191 lines
6.4 KiB
Plaintext
191 lines
6.4 KiB
Plaintext
################################################################################
|
|
########## nrpe.cfg managed by Puppet ##########
|
|
########## manual changes will be overwritten !!! ##########
|
|
################################################################################
|
|
########## full reference is available at ##########
|
|
########## https://confdroid.com/2017/07/nrpe-nrpe-cfg/ ##########
|
|
################################################################################
|
|
|
|
log_facility=<%= @ne_log_facility %>
|
|
|
|
<% unless @ne_log_file.empty? -%>
|
|
log_file=<%= @ne_log_file %>
|
|
<% end -%>
|
|
|
|
debug=<%= @ne_debug %>
|
|
|
|
pid_file=<%= @ne_nrpe_pid_file %>
|
|
server_port=<%= @ne_nrpe_port %>
|
|
|
|
|
|
server_address=<%= @ne_server_address %>
|
|
listen_queue_size=<%= @ne_listen_queue_size %>
|
|
|
|
nrpe_user=<%= @ne_user %>
|
|
nrpe_group=<%= @ne_user %>
|
|
|
|
allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %>
|
|
dont_blame_nrpe=<%= @ne_dont_blame_nrpe %>
|
|
allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %>
|
|
|
|
<% if @ne_allow_sudo == true -%>
|
|
command_prefix=<%= @ne_command_prefix %>
|
|
<% end -%>
|
|
|
|
command_timeout=<%= @ne_command_timeout %>
|
|
connection_timeout=<%= @ne_connection_timeout %>
|
|
|
|
allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
|
|
|
|
|
|
# SSL/TLS OPTIONS
|
|
# These directives allow you to specify how to use SSL/TLS.
|
|
|
|
# SSL VERSION
|
|
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
|
|
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
|
|
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
|
|
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
|
|
# TLSv1.2+ (use TLSv1.2 or above)
|
|
# If an "or above" version is used, the best will be negotiated. So if both
|
|
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
|
|
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
|
|
|
|
#ssl_version=SSLv2+
|
|
|
|
# SSL USE ADH
|
|
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
|
|
# ADH or 2 to require ADH. 1 is currently the default but will be changed
|
|
# in a later version.
|
|
|
|
#ssl_use_adh=1
|
|
|
|
# SSL CIPHER LIST
|
|
# This lists which ciphers can be used. For backward compatibility, this
|
|
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
|
|
# will be changed to something like the example below in a later version of NRPE.
|
|
|
|
#ssl_cipher_list=ALL:!MD5:@STRENGTH
|
|
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
|
|
|
|
# SSL Certificate and Private Key Files
|
|
|
|
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
|
|
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
|
|
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
|
|
|
|
# SSL USE CLIENT CERTS
|
|
# This options determines client certificate usage.
|
|
# Values: 0 = Don't ask for or require client certificates (default)
|
|
# 1 = Ask for client certificates
|
|
# 2 = Require client certificates
|
|
|
|
#ssl_client_certs=0
|
|
|
|
# SSL LOGGING
|
|
# This option determines which SSL messages are send to syslog. OR values
|
|
# together to specify multiple options.
|
|
|
|
# Values: 0x00 (0) = No additional logging (default)
|
|
# 0x01 (1) = Log startup SSL/TLS parameters
|
|
# 0x02 (2) = Log remote IP address
|
|
# 0x04 (4) = Log SSL/TLS version of connections
|
|
# 0x08 (8) = Log which cipher is being used for the connection
|
|
# 0x10 (16) = Log if client has a certificate
|
|
# 0x20 (32) = Log details of client's certificate if it has one
|
|
# -1 or 0xff or 0x2f = All of the above
|
|
|
|
#ssl_logging=0x00
|
|
|
|
|
|
# NASTY METACHARACTERS
|
|
# This option allows you to override the list of characters that cannot
|
|
# be passed to the NRPE daemon.
|
|
|
|
# nasty_metachars="|`&><'\\[]{};\r\n"
|
|
|
|
|
|
# INCLUDE CONFIG FILE
|
|
# This directive allows you to include definitions from an external config file.
|
|
|
|
#include=<somefile.cfg>
|
|
|
|
|
|
# INCLUDE CONFIG DIRECTORY
|
|
# This directive allows you to include definitions from config files (with a
|
|
# .cfg extension) in one or more directories (with recursion).
|
|
|
|
include_dir=/etc/nrpe.d/
|
|
|
|
|
|
# COMMAND DEFINITIONS
|
|
# Command definitions that this daemon will run. Definitions
|
|
# are in the following format:
|
|
#
|
|
# command[<command_name>]=<command_line>
|
|
#
|
|
# When the daemon receives a request to return the results of <command_name>
|
|
# it will execute the command specified by the <command_line> argument.
|
|
#
|
|
# Unlike Nagios, the command line cannot contain macros - it must be
|
|
# typed exactly as it should be executed.
|
|
#
|
|
# Note: Any plugins that are used in the command lines must reside
|
|
# on the machine that this daemon is running on! The examples below
|
|
# assume that you have plugins installed in a /usr/local/nagios/libexec
|
|
# directory. Also note that you will have to modify the definitions below
|
|
# to match the argument format the plugins expect. Remember, these are
|
|
# examples only!
|
|
|
|
|
|
# The following examples use hardcoded command arguments...
|
|
|
|
command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
|
|
command[check_load]=/usr/lib64/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
|
|
command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
|
|
command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
|
|
command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
|
|
|
|
|
|
# The following examples allow user-supplied arguments and can
|
|
# only be used if the NRPE daemon was compiled with support for
|
|
# command arguments *AND* the dont_blame_nrpe directive in this
|
|
# config file is set to '1'. This poses a potential security risk, so
|
|
# make sure you read the SECURITY file before doing this.
|
|
|
|
#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
|
|
#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
|
|
#command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
|
|
#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
|
|
|
|
#####################################
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ssl_version=<%= @ne_ssl_version %>
|
|
#ssl_use_adh=<%= @ne_ssl_use_adh %>
|
|
#ssl_cipher_list=<%= @ne_ssl_cipher_list %>
|
|
|
|
#ssl_cacert_file=<%= @ne_ssl_cacert_file %>
|
|
#ssl_cert_file=<%= @ne_ssl_cert_file %>
|
|
#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %>
|
|
|
|
#ssl_client_certs=<%= @ne_ssl_client_certs %>
|
|
#ssl_logging=<%= @ne_ssl_logging %>
|
|
|
|
#nasty_metachars=<%= @ne_nasty_metachars %>
|
|
|
|
#<% unless @ne_include_file.empty? -%>
|
|
#include=<%= @ne_include_file %>
|
|
#<% end -%>
|
|
|
|
#include_dir=<%= @ne_main_conf_d_dir %>
|
|
|
|
### command definitions have been moved to include_dir for easier external
|
|
# management
|