nrpe_port or --without-nrpe_port was given.
@@ -6131,12 +6133,37 @@ else
 fi;
 
 
+NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
+
 
 cat >>confdefs.h <<_ACEOF
 #define DEFAULT_SERVER_PORT $nrpe_port
 _ACEOF
 
 
+
+# Check whether --with-nagios_user or --without-nagios_user was given.
+if test "${with_nagios_user+set}" = set; then
+  withval="$with_nagios_user"
+  nagios_user=$withval
+else
+  nagios_user=nagios
+fi;
+
+# Check whether --with-nagios_group or --without-nagios_group was given.
+if test "${with_nagios_group+set}" = set; then
+  withval="$with_nagios_group"
+  nagios_grp=$withval
+else
+  nagios_group=nagios
+fi;
+
+
+NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
+
+
+A
+
 # Check whether --enable-command-args or --disable-command-args was given.
 if test "${enable_command_args+set}" = set; then
   enableval="$enable_command_args"
@@ -6774,8 +6801,12 @@ s,@SOCKETLIBS@,$SOCKETLIBS,;t t
 s,@LIBWRAPLIBS@,$LIBWRAPLIBS,;t t
 s,@HAVE_SSL@,$HAVE_SSL,;t t
 s,@nrpe_user@,$nrpe_user,;t t
-s,@nrpe_grp@,$nrpe_grp,;t t
+s,@nrpe_group@,$nrpe_group,;t t
+s,@NRPE_INSTALL_OPTS@,$NRPE_INSTALL_OPTS,;t t
 s,@nrpe_port@,$nrpe_port,;t t
+s,@nagios_user@,$nagios_user,;t t
+s,@nagios_group@,$nagios_group,;t t
+s,@NAGIOS_INSTALL_OPTS@,$NAGIOS_INSTALL_OPTS,;t t
 s,@PERL@,$PERL,;t t
 s,@LIBOBJS@,$LIBOBJS,;t t
 s,@LTLIBOBJS@,$LTLIBOBJS,;t t
@@ -7291,8 +7322,8 @@ echo "$as_me:$LINENO: result:  NRPE port:  $nrpe_port" >&5
 echo "${ECHO_T} NRPE port:  $nrpe_port" >&6
 echo "$as_me:$LINENO: result:  NRPE user:  $nrpe_user" >&5
 echo "${ECHO_T} NRPE user:  $nrpe_user" >&6
-echo "$as_me:$LINENO: result:  NRPE group: $nrpe_grp" >&5
-echo "${ECHO_T} NRPE group: $nrpe_grp" >&6
+echo "$as_me:$LINENO: result:  NRPE group: $nrpe_group" >&5
+echo "${ECHO_T} NRPE group: $nrpe_group" >&6
 
 
 echo ""

configure.in

@@ -259,13 +259,24 @@ if test x$check_for_ssl = xyes; then
 fi
 
 AC_ARG_WITH(nrpe_user,--with-nrpe-user=<user> sets user name to run NRPE,nrpe_user=$withval,nrpe_user=nagios)
-AC_ARG_WITH(nrpe_group,--with-nrpe-group=<group> sets group name to run NRPE,nrpe_grp=$withval,nrpe_grp=nagios)
+AC_ARG_WITH(nrpe_group,--with-nrpe-group=<group> sets group name to run NRPE,nrpe_grp=$withval,nrpe_group=nagios)
 AC_ARG_WITH(nrpe_port,--with-nrpe-port=<port> sets port number for NRPE to listen on,nrpe_port=$withval,nrpe_port=5666)
 AC_SUBST(nrpe_user)
-AC_SUBST(nrpe_grp)
+AC_SUBST(nrpe_group)
+NRPE_INSTALL_OPTS="-o $nrpe_user -g $nrpe_group"
+AC_SUBST(NRPE_INSTALL_OPTS)
 AC_SUBST(nrpe_port)
 AC_DEFINE_UNQUOTED(DEFAULT_SERVER_PORT,$nrpe_port)
 
+AC_ARG_WITH(nagios_user,--with-nagios-user=<user> sets user name forfile permissions,nagios_user=$withval,nagios_user=nagios)
+AC_ARG_WITH(nagios_group,--with-nagios-group=<grp> sets group name file permissions,nagios_grp=$withval,nagios_group=nagios)
+AC_SUBST(nagios_user)
+AC_SUBST(nagios_group)
+NAGIOS_INSTALL_OPTS="-o $nagios_user -g $nagios_group"
+AC_SUBST(NAGIOS_INSTALL_OPTS)
+
+A
+
 AC_ARG_ENABLE(command-args,--enable-command-args allows clients to specify command arguments.  *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!,AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS))
 
 
@@ -290,7 +301,7 @@ echo " -------------------------"
 
 AC_MSG_RESULT([ NRPE port:  $nrpe_port])
 AC_MSG_RESULT([ NRPE user:  $nrpe_user])
-AC_MSG_RESULT([ NRPE group: $nrpe_grp])
+AC_MSG_RESULT([ NRPE group: $nrpe_group])
 
 
 echo ""

include/dh.h

@@ -4,12 +4,12 @@
 DH *get_dh512()
 	{
 	static unsigned char dh512_p[]={
-		0xAF,0x2D,0x6D,0x09,0x3D,0xFE,0x41,0x34,0x51,0xFF,0xCB,0x76,
-		0xF7,0x45,0x00,0x85,0x76,0xED,0xF8,0xD9,0x2C,0xD8,0x08,0x4C,
-		0x0E,0xA9,0xA4,0x90,0x12,0x80,0x85,0x0D,0x18,0xF7,0xAF,0xB6,
-		0xC6,0xDE,0xC4,0x65,0x51,0x9A,0x9F,0x17,0xA2,0x11,0x0D,0x0E,
-		0x57,0xE0,0xC3,0x2C,0x15,0x87,0x7D,0x9B,0x1F,0x07,0x14,0x9D,
-		0xE2,0x54,0x03,0x53,
+		0xD8,0x2E,0x02,0x67,0x1D,0x05,0xA6,0xCA,0xFA,0x3C,0xC8,0xFD,
+		0xF3,0xAA,0x46,0xCB,0xF0,0x2C,0x8A,0xE8,0x85,0x9A,0xB5,0x02,
+		0x43,0x38,0x71,0x1A,0x08,0x50,0x30,0xE8,0x05,0x53,0x8F,0x35,
+		0xB3,0xF9,0xD7,0x20,0xD4,0x1E,0x13,0xAC,0x8B,0x4F,0x7D,0x66,
+		0x6C,0x77,0xE0,0xFB,0xAF,0xCB,0x16,0x2B,0x6E,0xAF,0xF0,0x73,
+		0x08,0x3E,0x98,0x43,
 		};
 	static unsigned char dh512_g[]={
 		0x02,

sample-config/nrpe.cfg.in

@@ -2,7 +2,7 @@
 # Sample NRPE Config File 
 # Written by: Ethan Galstad (nagios@nagios.org)
 # 
-# Last Modified: 12-11-2006
+# Last Modified: 03-09-2007
 #
 # NOTES:
 # This is a sample configuration file for the NRPE daemon.  It needs to be
@@ -34,7 +34,7 @@ server_port=@nrpe_port@
 # and you do not want nrpe to bind on all interfaces.
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
-#server_address=192.168.1.1
+#server_address=127.0.0.1
 
 
 
@@ -54,7 +54,7 @@ nrpe_user=@nrpe_user@
 # 
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
-nrpe_group=@nrpe_grp@
+nrpe_group=@nrpe_group@
 
 
 
@@ -69,7 +69,7 @@ nrpe_group=@nrpe_grp@
 #
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
-#allowed_hosts=127.0.0.1,192.168.0.2
+allowed_hosts=127.0.0.1
  
 
 
@@ -186,19 +186,21 @@ connection_timeout=300
 # to match the argument format the plugins expect.  Remember, these are
 # examples only!
 
+
 # The following examples use hardcoded command arguments...
 
 command[check_users]=@libexecdir@/check_users -w 5 -c 10
 command[check_load]=@libexecdir@/check_load -w 15,10,5 -c 30,25,20
-command[check_disk1]=@libexecdir@/check_disk -w 20 -c 10 -p /dev/hda1
-command[check_disk2]=@libexecdir@/check_disk -w 20 -c 10 -p /dev/hdb1
+command[check_hda1]=@libexecdir@/check_disk -w 20 -c 10 -p /dev/hda1
 command[check_zombie_procs]=@libexecdir@/check_procs -w 5 -c 10 -s Z
 command[check_total_procs]=@libexecdir@/check_procs -w 150 -c 200 
 
+
 # The following examples allow user-supplied arguments and can
 # only be used if the NRPE daemon was compiled with support for 
 # command arguments *AND* the dont_blame_nrpe directive in this
-# config file is set to '1'...
+# config file is set to '1'.  This poses a potential security risk, so
+# make sure you read the SECURITY file before doing this.
 
 #command[check_users]=@libexecdir@/check_users -w $ARG1$ -c $ARG2$
 #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$

sample-config/nrpe.xinetd.in

@@ -6,7 +6,7 @@ service nrpe
         socket_type     = stream        
        	wait            = no
         user            = @nrpe_user@
-	group		= @nrpe_grp@
+	group		= @nrpe_group@
        	server          = @bindir@/nrpe
         server_args     = -c @sysconfdir@/nrpe.cfg --inetd
        	log_on_failure  += USERID

src/Makefile.in

@@ -17,6 +17,16 @@ OTHERLIBS=@OTHERLIBS@
 
 CP=@CP@
 
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+CFGDIR=@sysconfdir@
+BINDIR=@bindir@
+SBINDIR=@sbindir@
+LIBEXECDIR=@libexecdir@
+INSTALL=@INSTALL@
+NAGIOS_INSTALL_OPTS=@NAGIOS_INSTALL_OPTS@
+NRPE_INSTALL_OPTS=@NRPE_INSTALL_OPTS@
+
 
 all: nrpe check_nrpe
 
@@ -26,6 +36,16 @@ nrpe: nrpe.c utils.c $(SRC_INCLUDE)/nrpe.h $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)
 check_nrpe: check_nrpe.c utils.c $(SRC_INCLUDE)/utils.h $(SRC_INCLUDE)/common.h $(SRC_INCLUDE)/config.h
 	$(CC) $(CFLAGS) -o $@ check_nrpe.c utils.c $(LDFLAGS) $(SOCKETLIBS) $(OTHERLIBS)
 
+install:
+	$(MAKE) install-plugin
+	$(MAKE) install-daemon
+
+install-plugin:
+	$(INSTALL) -m 775 $(NAGIOS_INSTALL_OPTS) check_nrpe $(DESTDIR)$(LIBEXECDIR)
+
+install-daemon:
+	$(INSTALL) -m 775 $(NRPE_INSTALL_OPTS) nrpe $(DESTDIR)$(BINDIR)
+
 clean:
 	rm -f core nrpe check_nrpe
 	rm -f *~ */*~

src/nrpe.c

@@ -4,7 +4,7 @@
  * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 03-08-2007
+ * Last Modified: 03-09-2007
  *
  * Command line: nrpe -c <config_file> [--inetd | --daemon]
  *
@@ -42,7 +42,7 @@ int use_ssl=FALSE;
 
 #define DEFAULT_COMMAND_TIMEOUT	60			/* default timeout for execution of plugins */
 #define MAXFD                   64
-#define NASTY_METACHARS         "|`&><'\"\\[]{}"
+#define NASTY_METACHARS         "|`&><'\"\\[]{};"
 
 char    *command_name=NULL;
 char    *macro_argv[MAX_COMMAND_ARGUMENTS];

subst.in

@@ -21,7 +21,7 @@ while ($f = shift @ARGV) {
 
 	while (<IN>) {
 		s|\@nrpe_user\@|@nrpe_user@|g;
-		s|\@nrpe_grp\@|@nrpe_grp@|g;
+		s|\@nrpe_group\@|@nrpe_group@|g;
 		s|\@nrpe_port\@|@nrpe_port@|g;
 		s|\@libexecdir\@|@libexecdir@|g; # put all --with-vars before directories
 		s|\@localstatedir\@|@localstatedir@|g;