From 04bd8179451748dbd4bc48c81a910b75a6f2fddc Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Fri, 28 Jul 2017 18:28:38 +0100 Subject: [PATCH 1/2] updated template --- templates/nrpe_cfg.erb | 356 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 323 insertions(+), 33 deletions(-) diff --git a/templates/nrpe_cfg.erb b/templates/nrpe_cfg.erb index 150652f..e6e839b 100644 --- a/templates/nrpe_cfg.erb +++ b/templates/nrpe_cfg.erb @@ -6,54 +6,344 @@ ########## https://confdroid.com/2017/07/nrpe-nrpe-cfg/ ########## ################################################################################ -log_facility=<%= @ne_log_facility %> -<% unless @ne_log_file.empty? -%> -log_file=<%= @ne_log_file %> -<% end -%> +# LOG FACILITY +# The syslog facility that should be used for logging purposes. -debug=<%= @ne_debug %> +log_facility=daemon -pid_file=<%= @ne_nrpe_pid_file %> -server_port=<%= @ne_nrpe_port %> -server_address=<%= @ne_server_address %> -listen_queue_size=<%= @ne_listen_queue_size %> +# LOG FILE +# If a log file is specified in this option, nrpe will write to +# that file instead of using syslog. -nrpe_user=<%= @ne_user %> -nrpe_group=<%= @ne_user %> +#log_file=/var/run/nrpe.log -allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %> -dont_blame_nrpe=<%= @ne_dont_blame_nrpe %> -allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %> -<% if @ne_allow_sudo == true -%> -command_prefix=<%= @ne_command_prefix %> -<% end -%> +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on -command_timeout=<%= @ne_command_timeout %> -connection_timeout=<%= @ne_connection_timeout %> +debug=0 -allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %> -ssl_version=<%= @ne_ssl_version %> -ssl_use_adh=<%= @ne_ssl_use_adh %> -ssl_cipher_list=<%= @ne_ssl_cipher_list %> +# PID FILE +# The name of the file in which the NRPE daemon should write it's process ID +# number. The file is only written if the NRPE daemon is started by the root +# user and is running in standalone mode. -ssl_cacert_file=<%= @ne_ssl_cacert_file %> -ssl_cert_file=<%= @ne_ssl_cert_file %> -ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> +pid_file=/var/run/nrpe/nrpe.pid -ssl_client_certs=<%= @ne_ssl_client_certs %> -ssl_logging=<%= @ne_ssl_logging %> -nasty_metachars=<%= @ne_nasty_metachars %> +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-privileged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<% unless @ne_include_file.empty? -%> -include=<%= @ne_include_file %> -<% end -%> +server_port=5666 -include_dir=<%= @ne_main_conf_d_dir %> + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +#server_address=127.0.0.1 + + +# LISTEN QUEUE SIZE +# Listen queue size (backlog) for serving incoming connections. +# You may want to increase this value under high load. + +#listen_queue_size=5 + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nrpe + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nrpe + + +# ALLOWED HOST ADDRESSES +# This is an optional comma-delimited list of IP address or hostnames +# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask +# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently +# supported. +# +# Note: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your /etc/hosts.allow +# file to allow only the specified host to connect to the port +# you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts=127.0.0.1,::1 + + +# COMMAND ARGUMENT PROCESSING +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments to commands that are executed. This option only works +# if the daemon was configured with the --enable-command-args configure script +# option. +# +# *** ENABLING THIS OPTION IS A SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow arguments, 1=allow command arguments + +dont_blame_nrpe=0 + + +# BASH COMMAND SUBSTITUTION +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments that contain bash command substitutions of the form +# $(...). This option only works if the daemon was configured with both +# the --enable-command-args and --enable-bash-command-substitution configure +# script options. +# +# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow bash command substitutions, +# 1=allow bash command substitutions + +allow_bash_command_substitution=0 + + +# COMMAND PREFIX +# This option allows you to prefix all commands with a user-defined string. +# A space is automatically added between the specified prefix string and the +# command line from the command definition. +# +# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** +# Usage scenario: +# Execute restricted commmands using sudo. For this to work, you need to add +# the nagios user to your /etc/sudoers. An example entry for allowing +# execution of the plugins from might be: +# +# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ +# +# This lets the nagios user run all commands in that directory (and only them) +# without asking for a password. If you do this, make sure you don't give +# random users write access to that directory or its contents! + +# command_prefix=/usr/bin/sudo + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + +# CONNECTION TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# wait for a connection to be established before exiting. This is sometimes +# seen where a network problem stops the SSL being established even though +# all network sessions are connected. This causes the nrpe daemons to +# accumulate, eating system resources. Do not set this too low. + +connection_timeout=300 + + +# WEAK RANDOM SEED OPTION +# This directive allows you to use SSL even if your system does not have +# a /dev/random or /dev/urandom (on purpose or because the necessary patches +# were not applied). The random number generator will be seeded from a file +# which is either a file pointed to by the environment valiable $RANDFILE +# or $HOME/.rnd. If neither exists, the pseudo random number generator will +# be initialized and a warning will be issued. +# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness + +#allow_weak_random_seed=1 + + +# SSL/TLS OPTIONS +# These directives allow you to specify how to use SSL/TLS. + +# SSL VERSION +# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version), +# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use +# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1), +# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2), +# TLSv1.2+ (use TLSv1.2 or above) +# If an "or above" version is used, the best will be negotiated. So if both +# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2. +# If you are using openssl 1.1.0 or above, the SSLv2 options are not available. + +#ssl_version=SSLv2+ + +# SSL USE ADH +# This is for backward compatibility and is DEPRECATED. Set to 1 to enable +# ADH or 2 to require ADH. 1 is currently the default but will be changed +# in a later version. + +#ssl_use_adh=1 + +# SSL CIPHER LIST +# This lists which ciphers can be used. For backward compatibility, this +# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but +# will be changed to something like the example below in a later version of NRPE. + +#ssl_cipher_list=ALL:!MD5:@STRENGTH +#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH + +# SSL Certificate and Private Key Files + +#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem +#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem +#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem + +# SSL USE CLIENT CERTS +# This options determines client certificate usage. +# Values: 0 = Don't ask for or require client certificates (default) +# 1 = Ask for client certificates +# 2 = Require client certificates + +#ssl_client_certs=0 + +# SSL LOGGING +# This option determines which SSL messages are send to syslog. OR values +# together to specify multiple options. + +# Values: 0x00 (0) = No additional logging (default) +# 0x01 (1) = Log startup SSL/TLS parameters +# 0x02 (2) = Log remote IP address +# 0x04 (4) = Log SSL/TLS version of connections +# 0x08 (8) = Log which cipher is being used for the connection +# 0x10 (16) = Log if client has a certificate +# 0x20 (32) = Log details of client's certificate if it has one +# -1 or 0xff or 0x2f = All of the above + +#ssl_logging=0x00 + + +# NASTY METACHARACTERS +# This option allows you to override the list of characters that cannot +# be passed to the NRPE daemon. + +# nasty_metachars="|`&><'\\[]{};\r\n" + + +# INCLUDE CONFIG FILE +# This directive allows you to include definitions from an external config file. + +#include= + + +# INCLUDE CONFIG DIRECTORY +# This directive allows you to include definitions from config files (with a +# .cfg extension) in one or more directories (with recursion). + +include_dir=/etc/nrpe.d/ + + +# COMMAND DEFINITIONS +# Command definitions that this daemon will run. Definitions +# are in the following format: +# +# command[]= +# +# When the daemon receives a request to return the results of +# it will execute the command specified by the argument. +# +# Unlike Nagios, the command line cannot contain macros - it must be +# typed exactly as it should be executed. +# +# Note: Any plugins that are used in the command lines must reside +# on the machine that this daemon is running on! The examples below +# assume that you have plugins installed in a /usr/local/nagios/libexec +# directory. Also note that you will have to modify the definitions below +# to match the argument format the plugins expect. Remember, these are +# examples only! + + +# The following examples use hardcoded command arguments... + +command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/lib64/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20 +command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 +command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 + + +# The following examples allow user-supplied arguments and can +# only be used if the NRPE daemon was compiled with support for +# command arguments *AND* the dont_blame_nrpe directive in this +# config file is set to '1'. This poses a potential security risk, so +# make sure you read the SECURITY file before doing this. + +#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +#command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ + +##################################### + +#log_facility=<%= @ne_log_facility %> + +#<% unless @ne_log_file.empty? -%> +#log_file=<%= @ne_log_file %> +#<% end -%> + +#debug=<%= @ne_debug %> + +#pid_file=<%= @ne_nrpe_pid_file %> +#server_port=<%= @ne_nrpe_port %> + +#server_address=<%= @ne_server_address %> +#listen_queue_size=<%= @ne_listen_queue_size %> + +#nrpe_user=<%= @ne_user %> +#nrpe_group=<%= @ne_user %> + +#allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %> +#dont_blame_nrpe=<%= @ne_dont_blame_nrpe %> +#allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %> + +#<% if @ne_allow_sudo == true -%> +#command_prefix=<%= @ne_command_prefix %> +#<% end -%> + +#command_timeout=<%= @ne_command_timeout %> +#connection_timeout=<%= @ne_connection_timeout %> + +#allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %> + +#ssl_version=<%= @ne_ssl_version %> +#ssl_use_adh=<%= @ne_ssl_use_adh %> +#ssl_cipher_list=<%= @ne_ssl_cipher_list %> + +#ssl_cacert_file=<%= @ne_ssl_cacert_file %> +#ssl_cert_file=<%= @ne_ssl_cert_file %> +#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> + +#ssl_client_certs=<%= @ne_ssl_client_certs %> +#ssl_logging=<%= @ne_ssl_logging %> + +#nasty_metachars=<%= @ne_nasty_metachars %> + +#<% unless @ne_include_file.empty? -%> +#include=<%= @ne_include_file %> +#<% end -%> + +#include_dir=<%= @ne_main_conf_d_dir %> ### command definitions have been moved to include_dir for easier external # management From 7980c10c583eddfa4c2badfbd4ca746c4e7a26f3 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Fri, 28 Jul 2017 19:28:34 +0200 Subject: [PATCH 2/2] recommit for updates in build 27 --- CHANGELOG.md | 15 +++++++++++++++ doc/_index.html | 2 +- doc/file.README.html | 2 +- doc/index.html | 2 +- doc/puppet_classes/cd_nrpe.html | 2 +- .../cd_nrpe_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Afiles.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aservice.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nrpe_3A_3Aparams.html | 2 +- .../cd_nrpe_3A_3Acommands_3A_3Adefinitions.html | 2 +- doc/top-level-namespace.html | 2 +- 15 files changed, 29 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a49f4a5..436f0ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,21 @@ Changelog of Git Changelog.

No issue

+5c1cd68c891ead9 Arne Teuke 2017-07-28 17:23:17 +

+

updated template

+ +

+1cad0808b1ed757 Jenkins Server 2017-07-28 17:23:13 +

+

recommit for updates in build 26

+ +

+fbc889df9568acb Arne Teuke 2017-07-28 17:22:47 +

+

fixed file permissions

+ +

2e73736c2a89d46 Arne Teuke 2017-07-28 17:19:44

updated params

diff --git a/doc/_index.html b/doc/_index.html index a19bc17..84e3846 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -166,7 +166,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 08a2fd2..19aa908 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -252,7 +252,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 1d2431f..a9f892a 100644 --- a/doc/index.html +++ b/doc/index.html @@ -252,7 +252,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nrpe.html b/doc/puppet_classes/cd_nrpe.html index 537490f..d260b6b 100644 --- a/doc/puppet_classes/cd_nrpe.html +++ b/doc/puppet_classes/cd_nrpe.html @@ -140,7 +140,7 @@ class cd_nrpe { diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html index 2bc5a00..44a5d6f 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html @@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html index 7ab32b7..1e5d235 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html @@ -154,7 +154,7 @@ class cd_nrpe::main::config ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html index 6f850e6..345cf63 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html @@ -205,7 +205,7 @@ class cd_nrpe::main::dirs ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html index 2e73a8d..c09c1ba 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html @@ -217,7 +217,7 @@ class cd_nrpe::main::files ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html index 7872924..b28eaa4 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html @@ -160,7 +160,7 @@ class cd_nrpe::main::install ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html index 91319c8..7c21f30 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html @@ -175,7 +175,7 @@ class cd_nrpe::main::service ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html index 4c89160..725418e 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html @@ -193,7 +193,7 @@ class cd_nrpe::main::user ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html index f7874a1..5013bbf 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html @@ -1007,7 +1007,7 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html index e21f51c..8886e87 100644 --- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html +++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html @@ -148,7 +148,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index 3e09a87..4fb5db6 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@