diff --git a/templates/nrpe_cfg.erb b/templates/nrpe_cfg.erb index 800642d..afa46ae 100644 --- a/templates/nrpe_cfg.erb +++ b/templates/nrpe_cfg.erb @@ -24,73 +24,13 @@ listen_queue_size=<%= @ne_listen_queue_size %> nrpe_user=<%= @ne_user %> nrpe_group=<%= @ne_user %> +allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %> +dont_blame_nrpe=<%= @ne_dont_blame_nrpe %> +allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %> -# ALLOWED HOST ADDRESSES -# This is an optional comma-delimited list of IP address or hostnames -# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask -# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently -# supported. -# -# Note: The daemon only does rudimentary checking of the client's IP -# address. I would highly recommend adding entries in your /etc/hosts.allow -# file to allow only the specified host to connect to the port -# you are running this daemon on. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -allowed_hosts=127.0.0.1,::1 - - -# COMMAND ARGUMENT PROCESSING -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments to commands that are executed. This option only works -# if the daemon was configured with the --enable-command-args configure script -# option. -# -# *** ENABLING THIS OPTION IS A SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow arguments, 1=allow command arguments - -dont_blame_nrpe=0 - - -# BASH COMMAND SUBSTITUTION -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments that contain bash command substitutions of the form -# $(...). This option only works if the daemon was configured with both -# the --enable-command-args and --enable-bash-command-substitution configure -# script options. -# -# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow bash command substitutions, -# 1=allow bash command substitutions - -allow_bash_command_substitution=0 - - -# COMMAND PREFIX -# This option allows you to prefix all commands with a user-defined string. -# A space is automatically added between the specified prefix string and the -# command line from the command definition. -# -# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** -# Usage scenario: -# Execute restricted commmands using sudo. For this to work, you need to add -# the nagios user to your /etc/sudoers. An example entry for allowing -# execution of the plugins from might be: -# -# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ -# -# This lets the nagios user run all commands in that directory (and only them) -# without asking for a password. If you do this, make sure you don't give -# random users write access to that directory or its contents! - -# command_prefix=/usr/bin/sudo +<% if @ne_allow_sudo == true -%> +command_prefix=<%= @ne_command_prefix %> +<% end -%> # COMMAND TIMEOUT @@ -247,13 +187,7 @@ command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 -#allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %> -#dont_blame_nrpe=<%= @ne_dont_blame_nrpe %> -#allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %> -#<% if @ne_allow_sudo == true -%> -#command_prefix=<%= @ne_command_prefix %> -#<% end -%> #command_timeout=<%= @ne_command_timeout %> #connection_timeout=<%= @ne_connection_timeout %>