+
+
Whether to manage selinux
+Whether to enable SSL certificates.
-98 99 100 101 @@ -920,10 +937,12 @@ needed. 169 170 171 -172+172 +173 +174
# File 'manifests/params.pp', line 98 +# File 'manifests/params.pp', line 99 class cd_nrpe::params ( @@ -952,7 +971,8 @@ $ne_command_prefix = '/usr/bin/sudo', $ne_command_timeout = '60', $ne_connection_timeout = '300', $ne_allow_weak_rnd_seed = '1', -$ne_ssl_version = 'TLSv1.1+', +$ne_enable_ssl = false, +$ne_ssl_version = 'TLSv2+', $ne_ssl_use_adh = '1', $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', $ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem', @@ -1007,7 +1027,7 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html index 14d5eb0..35095ca 100644 --- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html +++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html @@ -148,7 +148,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/. diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index 80eba38..681c968 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@ diff --git a/manifests/params.pp b/manifests/params.pp index f240c39..eaf475b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -94,6 +94,7 @@ # @param [string] ne_server_address the network interfaces to listen on # @param [string] ne_allow_weak_rnd_seed Whether to allow weak random seeds # @param [string] ne_include_selinux Whether to manage selinux +# @param [boolean] ne_enable_ssl Whether to enable SSL certificates. ############################################################################### class cd_nrpe::params ( @@ -122,7 +123,8 @@ $ne_command_prefix = '/usr/bin/sudo', $ne_command_timeout = '60', $ne_connection_timeout = '300', $ne_allow_weak_rnd_seed = '1', -$ne_ssl_version = 'TLSv1.1+', +$ne_enable_ssl = false, +$ne_ssl_version = 'TLSv2+', $ne_ssl_use_adh = '1', $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', $ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem', diff --git a/templates/nrpe_cfg.erb b/templates/nrpe_cfg.erb index edb138d..eb33175 100644 --- a/templates/nrpe_cfg.erb +++ b/templates/nrpe_cfg.erb @@ -41,103 +41,21 @@ ssl_version=<%= @ne_ssl_version %> ssl_use_adh=<%= @ne_ssl_use_adh %> ssl_cipher_list=<%= @ne_ssl_cipher_list %> +<% if $ne_enable_ssl == true -%> ssl_cacert_file=<%= @ne_ssl_cacert_file %> ssl_cert_file=<%= @ne_ssl_cert_file %> ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> - ssl_client_certs=<%= @ne_ssl_client_certs %> ssl_logging=<%= @ne_ssl_logging %> +<% end -%> +nasty_metachars=<%= @ne_nasty_metachars %> +<% unless @ne_include_file.empty? -%> +include=<%= @ne_include_file %> +<% end -%> - -# NASTY METACHARACTERS -# This option allows you to override the list of characters that cannot -# be passed to the NRPE daemon. - -# nasty_metachars="|`&><'\\[]{};\r\n" - - -# INCLUDE CONFIG FILE -# This directive allows you to include definitions from an external config file. - -#include=- - -# INCLUDE CONFIG DIRECTORY -# This directive allows you to include definitions from config files (with a -# .cfg extension) in one or more directories (with recursion). - -include_dir=/etc/nrpe.d/ - - -# COMMAND DEFINITIONS -# Command definitions that this daemon will run. Definitions -# are in the following format: -# -# command[ ]= -# -# When the daemon receives a request to return the results of -# it will execute the command specified by the argument. -# -# Unlike Nagios, the command line cannot contain macros - it must be -# typed exactly as it should be executed. -# -# Note: Any plugins that are used in the command lines must reside -# on the machine that this daemon is running on! The examples below -# assume that you have plugins installed in a /usr/local/nagios/libexec -# directory. Also note that you will have to modify the definitions below -# to match the argument format the plugins expect. Remember, these are -# examples only! - - -# The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib64/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20 -command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 -command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 - - -# The following examples allow user-supplied arguments and can -# only be used if the NRPE daemon was compiled with support for -# command arguments *AND* the dont_blame_nrpe directive in this -# config file is set to '1'. This poses a potential security risk, so -# make sure you read the SECURITY file before doing this. - -#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -#command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ - -##################################### - - - - - - - - -#ssl_version=<%= @ne_ssl_version %> -#ssl_use_adh=<%= @ne_ssl_use_adh %> -#ssl_cipher_list=<%= @ne_ssl_cipher_list %> - -#ssl_cacert_file=<%= @ne_ssl_cacert_file %> -#ssl_cert_file=<%= @ne_ssl_cert_file %> -#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> - -#ssl_client_certs=<%= @ne_ssl_client_certs %> -#ssl_logging=<%= @ne_ssl_logging %> - -#nasty_metachars=<%= @ne_nasty_metachars %> - -#<% unless @ne_include_file.empty? -%> -#include=<%= @ne_include_file %> -#<% end -%> - -#include_dir=<%= @ne_main_conf_d_dir %> +include_dir=<%= @ne_main_conf_d_dir %> ### command definitions have been moved to include_dir for easier external # management