diff --git a/net/nrpe/Makefile b/net/nrpe/Makefile new file mode 100644 index 000000000..217cad232 --- /dev/null +++ b/net/nrpe/Makefile @@ -0,0 +1,85 @@ +# +# Copyright (C) 2007 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=nrpe +PKG_VERSION:=2.8.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=@SF/nagios +PKG_MD5SUM:= + +include $(INCLUDE_DIR)/package.mk + +define Package/nrpe + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libopenssl + TITLE:=Daemon to execute Nagios check commands on remote hosts + URL:=http://www.nagios.org/download +endef + +define Package/nrpe/description + NOTE: several assumptions are made: + 1) As openssl is used to generate some stuff during "configure" it is + assumed that openssl is installed on compiling PC in its default + location (i.e. accessible as /usr/bin/openssl). + 2) "nagios" user and group should exist on your openwrt installation. +endef + +define Package/nrpe/postinst +#!/bin/sh + +id=50 +name=nagios +home=/var/run/nagios +shell=/bin/false + +# do not change below +# check if we are on real system +if [ -z "$${IPKG_INSTROOT}" ]; then + # create copies of passwd and group, if we use squashfs + rootfs=`mount |awk '/root/ { print $$5 }'` + if [ "$$rootfs" = "squashfs" ]; then + if [ -h /etc/group ]; then + rm /etc/group + cp -p /rom/etc/group /etc/group + fi + if [ -h /etc/passwd ]; then + rm /etc/passwd + cp -p /rom/etc/passwd /etc/passwd + fi + fi +fi + +echo "" +if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/group)" ]; then + echo "adding group $$name to /etc/group" + echo "$${name}:x:$${id}:" >> $${IPKG_INSTROOT}/etc/group +fi +if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/passwd)" ]; then + echo "adding user $$name to /etc/passwd" + echo "$${name}:x:$${id}:$${id}:$${name}:$${home}:$${shell}" >> $${IPKG_INSTROOT}/etc/passwd +fi +endef + +CONFIGURE_ARGS += \ + --with-ssl="$(STAGING_DIR)/usr" \ + +define Package/nrpe/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_DIR) $(1)/etc + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DATA) ./files/nrpe.cfg $(1)/etc/nrpe.cfg + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/nrpe $(1)/usr/sbin + $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) +endef + +$(eval $(call BuildPackage,nrpe)) diff --git a/net/nrpe/files/nrpe.cfg b/net/nrpe/files/nrpe.cfg new file mode 100644 index 000000000..e84bed7f1 --- /dev/null +++ b/net/nrpe/files/nrpe.cfg @@ -0,0 +1,208 @@ +############################################################################# +# Sample NRPE Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 03-09-2007 +# +# NOTES: +# This is a sample configuration file for the NRPE daemon. It needs to be +# located on the remote host that is running the NRPE daemon, not the host +# from which the check_nrpe client is being executed. +############################################################################# + + +# PID FILE +# The name of the file in which the NRPE daemon should write it's process ID +# number. The file is only written if the NRPE daemon is started by the root +# user and is running in standalone mode. + +pid_file=/var/run/nrpe.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-priviledged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_port=5666 + + + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_address=192.168.1.1 + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nagios + + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nagios + + + +# ALLOWED HOST ADDRESSES +# This is an optional comma-delimited list of IP address or hostnames +# that are allowed to talk to the NRPE daemon. +# +# Note: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your /etc/hosts.allow +# file to allow only the specified host to connect to the port +# you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts=192.168.1.2 + + + +# COMMAND ARGUMENT PROCESSING +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments to commands that are executed. This option only works +# if the daemon was configured with the --enable-command-args configure script +# option. +# +# *** ENABLING THIS OPTION IS A SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow arguments, 1=allow command arguments + +dont_blame_nrpe=0 + + + +# COMMAND PREFIX +# This option allows you to prefix all commands with a user-defined string. +# A space is automatically added between the specified prefix string and the +# command line from the command definition. +# +# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** +# Usage scenario: +# Execute restricted commmands using sudo. For this to work, you need to add +# the nagios user to your /etc/sudoers. An example entry for alllowing +# execution of the plugins from might be: +# +# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ +# +# This lets the nagios user run all commands in that directory (and only them) +# without asking for a password. If you do this, make sure you don't give +# random users write access to that directory or its contents! + +# command_prefix=/usr/bin/sudo + + + +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on + +debug=0 + + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + + +# CONNECTION TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# wait for a connection to be established before exiting. This is sometimes +# seen where a network problem stops the SSL being established even though +# all network sessions are connected. This causes the nrpe daemons to +# accumulate, eating system resources. Do not set this too low. + +connection_timeout=300 + + + +# WEEK RANDOM SEED OPTION +# This directive allows you to use SSL even if your system does not have +# a /dev/random or /dev/urandom (on purpose or because the necessary patches +# were not applied). The random number generator will be seeded from a file +# which is either a file pointed to by the environment valiable $RANDFILE +# or $HOME/.rnd. If neither exists, the pseudo random number generator will +# be initialized and a warning will be issued. +# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness + +#allow_weak_random_seed=1 + + + +# INCLUDE CONFIG FILE +# This directive allows you to include definitions from an external config file. + +#include= + + + +# INCLUDE CONFIG DIRECTORY +# This directive allows you to include definitions from config files (with a +# .cfg extension) in one or more directories (with recursion). + +#include_dir= +#include_dir= + + + +# COMMAND DEFINITIONS +# Command definitions that this daemon will run. Definitions +# are in the following format: +# +# command[]= +# +# When the daemon receives a request to return the results of +# it will execute the command specified by the argument. +# +# Unlike Nagios, the command line cannot contain macros - it must be +# typed exactly as it should be executed. +# +# Note: Any plugins that are used in the command lines must reside +# on the machine that this daemon is running on! The examples below +# assume that you have plugins installed in a /usr/local/nagios/libexec +# directory. Also note that you will have to modify the definitions below +# to match the argument format the plugins expect. Remember, these are +# examples only! + + +# The following examples use hardcoded command arguments... + +command[check_users]=/usr/libexec/nagios/check_users -w 3 -c 5 +command[check_load]=/usr/libexec/nagios/check_load -w 7,4,2 -c 10,5,3 +command[check_tmp]=/usr/libexec/nagios/check_disk -w 50% -c 25% -p /tmp +command[check_zombie_procs]=/usr/libexec/nagios/check_procs -w 1 -c 3 -s Z +command[check_total_procs]=/usr/libexec/nagios/check_procs -w 25 -c 30 + + + +# The following examples allow user-supplied arguments and can +# only be used if the NRPE daemon was compiled with support for +# command arguments *AND* the dont_blame_nrpe directive in this +# config file is set to '1'. This poses a potential security risk, so +# make sure you read the SECURITY file before doing this. + +#command[check_users]=/usr/lib/check_users -w $ARG1$ -c $ARG2$ +#command[check_load]=/usr/lib/check_load -w $ARG1$ -c $ARG2$ +#command[check_disk]=/usr/lib/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +#command[check_procs]=/usr/lib/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ diff --git a/net/nrpe/files/nrpe.init b/net/nrpe/files/nrpe.init new file mode 100644 index 000000000..e1ccf8ad9 --- /dev/null +++ b/net/nrpe/files/nrpe.init @@ -0,0 +1,12 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2007 OpenWrt.org + +START=70 + +start() { + /usr/sbin/nrpe -c /etc/nrpe.cfg -d +} + +stop() { + killall nrpe +} diff --git a/net/nrpe/patches/100-openssl-dh.patch b/net/nrpe/patches/100-openssl-dh.patch new file mode 100644 index 000000000..a85180712 --- /dev/null +++ b/net/nrpe/patches/100-openssl-dh.patch @@ -0,0 +1,19 @@ +Index: nrpe-2.8.1/configure +=================================================================== +--- nrpe-2.8.1.orig/configure 2007-10-11 14:40:36.000000000 +0200 ++++ nrpe-2.8.1/configure 2007-10-11 14:40:36.000000000 +0200 +@@ -6073,11 +6073,9 @@ + + echo "" + echo "*** Generating DH Parameters for SSL/TLS ***" +- if test -f "$ssldir/sbin/openssl"; then +- sslbin=$ssldir/sbin/openssl +- else +- sslbin=$ssldir/bin/openssl +- fi ++ # Use host openssl as it just generates some random stuff, ++ # nothing machine-specific ++ sslbin=/usr/bin/openssl + # awk to strip off meta data at bottom of dhparam output + $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h + fi