merge maint into master, 3.2.0 release

Changelog

@@ -2,6 +2,27 @@
 NRPE Changelog
 **************
 
+3.2.0 - 2017-06-26
+------------------
+ENHANCEMENTS
+- Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden)
+- Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden)
+- Added support for Gentoo init (Troy Lea @box293)
+- Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden)
+- Added -V, --version to nrpe and fixed the output (Bryan Heden)
+- Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden)
+- Updated logic in al parse_allowed_hosts (Bryan Heden)
+- Added builtin OpenSSL Engine support where available (Bryan Heden + @skrueger8)
+- Clean up compilation warnings (Bryan Heden)
+- Added more commented commands in nrpe.cfg (Bryan Heden)
+
+FIXES
+- Undefined check returns UNKNOWN (Bryan Heden)
+- Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden)
+- Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden)
+- Fix improper valid/invalid certificate warnings (Bryan Heden)
+
+
 3.1.1 - 2017-05-24
 ------------------
 FIXES

Makefile.in

@@ -1,10 +1,9 @@
 ###############################
-# Makefile for NRPE
 #
-# Last Modified: 03-14-2007
+#  NRPE Makefile
+#
 ###############################
 
-
 # Source code directories
 SRC_BASE=./src/
 SRC_INCLUDE=./include/
@@ -110,6 +109,10 @@ install-init:
 		echo svccfg import $(INIT_DIR)/$(INIT_FILE); \
 		svccfg import $(INIT_DIR)/$(INIT_FILE); \
 		echo "*** Run 'svcadm enable nrpe' to start it"; \
+	elif test $(INIT_TYPE) = gentoo; then\
+		$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
+		echo rc-update add nrpe default; \
+		rc-update add nrpe default; \
 	else\
 		echo $(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
 		$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \

THANKS

@@ -8,6 +8,7 @@ Bas Couwenberg
 Bill Mitchell
 Bjoern Beutel
 Brian Seklecki
+Bryan Heden
 Derrick Bennett
 Elan Ruusamäe
 Eric Mislivec
@@ -16,10 +17,12 @@ Gerhard Lausser
 Graham Collinson
 Grant Byers
 Grégory Starck
+jaclu@grm.se
 James Peterson
 Jari Takkala
 Jason Cook
 Jobst Schmalenbach
+John Frickson
 John Maag
 Jon Andrews
 Josh Soref
@@ -48,5 +51,4 @@ Subhendu Ghosh
 Sven Nierlein
 Thierry Bertaud
 Ton Voon
-Vadim Antipov
-jaclu@grm.se
+Vadim Antipov

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for nrpe 3.1.1.
+# Generated by GNU Autoconf 2.69 for nrpe 3.2.0.
 #
 # Report bugs to <nagios-users@lists.sourceforge.net>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='nrpe'
 PACKAGE_TARNAME='nrpe'
-PACKAGE_VERSION='3.1.1'
-PACKAGE_STRING='nrpe 3.1.1'
+PACKAGE_VERSION='3.2.0'
+PACKAGE_STRING='nrpe 3.2.0'
 PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
 PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
 
@@ -718,6 +718,7 @@ infodir
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -818,6 +819,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1070,6 +1072,15 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1207,7 +1218,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
+		libdir localedir mandir runstatedir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1320,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems.
+\`configure' configures nrpe 3.2.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1370,7 +1381,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of nrpe 3.1.1:";;
+     short | recursive ) echo "Configuration of nrpe 3.2.0:";;
    esac
   cat <<\_ACEOF
 
@@ -1516,7 +1527,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-nrpe configure 3.1.1
+nrpe configure 3.2.0
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2122,7 +2133,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by nrpe $as_me 3.1.1, which was
+It was created by nrpe $as_me 3.2.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2487,9 +2498,9 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
 
 
 PKG_NAME=nrpe
-PKG_VERSION="3.1.1"
+PKG_VERSION="3.2.0"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="2017-05-24"
+PKG_REL_DATE="2017-06-26"
 RPM_RELEASE=1
 
 LANG=C
@@ -3041,12 +3052,6 @@ fi
      ;;
 esac
 
-			if test x"$inetd_type" = x; then
-				if test x"$init_type" = "xupstart"; then
-					inetd_type="upstart"
-				fi
-			fi
-
 			if test x"$inetd_type" = x; then
 				if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
 					inetd_disabled="(Not running)"
@@ -3057,6 +3062,12 @@ esac
 				fi
 			fi
 
+			if test x"$inetd_type" = x; then
+				if test x"$init_type" = "xupstart"; then
+					inetd_type="upstart"
+				fi
+			fi
+
 			if test x"$inetd_type" = x; then
 				if test x"$init_type" = "xsystemd"; then
 					inetd_type="systemd"
@@ -3686,6 +3697,7 @@ eval webdir=$webdir
 eval localedir=$localedir
 eval sysconfdir=$sysconfdir
 eval pkgsysconfdir=$pkgsysconfdir
+eval logdir=$logdir
 eval piddir=$piddir
 
 #
@@ -4348,7 +4360,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by nrpe $as_me 3.1.1, which was
+This file was extended by nrpe $as_me 3.2.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4402,7 +4414,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-nrpe config.status 3.1.1
+nrpe config.status 3.2.0
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -7292,7 +7304,7 @@ fi
 
 if test x$check_for_ssl = xyes; then
 	# need_dh should only be set for NRPE
-#	need_dh=yes
+	need_dh=yes
 
 
 # -------------------------------
@@ -8284,7 +8296,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by nrpe $as_me 3.1.1, which was
+This file was extended by nrpe $as_me 3.2.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -8347,7 +8359,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-nrpe config.status 3.1.1
+nrpe config.status 3.2.0
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
 define([AC_CACHE_SAVE],)
 
 m4_include([build-aux/custom_help.m4])
-AC_INIT([nrpe],[3.1.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
+AC_INIT([nrpe],[3.2.0],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
 AC_CONFIG_SRCDIR([src/nrpe.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_PREFIX_DEFAULT(/usr/local/nagios)
 
 PKG_NAME=nrpe
-PKG_VERSION="3.1.1"
+PKG_VERSION="3.2.0"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="2017-05-24"
+PKG_REL_DATE="2017-06-26"
 RPM_RELEASE=1
 
 LANG=C
@@ -313,7 +313,7 @@ AC_ARG_WITH([need_dh],
 dnl Optional SSL library and include paths
 if test x$check_for_ssl = xyes; then
 	# need_dh should only be set for NRPE
-#	need_dh=yes
+	need_dh=yes
 	AC_NAGIOS_GET_SSL
 fi
 

include/acl.h

@@ -1,9 +1,11 @@
-/*-
- * acl.c - header file for acl.c
+/****************************************************************************
+ *
+ * acl.h - header file for acl.c
+ *
+ * License: GPLv2
  * Copyright (c) 2011 Kaspersky Lab ZAO
- * Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help 
  *
- * License: GPL
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,7 +20,8 @@
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
+ *
+ ****************************************************************************/
 
 #ifndef ACL_H_INCLUDED
 #define ACL_H_INCLUDED 1

include/common.h.in

@@ -1,10 +1,12 @@
-/************************************************************************
+/****************************************************************************
  *
- * COMMON.H - NRPE Common Include File
- * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 2017-05-24
+ * common.h - NRPE Common header file
  *
- * License:
+ * License: GPLv2
+ * Copyright (c) 2006-2017 Nagios Enterprises
+ *               1999-2006 Ethan Galstad (nagios@nagios.org)
+ *
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,7 +21,8 @@
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- ************************************************************************/
+ *
+ ****************************************************************************/
 
 #include "config.h"
 
@@ -30,11 +33,12 @@
 # ifdef SSL_TYPE_openssl
 #  include <@SSL_INC_PREFIX@err.h>
 #  include <@SSL_INC_PREFIX@rand.h>
+#  include <@SSL_INC_PREFIX@engine.h>
 # endif
 #endif
 
-#define PROGRAM_VERSION "3.1.1"
-#define MODIFICATION_DATE "2017-05-24"
+#define PROGRAM_VERSION "3.2.0"
+#define MODIFICATION_DATE "2017-06-26"
 
 #define OK							0
 #define ERROR						-1

include/config.h.in

@@ -1,10 +1,12 @@
-/************************************************************************
+/****************************************************************************
  *
- * NRPE Common Header File
- * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 11-23-2007
+ * config.h - NRPE Configuration header file
  *
- * License:
+ * License: GPLv2
+ * Copyright (c) 2006-2017 Nagios Enterprises
+ *               1999-2006 Ethan Galstad (nagios@nagios.org)
+ *
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,7 +21,8 @@
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- ************************************************************************/
+ *
+ ****************************************************************************/
 
 #ifndef _CONFIG_H
 #define _CONFIG_H

include/nrpe.h

@@ -1,10 +1,12 @@
-/************************************************************************
+/****************************************************************************
  *
- * NRPE.H - NRPE Include File
- * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 08-10-2011 by Konstantin Malov
+ * nrpe.h - Nagios Remote Plugin Executor header file
  *
- * License:
+ * License: GPLv2
+ * Copyright (c) 2006-2017 Nagios Enterprises
+ *               1999-2006 Ethan Galstad (nagios@nagios.org)
+ *
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,9 +22,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- ************************************************************************/
-
-/**************** COMMAND STRUCTURE DEFINITION **********/
+ ****************************************************************************/
 
 typedef struct command_struct {
 	char					*command_name;

include/utils.h

@@ -1,17 +1,12 @@
-/************************************************************************************************
+/****************************************************************************
  *
- * UTILS.H - NRPE Utilities Include File
+ * utils.h - NRPE Utility Functions header file
  *
- * License: GPL
- * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
+ * License: GPLv2
+ * Copyright (c) 2009-2017 Nagios Enterprises
+ *               1999-2008 Ethan Galstad (nagios@nagios.org)
  *
- * Last Modified: 12-11-2006
- *
- * Description:
- *
- * This file contains common include files and function definitions used in many of the plugins.
- *
- * License Information:
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,7 +22,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- ************************************************************************************************/
+ ****************************************************************************/
+
 
 #ifndef NRPE_UTILS_H_INCLUDED
 #define NRPE_UTILS_H_INCLUDED
@@ -39,9 +35,9 @@ unsigned long calculate_crc32(char*, int);
 void randomize_buffer(char*,int);
 int my_tcp_connect(char*, int, int*);
 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE
-int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*);
+int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*, int);
 #else
-int my_connect(const char*, struct sockaddr*, u_short, int, const char*);
+int my_connect(const char*, struct sockaddr*, u_short, int, const char*, int);
 #endif
 void add_listen_addr(struct addrinfo**, int, char*, int);
 int clean_environ(const char *keep_env_vars, const char *nrpe_user);

macros/CHANGELOG.md

@@ -0,0 +1,7 @@
+1.0.1
+-----
+ * Fix bug determining inetd,xinetd if neither are running (Bryan Heden)
+
+1.0.0
+-----
+ * Initial Release (John Frickson)

macros/LICENSE

@@ -1,339 +1,264 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
+The GNU General Public License, Version 2, June 1991 (GPLv2)
+============================================================
+
+> Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+> 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+
+Everyone is permitted to copy and distribute verbatim copies of this license
+document, but changing it is not allowed.
+
+
+Preamble
+--------
+
+The licenses for most software are designed to take away your freedom to share
+and change it. By contrast, the GNU General Public License is intended to
+guarantee your freedom to share and change free software--to make sure the
+software is free for all its users. This General Public License applies to most
+of the Free Software Foundation's software and to any other program whose
+authors commit to using it. (Some other Free Software Foundation software is
+covered by the GNU Lesser General Public License instead.) You can apply it to
 your programs, too.
 
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
+When we speak of free software, we are referring to freedom, not price. Our
+General Public Licenses are designed to make sure that you have the freedom to
+distribute copies of free software (and charge for this service if you wish),
+that you receive source code or can get it if you want it, that you can change
+the software or use pieces of it in new free programs; and that you know you can
+do these things.
+
+To protect your rights, we need to make restrictions that forbid anyone to deny
+you these rights or to ask you to surrender the rights. These restrictions
+translate to certain responsibilities for you if you distribute copies of the
+software, or if you modify it.
+
+For example, if you distribute copies of such a program, whether gratis or for a
+fee, you must give the recipients all the rights that you have. You must make
+sure that they, too, receive or can get the source code. And you must show them
+these terms so they know their rights.
+
+We protect your rights with two steps: (1) copyright the software, and (2) offer
+you this license which gives you legal permission to copy, distribute and/or
+modify the software.
+
+Also, for each author's protection and ours, we want to make certain that
+everyone understands that there is no warranty for this free software. If the
+software is modified by someone else and passed on, we want its recipients to
+know that what they have is not the original, so that any problems introduced by
+others will not reflect on the original authors' reputations.
+
+Finally, any free program is threatened constantly by software patents. We wish
+to avoid the danger that redistributors of a free program will individually
+obtain patent licenses, in effect making the program proprietary. To prevent
+this, we have made it clear that any patent must be licensed for everyone's free
+use or not licensed at all.
+
+The precise terms and conditions for copying, distribution and modification
+follow.
+
+
+Terms And Conditions For Copying, Distribution And Modification
+---------------------------------------------------------------
+
+**0.** This License applies to any program or other work which contains a notice
+placed by the copyright holder saying it may be distributed under the terms of
+this General Public License. The "Program", below, refers to any such program or
+work, and a "work based on the Program" means either the Program or any
+derivative work under copyright law: that is to say, a work containing the
+Program or a portion of it, either verbatim or with modifications and/or
+translated into another language. (Hereinafter, translation is included without
+limitation in the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not covered by
+this License; they are outside its scope. The act of running the Program is not
+restricted, and the output from the Program is covered only if its contents
+constitute a work based on the Program (independent of having been made by
+running the Program). Whether that is true depends on what the Program does.
+
+**1.** You may copy and distribute verbatim copies of the Program's source code
+as you receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice and
+disclaimer of warranty; keep intact all the notices that refer to this License
+and to the absence of any warranty; and give any other recipients of the Program
+a copy of this License along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and you may at
+your option offer warranty protection in exchange for a fee.
+
+**2.** You may modify your copy or copies of the Program or any portion of it,
+thus forming a work based on the Program, and copy and distribute such
+modifications or work under the terms of Section 1 above, provided that you also
+meet all of these conditions:
+
+*   **a)** You must cause the modified files to carry prominent notices stating
+    that you changed the files and the date of any change.
+
+*   **b)** You must cause any work that you distribute or publish, that in whole
+    or in part contains or is derived from the Program or any part thereof, to
+    be licensed as a whole at no charge to all third parties under the terms of
+    this License.
+
+*   **c)** If the modified program normally reads commands interactively when
+    run, you must cause it, when started running for such interactive use in the
+    most ordinary way, to print or display an announcement including an
+    appropriate copyright notice and a notice that there is no warranty (or
+    else, saying that you provide a warranty) and that users may redistribute
+    the program under these conditions, and telling the user how to view a copy
+    of this License. (Exception: if the Program itself is interactive but does
+    not normally print such an announcement, your work based on the Program is
+    not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If identifiable
+sections of that work are not derived from the Program, and can be reasonably
+considered independent and separate works in themselves, then this License, and
+its terms, do not apply to those sections when you distribute them as separate
+works. But when you distribute the same sections as part of a whole which is a
+work based on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the entire whole,
+and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest your
+rights to work written entirely by you; rather, the intent is to exercise the
+right to control the distribution of derivative or collective works based on the
+Program.
+
+In addition, mere aggregation of another work not based on the Program with the
+Program (or with a work based on the Program) on a volume of a storage or
+distribution medium does not bring the other work under the scope of this
+License.
+
+**3.** You may copy and distribute the Program (or a work based on it, under
+Section 2) in object code or executable form under the terms of Sections 1 and 2
+above provided that you also do one of the following:
+
+*   **a)** Accompany it with the complete corresponding machine-readable source
+    code, which must be distributed under the terms of Sections 1 and 2 above on
+    a medium customarily used for software interchange; or,
+
+*   **b)** Accompany it with a written offer, valid for at least three years, to
+    give any third party, for a charge no more than your cost of physically
+    performing source distribution, a complete machine-readable copy of the
+    corresponding source code, to be distributed under the terms of Sections 1
+    and 2 above on a medium customarily used for software interchange; or,
+
+*   **c)** Accompany it with the information you received as to the offer to
+    distribute corresponding source code. (This alternative is allowed only for
+    noncommercial distribution and only if you received the program in object
+    code or executable form with such an offer, in accord with Subsection b
+    above.)
+
+The source code for a work means the preferred form of the work for making
+modifications to it. For an executable work, complete source code means all the
+source code for all modules it contains, plus any associated interface
+definition files, plus the scripts used to control compilation and installation
+of the executable. However, as a special exception, the source code distributed
+need not include anything that is normally distributed (in either source or
+binary form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component itself
+accompanies the executable.
+
+If distribution of executable or object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the source code
+from the same place counts as distribution of the source code, even though third
+parties are not compelled to copy the source along with the object code.
+
+**4.** You may not copy, modify, sublicense, or distribute the Program except as
+expressly provided under this License. Any attempt otherwise to copy, modify,
+sublicense or distribute the Program is void, and will automatically terminate
+your rights under this License. However, parties who have received copies, or
+rights, from you under this License will not have their licenses terminated so
+long as such parties remain in full compliance.
+
+**5.** You are not required to accept this License, since you have not signed
+it. However, nothing else grants you permission to modify or distribute the
+Program or its derivative works. These actions are prohibited by law if you do
+not accept this License. Therefore, by modifying or distributing the Program (or
+any work based on the Program), you indicate your acceptance of this License to
+do so, and all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
 
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-                            NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    {description}
-    Copyright (C) {year}  {fullname}
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  {signature of Ty Coon}, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
+**6.** Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the original
+licensor to copy, distribute or modify the Program subject to these terms and
+conditions. You may not impose any further restrictions on the recipients'
+exercise of the rights granted herein. You are not responsible for enforcing
+compliance by third parties to this License.
+
+**7.** If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues), conditions
+are imposed on you (whether by court order, agreement or otherwise) that
+contradict the conditions of this License, they do not excuse you from the
+conditions of this License. If you cannot distribute so as to satisfy
+simultaneously your obligations under this License and any other pertinent
+obligations, then as a consequence you may not distribute the Program at all.
+For example, if a patent license would not permit royalty-free redistribution of
+the Program by all those who receive copies directly or indirectly through you,
+then the only way you could satisfy both it and this License would be to refrain
+entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply and the
+section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any patents or
+other property right claims or to contest validity of any such claims; this
+section has the sole purpose of protecting the integrity of the free software
+distribution system, which is implemented by public license practices. Many
+people have made generous contributions to the wide range of software
+distributed through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing to
+distribute software through any other system and a licensee cannot impose that
+choice.
+
+This section is intended to make thoroughly clear what is believed to be a
+consequence of the rest of this License.
+
+**8.** If the distribution and/or use of the Program is restricted in certain
+countries either by patents or by copyrighted interfaces, the original copyright
+holder who places the Program under this License may add an explicit
+geographical distribution limitation excluding those countries, so that
+distribution is permitted only in or among countries not thus excluded. In such
+case, this License incorporates the limitation as if written in the body of this
+License.
+
+**9.** The Free Software Foundation may publish revised and/or new versions of
+the General Public License from time to time. Such new versions will be similar
+in spirit to the present version, but may differ in detail to address new
+problems or concerns.
+
+Each version is given a distinguishing version number. If the Program specifies
+a version number of this License which applies to it and "any later version",
+you have the option of following the terms and conditions either of that version
+or of any later version published by the Free Software Foundation. If the
+Program does not specify a version number of this License, you may choose any
+version ever published by the Free Software Foundation.
+
+**10.** If you wish to incorporate parts of the Program into other free programs
+whose distribution conditions are different, write to the author to ask for
+permission. For software which is copyrighted by the Free Software Foundation,
+write to the Free Software Foundation; we sometimes make exceptions for this.
+Our decision will be guided by the two goals of preserving the free status of
+all derivatives of our free software and of promoting the sharing and reuse of
+software generally.
+
+
+No Warranty
+-----------
+
+**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
+THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
+STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
+"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
+BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
+INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
+BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
+OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

macros/LICENSE.md

@@ -0,0 +1 @@
+LICENSE

macros/README.md

@@ -1,29 +1,26 @@
-autoconf-macros README
-======================
-
-Sections below are: Purpose, Contents, Usage, References
-
-
-
-##Purpose
+autoconf-macros
+===============
 
 The purpose of Nagios autoconf-macros is to have a central place for
 autoconf macros that can be maintained in one place, but be used by any
 of the Nagios software. It is intended to be used as a git subtree.
-See the Usage and References section below.
+See the [Usage](#usage) and [References](#references) sections below.
 
 Since this project will be included in several parent projects, any
 changes must be as project-neutral as possible.
 
+Make sure to check out the [CHANGELOG](CHANGELOG.md) for relevant 
+information, as well.
 
 
-## Contents
+Contents
+--------
 
 The collection consists of the following macros:
 
 ### AX_NAGIOS_GET_OS alias AC_NAGIOS_GET_OS
 
-> Output Variable : opsys
+> Output Variable : `opsys`
 
 This macro detects the operating system, and transforms it into a generic
 label. The most common OS's that use Nagios software are recognized and
@@ -31,17 +28,17 @@ used in subsequent macros.
 
 ### AX_NAGIOS_GET_DISTRIB_TYPE alias AC_NAGIOS_GET_DISTRIB_TYPE
 
-> Output Variables : dist_type, dist_ver
+> Output Variables : `dist_type`, `dist_ver`
 
 This macro detects the distribution type. For Linux, this would be rh
-(for Red Hat and derivatives), suse (OpenSUSE, SLES, derivatives), gentoo
-(Gentoo and derivatives), debian (Debian and derivatives), and so on.
+(for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
+(Gentoo and derivitives), debian (Debian and derivitives), and so on.
 For BSD, this would be openbsd, netbsd, freebsd, dragonfly, etc. It can
 also be aix, solaris, osx, and so on for Unix operating systems.
 
 ### AX_NAGIOS_GET_INIT alias AC_NAGIOS_GET_INIT
 
-> Output Variable : init_type
+> Output Variable : `init_type`
 
 This macro detects what software is used to start daemons on bootup
 or on request, generally knows as the "init system". The init_type
@@ -51,7 +48,7 @@ gentoo (older Gentoo), upstart (several), or unknown.
 
 ### AX_NAGIOS_GET_INETD alias AC_NAGIOS_GET_INETD
 
-> Output Variable : inetd_type
+> Output Variable : `inetd_type`
 
 This macro detects what software is used to start daemons or services
 on demand, which historically has been "inetd". The inetd_type
@@ -60,7 +57,7 @@ will generally be one of inetd, xinetd, launchd (OS X), smf10 or smf11
 
 ### AX_NAGIOS_GET_PATHS alias AC_NAGIOS_GET_PATHS
 
-> Output Variables : many!
+> Output Variables : **many!**
 
 This macro determines the installation paths for binaries, config files,
 PID files, and so on. For a "standard" install of Nagios, NRPE, NDO Utils,
@@ -72,7 +69,7 @@ O/S dependant directories, such as /usr/bin, /usr/sbin, /var/lib/nagios,
 
 ### AX_NAGIOS_GET_FILES alias AC_NAGIOS_GET_FILES
 
-> Output Variables : src_init, src_inetd, src_tmpfile
+> Output Variables : `src_init`, `src_inetd`, `src_tmpfile`
 
 Each Nagios project will have a top-level directory named "/startup/".
 In that directory will be "*.in" files for the various "init_type" and
@@ -81,7 +78,7 @@ that directory will be needed.
 
 ### AX_NAGIOS_GET_SSL alias AC_NAGIOS_GET_SSL
 
-> Output Variables : HAVE_KRB5_H, HAVE_SSL, SSL_INC_DIR, SSL_LIB_DIR, CFLAGS, LDFLAGS, LIBS
+> Output Variables : `HAVE_KRB5_H`, `HAVE_SSL`, `SSL_INC_DIR`, `SSL_LIB_DIR`, `CFLAGS`, `LDFLAGS`, `LIBS`
 
 This macro checks various directories for SSL libraries and header files.
 The searches are based on known install locations on various operating
@@ -90,11 +87,11 @@ If it finds the headers and libraries, it will then do an `AC_LINK_IFELSE`
 on a simple program to make sure a compile and link will work correctly.
 
 
-
-## Usage
+Usage
+-----
 
 This repo is intended to be used as a git subtree, so changes will
-automatically propagate, and still be reasonably easy to use.
+automatically propogate, and still be reasonably easy to use.
 
 * First, Create, checkout, clone, or branch your project. If you do an
 `ls -AF` it might look something like this:
@@ -112,7 +109,8 @@ it should look like this:
 
            .git/      .gitignore    ChangeLog   LICENSE   Makefile.in
            README     configure.ac  include/    macros/   src/
-The `macros/` directory has been added.
+
+* The `macros/` directory has been added.
 
 * Now do a `git push` to save everything.
 
@@ -129,11 +127,11 @@ master.
 
 * To get the latest version of `autoconf-macros` into your parent project:
 
-           git subtree pull --squash --prefix=macros autoconf-macros master
-
+           git subtgree pull --squash --prefix=macros autoconf-macros master
 
 
-## References
+References
+----------
 
 Now that autoconf-macros is available to your project, you will need to
 reference it.
@@ -165,3 +163,37 @@ where you want to check for SSL:
 
 * You will now be able to reference any of the variables in `config.h.in`
 and any files listed in the `AC_CONFIG_FILES` macro in `configure.ac`.
+
+
+License Notice
+--------------
+
+Copyright (c) 2016-2017 Nagios Enterprises, LLC
+
+This work is made available to you under the terms of Version 2 of
+the GNU General Public License. A copy of that license should have
+been provided with this software, but in any event can be obtained
+from http://www.fsf.org.
+
+This work is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 or visit their web page on the internet at
+http://www.fsf.org.
+
+
+Questions?
+----------
+
+If you have questions about this addon, or problems getting things
+working, first try searching the nagios-users mailing list archives.
+Details on searching the list archives can be found at
+http://www.nagios.org
+
+If you don't find an answer there, post a message in the Nagios
+Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35

macros/ax_nagios_get_inetd

@@ -113,12 +113,6 @@ AC_SUBST(inetd_type)
 				[*],
 					inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
 
-			if test x"$inetd_type" = x; then
-				if test x"$init_type" = "xupstart"; then
-					inetd_type="upstart"
-				fi
-			fi
-
 			if test x"$inetd_type" = x; then
 				if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
 					inetd_disabled="(Not running)"
@@ -128,6 +122,12 @@ AC_SUBST(inetd_type)
 					inetd_disabled="(Not running)"
 				fi
 			fi
+			
+			if test x"$inetd_type" = x; then
+				if test x"$init_type" = "xupstart"; then
+					inetd_type="upstart"
+				fi
+			fi
 
 			if test x"$inetd_type" = x; then
 				if test x"$init_type" = "xsystemd"; then

macros/ax_nagios_get_paths

@@ -616,6 +616,7 @@ eval webdir=$webdir
 eval localedir=$localedir
 eval sysconfdir=$sysconfdir
 eval pkgsysconfdir=$pkgsysconfdir
+eval logdir=$logdir
 eval piddir=$piddir
 
 #

nrpe.spec.in

@@ -22,7 +22,7 @@
 %define _sysconfdir /etc/nagios
 
 %define name @PACKAGE_NAME@
-%define version 3.1.1
+%define version 3.2.0
 %define release @RPM_RELEASE@
 %define nsusr @nrpe_user@
 %define nsgrp @nrpe_group@

sample-config/nrpe.cfg.in

@@ -1,13 +1,13 @@
 #############################################################################
-# Sample NRPE Config File
-# Written by: Ethan Galstad (nagios@nagios.org)
 #
-# Last Modified: 2016-05-10
+#  Sample NRPE Config File
+#
+#  Notes:
+#
+#  This is a sample configuration file for the NRPE daemon.  It needs to be
+#  located on the remote host that is running the NRPE daemon, not the host
+#  from which the check_nrpe client is being executed.
 #
-# NOTES:
-# This is a sample configuration file for the NRPE daemon.  It needs to be
-# located on the remote host that is running the NRPE daemon, not the host
-# from which the check_nrpe client is being executed.
 #############################################################################
 
 
@@ -161,6 +161,13 @@ allow_bash_command_substitution=0
 # command_prefix=/usr/bin/sudo
 
 
+# MAX COMMANDS
+# This specifies how many children processes may be spawned at any one
+# time, essentially limiting the fork()s that occur.
+# Default (0) is set to unlimited
+# max_commands=0
+
+
 
 # COMMAND TIMEOUT
 # This specifies the maximum number of seconds that the NRPE daemon will
@@ -218,10 +225,12 @@ connection_timeout=300
 
 # SSL CIPHER LIST
 # This lists which ciphers can be used. For backward compatibility, this
-# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
-# will be changed to something like the example below in a later version of NRPE.
+# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
+# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
+# greater. 
 
 #ssl_cipher_list=ALL:!MD5:@STRENGTH
+#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
 #ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
 
 # SSL Certificate and Private Key Files
@@ -299,6 +308,7 @@ connection_timeout=300
 
 
 # The following examples use hardcoded command arguments...
+# This is by far the most secure method of using NRPE
 
 command[check_users]=@pluginsdir@/check_users -w 5 -c 10
 command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
@@ -313,7 +323,38 @@ command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
 # config file is set to '1'.  This poses a potential security risk, so
 # make sure you read the SECURITY file before doing this.
 
-#command[check_users]=@pluginsdir@/check_users -w $ARG1$ -c $ARG2$
-#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
-#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
-#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+### MISC SYSTEM METRICS ###
+#command[check_users]=@pluginsdir@/check_users $ARG1$
+#command[check_load]=@pluginsdir@/check_load $ARG1$
+#command[check_disk]=@pluginsdir@/check_disk $ARG1$
+#command[check_swap]=@pluginsdir@/check_swap $ARG1$
+#command[check_cpu_stats]=@pluginsdir@/check_cpu_stats.sh $ARG1$
+#command[check_mem]=@pluginsdir@/custom_check_mem -n $ARG1$
+
+### GENERIC SERVICES ###
+#command[check_init_service]=sudo @pluginsdir@/check_init_service $ARG1$
+#command[check_services]=@pluginsdir@/check_services -p $ARG1$
+
+### SYSTEM UPDATES ###
+#command[check_yum]=@pluginsdir@/check_yum
+#command[check_apt]=@pluginsdir@/check_apt
+
+### PROCESSES ###
+#command[check_all_procs]=@pluginsdir@/custom_check_procs
+#command[check_procs]=@pluginsdir@/check_procs $ARG1$
+
+### OPEN FILES ###
+#command[check_open_files]=@pluginsdir@/check_open_files.pl $ARG1$
+
+### NETWORK CONNECTIONS ###
+#command[check_netstat]=@pluginsdir@/check_netstat.pl -p $ARG1$ $ARG2$
+
+### ASTERISK ###
+#command[check_asterisk]=@pluginsdir@/check_asterisk.pl $ARG1$
+#command[check_sip]=@pluginsdir@/check_sip $ARG1$
+#command[check_asterisk_sip_peers]=sudo @pluginsdir@/check_asterisk_sip_peers.sh $ARG1$
+#command[check_asterisk_version]=@pluginsdir@/nagisk.pl -c version
+#command[check_asterisk_peers]=@pluginsdir@/nagisk.pl -c peers
+#command[check_asterisk_channels]=@pluginsdir@/nagisk.pl -c channels 
+#command[check_asterisk_zaptel]=@pluginsdir@/nagisk.pl -c zaptel 
+#command[check_asterisk_span]=@pluginsdir@/nagisk.pl -c span -s 1

src/Makefile.in

@@ -1,7 +1,7 @@
 ###############################
-# Makefile for NRPE
 #
-# Last Modified: 08-13-2007
+#  NRPE Makefile
+#
 ###############################
 
 srcdir=@srcdir@

src/acl.c

@@ -1,17 +1,20 @@
-/*-
+/****************************************************************************
+ *
  * acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
+ *
+ * License: GPLv2
  * Copyright (c) 2011 Kaspersky Lab ZAO
- * Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help 
  *
  * Description:
- * acl.c creates two linked lists. One is for IPv4 hosts and networks, another is for domain names.
- * All connecting hosts (if allowed_hosts is defined) are checked in these two lists.
  *
- * Some notes:
- * 1) IPv6 isn't supported in ACL.
- * 2) Only ANCII names are supported in ACL.
+ * acl.c creates two linked lists. One is for IPv4 hosts and networks, another 
+ * is for domain names. All connecting hosts (if allowed_hosts is defined) 
+ * are checked in these two lists.
+ *
+ * Note:
+ *  Only ANCII names are supported in ACL.
  *
- * License: GPL
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,10 +29,12 @@
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
+ *
+ ****************************************************************************/
 
 #include "../include/config.h"
 #include "../include/common.h"
+#include "../include/utils.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -131,6 +136,7 @@ char * acl_substring(char *string, int s, int e) {
  */
 
 int add_ipv4_to_acl(char *ipv4) {
+
         int state = 0;
         int octet = 0;
         int index = 0;  /* position in data array */
@@ -602,6 +608,7 @@ void parse_allowed_hosts(char *allowed_hosts) {
 	char *tok;
 	const char *delim = ",";
 	char *trimmed_tok;
+    int add_to_acl = 0;
 
 	if (debug == TRUE)
 		logit(LOG_INFO,
@@ -617,15 +624,32 @@ void parse_allowed_hosts(char *allowed_hosts) {
 	tok = strtok(hosts, delim);
 #endif
 	while( tok) {
-		trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
-		trim( tok, trimmed_tok);
-		if(debug == TRUE)
+		trimmed_tok = malloc(sizeof(char) * (strlen(tok) + 1));
+		trim(tok, trimmed_tok);
+		if (debug == TRUE)
 			logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
-		if( strlen( trimmed_tok) > 0) {
-			if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok) 
-					&& !add_domain_to_acl(trimmed_tok)) {
+		if (strlen(trimmed_tok) > 0) {
+
+            /* lets check the type of the address before we try and add it to the acl */
+
+            if (strchr(trimmed_tok, ':') != NULL) {
+
+                /* its an ipv6 address */
+                add_to_acl = add_ipv6_to_acl(trimmed_tok);
+                
+            } else {
+
+                /* its either a fqdn or an ipv4 address
+                   unfortunately, i don't want to re-invent the wheel here
+                   the logic exists inside of add_ipv4_to_acl() to detect
+                   whether or not it is a ip or not */
+                add_to_acl = add_ipv4_to_acl(trimmed_tok);
+            }
+
+            /* but we only try to add it to a domain if the other tests have failed */
+            if (!add_to_acl && !add_domain_to_acl(trimmed_tok)) {
 				logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
-			} else if (debug == TRUE)
+			} else if (debug == TRUE)    
 				logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
 		}
 		free( trimmed_tok);

src/check_nrpe.c

@@ -1,21 +1,40 @@
-/********************************************************************************************
+/****************************************************************************
  *
- * CHECK_NRPE.C - NRPE Plugin For Nagios
- * Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * License: GPL
+ * check_nrpe.c - NRPE Plugin For Nagios
  *
- * Last Modified: 2017-05-24
+ * License: GPLv2
+ * Copyright (c) 2009-2017 Nagios Enterprises
+ *               1999-2008 Ethan Galstad (nagios@nagios.org)
  *
- * Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
+ * Command line: 
+ *
+ * check_nrpe -H <host_address> [-p port] [-c command] [-to to_sec]
  *
  * Description:
  *
- * This plugin will attempt to connect to the NRPE daemon on the specified server and port.
- * The daemon will attempt to run the command defined as [command].  Program output and
- * return code are sent back from the daemon and displayed as this plugin's own output and
- * return code.
+ * This plugin will attempt to connect to the NRPE daemon on the specified 
+ * server and port. The daemon will attempt to run the command 
+ * defined as [command]. Program output and return code are sent back 
+ * from the daemon and displayed as this plugin's own 
+ * output and return code.
+ *
+ * License Notice:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- ********************************************************************************************/
+ ****************************************************************************/
 
 #include "config.h"
 #include "common.h"
@@ -37,6 +56,7 @@ char *command_name = NULL;
 int socket_timeout = DEFAULT_SOCKET_TIMEOUT;
 char timeout_txt[10];
 int timeout_return_code = -1;
+int stderr_to_stdout = 0;
 int sd;
 
 char rem_host[MAX_HOST_ADDRESS_LENGTH];
@@ -128,7 +148,11 @@ int main(int argc, char **argv)
 	if (timeout_return_code == -1)
 		timeout_return_code = STATE_CRITICAL;
 	if (sslprm.cipher_list[0] == '\0')
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+		strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH:@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
+#else
 		strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
+#endif
 	if (sslprm.ssl_proto_ver == SSL_Ver_Invalid)
 		sslprm.ssl_proto_ver = TLSv1_plus;
 	if (sslprm.allowDH == -1)
@@ -215,6 +239,8 @@ int process_arguments(int argc, char **argv, int from_config_file)
 		{"log-file", required_argument, 0, 'g'},
 		{"help", no_argument, 0, 'h'},
 		{"license", no_argument, 0, 'l'},
+		{"version", no_argument, 0, 'V'},
+		{"stderr-to-stdout", no_argument, 0, 'E'},
 		{0, 0, 0, 0}
 	};
 #endif
@@ -224,7 +250,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 		return ERROR;
 
 	optind = 0;
-	snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuV");
+	snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuVE");
 
 	while (1) {
 		if (argindex > 0)
@@ -267,8 +293,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 't':
 			if (from_config_file && socket_timeout != -1) {
-				logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
-								"the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides the config file option.");
 				break;
 			}
 			socket_timeout=parse_timeout_string(optarg);
@@ -278,8 +303,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'p':
 			if (from_config_file && server_port != 0) {
-				logit(LOG_WARNING, "WARNING: Command-line server port overrides "
-								"the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line server port overrides the config file option.");
 				break;
 			}
 			server_port = atoi(optarg);
@@ -289,8 +313,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'P':
 			if (from_config_file && payload_size > 0) {
-				logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
-								"the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides the config file option.");
 				break;
 			}
 			payload_size = atoi(optarg);
@@ -300,13 +323,20 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'H':
 			if (from_config_file && server_name != NULL) {
-				logit(LOG_WARNING, "WARNING: Command-line server name overrides "
-								"the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line server name overrides the config file option.");
 				break;
 			}
 			server_name = strdup(optarg);
 			break;
 
+		case 'E':
+			if (from_config_file && stderr_to_stdout != 0) {
+				logit(LOG_WARNING, "WARNING: Command-line stderr redirection overrides the config file option.");
+				break;
+			}
+			stderr_to_stdout = 1;
+			break;
+
 		case 'c':
 			if (from_config_file) {
 				printf("Error: The config file should not have a command (-c) option.\n");
@@ -329,8 +359,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'u':
 			if (from_config_file && timeout_return_code != -1) {
-				logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) overrides the config file option.");
 				break;
 			}
 			timeout_return_code = STATE_UNKNOWN;
@@ -338,8 +367,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case '2':
 			if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
-				logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) overrides the config file option.");
 				break;
 			}
 			packet_ver = NRPE_PACKET_VERSION_2;
@@ -348,8 +376,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case '4':
 			if (from_config_file && address_family != AF_UNSPEC) {
-				logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
-								"or ipv6 (-6) overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) or ipv6 (-6) overrides the config file option.");
 				break;
 			}
 			address_family = AF_INET;
@@ -357,8 +384,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case '6':
 			if (from_config_file && address_family != AF_UNSPEC) {
-				logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
-								"or ipv6 (-6) overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) or ipv6 (-6) overrides the config file option.");
 				break;
 			}
 			address_family = AF_INET6;
@@ -366,8 +392,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'd':
 			if (from_config_file && sslprm.allowDH != -1) {
-				logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) overrides the config file option.");
 				break;
 			}
 			if (!optarg || optarg[0] < '0' || optarg[0] > '2')
@@ -377,8 +402,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'A':
 			if (from_config_file && sslprm.cacert_file != NULL) {
-				logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) overrides the config file option.");
 				break;
 			}
 			sslprm.cacert_file = strdup(optarg);
@@ -386,8 +410,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'C':
 			if (from_config_file && sslprm.cert_file != NULL) {
-				logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) overrides the config file option.");
 				break;
 			}
 			sslprm.cert_file = strdup(optarg);
@@ -396,8 +419,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'K':
 			if (from_config_file && sslprm.privatekey_file != NULL) {
-				logit(LOG_WARNING, "WARNING: Command-line key-file (-K) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line key-file (-K) overrides the config file option.");
 				break;
 			}
 			sslprm.privatekey_file = strdup(optarg);
@@ -406,8 +428,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'S':
 			if (from_config_file && sslprm.ssl_proto_ver != SSL_Ver_Invalid) {
-				logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) overrides the config file option.");
 				break;
 			}
 
@@ -439,8 +460,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'L':
 			if (from_config_file && sslprm.cipher_list[0] != '\0') {
-				logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) overrides the config file option.");
 				break;
 			}
 			strncpy(sslprm.cipher_list, optarg, sizeof(sslprm.cipher_list) - 1);
@@ -449,8 +469,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 's':
 			if (from_config_file && have_log_opts == TRUE) {
-				logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) overrides the config file option.");
 				break;
 			}
 			sslprm.log_opts = strtoul(optarg, NULL, 0);
@@ -459,8 +478,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		case 'g':
 			if (from_config_file && log_file != NULL) {
-				logit(LOG_WARNING, "WARNING: Command-line log-file (-g) "
-								"overrides the config file option.");
+				logit(LOG_WARNING, "WARNING: Command-line log-file (-g) overrides the config file option.");
 				break;
 			}
 			log_file = strdup(optarg);
@@ -499,14 +517,12 @@ int process_arguments(int argc, char **argv, int from_config_file)
 	}
 
 	if ((has_cert && !has_priv_key) || (!has_cert && has_priv_key)) {
-		printf("Error: the client certificate and the private key "
-				"must both be given or neither\n");
+		printf("Error: the client certificate and the private key must both be given or neither\n");
 		return ERROR;
 	}
 
 	if (payload_size > 0 && packet_ver != NRPE_PACKET_VERSION_2) {
-		printf("Error: if a fixed payload size is specified, "
-				"'-2' must also be specified\n");
+		printf("Error: if a fixed payload size is specified, '-2' must also be specified\n");
 		return ERROR;
 	}
 
@@ -608,9 +624,8 @@ int translate_state (char *state_text) {
 }
 
 void set_timeout_state (char *state) {
-        if ((timeout_return_code = translate_state(state)) == ERROR)
-                printf("Timeout state must be a valid state name (OK, "
-						"WARNING, CRITICAL, UNKNOWN) or integer (0-3).\n");
+    if ((timeout_return_code = translate_state(state)) == ERROR)
+        printf("Timeout state must be a valid state name (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3).\n");
 }
 
 int parse_timeout_string (char *timeout_str)
@@ -649,87 +664,95 @@ int parse_timeout_string (char *timeout_str)
 
 void usage(int result)
 {
-	if (result != OK)
+	if (result != OK) {
+		printf("\n");
 		printf("Incorrect command line arguments supplied\n");
-	printf("\n");
+		printf("\n");
+	}
 	printf("NRPE Plugin for Nagios\n");
-	printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
 	printf("Version: %s\n", PROGRAM_VERSION);
-	printf("Last Modified: %s\n", MODIFICATION_DATE);
-	printf("License: GPL v2 with exemptions (-l for more info)\n");
-#ifdef HAVE_SSL
-	printf("SSL/TLS Available: OpenSSL 0.9.6 or higher required\n");
-#endif
 	printf("\n");
 
 	if (result != OK || show_help == TRUE) {
-		printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
-			   "       [-P <size>] [-S <ssl version>]  [-L <cipherlist>] [-C <clientcert>]\n"
-			   "       [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
-			   "       [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n"
-			   "       [-c <command>] [-a <arglist...>]\n");
+		printf("Copyright (c) 2009-2017 Nagios Enterprises\n");
+		printf("              1999-2008 Ethan Galstad (nagios@nagios.org)\n");
+		printf("\n");
+		printf("Last Modified: %s\n", MODIFICATION_DATE);
+		printf("\n");
+		printf("License: GPL v2 with exemptions (-l for more info)\n");
+		printf("\n");
+#ifdef HAVE_SSL
+		printf("SSL/TLS Available: OpenSSL 0.9.6 or higher required\n");
+		printf("\n");
+#endif
+		printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n");
+		printf("       [-P <size>] [-S <ssl version>]  [-L <cipherlist>] [-C <clientcert>]\n");
+		printf("       [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n");
+		printf("       [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n");
+		printf("       [-c <command>] [-E] [-a <arglist...>]\n");
 		printf("\n");
 		printf("Options:\n");
-		printf(" <host>       = The address of the host running the NRPE daemon\n");
-		printf(" -2           = Only use Version 2 packets, not Version 3\n");
-		printf(" -4           = bind to ipv4 only\n");
-		printf(" -6           = bind to ipv6 only\n");
-		printf(" -n           = Do no use SSL\n");
-		printf
-			(" -u           = Make connection problems return UNKNOWN instead of CRITICAL\n");
-		printf(" -V           = Show version\n");
-		printf(" -l           = Show license\n");
-		printf(" <dhopt>      = Anonymous Diffie Hellman use:\n");
-		printf("                0 = Don't use Anonymous Diffie Hellman\n");
-		printf("                    (This will be the default in a future release.)\n");
-		printf("                1 = Allow Anonymous Diffie Hellman (default)\n");
-		printf("                2 = Force Anonymous Diffie Hellman\n");
-		printf(" <size>       = Specify non-default payload size for NSClient++\n");
-		printf
-			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of:\n");
+		printf(" -H, --host=HOST              The address of the host running the NRPE daemon\n");
+		printf(" -2, --v2-packets-only        Only use version 2 packets, not version 3\n");
+		printf(" -4, --ipv4                   Bind to ipv4 only\n");
+		printf(" -6, --ipv6                   Bind to ipv6 only\n");
+		printf(" -n, --no-ssl                 Do no use SSL\n");
+		printf(" -u, --unknown-timeout        Make connection problems return UNKNOWN instead of CRITICAL\n");
+		printf(" -V, --version                Print version info and quit\n");
+		printf(" -l, --license                Show license\n");
+		printf(" -E, --stderr-to-stdout       Redirect stderr to stdout\n");
+		printf(" -d, --use-dh=DHOPT           Anonymous Diffie Hellman use:\n");
+		printf("                              0         Don't use Anonymous Diffie Hellman\n");
+		printf("                                        (This will be the default in a future release.)\n");
+		printf("                              1         Allow Anonymous Diffie Hellman (default)\n");
+		printf("                              2         Force Anonymous Diffie Hellman\n");
+		printf(" -P, --payload-size=SIZE      Specify non-default payload size for NSClient++\n");
+		printf(" -S, --ssl-version=VERSION    The SSL/TLS version to use. Can be any one of:\n");
 #if OPENSSL_VERSION_NUMBER < 0x10100000
-		printf("                SSLv2 (only), SSLv2+ (or above),\n");
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
-		printf("                SSLv3 (only), SSLv3+ (or above),\n");
-		printf("                TLSv1 (only), TLSv1+ (or above DEFAULT),\n");
-		printf("                TLSv1.1 (only), TLSv1.1+ (or above),\n");
-		printf("                TLSv1.2 (only), TLSv1.2+ (or above)\n");
-		printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
-		printf
-			("                to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
-		printf(" <clientcert> = The client certificate to use for PKI\n");
-		printf(" <key>        = The private key to use with the client certificate\n");
-		printf(" <ca-cert>    = The CA certificate to use for PKI\n");
-		printf(" <logopts>    = SSL Logging Options\n");
-		printf(" <bindaddr>   = bind to local address\n");
-		printf(" <cfg-file>   = configuration file to use\n");
-		printf(" <log-file>   = full path to the log file to write to\n");
-		printf(" [port]       = The port on which the daemon is running (default=%d)\n",
-			   DEFAULT_SERVER_PORT);
-		printf(" [command]    = The name of the command that the remote daemon should run\n");
-		printf(" [arglist]    = Optional arguments that should be passed to the command,\n");
-		printf("                separated by a space.  If provided, this must be the last\n");
-		printf("                option supplied on the command line.\n");
+		printf("                              SSLv2     SSL v2 only\n");
+		printf("                              SSLv2+    SSL v2 or above\n");
+#endif
+		printf("                              SSLv3     SSL v3 only\n");
+		printf("                              SSLv3+    SSL v3 or above \n");
+		printf("                              TLSv1     TLS v1 only\n");
+		printf("                              TLSv1+    TLS v1 or above (DEFAULT)\n");
+		printf("                              TLSv1.1   TLS v1.1 only\n");
+		printf("                              TLSv1.1+  TLS v1.1 or above\n");
+		printf("                              TLSv1.2   TLS v1.2 only\n");
+		printf("                              TLSv1.2+  TLS v1.2 or above\n");
+		printf(" -L, --cipher-list=LIST       The list of SSL ciphers to use (currently defaults\n");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+		printf("                              to \"ALL:!MD5:@STRENGTH:@SECLEVEL=0\". THIS WILL change in a future release.)\n");
+#else
+		printf("                              to \"ALL:!MD5:@STRENGTH\". THIS WILL change in a future release.)\n");
+#endif
+		printf(" -C, --client-cert=FILE       The client certificate to use for PKI\n");
+		printf(" -K, --key-file=FILE          The private key to use with the client certificate\n");
+		printf(" -A, --ca-cert-file=FILE      The CA certificate to use for PKI\n");
+		printf(" -s, --ssl-logging=OPTIONS    SSL Logging Options\n");
+		printf(" -b, --bind=IPADDR            Local address to bind to\n");
+		printf(" -f, --config-file=FILE       Configuration file to use\n");
+		printf(" -g, --log-file=FILE          Log file to write to\n");
+		printf(" -p, --port=PORT              The port on which the daemon is running (default=%d)\n", DEFAULT_SERVER_PORT);
+		printf(" -c, --command=COMMAND        The name of the command that the remote daemon should run\n");
+		printf(" -a, --args=LIST              Optional arguments that should be passed to the command,\n");
+		printf("                              separated by a space. If provided, this must be the last\n");
+		printf("                              option supplied on the command line.\n");
 		printf("\n");
 		printf(" NEW TIMEOUT SYNTAX\n");
-		printf(" -t <interval>:<state>\n");
-		printf("    <interval> = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
-		printf("    <state> = Check state to exit with in the event of a timeout (default=CRITICAL)\n");
-		printf("    Timeout state must be a valid state name (case-insensitive) or integer:\n");
-		printf("    (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)\n");
+		printf(" -t, --timeout=INTERVAL:STATE\n");
+		printf("                              INTERVAL  Number of seconds before connection times out (default=%d)\n", DEFAULT_SOCKET_TIMEOUT);
+		printf("                              STATE     Check state to exit with in the event of a timeout (default=CRITICAL)\n");
+		printf("                              Timeout STATE must be a valid state name (case-insensitive) or integer:\n");
+		printf("                              (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)\n");
 		printf("\n");
 		printf("Note:\n");
-		printf
-			("This plugin requires that you have the NRPE daemon running on the remote host.\n");
-		printf
-			("You must also have configured the daemon to associate a specific plugin command\n");
-		printf("with the [command] option you are specifying here.  Upon receipt of the\n");
-		printf
-			("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
-		printf
-			("send the plugin output and return code back to *this* plugin.  This allows you\n");
-		printf
-			("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
+		printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
+		printf("You must also have configured the daemon to associate a specific plugin command\n");
+		printf("with the [command] option you are specifying here. Upon receipt of the\n");
+		printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
+		printf("send the plugin output and return code back to *this* plugin. This allows you\n");
+		printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
 		printf("the plugin is being run locally.\n");
 		printf("\n");
 	}
@@ -748,18 +771,11 @@ void setup_ssl()
 	if (sslprm.log_opts & SSL_LogStartup) {
 		char *val;
 
-		logit(LOG_INFO, "SSL Certificate File: %s",
-			   sslprm.cert_file ? sslprm.cert_file : "None");
-		logit(LOG_INFO, "SSL Private Key File: %s",
-			   sslprm.privatekey_file ? sslprm.privatekey_file : "None");
-		logit(LOG_INFO, "SSL CA Certificate File: %s",
-			   sslprm.cacert_file ? sslprm.cacert_file : "None");
-		if (sslprm.allowDH < 2)
-			logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
-		else
-			logit(LOG_INFO, "SSL Cipher List: ADH");
-		logit(LOG_INFO, "SSL Allow ADH: %s",
-			   sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
+		logit(LOG_INFO, "SSL Certificate File: %s", sslprm.cert_file ? sslprm.cert_file : "None");
+		logit(LOG_INFO, "SSL Private Key File: %s", sslprm.privatekey_file ? sslprm.privatekey_file : "None");
+		logit(LOG_INFO, "SSL CA Certificate File: %s", sslprm.cacert_file ? sslprm.cacert_file : "None");
+		logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
+		logit(LOG_INFO, "SSL Allow ADH: %d", sslprm.allowDH);
 		logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
 
 		switch (sslprm.ssl_proto_ver) {
@@ -804,6 +820,9 @@ void setup_ssl()
 	if (use_ssl == TRUE) {
 		SSL_load_error_strings();
 		SSL_library_init();
+		ENGINE_load_builtin_engines();
+		RAND_set_rand_engine(NULL);
+ 		ENGINE_register_all_complete();
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
 
@@ -901,19 +920,16 @@ void setup_ssl()
 			if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
 				printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
 				while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-					printf("Error: could not use certificate file '%s': %s\n",
-						   sslprm.cert_file, ERR_reason_error_string(x));
+					printf("Error: could not use certificate file '%s': %s\n", sslprm.cert_file, ERR_reason_error_string(x));
 				}
 				SSL_CTX_free(ctx);
 				exit(STATE_CRITICAL);
 			}
 			if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
 				SSL_CTX_free(ctx);
-				printf("Error: could not use private key file '%s'.\n",
-					   sslprm.privatekey_file);
+				printf("Error: could not use private key file '%s'.\n", sslprm.privatekey_file);
 				while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-					printf("Error: could not use private key file '%s': %s\n",
-						   sslprm.privatekey_file, ERR_reason_error_string(x));
+					printf("Error: could not use private key file '%s': %s\n", sslprm.privatekey_file, ERR_reason_error_string(x));
 				}
 				SSL_CTX_free(ctx);
 				exit(STATE_CRITICAL);
@@ -926,8 +942,7 @@ void setup_ssl()
 			if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
 				printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
 				while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-					printf("Error: could not use CA certificate '%s': %s\n",
-						   sslprm.privatekey_file, ERR_reason_error_string(x));
+					printf("Error: could not use CA certificate '%s': %s\n", sslprm.privatekey_file, ERR_reason_error_string(x));
 				}
 				SSL_CTX_free(ctx);
 				exit(STATE_CRITICAL);
@@ -942,15 +957,19 @@ void setup_ssl()
 			}
 		} else {
 			/* use anonymous DH ciphers */
-			if (sslprm.allowDH == 2)
-				strcpy(sslprm.cipher_list, "ADH");
+			if (sslprm.allowDH == 2) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+				strncpy(sslprm.cipher_list, "ADH@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
+#else
+				strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
+#endif
+			}
 		}
 
 		if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
 			printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
 			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-				printf("Could not set SSL/TLS cipher list '%s': %s\n",
-					   sslprm.cipher_list, ERR_reason_error_string(x));
+				printf("Could not set SSL/TLS cipher list '%s': %s\n", sslprm.cipher_list, ERR_reason_error_string(x));
 			}
 			SSL_CTX_free(ctx);
 			exit(STATE_CRITICAL);
@@ -987,8 +1006,7 @@ int connect_to_remote()
 	int result, rc, ssl_err, ern, x, nerrs = 0;
 
 	/* try to connect to the host at the given port number */
-	if ((sd =
-		 my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
+	if ((sd = my_connect(server_name, &hostaddr, server_port, address_family, bind_address, stderr_to_stdout)) < 0)
 		exit(timeout_return_code);
 
 	result = STATE_OK;
@@ -1025,36 +1043,31 @@ int connect_to_remote()
 		if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
 			rc = 0;
 			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-				logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
-					   rem_host, ERR_reason_error_string(x));
+				logit(LOG_ERR, "Error: (ERR_get_error_line_data = %d), Could not complete SSL handshake with %s: %s", x, rem_host, ERR_reason_error_string(x));
 				++nerrs;
 			}
-			if (nerrs == 0)
-				logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
-					   rem_host, rc, ssl_err);
-
+			if (nerrs == 0) {
+				logit(LOG_ERR, "Error: (nerrs = 0) Could not complete SSL handshake with %s: rc=%d SSL-error=%d", rem_host, rc, ssl_err);
+			}
 		} else {
 			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-				logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
-					   rem_host, ERR_reason_error_string(x));
+				logit(LOG_ERR, "Error: (!log_opts) Could not complete SSL handshake with %s: %s", rem_host, ERR_reason_error_string(x));
 				++nerrs;
 			}
-			if (nerrs == 0)
-				logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: "
-						"rc=%d SSL-error=%d", rem_host, rc, ssl_err);
+			if (nerrs == 0) {
+				logit(LOG_ERR, "Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with %s: rc=%d SSL-error=%d", rem_host, rc, ssl_err);
+			}
 		}
 
 		if (ssl_err == 5) {
 			/* Often, errno will be zero, so print a generic message here */
 			if (ern == 0)
-				printf("CHECK_NRPE: Error - Could not connect to %s. Check system logs on %s\n",
-					   rem_host, rem_host);
+				printf("CHECK_NRPE: Error - Could not connect to %s. Check system logs on %s\n", rem_host, rem_host);
 			else
-				printf("CHECK_NRPE: Error - Could not connect to %s: %s\n",
-					   rem_host, strerror(ern));
-		} else
-			printf("CHECK_NRPE: Error - Could not complete SSL handshake with %s: %d\n",
-				   rem_host, ssl_err);
+				printf("CHECK_NRPE: Error - Could not connect to %s: %s\n", rem_host, strerror(ern));
+		} else {
+			printf("CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with %s: %d\n", rem_host, ssl_err);
+		}
 
 # ifdef DEBUG
 		printf("SSL_connect=%d\n", rc);
@@ -1089,8 +1102,8 @@ int connect_to_remote()
 
 			if (peer) {
 				if (sslprm.log_opts & SSL_LogIfClientCert)
-					logit(LOG_NOTICE, "SSL %s has %s certificate",
-						   rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
+					logit(LOG_NOTICE, "SSL %s has %s certificate", rem_host, SSL_get_verify_result(ssl) == X509_V_OK ? "a valid" : "an invalid");
+
 				if (sslprm.log_opts & SSL_LogCertDetails) {
 					X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
 					logit(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
@@ -1240,13 +1253,14 @@ int read_response()
 	} else if (rc == 0) {
 
 		/* server disconnected */
-		printf("CHECK_NRPE: Received 0 bytes from daemon.  Check "
-				"the remote server logs for error messages.\n");
+		printf("CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.\n");
 		if (packet_ver == NRPE_PACKET_VERSION_3) {
-			if (v3_receive_packet)
+			if (v3_receive_packet) {
 				free(v3_receive_packet);
-		} else if (v2_receive_packet)
+			}
+		} else if (v2_receive_packet) {
 			free(v2_receive_packet);
+		}
 		return STATE_UNKNOWN;
 	}
 
@@ -1259,8 +1273,9 @@ int read_response()
 		calculated_crc32 = calculate_crc32((char *)v3_receive_packet, pkt_size);
 	} else {
 		pkt_size = sizeof(v2_packet);
-		if (payload_size > 0)
+		if (payload_size > 0) {
 			pkt_size = sizeof(v2_packet) - MAX_PACKETBUFFER_LENGTH + payload_size;
+		}
 		packet_crc32 = ntohl(v2_receive_packet->crc32_value);
 		v2_receive_packet->crc32_value = 0L;
 		calculated_crc32 = calculate_crc32((char *)v2_receive_packet, pkt_size);
@@ -1270,10 +1285,12 @@ int read_response()
 		printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
 		close(sd);
 		if (packet_ver == NRPE_PACKET_VERSION_3) {
-			if (v3_receive_packet)
+			if (v3_receive_packet) {
 				free(v3_receive_packet);
-		} else if (v2_receive_packet)
+			}
+		} else if (v2_receive_packet) {
 			free(v2_receive_packet);
+		}
 		return STATE_UNKNOWN;
 	}
 
@@ -1281,30 +1298,35 @@ int read_response()
 	/* and print the output returned by the daemon */
 	if (packet_ver == NRPE_PACKET_VERSION_3) {
 		result = ntohs(v3_receive_packet->result_code);
-		if (v3_receive_packet->buffer_length == 0)
+		if (v3_receive_packet->buffer_length == 0) {
 			printf("CHECK_NRPE: No output returned from daemon.\n");
-		else
+		} else {
 			printf("%s\n", v3_receive_packet->buffer);
+		}
 	} else {
 		result = ntohs(v2_receive_packet->result_code);
-		if (payload_size > 0)
+		if (payload_size > 0) {
 			v2_receive_packet->buffer[payload_size - 1] = '\x0';
-		else
+		} else {
 			v2_receive_packet->buffer[MAX_PACKETBUFFER_LENGTH - 1] = '\x0';
-		if (!strcmp(v2_receive_packet->buffer, ""))
+		}
+		if (!strcmp(v2_receive_packet->buffer, "")) {
 			printf("CHECK_NRPE: No output returned from daemon.\n");
-		else if (strstr(v2_receive_packet->buffer, "Invalid packet version.3") != NULL)
+		} else if (strstr(v2_receive_packet->buffer, "Invalid packet version.3") != NULL) {
 			/* NSClient++ doesn't recognize it */
 			return -1;
-		else
+		} else {
 			printf("%s\n", v2_receive_packet->buffer);
+		}
 	}
 
 	if (packet_ver == NRPE_PACKET_VERSION_3) {
-		if (v3_receive_packet)
+		if (v3_receive_packet) {
 			free(v3_receive_packet);
-	} else if (v2_receive_packet)
+		}
+	} else if (v2_receive_packet) {
 		free(v2_receive_packet);
+	}
 
 	return result;
 }
@@ -1325,9 +1347,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
 		if (rc <= 0 || rc != bytes_to_recv) {
 			if (rc < bytes_to_recv) {
 				if (packet_ver != NRPE_PACKET_VERSION_3)
-					printf("CHECK_NRPE: Receive header underflow - "
-							"only %d bytes received (%ld expected).\n",
-						 rc, sizeof(bytes_to_recv));
+					printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_recv));
 			}
 			return -1;
 		}
@@ -1348,8 +1368,9 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
 			if (payload_size > 0) {
 				pkt_size = common_size + payload_size;
 				buffer_size = payload_size;
-			} else
+			} else {
 				buffer_size = pkt_size - common_size;
+			}
 			if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
 				logit(LOG_ERR, "Error: Could not allocate memory for packet");
 				return -1;
@@ -1398,8 +1419,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
 				*v2_pkt = NULL;
 			}
 			if (rc < buffer_size)
-				printf("CHECK_NRPE: Receive underflow - only %d bytes received "
-						"(%ld expected).\n", rc, sizeof(buffer_size));
+				printf("CHECK_NRPE: Receive underflow - only %d bytes received (%ld expected).\n", rc, sizeof(buffer_size));
 			return -1;
 		} else
 			tot_bytes += rc;
@@ -1415,8 +1435,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
 		if (rc <= 0 || rc != bytes_to_recv) {
 			if (rc < bytes_to_recv) {
 				if (packet_ver != NRPE_PACKET_VERSION_3)
-					printf("CHECK_NRPE: Receive header underflow - only %d bytes "
-							"received (%ld expected).\n", rc, sizeof(bytes_to_recv));
+					printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_recv));
 			}
 			return -1;
 		}
@@ -1504,12 +1523,11 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
 				*v2_pkt = NULL;
 			}
 			if (bytes_read != buffer_size) {
-				if (packet_ver == NRPE_PACKET_VERSION_3)
-					printf("CHECK_NRPE: Receive buffer size - %ld bytes received "
-						   "(%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
-				else
-					printf("CHECK_NRPE: Receive underflow - only %ld bytes received "
-						   "(%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
+				if (packet_ver == NRPE_PACKET_VERSION_3) {
+					printf("CHECK_NRPE: Receive buffer size - %ld bytes received (%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
+				} else {
+					printf("CHECK_NRPE: Receive underflow - only %ld bytes received (%ld expected).\n", (long)bytes_read, sizeof(buffer_size));
+				}
 			}
 			return -1;
 		} else
@@ -1542,8 +1560,8 @@ int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
 
 	if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
 		&& (sslprm.log_opts & SSL_LogCertDetails)) {
-		logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
-			   name, issuer, err, X509_verify_cert_error_string(err));
+		
+		logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s", name, issuer, err, X509_verify_cert_error_string(err));
 	}
 
 	return preverify_ok;
@@ -1565,11 +1583,15 @@ void alarm_handler(int sig)
 		if (timeout_txt[lth2] == 0)
 			break;
 
-	write(STDOUT_FILENO, msg1, sizeof(msg1) - 1);
-	write(STDOUT_FILENO, text, lth1);
-	write(STDOUT_FILENO, msg2, sizeof(msg2) - 1);
-	write(STDOUT_FILENO, timeout_txt, lth2);
-	write(STDOUT_FILENO, msg3, sizeof(msg3) - 1);
+	
+	if ((write(STDOUT_FILENO, msg1, sizeof(msg1) - 1) == -1)
+		|| (write(STDOUT_FILENO, text, lth1) == -1)
+		|| (write(STDOUT_FILENO, msg2, sizeof(msg2) - 1) == -1)
+		|| (write(STDOUT_FILENO, timeout_txt, lth2) == -1)
+		|| (write(STDOUT_FILENO, msg3, sizeof(msg3) - 1) == -1)) {
+
+		logit(LOG_ERR, "ERROR: alarm_handler() write(): %s", strerror(errno));
+	}
 
 	exit(timeout_return_code);
 }

src/nrpe.c

@@ -1,10 +1,10 @@
-/*******************************************************************************
+/****************************************************************************
  *
- * NRPE.C - Nagios Remote Plugin Executor
+ * nrpe.c - Nagios Remote Plugin Executor
  *
- * Copyright (c) 2009 Nagios Core Development Team and Community Contributors
- * Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * License: GPL
+ * License: GPLv2
+ * Copyright (c) 2009-2017 Nagios Enterprises
+ *               1999-2008 Ethan Galstad (nagios@nagios.org)
  *
  * Command line: nrpe -c <config_file> [--inetd | --daemon]
  *
@@ -16,13 +16,23 @@
  * such as check_users, check_load, check_disk, etc. without
  * having to use rsh or ssh.
  *
- ******************************************************************************/
-
-/*
- * 08-10-2011 IPv4 subnetworks support added.
- * Main change in nrpe.c is that is_an_allowed_host() moved to acl.c.
- * now allowed_hosts is parsed by parse_allowed_hosts() from acl.c.
- */
+ * License Notice:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ ****************************************************************************/
 
 #include "config.h"
 #include "common.h"
@@ -102,6 +112,8 @@ int       show_help = FALSE;
 int       show_license = FALSE;
 int       show_version = FALSE;
 int       use_inetd = TRUE;
+int 	  commands_running = 0;
+int       max_commands = 0;
 int       debug = FALSE;
 int       use_src = FALSE;		/* Define parameter for SRC option */
 int       no_forking = FALSE;
@@ -135,7 +147,11 @@ struct _SSL_PARMS {
 	ClntCerts client_certs;
 	SslLogging log_opts;
 } sslprm = {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+NULL, NULL, NULL, "ALL:!MD5:@STRENGTH:@SECLEVEL=0", TLSv1_plus, TRUE, 0, SSL_NoLogging};
+#else
 NULL, NULL, NULL, "ALL:!MD5:@STRENGTH", TLSv1_plus, TRUE, 0, SSL_NoLogging};
+#endif
 
 
 #ifdef HAVE_SSL
@@ -167,7 +183,10 @@ int main(int argc, char **argv)
 
 		/* get absolute path of current working directory */
 		strcpy(config_file, "");
-		getcwd(config_file, sizeof(config_file));
+		if (getcwd(config_file, sizeof(config_file)) == NULL) {
+			printf("ERROR: getcwd(): %s, bailing out...\n", strerror(errno));
+			exit(STATE_CRITICAL);
+		}
 
 		/* append a forward slash */
 		strncat(config_file, "/", sizeof(config_file) - 2);
@@ -263,6 +282,9 @@ void init_ssl(void)
 	/* initialize SSL */
 	SSL_load_error_strings();
 	SSL_library_init();
+	ENGINE_load_builtin_engines();
+	RAND_set_rand_engine(NULL);
+ 	ENGINE_register_all_complete();
 
 	meth = SSLv23_server_method();
 
@@ -408,7 +430,7 @@ void init_ssl(void)
 		SSL_CTX_set_verify(ctx, vrfy, verify_callback);
 		if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
 			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
-				logit(LOG_ERR, "Error: could not use certificate file '%s': %s\n",
+				logit(LOG_ERR, "Error: could not use CA certificate file '%s': %s\n",
 					   sslprm.cacert_file, ERR_reason_error_string(x));
 			}
 			SSL_CTX_free(ctx);
@@ -422,8 +444,14 @@ void init_ssl(void)
 			strcat(sslprm.cipher_list, ":!ADH");
 	} else {
 		/* use anonymous DH ciphers */
-		if (sslprm.allowDH == 2)
-			strcpy(sslprm.cipher_list, "ADH");
+		if (sslprm.allowDH == 2) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+			strncpy(sslprm.cipher_list, "ADH@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
+#else
+			strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
+#endif
+		}
+
 #ifdef USE_SSL_DH
 		dh = get_dh2048();
 		SSL_CTX_set_tmp_dh(ctx, dh);
@@ -452,12 +480,8 @@ void log_ssl_startup(void)
 		   sslprm.privatekey_file ? sslprm.privatekey_file : "None");
 	logit(LOG_INFO, "SSL CA Certificate File: %s",
 		   sslprm.cacert_file ? sslprm.cacert_file : "None");
-	if (sslprm.allowDH < 2)
-		logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
-	else
-		logit(LOG_INFO, "SSL Cipher List: ADH");
-	logit(LOG_INFO, "SSL Allow ADH: %s",
-		   sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
+	logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
+	logit(LOG_INFO, "SSL Allow ADH: %d", sslprm.allowDH == 0);
 	logit(LOG_INFO, "SSL Client Certs: %s",
 		   sslprm.client_certs == 0 ? "Don't Ask" : (sslprm.client_certs ==
 													 1 ? "Accept" : "Require"));
@@ -503,50 +527,57 @@ void log_ssl_startup(void)
 
 void usage(int result)
 {
-	printf("\n");
+	if (result != OK) {
+		printf("\n");
+		printf("Incorrect command line arguments supplied\n");
+		printf("\n");
+	}
 	printf("NRPE - Nagios Remote Plugin Executor\n");
-	printf("Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)\n");
 	printf("Version: %s\n", PROGRAM_VERSION);
-	printf("Last Modified: %s\n", MODIFICATION_DATE);
-	printf("License: GPL v2 with exemptions (-l for more info)\n");
+	printf("\n");
+	if (result != OK || show_help == TRUE) {
+		printf("Copyright (c) 2009-2017 Nagios Enterprises\n");
+		printf("              1999-2008 Ethan Galstad (nagios@nagios.org)\n");
+		printf("\n");
+		printf("Last Modified: %s\n", MODIFICATION_DATE);
+		printf("\n");
+		printf("License: GPL v2 with exemptions (-l for more info)\n");
+		printf("\n");
 #ifdef HAVE_SSL
-	printf("SSL/TLS Available, OpenSSL 0.9.6 or higher required\n");
+		printf("SSL/TLS Available, OpenSSL 0.9.6 or higher required\n");
+		printf("\n");
 #endif
 #ifdef HAVE_LIBWRAP
-	printf("TCP Wrappers Available\n");
+		printf("TCP Wrappers Available\n");
+		printf("\n");
 #endif
-	printf("\n");
 #ifdef ENABLE_COMMAND_ARGUMENTS
-	printf("***************************************************************\n");
-	printf("** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **\n");
-	printf("**      Read the NRPE SECURITY file for more information     **\n");
-	printf("***************************************************************\n");
-	printf("\n");
+		printf("***************************************************************\n");
+		printf("** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **\n");
+		printf("**      Read the NRPE SECURITY file for more information     **\n");
+		printf("***************************************************************\n");
+		printf("\n");
 #endif
 #ifndef HAVE_LIBWRAP
-	printf("***************************************************************\n");
-	printf("** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE!  **\n");
-	printf("**      Read the NRPE SECURITY file for more information     **\n");
-	printf("***************************************************************\n");
-	printf("\n");
+		printf("***************************************************************\n");
+		printf("** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE!  **\n");
+		printf("**      Read the NRPE SECURITY file for more information     **\n");
+		printf("***************************************************************\n");
+		printf("\n");
 #endif
-
-	if (show_license == TRUE)
-		display_license();
-
-	if (result != OK || show_help == TRUE) {
-		printf("Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>\n");
+		printf("Usage: nrpe [-V] [-n] -c <config_file> [-4|-6] <mode>\n");
 		printf("\n");
 		printf("Options:\n");
-		printf(" -n               = Do not use SSL\n");
-		printf(" -c <config_file> = Name of config file to use\n");
-		printf(" -4               = use ipv4 only\n");
-		printf(" -6               = use ipv6 only\n");
-		printf(" <mode>           = One of the following operating modes:\n");
-		printf("   -i             =    Run as a service under inetd or xinetd\n");
-		printf("   -d             =    Run as a standalone daemon\n");
-		printf("   -d -s          =    Run as a subsystem under AIX\n");
-		printf("   -f             =    Don't fork() for systemd, launchd, etc.\n");
+		printf(" -V, --version         Print version info and quit\n");
+		printf(" -n, --no-ssl          Do not use SSL\n");
+		printf(" -c, --config=FILE     Name of config file to use\n");
+		printf(" -4, --ipv4            Use ipv4 only\n");
+		printf(" -6, --ipv6            Use ipv6 only\n");
+		printf(" <mode> (One of the following operating modes)\n");
+		printf("   -i, --inetd         Run as a service under inetd or xinetd\n");
+		printf("   -d, --daemon        Run as a standalone daemon\n");
+		printf("   -s, --src           Run as a subsystem under AIX\n");
+		printf("   -f, --no-forking    Don't fork() (for systemd, launchd, etc.)\n");
 		printf("\n");
 		printf("Notes:\n");
 		printf("This program is designed to process requests from the check_nrpe\n");
@@ -559,6 +590,9 @@ void usage(int result)
 		printf("\n");
 	}
 
+	if (show_license == TRUE)
+		display_license();
+
 	exit(STATE_UNKNOWN);
 }
 
@@ -621,6 +655,11 @@ void set_stdio_sigs(void)
 	struct sigaction sig_action;
 #endif
 
+	if (chdir("/") == -1) {
+		printf("ERROR: chdir(): %s, bailing out...\n", strerror(errno));
+		exit(STATE_CRITICAL);
+	}
+
 	close(0);					/* close standard file descriptors */
 	close(1);
 	close(2);
@@ -628,8 +667,6 @@ void set_stdio_sigs(void)
 	open("/dev/null", O_WRONLY);
 	open("/dev/null", O_WRONLY);
 
-	chdir("/");
-
 	/* handle signals */
 #ifdef HAVE_SIGACTION
 	sig_action.sa_sigaction = NULL;
@@ -786,6 +823,14 @@ int read_config_file(char *filename)
 			if (read_config_file(varvalue) == ERROR)
 				logit(LOG_ERR, "Continuing with errors...");
 
+		} else if (!strcmp(varname, "max_commands")) {
+
+			max_commands = atoi(varvalue);
+			if (max_commands < 0) {
+				logit(LOG_WARNING, "max_commands set too low, setting to 0\n");
+				max_commands = 0;
+			}
+
 		} else if (!strcmp(varname, "server_port")) {
 			server_port = atoi(varvalue);
 			if (server_port < 1024) {
@@ -1407,7 +1452,7 @@ int wait_conn_fork(int sock)
 	pid = fork();
 
 	if (pid < 0) {
-		logit(LOG_ERR, "fork() failed with error %d, bailing out...", errno);
+		logit(LOG_ERR, "Second fork() failed with error %d, bailing out...", errno);
 		exit(STATE_CRITICAL);
 	}
 
@@ -1500,10 +1545,10 @@ void conn_check_peer(int sock)
 	}
 
 	if (debug == TRUE)
-		logit(LOG_INFO, "CONN_CHECK_PEER: is this a blessed machine: %s port %d\n",
+		logit(LOG_INFO, "CONN_CHECK_PEER: checking if host is allowed: %s port %d\n",
 			 remote_host, nptr->sin_port);
 
-	/* is this is a blessed machine? */
+	/* is this host allowed? */
 	if (allowed_hosts) {
 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE
 		switch (addr.ss_family) {
@@ -1707,7 +1752,7 @@ void handle_connection(int sock)
 				send_buff = calloc(1, sizeof(buffer));
 				strcpy(send_buff, buffer);
 			}
-			result = STATE_CRITICAL;
+			result = STATE_UNKNOWN;
 
 		} else {
 
@@ -1873,31 +1918,29 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
 
 	/* keep attempting the request if needed */
 	while (((rc = SSL_accept(ssl)) != 1)
-		   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) ;
+			&& (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ));
 
 	if (rc != 1) {
 		/* oops, got an unrecoverable error -- get out */
 		if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
-			int       nerrs = 0;
+			int nerrs = 0;
 			rc = 0;
 			while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
 				errmsg = ERR_reason_error_string(x);
-				logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
-					   remote_host, errmsg);
-				if (errmsg && !strcmp(errmsg, "no shared cipher")) {
-					if (sslprm.cert_file == NULL || sslprm.cacert_file == NULL)
-						logit(LOG_ERR, "Error: This could be because you have not "
-								"specified certificate or ca-certificate files");
-				}
+				logit(LOG_ERR, "Error: (ERR_get_error_line_data = %d), Could not complete SSL handshake with %s: %s", x, remote_host, errmsg);
+				
+				if (errmsg && !strcmp(errmsg, "no shared cipher") && (sslprm.cert_file == NULL || sslprm.cacert_file == NULL))
+					logit(LOG_ERR, "Error: This could be because you have not specified certificate or ca-certificate files");
+
 				++nerrs;
 			}
-			if (nerrs == 0)
-				logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %d",
-					   remote_host, SSL_get_error(ssl, rc));
 
-		} else
-			logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %d",
-				   remote_host, SSL_get_error(ssl, rc));
+			if (nerrs == 0) {
+				logit(LOG_ERR, "Error: (nerrs = 0) Could not complete SSL handshake with %s: %d", remote_host, SSL_get_error(ssl, rc));
+			}
+		} else {
+			logit(LOG_ERR, "Error: (!log_opts) Could not complete SSL handshake with %s: %d", remote_host, SSL_get_error(ssl, rc));
+		}
 # ifdef DEBUG
 		errfp = fopen("/tmp/err.log", "a");
 		ERR_print_errors_fp(errfp);
@@ -1908,27 +1951,30 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
 
 	/* successful handshake */
 	if (sslprm.log_opts & SSL_LogVersion)
-		logit(LOG_NOTICE, "Remote %s - SSL Version: %s",
-			   remote_host, SSL_get_version(ssl));
+		logit(LOG_NOTICE, "Remote %s - SSL Version: %s", remote_host, SSL_get_version(ssl));
+
 	if (sslprm.log_opts & SSL_LogCipher) {
 		c = SSL_get_current_cipher(ssl);
-		logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", remote_host,
-			   SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+		logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", remote_host, SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
 	}
 
 	if ((sslprm.log_opts & SSL_LogIfClientCert)
-		|| (sslprm.log_opts & SSL_LogCertDetails))
-	{
+		|| (sslprm.log_opts & SSL_LogCertDetails)) {
+
+
 		peer = SSL_get_peer_certificate(ssl);
 
 		if (peer) {
 			if (sslprm.log_opts & SSL_LogIfClientCert)
-				logit(LOG_NOTICE, "SSL Client %s has %svalid certificate",
-					   remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
+				logit(LOG_NOTICE, "SSL Client %s has %s certificate",
+					   remote_host, SSL_get_verify_result(ssl) == X509_V_OK ? "a valid" : "an invalid");
+
 			if (sslprm.log_opts & SSL_LogCertDetails) {
+
 				X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
 				logit(LOG_NOTICE, "SSL Client %s Cert Name: %s",
 					   remote_host, buffer);
+
 				X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
 				logit(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
 					   remote_host, buffer);
@@ -2129,7 +2175,19 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
 	if (command == NULL)		/* if no command was passed, return with no error */
 		return STATE_OK;
 
-	pipe(fd);					/* create a pipe */
+	/* make sure that we are within max_commands boundaries before attempting */
+	if (max_commands != 0) {
+		while (commands_running >= max_commands) {
+			logit(LOG_WARNING, "Commands choked. Sleeping 1s - commands_running: %d, max_commands: %d", commands_running, max_commands);
+			sleep(1);
+		}
+	}
+
+	/* create a pipe */
+	if (pipe(fd) == -1) {
+		logit(LOG_ERR, "ERROR: pipe(): %s, bailing out...", strerror(errno));
+		exit(STATE_CRITICAL);
+	}
 
 	/* make the pipe non-blocking */
 	fcntl(fd[0], F_SETFL, O_NONBLOCK);
@@ -2161,7 +2219,12 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
 
 	/* execute the command in the child process */
 	if (pid == 0) {
-		SETEUID(0);				/* get root back so the next call works correctly */
+
+		/* get root back so the next call works correctly */
+		if (SETEUID(0) == -1) {
+			logit(LOG_ERR, "ERROR: my_system() seteuid(0): %s, bailing out...", strerror(errno));
+			exit(STATE_CRITICAL);
+		}
 		drop_privileges(nrpe_user, nrpe_group, 1);	/* drop privileges */
 		close(fd[0]);			/* close pipe for reading */
 		setpgid(0, 0);			/* become process group leader */
@@ -2184,8 +2247,11 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
 		if (fp == NULL) {
 			strncpy(buffer, "NRPE: Call to popen() failed\n", sizeof(buffer) - 1);
 			buffer[sizeof(buffer) - 1] = '\x0';
+
 			/* write the error back to the parent process */
-			write(fd[1], buffer, strlen(buffer) + 1);
+			if (write(fd[1], buffer, strlen(buffer) + 1) == -1)
+				logit(LOG_ERR, "ERROR: my_system() write(fd, buffer)-1 failed...");
+
 			result = STATE_CRITICAL;
 
 		} else {
@@ -2193,10 +2259,13 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
 			/* read all lines of output - supports Nagios 3.x multiline output */
 			while ((bytes_read = fread(buffer, 1, sizeof(buffer) - 1, fp)) > 0) {
 				/* write the output back to the parent process */
-				write(fd[1], buffer, bytes_read);
+				if (write(fd[1], buffer, bytes_read) == -1)
+					logit(LOG_ERR, "ERROR: my_system() write(fd, buffer)-2 failed...");
 			}
 
-			write(fd[1], "\0", 1);
+			if (write(fd[1], "\0", 1) == -1)
+				logit(LOG_ERR, "ERROR: my_system() write(fd, NULL) failed...");
+
 			status = pclose(fp);	/* close the command and get termination status */
 
 			/* report an error if we couldn't close the command */
@@ -2216,6 +2285,8 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
 	} else {
 		/* parent waits for child to finish executing command */
 
+		commands_running++;
+
 		close(fd[1]);			/* close pipe for writing */
 		waitpid(pid, &status, 0);	/* wait for child to exit */
 		time(&end_time);		/* get the end time for running the command */
@@ -2266,6 +2337,8 @@ int my_system(char *command, int timeout, int *early_timeout, char **output)
 		}
 
 		close(fd[0]);			/* close the pipe for reading */
+
+		commands_running--;
 	}
 
 #ifdef DEBUG
@@ -2342,11 +2415,9 @@ int drop_privileges(char *user, char *group, int full_drop)
 			/* initialize supplementary groups */
 			if (initgroups(user, gid) == -1) {
 				if (errno == EPERM)
-					logit(LOG_ERR,
-						   "Warning: Unable to change supplementary groups using initgroups()");
+					logit(LOG_ERR, "Warning: Unable to change supplementary groups using initgroups()");
 				else {
-					logit(LOG_ERR,
-						   "Warning: Possibly root user failed dropping privileges with initgroups()");
+					logit(LOG_ERR, "Warning: Possibly root user failed dropping privileges with initgroups()");
 					return ERROR;
 				}
 			}
@@ -2391,9 +2462,7 @@ int write_pid_file(void)
 
 			else {
 				/* previous process is still running */
-				logit(LOG_ERR,
-					   "There's already an NRPE server running (PID %lu).  Bailing out...",
-					   (unsigned long)pid);
+				logit(LOG_ERR, "There's already an NRPE server running (PID %lu).  Bailing out...", (unsigned long)pid);
 				return ERROR;
 			}
 		}
@@ -2402,7 +2471,10 @@ int write_pid_file(void)
 	/* write new pid file */
 	if ((fd = open(pid_file, O_WRONLY | O_CREAT, 0644)) >= 0) {
 		sprintf(pbuf, "%d\n", (int)getpid());
-		write(fd, pbuf, strlen(pbuf));
+
+		if (write(fd, pbuf, strlen(pbuf)) == -1)
+			logit(LOG_ERR, "ERROR: write_pid_file() write(fd, pbuf) failed...");
+
 		close(fd);
 		wrote_pid_file = TRUE;
 	} else {
@@ -2421,7 +2493,12 @@ int remove_pid_file(void)
 	if (wrote_pid_file == FALSE)
 		return OK;				/* pid file was not written */
 
-	SETEUID(0);					/* get root back so we can delete the pid file */
+	/* get root back so we can delete the pid file */
+	if (SETEUID(0) == -1) {
+		logit(LOG_ERR, "ERROR: remove_pid_file() seteuid(0): %s, bailing out...", strerror(errno));
+		return ERROR;
+	}
+
 	if (unlink(pid_file) == -1) {
 		logit(LOG_ERR, "Cannot remove pidfile '%s' - check your privileges.", pid_file);
 		return ERROR;
@@ -2587,8 +2664,7 @@ int validate_request(v2_packet * v2pkt, v3_packet * v3pkt)
 	if (strchr(v2pkt->buffer, '!')) {
 #ifdef ENABLE_COMMAND_ARGUMENTS
 		if (allow_arguments == FALSE) {
-			logit(LOG_ERR,
-				   "Error: Request contained command arguments, but argument option is not enabled!");
+			logit(LOG_ERR, "Error: Request contained command arguments, but argument option is not enabled!");
 			return ERROR;
 		}
 #else
@@ -2631,8 +2707,7 @@ int validate_request(v2_packet * v2pkt, v3_packet * v3pkt)
 				return ERROR;
 # else
 				if (FALSE == allow_bash_cmd_subst) {
-					logit(LOG_ERR,
-						   "Error: Request contained a bash command substitution, but they are disallowed!");
+					logit(LOG_ERR, "Error: Request contained a bash command substitution, but they are disallowed!");
 					return ERROR;
 				}
 # endif
@@ -2737,11 +2812,12 @@ int process_arguments(int argc, char **argv)
 		{"src", no_argument, 0, 's'},
 		{"no-forking", no_argument, 0, 'f'},
 		{"4", no_argument, 0, '4'},
-		{"6", no_argument, 0, '4'},
+		{"ipv6", no_argument, 0, '6'},
 		{"daemon", no_argument, 0, 'd'},
 		{"no-ssl", no_argument, 0, 'n'},
 		{"help", no_argument, 0, 'h'},
 		{"license", no_argument, 0, 'l'},
+		{"version", no_argument, 0, 'V'},
 		{0, 0, 0, 0}
 	};
 #endif
@@ -2771,6 +2847,7 @@ int process_arguments(int argc, char **argv)
 
 		case 'V':
 			show_version = TRUE;
+			have_mode = TRUE;
 			break;
 
 		case 'l':

src/utils.c

@@ -1,17 +1,16 @@
 /****************************************************************************
  *
- * UTILS.C - NRPE Utility Functions
+ * utils.c - NRPE Utility Functions
  *
- * License: GPL
- * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
- *
- * Last Modified: 12-11-2006
+ * License: GPLv2
+ * Copyright (c) 2009-2017 Nagios Enterprises
+ *               1999-2008 Ethan Galstad (nagios@nagios.org)
  *
  * Description:
  *
  * This file contains common network functions used in nrpe and check_nrpe.
  *
- * License Information:
+ * License Notice:
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -58,7 +57,7 @@ static unsigned long crc32_table[256];
 char *log_file = NULL;
 FILE *log_fp = NULL;
 
-static int my_create_socket(struct addrinfo *ai, const char *bind_address);
+static int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr);
 
 
 /* build the crc table - must be called before calculating the crc value */
@@ -134,10 +133,10 @@ void randomize_buffer(char *buffer, int buffer_size)
 /* opens a connection to a remote host */
 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE
 int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
-			   int address_family, const char *bind_address)
+			   int address_family, const char *bind_address, int redirect_stderr)
 #else
 int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
-			   int address_family, const char *bind_address)
+			   int address_family, const char *bind_address, int redirect_stderr)
 #endif
 {
 	struct addrinfo hints, *ai, *aitop;
@@ -145,12 +144,16 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 	int gaierr;
 	int sock = -1;
 
+	FILE *output = stderr;
+	if (redirect_stderr)
+		output = stdout;
+
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = address_family;
 	hints.ai_socktype = SOCK_STREAM;
 	snprintf(strport, sizeof strport, "%u", port);
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
-		fprintf(stderr, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
+		fprintf(output, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
 		exit(1);
 	}
 
@@ -163,12 +166,12 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 			continue;
 		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
 						strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
-			fprintf(stderr, "my_connect: getnameinfo failed\n");
+			fprintf(output, "my_connect: getnameinfo failed\n");
 			continue;
 		}
 
 		/* Create a socket for connecting. */
-		sock = my_create_socket(ai, bind_address);
+		sock = my_create_socket(ai, bind_address, redirect_stderr);
 		if (sock < 0)
 			continue;			/* Any error is already output */
 
@@ -177,7 +180,7 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 			memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
 			break;
 		} else {
-			fprintf(stderr, "connect to address %s port %s: %s\n", ntop, strport,
+			fprintf(output, "connect to address %s port %s: %s\n", ntop, strport,
 					strerror(errno));
 			close(sock);
 			sock = -1;
@@ -188,21 +191,25 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 
 	/* Return failure if we didn't get a successful connection. */
 	if (sock == -1) {
-		fprintf(stderr, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
+		fprintf(output, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
 		return -1;
 	}
 	return sock;
 }
 
 /* Creates a socket for the connection. */
-int my_create_socket(struct addrinfo *ai, const char *bind_address)
+int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr)
 {
 	int sock, gaierr;
 	struct addrinfo hints, *res;
 
+	FILE *output = stderr;
+	if (redirect_stderr)
+		output = stdout;
+
 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
 	if (sock < 0)
-		fprintf(stderr, "socket: %.100s\n", strerror(errno));
+		fprintf(output, "socket: %.100s\n", strerror(errno));
 
 	/* Bind the socket to an alternative local IP address */
 	if (bind_address == NULL)
@@ -215,12 +222,12 @@ int my_create_socket(struct addrinfo *ai, const char *bind_address)
 	hints.ai_flags = AI_PASSIVE;
 	gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
 	if (gaierr) {
-		fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
+		fprintf(output, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
 		close(sock);
 		return -1;
 	}
 	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-		fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
+		fprintf(output, "bind: %s: %s\n", bind_address, strerror(errno));
 		close(sock);
 		freeaddrinfo(res);
 		return -1;

startup/gentoo-init.in

@@ -0,0 +1,49 @@
+#!/sbin/openrc-run
+#
+# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+#
+# Start/stop the nrpe daemon.
+#
+# Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
+
+extra_started_commands="reload"
+
+NRPE_BIN="@sbindir@/nrpe"
+NRPE_PID="@piddir@/nrpe.pid"
+NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
+
+depend() {
+	use logger dns net localmount netmount nfsmount
+}
+
+checkconfig() {
+	# Make sure the config file exists
+	if [ ! -f $NRPE_CFG ]; then
+		eerror "You need to setup $NRPE_CFG."
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting nrpe"
+	# Make sure we have a sane current directory
+	cd /
+	start-stop-daemon --start --exec $NRPE_BIN --pidfile $NRPE_PID \
+		--background -- -c $NRPE_CFG -f $NRPE_OPTS
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping nrpe"
+	start-stop-daemon --stop --exec $NRPE_BIN --pidfile $NRPE_PID
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading nrpe"
+	start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
+		--pidfile $NRPE_PID --signal HUP
+	eend $?
+}

startup/openrc-init.in

@@ -19,7 +19,7 @@ depend() {
 checkconfig() {
 	# Make sure the config file exists
 	if [ ! -f $NRPE_CFG ]; then
-		eerror "You need to setup $NRPE_CFG.
+		eerror "You need to setup $NRPE_CFG."
 		return 1
 	fi
 	return 0
@@ -31,7 +31,7 @@ start() {
 	# Make sure we have a sane current directory
 	cd /
 	start-stop-daemon --start --exec $NRPE_BIN --pidfile $PID_FILE \
-		-- -c $NRPE_CFG -f $NRPE_OPTS
+		--background -- -c $NRPE_CFG -f $NRPE_OPTS
 	eend $?
 }
 

update-version

@@ -28,10 +28,10 @@ else
 fi
 
 # Current version number
-CURRENTVERSION=3.1.1
+CURRENTVERSION=3.2.0
 
 # Last date
-LASTDATE=2017-05-24
+LASTDATE=2017-06-26
 
 if [ "x$1" = "x" ]
 then