From 259b9d85693d2cfdc281b4290302a43911f1e507 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Fri, 28 Jul 2017 19:22:05 +0100 Subject: [PATCH 1/3] updated template --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index f240c39..99fe1a6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -122,7 +122,7 @@ $ne_command_prefix = '/usr/bin/sudo', $ne_command_timeout = '60', $ne_connection_timeout = '300', $ne_allow_weak_rnd_seed = '1', -$ne_ssl_version = 'TLSv1.1+', +$ne_ssl_version = 'TLSv2+', $ne_ssl_use_adh = '1', $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', $ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem', From 8dbe3d8b31ce256e4787a12d26a1c4d4e82f3dcb Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Fri, 28 Jul 2017 19:26:27 +0100 Subject: [PATCH 2/3] updated template --- manifests/params.pp | 2 + templates/nrpe_cfg.erb | 96 +++--------------------------------------- 2 files changed, 9 insertions(+), 89 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 99fe1a6..eaf475b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -94,6 +94,7 @@ # @param [string] ne_server_address the network interfaces to listen on # @param [string] ne_allow_weak_rnd_seed Whether to allow weak random seeds # @param [string] ne_include_selinux Whether to manage selinux +# @param [boolean] ne_enable_ssl Whether to enable SSL certificates. ############################################################################### class cd_nrpe::params ( @@ -122,6 +123,7 @@ $ne_command_prefix = '/usr/bin/sudo', $ne_command_timeout = '60', $ne_connection_timeout = '300', $ne_allow_weak_rnd_seed = '1', +$ne_enable_ssl = false, $ne_ssl_version = 'TLSv2+', $ne_ssl_use_adh = '1', $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', diff --git a/templates/nrpe_cfg.erb b/templates/nrpe_cfg.erb index edb138d..eb33175 100644 --- a/templates/nrpe_cfg.erb +++ b/templates/nrpe_cfg.erb @@ -41,103 +41,21 @@ ssl_version=<%= @ne_ssl_version %> ssl_use_adh=<%= @ne_ssl_use_adh %> ssl_cipher_list=<%= @ne_ssl_cipher_list %> +<% if $ne_enable_ssl == true -%> ssl_cacert_file=<%= @ne_ssl_cacert_file %> ssl_cert_file=<%= @ne_ssl_cert_file %> ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> - ssl_client_certs=<%= @ne_ssl_client_certs %> ssl_logging=<%= @ne_ssl_logging %> +<% end -%> +nasty_metachars=<%= @ne_nasty_metachars %> +<% unless @ne_include_file.empty? -%> +include=<%= @ne_include_file %> +<% end -%> - -# NASTY METACHARACTERS -# This option allows you to override the list of characters that cannot -# be passed to the NRPE daemon. - -# nasty_metachars="|`&><'\\[]{};\r\n" - - -# INCLUDE CONFIG FILE -# This directive allows you to include definitions from an external config file. - -#include= - - -# INCLUDE CONFIG DIRECTORY -# This directive allows you to include definitions from config files (with a -# .cfg extension) in one or more directories (with recursion). - -include_dir=/etc/nrpe.d/ - - -# COMMAND DEFINITIONS -# Command definitions that this daemon will run. Definitions -# are in the following format: -# -# command[]= -# -# When the daemon receives a request to return the results of -# it will execute the command specified by the argument. -# -# Unlike Nagios, the command line cannot contain macros - it must be -# typed exactly as it should be executed. -# -# Note: Any plugins that are used in the command lines must reside -# on the machine that this daemon is running on! The examples below -# assume that you have plugins installed in a /usr/local/nagios/libexec -# directory. Also note that you will have to modify the definitions below -# to match the argument format the plugins expect. Remember, these are -# examples only! - - -# The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib64/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20 -command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 -command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 - - -# The following examples allow user-supplied arguments and can -# only be used if the NRPE daemon was compiled with support for -# command arguments *AND* the dont_blame_nrpe directive in this -# config file is set to '1'. This poses a potential security risk, so -# make sure you read the SECURITY file before doing this. - -#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -#command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ - -##################################### - - - - - - - - -#ssl_version=<%= @ne_ssl_version %> -#ssl_use_adh=<%= @ne_ssl_use_adh %> -#ssl_cipher_list=<%= @ne_ssl_cipher_list %> - -#ssl_cacert_file=<%= @ne_ssl_cacert_file %> -#ssl_cert_file=<%= @ne_ssl_cert_file %> -#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> - -#ssl_client_certs=<%= @ne_ssl_client_certs %> -#ssl_logging=<%= @ne_ssl_logging %> - -#nasty_metachars=<%= @ne_nasty_metachars %> - -#<% unless @ne_include_file.empty? -%> -#include=<%= @ne_include_file %> -#<% end -%> - -#include_dir=<%= @ne_main_conf_d_dir %> +include_dir=<%= @ne_main_conf_d_dir %> ### command definitions have been moved to include_dir for easier external # management From c2e28a255730208ddd249b6078e5c15dcc6d97a0 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Fri, 28 Jul 2017 20:26:20 +0200 Subject: [PATCH 3/3] recommit for updates in build 37 --- CHANGELOG.md | 10 ++++++ doc/_index.html | 2 +- doc/file.README.html | 2 +- doc/index.html | 2 +- doc/puppet_classes/cd_nrpe.html | 2 +- .../cd_nrpe_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Afiles.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aservice.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nrpe_3A_3Aparams.html | 32 +++++++++++++++---- ...d_nrpe_3A_3Acommands_3A_3Adefinitions.html | 2 +- doc/top-level-namespace.html | 2 +- 15 files changed, 49 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7850da7..482cfd4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+7efec6b6a39fc99 Arne Teuke 2017-07-28 17:57:30 +

+

updated template

+ +

+adde8bf90e044c4 Jenkins Server 2017-07-28 17:57:26 +

+

recommit for updates in build 35

+ +

84b5e09383fa0e2 Arne Teuke 2017-07-28 17:49:08

updated template

diff --git a/doc/_index.html b/doc/_index.html index be8a8cc..8c6e0e0 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -166,7 +166,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index acb4307..6ed8e6c 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -252,7 +252,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 8454dd2..9884e16 100644 --- a/doc/index.html +++ b/doc/index.html @@ -252,7 +252,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nrpe.html b/doc/puppet_classes/cd_nrpe.html index 414fc67..79668f6 100644 --- a/doc/puppet_classes/cd_nrpe.html +++ b/doc/puppet_classes/cd_nrpe.html @@ -140,7 +140,7 @@ class cd_nrpe { diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html index 0c5ae2b..978b84c 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html @@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html index 2cef7a2..6e0eb4a 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html @@ -154,7 +154,7 @@ class cd_nrpe::main::config ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html index 8532504..fc79645 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html @@ -205,7 +205,7 @@ class cd_nrpe::main::dirs ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html index 53dd406..22c7688 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html @@ -217,7 +217,7 @@ class cd_nrpe::main::files ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html index 88f9d5f..88fa79f 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html @@ -160,7 +160,7 @@ class cd_nrpe::main::install ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html index d2cdb49..d3014c4 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html @@ -175,7 +175,7 @@ class cd_nrpe::main::service ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html index c0700f1..0a039dc 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html @@ -193,7 +193,7 @@ class cd_nrpe::main::user ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html index 9ad9e70..6584f33 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html @@ -423,7 +423,7 @@ to be established before exiting.

(string) - (defaults to: 'TLSv1.1+') + (defaults to: 'TLSv2+') — @@ -825,6 +825,24 @@ needed.

Whether to manage selinux

+
+ + + +
  • + + ne_enable_ssl + + + (boolean) + + + (defaults to: false) + + + — +
    +

    Whether to enable SSL certificates.

    • @@ -846,7 +864,6 @@ needed.

     
 
-98
 99
 100
 101
@@ -920,10 +937,12 @@ needed.
    
 169
 170
 171
-172
    +172 +173 +174 - 
    # File 'manifests/params.pp', line 98
+        
    # File 'manifests/params.pp', line 99
 
 class cd_nrpe::params (
 
@@ -952,7 +971,8 @@ $ne_command_prefix          = '/usr/bin/sudo',
 $ne_command_timeout         = '60',
 $ne_connection_timeout      = '300',
 $ne_allow_weak_rnd_seed     = '1',
-$ne_ssl_version             = 'TLSv1.1+',
+$ne_enable_ssl              = false,
+$ne_ssl_version             = 'TLSv2+',
 $ne_ssl_use_adh             = '1',
 $ne_ssl_cipher_list         = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
 $ne_ssl_cacert_file         = '/etc/pki/tls/certs/ca-chain.crt.pem',
@@ -1007,7 +1027,7 @@ $ne_nrpe_conf_erb           = 'cd_nrpe/nrpe_conf.erb'
 
 
       
diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
index 14d5eb0..35095ca 100644
--- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
+++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
@@ -148,7 +148,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
    
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 80eba38..681c968 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@