added nrpe from #2498

git-svn-id: svn://svn.openwrt.org/openwrt/packages@9313 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-14 05:52:30 +00:00 · 2007-10-14 05:52:30 +00:00 · 26736eeaa3
commit 26736eeaa3
parent abc305a486
4 changed files with 324 additions and 0 deletions
--- a/net/nrpe/Makefile
+++ b/net/nrpe/Makefile
@ -0,0 +1,85 @@
+#
+# Copyright (C) 2007 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nrpe
+PKG_VERSION:=2.8.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=@SF/nagios
+PKG_MD5SUM:=
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/nrpe
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libopenssl
+  TITLE:=Daemon to execute Nagios check commands on remote hosts
+  URL:=http://www.nagios.org/download
+endef
+
+define Package/nrpe/description
+ NOTE: several assumptions are made:
+ 1) As openssl is used to generate some stuff during "configure" it is 
+ assumed that openssl is installed on compiling PC in its default
+ location (i.e. accessible as /usr/bin/openssl).
+ 2) "nagios" user and group should exist on your openwrt installation.
+endef
+
+define Package/nrpe/postinst
+#!/bin/sh
+
+id=50
+name=nagios
+home=/var/run/nagios
+shell=/bin/false
+
+# do not change below
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+        # create copies of passwd and group, if we use squashfs
+        rootfs=`mount |awk '/root/ { print $$5 }'`
+        if [ "$$rootfs" = "squashfs" ]; then
+                if [ -h /etc/group ]; then
+                        rm /etc/group
+                        cp -p /rom/etc/group /etc/group
+                fi
+                if [ -h /etc/passwd ]; then
+                        rm /etc/passwd
+                        cp -p /rom/etc/passwd /etc/passwd
+                fi
+        fi
+fi
+
+echo ""
+if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/group)" ]; then
+        echo "adding group $$name to /etc/group"
+        echo "$${name}:x:$${id}:" >> $${IPKG_INSTROOT}/etc/group
+fi
+if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/passwd)" ]; then
+        echo "adding user $$name to /etc/passwd"
+        echo "$${name}:x:$${id}:$${id}:$${name}:$${home}:$${shell}" >> $${IPKG_INSTROOT}/etc/passwd
+fi
+endef
+
+CONFIGURE_ARGS += \
+	--with-ssl="$(STAGING_DIR)/usr" \
+
+define Package/nrpe/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DATA) ./files/nrpe.cfg $(1)/etc/nrpe.cfg
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/nrpe $(1)/usr/sbin
+	$(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
+endef
+
+$(eval $(call BuildPackage,nrpe))
--- a/net/nrpe/files/nrpe.cfg
+++ b/net/nrpe/files/nrpe.cfg
@ -0,0 +1,208 @@
+#############################################################################
+# Sample NRPE Config File 
+# Written by: Ethan Galstad (nagios@nagios.org)
+# 
+# Last Modified: 03-09-2007
+#
+# NOTES:
+# This is a sample configuration file for the NRPE daemon.  It needs to be
+# located on the remote host that is running the NRPE daemon, not the host
+# from which the check_nrpe client is being executed.
+#############################################################################
+
+
+# PID FILE
+# The name of the file in which the NRPE daemon should write it's process ID
+# number.  The file is only written if the NRPE daemon is started by the root
+# user and is running in standalone mode.
+
+pid_file=/var/run/nrpe.pid
+
+
+
+# PORT NUMBER
+# Port number we should wait for connections on.
+# NOTE: This must be a non-priviledged port (i.e. > 1024).
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+server_port=5666
+
+
+
+# SERVER ADDRESS
+# Address that nrpe should bind to in case there are more than one interface
+# and you do not want nrpe to bind on all interfaces.
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+server_address=192.168.1.1
+
+
+# NRPE USER
+# This determines the effective user that the NRPE daemon should run as.  
+# You can either supply a username or a UID.
+# 
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_user=nagios
+
+
+
+# NRPE GROUP
+# This determines the effective group that the NRPE daemon should run as.  
+# You can either supply a group name or a GID.
+# 
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_group=nagios
+
+
+
+# ALLOWED HOST ADDRESSES
+# This is an optional comma-delimited list of IP address or hostnames 
+# that are allowed to talk to the NRPE daemon.
+#
+# Note: The daemon only does rudimentary checking of the client's IP
+# address.  I would highly recommend adding entries in your /etc/hosts.allow
+# file to allow only the specified host to connect to the port
+# you are running this daemon on.
+#
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+allowed_hosts=192.168.1.2
+ 
+
+
+# COMMAND ARGUMENT PROCESSING
+# This option determines whether or not the NRPE daemon will allow clients
+# to specify arguments to commands that are executed.  This option only works
+# if the daemon was configured with the --enable-command-args configure script
+# option.  
+#
+# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
+# Read the SECURITY file for information on some of the security implications
+# of enabling this variable.
+#
+# Values: 0=do not allow arguments, 1=allow command arguments
+
+dont_blame_nrpe=0
+
+
+
+# COMMAND PREFIX
+# This option allows you to prefix all commands with a user-defined string.
+# A space is automatically added between the specified prefix string and the
+# command line from the command definition.
+#
+# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
+# Usage scenario: 
+# Execute restricted commmands using sudo.  For this to work, you need to add
+# the nagios user to your /etc/sudoers.  An example entry for alllowing 
+# execution of the plugins from might be:
+#
+# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
+#
+# This lets the nagios user run all commands in that directory (and only them)
+# without asking for a password.  If you do this, make sure you don't give
+# random users write access to that directory or its contents!
+
+# command_prefix=/usr/bin/sudo 
+
+
+
+# DEBUGGING OPTION
+# This option determines whether or not debugging messages are logged to the
+# syslog facility.
+# Values: 0=debugging off, 1=debugging on
+
+debug=0
+
+
+
+# COMMAND TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# allow plugins to finish executing before killing them off.
+
+command_timeout=60
+
+
+
+# CONNECTION TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# wait for a connection to be established before exiting. This is sometimes
+# seen where a network problem stops the SSL being established even though
+# all network sessions are connected. This causes the nrpe daemons to
+# accumulate, eating system resources. Do not set this too low.
+
+connection_timeout=300
+
+
+
+# WEEK RANDOM SEED OPTION
+# This directive allows you to use SSL even if your system does not have
+# a /dev/random or /dev/urandom (on purpose or because the necessary patches
+# were not applied). The random number generator will be seeded from a file
+# which is either a file pointed to by the environment valiable $RANDFILE
+# or $HOME/.rnd. If neither exists, the pseudo random number generator will
+# be initialized and a warning will be issued.
+# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
+
+#allow_weak_random_seed=1
+
+
+
+# INCLUDE CONFIG FILE
+# This directive allows you to include definitions from an external config file.
+
+#include=<somefile.cfg>
+
+
+
+# INCLUDE CONFIG DIRECTORY
+# This directive allows you to include definitions from config files (with a
+# .cfg extension) in one or more directories (with recursion).
+
+#include_dir=<somedirectory>
+#include_dir=<someotherdirectory>
+
+
+
+# COMMAND DEFINITIONS
+# Command definitions that this daemon will run.  Definitions
+# are in the following format:
+#
+# command[<command_name>]=<command_line>
+#
+# When the daemon receives a request to return the results of <command_name>
+# it will execute the command specified by the <command_line> argument.
+#
+# Unlike Nagios, the command line cannot contain macros - it must be
+# typed exactly as it should be executed.
+#
+# Note: Any plugins that are used in the command lines must reside
+# on the machine that this daemon is running on!  The examples below
+# assume that you have plugins installed in a /usr/local/nagios/libexec
+# directory.  Also note that you will have to modify the definitions below
+# to match the argument format the plugins expect.  Remember, these are
+# examples only!
+
+
+# The following examples use hardcoded command arguments...
+
+command[check_users]=/usr/libexec/nagios/check_users -w 3 -c 5
+command[check_load]=/usr/libexec/nagios/check_load -w 7,4,2 -c 10,5,3
+command[check_tmp]=/usr/libexec/nagios/check_disk -w 50% -c 25% -p /tmp
+command[check_zombie_procs]=/usr/libexec/nagios/check_procs -w 1 -c 3 -s Z
+command[check_total_procs]=/usr/libexec/nagios/check_procs -w 25 -c 30
+
+
+
+# The following examples allow user-supplied arguments and can
+# only be used if the NRPE daemon was compiled with support for 
+# command arguments *AND* the dont_blame_nrpe directive in this
+# config file is set to '1'.  This poses a potential security risk, so
+# make sure you read the SECURITY file before doing this.
+
+#command[check_users]=/usr/lib/check_users -w $ARG1$ -c $ARG2$
+#command[check_load]=/usr/lib/check_load -w $ARG1$ -c $ARG2$
+#command[check_disk]=/usr/lib/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+#command[check_procs]=/usr/lib/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
--- a/net/nrpe/files/nrpe.init
+++ b/net/nrpe/files/nrpe.init
@ -0,0 +1,12 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2007 OpenWrt.org
+
+START=70
+
+start() {
+	/usr/sbin/nrpe -c /etc/nrpe.cfg -d
+}
+
+stop() {
+        killall nrpe
+}
--- a/net/nrpe/patches/100-openssl-dh.patch
+++ b/net/nrpe/patches/100-openssl-dh.patch
@ -0,0 +1,19 @@
+Index: nrpe-2.8.1/configure
+===================================================================
+--- nrpe-2.8.1.orig/configure	2007-10-11 14:40:36.000000000 +0200
+++ nrpe-2.8.1/configure	2007-10-11 14:40:36.000000000 +0200
+@@ -6073,11 +6073,9 @@
+ 
+ 				echo ""
+ 		echo "*** Generating DH Parameters for SSL/TLS ***"
+-		if test -f "$ssldir/sbin/openssl"; then
+-			sslbin=$ssldir/sbin/openssl
+-		else
+-			sslbin=$ssldir/bin/openssl
+-		fi
+		# Use host openssl as it just generates some random stuff,
+		# nothing machine-specific
+		sslbin=/usr/bin/openssl
+ 		# awk to strip off meta data at bottom of dhparam output
+ 		$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
+ 	fi