From fbc889df9568acb633dd77a2bf0386110d080b1c Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Fri, 28 Jul 2017 18:22:31 +0100 Subject: [PATCH 1/3] fixed file permissions --- manifests/main/files.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 2358aed..5b3c305 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -33,7 +33,7 @@ class cd_nrpe::main::files ( path => $ne_main_conf_file, owner => 'root', group => 'root', - mode => '0640', + mode => '0644', selrange => s0, selrole => object_r, seltype => nrpe_etc_t, @@ -49,7 +49,7 @@ class cd_nrpe::main::files ( path => $ne_nrpe_conf_file, owner => 'root', group => 'root', - mode => '0640', + mode => '0644', selrange => s0, selrole => object_r, seltype => etc_t, From 5c1cd68c891ead9842e00de635606d18b488d71e Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Fri, 28 Jul 2017 18:23:17 +0100 Subject: [PATCH 2/3] updated template --- templates/nrpe_cfg.erb | 356 ++++------------------------------------- 1 file changed, 33 insertions(+), 323 deletions(-) diff --git a/templates/nrpe_cfg.erb b/templates/nrpe_cfg.erb index e99585f..150652f 100644 --- a/templates/nrpe_cfg.erb +++ b/templates/nrpe_cfg.erb @@ -6,344 +6,54 @@ ########## https://confdroid.com/2017/07/nrpe-nrpe-cfg/ ########## ################################################################################ +log_facility=<%= @ne_log_facility %> -# LOG FACILITY -# The syslog facility that should be used for logging purposes. +<% unless @ne_log_file.empty? -%> +log_file=<%= @ne_log_file %> +<% end -%> -log_facility=daemon +debug=<%= @ne_debug %> +pid_file=<%= @ne_nrpe_pid_file %> +server_port=<%= @ne_nrpe_port %> -# LOG FILE -# If a log file is specified in this option, nrpe will write to -# that file instead of using syslog. +server_address=<%= @ne_server_address %> +listen_queue_size=<%= @ne_listen_queue_size %> -#log_file=/var/run/nrpe.log +nrpe_user=<%= @ne_user %> +nrpe_group=<%= @ne_user %> +allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %> +dont_blame_nrpe=<%= @ne_dont_blame_nrpe %> +allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %> -# DEBUGGING OPTION -# This option determines whether or not debugging messages are logged to the -# syslog facility. -# Values: 0=debugging off, 1=debugging on +<% if @ne_allow_sudo == true -%> +command_prefix=<%= @ne_command_prefix %> +<% end -%> -debug=0 +command_timeout=<%= @ne_command_timeout %> +connection_timeout=<%= @ne_connection_timeout %> +allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %> -# PID FILE -# The name of the file in which the NRPE daemon should write it's process ID -# number. The file is only written if the NRPE daemon is started by the root -# user and is running in standalone mode. +ssl_version=<%= @ne_ssl_version %> +ssl_use_adh=<%= @ne_ssl_use_adh %> +ssl_cipher_list=<%= @ne_ssl_cipher_list %> -pid_file=/var/run/nrpe/nrpe.pid +ssl_cacert_file=<%= @ne_ssl_cacert_file %> +ssl_cert_file=<%= @ne_ssl_cert_file %> +ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> +ssl_client_certs=<%= @ne_ssl_client_certs %> +ssl_logging=<%= @ne_ssl_logging %> -# PORT NUMBER -# Port number we should wait for connections on. -# NOTE: This must be a non-privileged port (i.e. > 1024). -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd +nasty_metachars=<%= @ne_nasty_metachars %> -server_port=5666 +<% unless @ne_include_file.empty? -%> +include=<%= @ne_include_file %> +<% end -%> - -# SERVER ADDRESS -# Address that nrpe should bind to in case there are more than one interface -# and you do not want nrpe to bind on all interfaces. -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -#server_address=127.0.0.1 - - -# LISTEN QUEUE SIZE -# Listen queue size (backlog) for serving incoming connections. -# You may want to increase this value under high load. - -#listen_queue_size=5 - - -# NRPE USER -# This determines the effective user that the NRPE daemon should run as. -# You can either supply a username or a UID. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -nrpe_user=nrpe - - -# NRPE GROUP -# This determines the effective group that the NRPE daemon should run as. -# You can either supply a group name or a GID. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -nrpe_group=nrpe - - -# ALLOWED HOST ADDRESSES -# This is an optional comma-delimited list of IP address or hostnames -# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask -# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently -# supported. -# -# Note: The daemon only does rudimentary checking of the client's IP -# address. I would highly recommend adding entries in your /etc/hosts.allow -# file to allow only the specified host to connect to the port -# you are running this daemon on. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -allowed_hosts=127.0.0.1,::1 - - -# COMMAND ARGUMENT PROCESSING -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments to commands that are executed. This option only works -# if the daemon was configured with the --enable-command-args configure script -# option. -# -# *** ENABLING THIS OPTION IS A SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow arguments, 1=allow command arguments - -dont_blame_nrpe=0 - - -# BASH COMMAND SUBSTITUTION -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments that contain bash command substitutions of the form -# $(...). This option only works if the daemon was configured with both -# the --enable-command-args and --enable-bash-command-substitution configure -# script options. -# -# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow bash command substitutions, -# 1=allow bash command substitutions - -allow_bash_command_substitution=0 - - -# COMMAND PREFIX -# This option allows you to prefix all commands with a user-defined string. -# A space is automatically added between the specified prefix string and the -# command line from the command definition. -# -# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** -# Usage scenario: -# Execute restricted commmands using sudo. For this to work, you need to add -# the nagios user to your /etc/sudoers. An example entry for allowing -# execution of the plugins from might be: -# -# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ -# -# This lets the nagios user run all commands in that directory (and only them) -# without asking for a password. If you do this, make sure you don't give -# random users write access to that directory or its contents! - -# command_prefix=/usr/bin/sudo - - -# COMMAND TIMEOUT -# This specifies the maximum number of seconds that the NRPE daemon will -# allow plugins to finish executing before killing them off. - -command_timeout=60 - - -# CONNECTION TIMEOUT -# This specifies the maximum number of seconds that the NRPE daemon will -# wait for a connection to be established before exiting. This is sometimes -# seen where a network problem stops the SSL being established even though -# all network sessions are connected. This causes the nrpe daemons to -# accumulate, eating system resources. Do not set this too low. - -connection_timeout=300 - - -# WEAK RANDOM SEED OPTION -# This directive allows you to use SSL even if your system does not have -# a /dev/random or /dev/urandom (on purpose or because the necessary patches -# were not applied). The random number generator will be seeded from a file -# which is either a file pointed to by the environment valiable $RANDFILE -# or $HOME/.rnd. If neither exists, the pseudo random number generator will -# be initialized and a warning will be issued. -# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness - -#allow_weak_random_seed=1 - - -# SSL/TLS OPTIONS -# These directives allow you to specify how to use SSL/TLS. - -# SSL VERSION -# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version), -# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use -# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1), -# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2), -# TLSv1.2+ (use TLSv1.2 or above) -# If an "or above" version is used, the best will be negotiated. So if both -# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2. -# If you are using openssl 1.1.0 or above, the SSLv2 options are not available. - -#ssl_version=SSLv2+ - -# SSL USE ADH -# This is for backward compatibility and is DEPRECATED. Set to 1 to enable -# ADH or 2 to require ADH. 1 is currently the default but will be changed -# in a later version. - -#ssl_use_adh=1 - -# SSL CIPHER LIST -# This lists which ciphers can be used. For backward compatibility, this -# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but -# will be changed to something like the example below in a later version of NRPE. - -#ssl_cipher_list=ALL:!MD5:@STRENGTH -#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH - -# SSL Certificate and Private Key Files - -#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem -#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem -#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem - -# SSL USE CLIENT CERTS -# This options determines client certificate usage. -# Values: 0 = Don't ask for or require client certificates (default) -# 1 = Ask for client certificates -# 2 = Require client certificates - -#ssl_client_certs=0 - -# SSL LOGGING -# This option determines which SSL messages are send to syslog. OR values -# together to specify multiple options. - -# Values: 0x00 (0) = No additional logging (default) -# 0x01 (1) = Log startup SSL/TLS parameters -# 0x02 (2) = Log remote IP address -# 0x04 (4) = Log SSL/TLS version of connections -# 0x08 (8) = Log which cipher is being used for the connection -# 0x10 (16) = Log if client has a certificate -# 0x20 (32) = Log details of client's certificate if it has one -# -1 or 0xff or 0x2f = All of the above - -#ssl_logging=0x00 - - -# NASTY METACHARACTERS -# This option allows you to override the list of characters that cannot -# be passed to the NRPE daemon. - -# nasty_metachars="|`&><'\\[]{};\r\n" - - -# INCLUDE CONFIG FILE -# This directive allows you to include definitions from an external config file. - -#include= - - -# INCLUDE CONFIG DIRECTORY -# This directive allows you to include definitions from config files (with a -# .cfg extension) in one or more directories (with recursion). - -include_dir=/etc/nrpe.d/ - - -# COMMAND DEFINITIONS -# Command definitions that this daemon will run. Definitions -# are in the following format: -# -# command[]= -# -# When the daemon receives a request to return the results of -# it will execute the command specified by the argument. -# -# Unlike Nagios, the command line cannot contain macros - it must be -# typed exactly as it should be executed. -# -# Note: Any plugins that are used in the command lines must reside -# on the machine that this daemon is running on! The examples below -# assume that you have plugins installed in a /usr/local/nagios/libexec -# directory. Also note that you will have to modify the definitions below -# to match the argument format the plugins expect. Remember, these are -# examples only! - - -# The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib64/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20 -command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 -command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 - - -# The following examples allow user-supplied arguments and can -# only be used if the NRPE daemon was compiled with support for -# command arguments *AND* the dont_blame_nrpe directive in this -# config file is set to '1'. This poses a potential security risk, so -# make sure you read the SECURITY file before doing this. - -#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -#command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ - - - -#log_facility=<%= @ne_log_facility %> - -#<% unless @ne_log_file.empty? -%> -#log_file=<%= @ne_log_file %> -#<% end -%> - -#debug=<%= @ne_debug %> - -#pid_file=<%= @ne_nrpe_pid_file %> -#server_port=<%= @ne_nrpe_port %> - -#server_address=<%= @ne_server_address %> -#listen_queue_size=<%= @ne_listen_queue_size %> - -#nrpe_user=<%= @ne_user %> -#nrpe_group=<%= @ne_user %> - -#allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %> -#dont_blame_nrpe=<%= @ne_dont_blame_nrpe %> -#allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %> - -#<% if @ne_allow_sudo == true -%> -#command_prefix=<%= @ne_command_prefix %> -#<% end -%> - -#command_timeout=<%= @ne_command_timeout %> -#connection_timeout=<%= @ne_connection_timeout %> - -#allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %> - -#ssl_version=<%= @ne_ssl_version %> -#ssl_use_adh=<%= @ne_ssl_use_adh %> -#ssl_cipher_list=<%= @ne_ssl_cipher_list %> - -#ssl_cacert_file=<%= @ne_ssl_cacert_file %> -#ssl_cert_file=<%= @ne_ssl_cert_file %> -#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> - -#ssl_client_certs=<%= @ne_ssl_client_certs %>0 -#ssl_logging=<%= @ne_ssl_logging %> - -#nasty_metachars=<%= @ne_nasty_metachars %> - -#<% unless @ne_include_file.empty? -%> -#include=<%= @ne_include_file %> -#<% end -%> - -#include_dir=<%= @ne_main_conf_d_dir %> +include_dir=<%= @ne_main_conf_d_dir %> ### command definitions have been moved to include_dir for easier external # management From 1cad0808b1ed75705ee4c71b53953a62b8c715f3 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Fri, 28 Jul 2017 19:23:13 +0200 Subject: [PATCH 3/3] recommit for updates in build 26 --- CHANGELOG.md | 20 +++++++++++++++++++ doc/_index.html | 2 +- doc/file.README.html | 2 +- doc/index.html | 2 +- doc/puppet_classes/cd_nrpe.html | 2 +- .../cd_nrpe_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Afiles.html | 6 +++--- .../cd_nrpe_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aservice.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nrpe_3A_3Aparams.html | 2 +- ...d_nrpe_3A_3Acommands_3A_3Adefinitions.html | 2 +- doc/top-level-namespace.html | 2 +- 15 files changed, 36 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 866e193..a49f4a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,26 @@ Changelog of Git Changelog.

No issue

+2e73736c2a89d46 Arne Teuke 2017-07-28 17:19:44 +

+

updated params

+ +

+b4292287ff03667 Jenkins Server 2017-07-28 17:19:39 +

+

recommit for updates in build 25

+ +

+a1687e040ce1190 Arne Teuke 2017-07-28 17:13:39 +

+

troubelshooting config file

+ +

+35d01729391dda8 Arne Teuke 2017-07-28 17:10:06 +

+

edited rule

+ +

fff6edf496b2993 Arne Teuke 2017-07-28 17:06:39

adding dirs

diff --git a/doc/_index.html b/doc/_index.html index 89cf6cb..a19bc17 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -166,7 +166,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 4039447..08a2fd2 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -252,7 +252,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index cdc3b77..1d2431f 100644 --- a/doc/index.html +++ b/doc/index.html @@ -252,7 +252,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nrpe.html b/doc/puppet_classes/cd_nrpe.html index 534ce45..537490f 100644 --- a/doc/puppet_classes/cd_nrpe.html +++ b/doc/puppet_classes/cd_nrpe.html @@ -140,7 +140,7 @@ class cd_nrpe { diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html index 707db3b..2bc5a00 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html @@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html index 8a5cddb..7ab32b7 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html @@ -154,7 +154,7 @@ class cd_nrpe::main::config ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html index 5ba9e53..6f850e6 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html @@ -205,7 +205,7 @@ class cd_nrpe::main::dirs ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html index 472d536..2e73a8d 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html @@ -184,7 +184,7 @@ class cd_nrpe::main::files ( path => $ne_main_conf_file, owner => 'root', group => 'root', - mode => '0640', + mode => '0644', selrange => s0, selrole => object_r, seltype => nrpe_etc_t, @@ -200,7 +200,7 @@ class cd_nrpe::main::files ( path => $ne_nrpe_conf_file, owner => 'root', group => 'root', - mode => '0640', + mode => '0644', selrange => s0, selrole => object_r, seltype => etc_t, @@ -217,7 +217,7 @@ class cd_nrpe::main::files ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html index 0928f36..7872924 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html @@ -160,7 +160,7 @@ class cd_nrpe::main::install ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html index 04dc5a3..91319c8 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html @@ -175,7 +175,7 @@ class cd_nrpe::main::service ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html index 50752a8..4c89160 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html @@ -193,7 +193,7 @@ class cd_nrpe::main::user ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html index ac44937..f7874a1 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html @@ -1007,7 +1007,7 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html index 41ad60d..e21f51c 100644 --- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html +++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html @@ -148,7 +148,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index 4b7a500..3e09a87 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@