OP#501 finalize SSL settings

OP#501 fix parameter
2026-03-15 17:06:52 +01:00 · 2026-03-15 16:59:12 +01:00 · 2026-03-15 16:43:07 +01:00
3 changed files with 10 additions and 15 deletions
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -69,15 +69,14 @@ class confdroid_nrpe::main::files (
      notify   => Exec['create_nrpe_pp'],
    }
  }
-
  # file for ssl certificate
  if $ne_enable_ssl == true {
    file { $ne_ssl_cert_file:
      ensure   => file,
      path     => $ne_ssl_cert_file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
+      owner    => $ne_user,
+      group    => $ne_user,
+      mode     => '0440',
      selrange => s0,
      selrole  => object_r,
      seltype  => cert_t,
@@ -87,9 +86,9 @@ class confdroid_nrpe::main::files (
    file { $ne_ssl_privatekey_file:
      ensure   => file,
      path     => $ne_ssl_privatekey_file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0600',
+      owner    => $ne_user,
+      group    => $ne_user,
+      mode     => '0400',
      selrange => s0,
      selrole  => object_r,
      seltype  => cert_t,
@@ -99,9 +98,9 @@ class confdroid_nrpe::main::files (
    file { $ne_ssl_ca_cert_file:
      ensure   => file,
      path     => $ne_ssl_ca_cert_file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
+      owner    => $ne_user,
+      group    => $ne_user,
+      mode     => '0440',
      selrange => s0,
      selrole  => object_r,
      seltype  => cert_t,
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -30,8 +30,6 @@
 #   daemon will allow plugins to finish executing before killing them off.
 # @param [String] ne_connection_timeout maximum number of seconds that the
 #   NRPE daemon will wait for a connection to be established before exiting.
-# @param [String] ne_ssl_version These directives allow you to specify how to
-#   use SSL/TLS.
 # @param [String] ne_ssl_cipher_list ciphers can be used. For backward
 #   compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
 #   this version but will be changed in a later version of NRPE.
@@ -111,7 +109,6 @@ class confdroid_nrpe::params (
  String $ne_connection_timeout           = '300',
  String $ne_allow_weak_rnd_seed          = '1',
  Boolean $ne_enable_ssl                  = false,
-  String $ne_ssl_version                  = 'TLSv2+',
  String $ne_ssl_cipher_list              = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
  String $ne_ssl_client_certs             = '0',
  String $ne_ssl_logging                  = '0x00',
@@ -146,7 +143,7 @@ class confdroid_nrpe::params (
 # directories
  $ne_main_conf_d_dir         = '/etc/nrpe.d'
  $ne_run_dir                 = '/var/run/nrpe'
-  $ne_servercert_dir           = '/etc/pki/tls/servercerts'
+  $ne_servercert_dir          = '/etc/pki/tls/servercerts'

 # files
  $ne_main_conf_file          = '/etc/nagios/nrpe.cfg'
--- a/templates/nrpe_cfg.erb
+++ b/templates/nrpe_cfg.erb
@@ -34,7 +34,6 @@ connection_timeout=<%= @ne_connection_timeout %>
 allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>

 <% if @ne_enable_ssl == true -%>
-ssl_version=<%= @ne_ssl_version %>
 ssl_cipher_list=<%= @ne_ssl_cipher_list %>
 ssl_cacert_file=<%= @ne_ssl_ca_cert_file %>
 ssl_cert_file=<%= @ne_ssl_cert_file %>
Author	SHA1	Message	Date
12ww1160	4a7d06d0ca	OP#501 finalize SSL settings	2026-03-15 17:06:52 +01:00
12ww1160	95d2344f7f	OP#501 finalize SSL settings	2026-03-15 16:59:12 +01:00
12ww1160	b7036ae8e7	OP#501 fix parameter	2026-03-15 16:43:07 +01:00