Ticket #2498: add-nrpe.diff

File add-nrpe.diff, 11.0 KB (added by anonymous, 9 years ago)
  • files/nrpe.cfg

     
     1############################################################################# 
     2# Sample NRPE Config File  
     3# Written by: Ethan Galstad (nagios@nagios.org) 
     4#  
     5# Last Modified: 03-09-2007 
     6# 
     7# NOTES: 
     8# This is a sample configuration file for the NRPE daemon.  It needs to be 
     9# located on the remote host that is running the NRPE daemon, not the host 
     10# from which the check_nrpe client is being executed. 
     11############################################################################# 
     12 
     13 
     14# PID FILE 
     15# The name of the file in which the NRPE daemon should write it's process ID 
     16# number.  The file is only written if the NRPE daemon is started by the root 
     17# user and is running in standalone mode. 
     18 
     19pid_file=/var/run/nrpe.pid 
     20 
     21 
     22 
     23# PORT NUMBER 
     24# Port number we should wait for connections on. 
     25# NOTE: This must be a non-priviledged port (i.e. > 1024). 
     26# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 
     27 
     28server_port=5666 
     29 
     30 
     31 
     32# SERVER ADDRESS 
     33# Address that nrpe should bind to in case there are more than one interface 
     34# and you do not want nrpe to bind on all interfaces. 
     35# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 
     36 
     37server_address=192.168.1.1 
     38 
     39 
     40# NRPE USER 
     41# This determines the effective user that the NRPE daemon should run as.   
     42# You can either supply a username or a UID. 
     43#  
     44# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 
     45 
     46nrpe_user=nagios 
     47 
     48 
     49 
     50# NRPE GROUP 
     51# This determines the effective group that the NRPE daemon should run as.   
     52# You can either supply a group name or a GID. 
     53#  
     54# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 
     55 
     56nrpe_group=nagios 
     57 
     58 
     59 
     60# ALLOWED HOST ADDRESSES 
     61# This is an optional comma-delimited list of IP address or hostnames  
     62# that are allowed to talk to the NRPE daemon. 
     63# 
     64# Note: The daemon only does rudimentary checking of the client's IP 
     65# address.  I would highly recommend adding entries in your /etc/hosts.allow 
     66# file to allow only the specified host to connect to the port 
     67# you are running this daemon on. 
     68# 
     69# NOTE: This option is ignored if NRPE is running under either inetd or xinetd 
     70 
     71allowed_hosts=192.168.1.2 
     72  
     73 
     74 
     75# COMMAND ARGUMENT PROCESSING 
     76# This option determines whether or not the NRPE daemon will allow clients 
     77# to specify arguments to commands that are executed.  This option only works 
     78# if the daemon was configured with the --enable-command-args configure script 
     79# option.   
     80# 
     81# *** ENABLING THIS OPTION IS A SECURITY RISK! ***  
     82# Read the SECURITY file for information on some of the security implications 
     83# of enabling this variable. 
     84# 
     85# Values: 0=do not allow arguments, 1=allow command arguments 
     86 
     87dont_blame_nrpe=0 
     88 
     89 
     90 
     91# COMMAND PREFIX 
     92# This option allows you to prefix all commands with a user-defined string. 
     93# A space is automatically added between the specified prefix string and the 
     94# command line from the command definition. 
     95# 
     96# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** 
     97# Usage scenario:  
     98# Execute restricted commmands using sudo.  For this to work, you need to add 
     99# the nagios user to your /etc/sudoers.  An example entry for alllowing  
     100# execution of the plugins from might be: 
     101# 
     102# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ 
     103# 
     104# This lets the nagios user run all commands in that directory (and only them) 
     105# without asking for a password.  If you do this, make sure you don't give 
     106# random users write access to that directory or its contents! 
     107 
     108# command_prefix=/usr/bin/sudo  
     109 
     110 
     111 
     112# DEBUGGING OPTION 
     113# This option determines whether or not debugging messages are logged to the 
     114# syslog facility. 
     115# Values: 0=debugging off, 1=debugging on 
     116 
     117debug=0 
     118 
     119 
     120 
     121# COMMAND TIMEOUT 
     122# This specifies the maximum number of seconds that the NRPE daemon will 
     123# allow plugins to finish executing before killing them off. 
     124 
     125command_timeout=60 
     126 
     127 
     128 
     129# CONNECTION TIMEOUT 
     130# This specifies the maximum number of seconds that the NRPE daemon will 
     131# wait for a connection to be established before exiting. This is sometimes 
     132# seen where a network problem stops the SSL being established even though 
     133# all network sessions are connected. This causes the nrpe daemons to 
     134# accumulate, eating system resources. Do not set this too low. 
     135 
     136connection_timeout=300 
     137 
     138 
     139 
     140# WEEK RANDOM SEED OPTION 
     141# This directive allows you to use SSL even if your system does not have 
     142# a /dev/random or /dev/urandom (on purpose or because the necessary patches 
     143# were not applied). The random number generator will be seeded from a file 
     144# which is either a file pointed to by the environment valiable $RANDFILE 
     145# or $HOME/.rnd. If neither exists, the pseudo random number generator will 
     146# be initialized and a warning will be issued. 
     147# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness 
     148 
     149#allow_weak_random_seed=1 
     150 
     151 
     152 
     153# INCLUDE CONFIG FILE 
     154# This directive allows you to include definitions from an external config file. 
     155 
     156#include=<somefile.cfg> 
     157 
     158 
     159 
     160# INCLUDE CONFIG DIRECTORY 
     161# This directive allows you to include definitions from config files (with a 
     162# .cfg extension) in one or more directories (with recursion). 
     163 
     164#include_dir=<somedirectory> 
     165#include_dir=<someotherdirectory> 
     166 
     167 
     168 
     169# COMMAND DEFINITIONS 
     170# Command definitions that this daemon will run.  Definitions 
     171# are in the following format: 
     172# 
     173# command[<command_name>]=<command_line> 
     174# 
     175# When the daemon receives a request to return the results of <command_name> 
     176# it will execute the command specified by the <command_line> argument. 
     177# 
     178# Unlike Nagios, the command line cannot contain macros - it must be 
     179# typed exactly as it should be executed. 
     180# 
     181# Note: Any plugins that are used in the command lines must reside 
     182# on the machine that this daemon is running on!  The examples below 
     183# assume that you have plugins installed in a /usr/local/nagios/libexec 
     184# directory.  Also note that you will have to modify the definitions below 
     185# to match the argument format the plugins expect.  Remember, these are 
     186# examples only! 
     187 
     188 
     189# The following examples use hardcoded command arguments... 
     190 
     191command[check_users]=/usr/libexec/nagios/check_users -w 3 -c 5 
     192command[check_load]=/usr/libexec/nagios/check_load -w 7,4,2 -c 10,5,3 
     193command[check_tmp]=/usr/libexec/nagios/check_disk -w 50% -c 25% -p /tmp 
     194command[check_zombie_procs]=/usr/libexec/nagios/check_procs -w 1 -c 3 -s Z 
     195command[check_total_procs]=/usr/libexec/nagios/check_procs -w 25 -c 30 
     196 
     197 
     198 
     199# The following examples allow user-supplied arguments and can 
     200# only be used if the NRPE daemon was compiled with support for  
     201# command arguments *AND* the dont_blame_nrpe directive in this 
     202# config file is set to '1'.  This poses a potential security risk, so 
     203# make sure you read the SECURITY file before doing this. 
     204 
     205#command[check_users]=/usr/lib/check_users -w $ARG1$ -c $ARG2$ 
     206#command[check_load]=/usr/lib/check_load -w $ARG1$ -c $ARG2$ 
     207#command[check_disk]=/usr/lib/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ 
     208#command[check_procs]=/usr/lib/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ 
  • files/nrpe.init

     
     1#!/bin/sh /etc/rc.common 
     2# Copyright (C) 2007 OpenWrt.org 
     3 
     4START=70 
     5 
     6start() { 
     7        /usr/sbin/nrpe -c /etc/nrpe.cfg -d 
     8} 
     9 
     10stop() { 
     11        killall nrpe 
     12} 
  • patches/100-openssl-dh.patch

     
     1Index: nrpe-2.8.1/configure 
     2=================================================================== 
     3--- nrpe-2.8.1.orig/configure   2007-10-11 14:40:36.000000000 +0200 
     4+++ nrpe-2.8.1/configure        2007-10-11 14:40:36.000000000 +0200 
     5@@ -6073,11 +6073,9 @@ 
     6  
     7                                echo "" 
     8                echo "*** Generating DH Parameters for SSL/TLS ***" 
     9-               if test -f "$ssldir/sbin/openssl"; then 
     10-                       sslbin=$ssldir/sbin/openssl 
     11-               else 
     12-                       sslbin=$ssldir/bin/openssl 
     13-               fi 
     14+               # Use host openssl as it just generates some random stuff, 
     15+               # nothing machine-specific 
     16+               sslbin=/usr/bin/openssl 
     17                # awk to strip off meta data at bottom of dhparam output 
     18                $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h 
     19        fi 
  • Makefile

     
     1# 
     2# Copyright (C) 2007 OpenWrt.org 
     3# 
     4# This is free software, licensed under the GNU General Public License v2. 
     5# See /LICENSE for more information. 
     6# 
     7# 
     8 
     9include $(TOPDIR)/rules.mk 
     10 
     11PKG_NAME:=nrpe 
     12PKG_VERSION:=2.8.1 
     13PKG_RELEASE:=1 
     14 
     15PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 
     16PKG_SOURCE_URL:=@SF/nagios 
     17PKG_MD5SUM:= 
     18 
     19include $(INCLUDE_DIR)/package.mk 
     20 
     21define Package/nrpe 
     22  SECTION:=net 
     23  CATEGORY:=Network 
     24  DEPENDS:=+libopenssl 
     25  TITLE:=Daemon to execute Nagios check commands on remote hosts 
     26  URL:=http://www.nagios.org/download 
     27endef 
     28 
     29define Package/nrpe/description 
     30 NOTE: several assumptions are made: 
     31 1) As openssl is used to generate some stuff during "configure" it is  
     32 assumed that openssl is installed on compiling PC in its default 
     33 location (i.e. accessible as /usr/bin/openssl). 
     34 2) "nagios" user and group should exist on your openwrt installation. 
     35endef 
     36 
     37define Package/nrpe/postinst 
     38#!/bin/sh 
     39 
     40id=50 
     41name=nagios 
     42home=/var/run/nagios 
     43shell=/bin/false 
     44 
     45# do not change below 
     46# check if we are on real system 
     47if [ -z "$${IPKG_INSTROOT}" ]; then 
     48        # create copies of passwd and group, if we use squashfs 
     49        rootfs=`mount |awk '/root/ { print $$5 }'` 
     50        if [ "$$rootfs" = "squashfs" ]; then 
     51                if [ -h /etc/group ]; then 
     52                        rm /etc/group 
     53                        cp -p /rom/etc/group /etc/group 
     54                fi 
     55                if [ -h /etc/passwd ]; then 
     56                        rm /etc/passwd 
     57                        cp -p /rom/etc/passwd /etc/passwd 
     58                fi 
     59        fi 
     60fi 
     61 
     62echo "" 
     63if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/group)" ]; then 
     64        echo "adding group $$name to /etc/group" 
     65        echo "$${name}:x:$${id}:" >> $${IPKG_INSTROOT}/etc/group 
     66fi 
     67if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/passwd)" ]; then 
     68        echo "adding user $$name to /etc/passwd" 
     69        echo "$${name}:x:$${id}:$${id}:$${name}:$${home}:$${shell}" >> $${IPKG_INSTROOT}/etc/passwd 
     70fi 
     71endef 
     72 
     73CONFIGURE_ARGS += \ 
     74        --with-ssl="$(STAGING_DIR)/usr" \ 
     75 
     76define Package/nrpe/install 
     77        $(INSTALL_DIR) $(1)/usr/sbin 
     78        $(INSTALL_DIR) $(1)/etc 
     79        $(INSTALL_DIR) $(1)/etc/init.d 
     80        $(INSTALL_DATA) ./files/nrpe.cfg $(1)/etc/nrpe.cfg 
     81        $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/nrpe $(1)/usr/sbin 
     82        $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) 
     83endef 
     84 
     85$(eval $(call BuildPackage,nrpe))