update to NSCA-ng 1.1
This commit is contained in:
sthen
parent
21dcdad850
commit
d3f035f164
@ -1,10 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.3 2013/03/14 10:19:38 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.4 2013/04/12 21:44:53 sthen Exp $
|
||||
|
||||
COMMENT-main= server to accept passive check results for Nagios/Icinga
|
||||
COMMENT-client= client to send passive check results to Nagios/Icinga
|
||||
|
||||
V= 1.0
|
||||
REVISION-main= 0
|
||||
V= 1.1
|
||||
DISTNAME= nsca-ng-$V
|
||||
PKGNAME-main= nsca-ng-$V
|
||||
PKGNAME-client= nsca-ng-client-$V
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (nsca-ng-1.0.tar.gz) = I5OT9NlLlfP4QV4pAHt5BswnH4FPtaJqK7cnpWL2ySs=
|
||||
SIZE (nsca-ng-1.0.tar.gz) = 300633
|
||||
SHA256 (nsca-ng-1.1.tar.gz) = IzWqOSjA6lE5TK6OETPLA6N7Hjh7bEb/LYnGimtvzMY=
|
||||
SIZE (nsca-ng-1.1.tar.gz) = 308421
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
$OpenBSD: patch-etc_nsca-ng_cfg,v 1.1.1.1 2013/03/11 19:27:31 sthen Exp $
|
||||
--- etc/nsca-ng.cfg.orig Mon Mar 11 14:39:05 2013
|
||||
+++ etc/nsca-ng.cfg Mon Mar 11 16:20:48 2013
|
||||
$OpenBSD: patch-etc_nsca-ng_cfg,v 1.2 2013/04/12 21:44:53 sthen Exp $
|
||||
--- etc/nsca-ng.cfg.orig Fri Apr 12 21:42:30 2013
|
||||
+++ etc/nsca-ng.cfg Fri Apr 12 22:27:17 2013
|
||||
@@ -8,7 +8,8 @@
|
||||
#
|
||||
# Most probably, you'll have to specify the path to the Nagios command file.
|
||||
@ -11,13 +11,3 @@ $OpenBSD: patch-etc_nsca-ng_cfg,v 1.1.1.1 2013/03/11 19:27:31 sthen Exp $
|
||||
|
||||
#
|
||||
# These configuration settings are optional.
|
||||
@@ -17,7 +18,8 @@ command_file = "/usr/local/nagios/var/rw/nagios.cmd"
|
||||
# pid_file = "/var/run/nsca-ng.pid" # Default: create no PID file.
|
||||
# temp_directory = "/dev/shm" # Default: "/tmp".
|
||||
# tls_ciphers = "PSK-AES256-CBC-SHA" # Default: see nsca-ng.cfg(5).
|
||||
-# user = "nagios" # Default: don't switch user.
|
||||
+# user = "_nagios" # Default: don't switch user.
|
||||
+# user = "_icinga" # Alternative for Icinga.
|
||||
# log_level = 2 # Default: 3.
|
||||
# max_command_size = 65536 # Default: 16384.
|
||||
# max_queue_size = 128 # Default: 1024.
|
||||
|
||||
@ -1,36 +0,0 @@
|
||||
$OpenBSD: patch-man_nsca-ng_cfg_in,v 1.1 2013/03/14 10:19:38 sthen Exp $
|
||||
|
||||
From 979cf50ed690221d2d4ee419cc0f4e67c34179a3 Mon Sep 17 00:00:00 2001
|
||||
From: Stuart Henderson <stu@spacehopper.org>
|
||||
Date: Wed, 13 Mar 2013 12:16:40 +0100
|
||||
Subject: Add a directive to chroot(2) at startup
|
||||
|
||||
Allow the user to specify a directory the server should chroot(2) into
|
||||
on startup.
|
||||
|
||||
--- man/nsca-ng.cfg.in.orig Wed Mar 6 09:04:14 2013
|
||||
+++ man/nsca-ng.cfg.in Thu Mar 14 10:18:28 2013
|
||||
@@ -116,6 +116,23 @@ The
|
||||
server recognizes the following global variables.
|
||||
.
|
||||
.TP
|
||||
+\fBchroot\fP\ =\ <\fIstring\fP>
|
||||
+.
|
||||
+On startup, perform a
|
||||
+.BR chroot (2)
|
||||
+operation to the specified directory.
|
||||
+By default,
|
||||
+.BR nsca\-ng (8)
|
||||
+does not call
|
||||
+.BR chroot (2).
|
||||
+If this directive is used, the
|
||||
+.BR command_file ,
|
||||
+.BR pid_file ,
|
||||
+and
|
||||
+.B temp_directory
|
||||
+must be specified relative to this directory.
|
||||
+.
|
||||
+.TP
|
||||
\fBcommand_file\fP\ =\ <\fIstring\fP>
|
||||
.
|
||||
Submit monitoring commands to the specified path name.
|
||||
@ -1,20 +0,0 @@
|
||||
$OpenBSD: patch-src_server_conf_c,v 1.1 2013/03/14 10:19:38 sthen Exp $
|
||||
|
||||
From 979cf50ed690221d2d4ee419cc0f4e67c34179a3 Mon Sep 17 00:00:00 2001
|
||||
From: Stuart Henderson <stu@spacehopper.org>
|
||||
Date: Wed, 13 Mar 2013 12:16:40 +0100
|
||||
Subject: Add a directive to chroot(2) at startup
|
||||
|
||||
Allow the user to specify a directory the server should chroot(2) into
|
||||
on startup.
|
||||
|
||||
--- src/server/conf.c.orig Wed Mar 6 09:04:14 2013
|
||||
+++ src/server/conf.c Thu Mar 14 10:18:28 2013
|
||||
@@ -78,6 +78,7 @@ conf_parse(const char *path)
|
||||
};
|
||||
cfg_opt_t opts[] = {
|
||||
CFG_FUNC("include", cfg_include),
|
||||
+ CFG_STR("chroot", NULL, CFGF_NODEFAULT),
|
||||
CFG_STR("command_file", DEFAULT_COMMAND_FILE, CFGF_NONE),
|
||||
CFG_STR("listen", DEFAULT_LISTEN, CFGF_NONE),
|
||||
CFG_INT("log_level", DEFAULT_LOG_LEVEL, CFGF_NONE),
|
||||
@ -1,71 +0,0 @@
|
||||
$OpenBSD: patch-src_server_nsca-ng_c,v 1.1 2013/03/14 10:19:38 sthen Exp $
|
||||
|
||||
From 979cf50ed690221d2d4ee419cc0f4e67c34179a3 Mon Sep 17 00:00:00 2001
|
||||
From: Stuart Henderson <stu@spacehopper.org>
|
||||
Date: Wed, 13 Mar 2013 12:16:40 +0100
|
||||
Subject: Add a directive to chroot(2) at startup
|
||||
|
||||
Allow the user to specify a directory the server should chroot(2) into
|
||||
on startup.
|
||||
|
||||
--- src/server/nsca-ng.c.orig Tue Mar 5 20:58:00 2013
|
||||
+++ src/server/nsca-ng.c Thu Mar 14 10:18:28 2013
|
||||
@@ -77,7 +77,7 @@ static ev_signal sighup_watcher, sigint_watcher, sigte
|
||||
|
||||
static options *get_options(int, char **);
|
||||
static void free_options(options *);
|
||||
-static void switch_user(const char *);
|
||||
+static void drop_privileges(const char *, const char *);
|
||||
static void remove_pidfile(void);
|
||||
static void forget_config(void);
|
||||
static void signal_cb(EV_P_ ev_signal *, int __attribute__((__unused__)));
|
||||
@@ -104,8 +104,11 @@ main(int argc, char **argv)
|
||||
cfg = conf_parse(opt->conf_file != NULL ?
|
||||
opt->conf_file : DEFAULT_CONF_FILE);
|
||||
|
||||
- if (cfg_size(cfg, "user") > 0)
|
||||
- switch_user(cfg_getstr(cfg, "user"));
|
||||
+ if (cfg_size(cfg, "user") > 0 || cfg_size(cfg, "chroot") > 0)
|
||||
+ drop_privileges(cfg_size(cfg, "user") > 0 ?
|
||||
+ cfg_getstr(cfg, "user") : NULL,
|
||||
+ cfg_size(cfg, "chroot") > 0 ?
|
||||
+ cfg_getstr(cfg, "chroot") : NULL);
|
||||
|
||||
if (opt->log_target == -1)
|
||||
opt->log_target = opt->foreground ?
|
||||
@@ -290,21 +293,25 @@ free_options(options *opt)
|
||||
}
|
||||
|
||||
static void
|
||||
-switch_user(const char *user)
|
||||
+drop_privileges(const char *user, const char *new_root)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
errno = 0;
|
||||
- if ((pw = getpwnam(user)) == NULL) {
|
||||
- if (errno == 0)
|
||||
- die("Cannot find user %s in password database", user);
|
||||
- else
|
||||
- die("Cannot lookup user %s in password database: %m",
|
||||
- user);
|
||||
+ if (user != NULL) {
|
||||
+ if ((pw = getpwnam(user)) == NULL) {
|
||||
+ if (errno == 0)
|
||||
+ die("Cannot find user %s", user);
|
||||
+ else
|
||||
+ die("Cannot lookup user %s: %m", user);
|
||||
+ }
|
||||
+ if (initgroups(user, pw->pw_gid) == -1)
|
||||
+ die("Cannot set up group list for user %s: %m", user);
|
||||
}
|
||||
- if (initgroups(user, pw->pw_gid) == -1
|
||||
- || setgid(pw->pw_gid) == -1
|
||||
- || setuid(pw->pw_uid) == -1)
|
||||
+ if (new_root != NULL && (chroot(new_root) == -1 || chdir("/") == -1))
|
||||
+ die("Cannot change root directory to %s: %m", new_root);
|
||||
+ if (user != NULL
|
||||
+ && (setgid(pw->pw_gid) == -1 || setuid(pw->pw_uid) == -1))
|
||||
die("Cannot switch to user %s: %m", user);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user