adding ability to enable command argument processing via nrpe client

Signed-off-by: Nick Chappell <nick@intronic.org> Taken from: https://github.com/Icinga/puppet-icinga2/pull/22
2014-09-30 08:13:54 -04:00 · 2014-09-30 08:13:54 -04:00 · c410696090
commit c410696090
parent 07ed61ad13
3 changed files with 12 additions and 7 deletions
--- a/manifests/nrpe.pp
+++ b/manifests/nrpe.pp
@ -6,12 +6,13 @@

 class icinga2::nrpe (

-  $nrpe_listen_port        = $icinga2::params::nrpe_listen_port,
-  $nrpe_debug_level        = $icinga2::params::nrpe_debug_level,
-  $nrpe_log_facility       = $icinga2::params::nrpe_log_facility,
-  $nrpe_command_timeout    = $icinga2::params::nrpe_command_timeout,
-  $nrpe_connection_timeout = $icinga2::params::nrpe_connection_timeout,
-  $nrpe_allowed_hosts      = $icinga2::params::nrpe_allowed_hosts
+  $nrpe_listen_port                       = $icinga2::params::nrpe_listen_port,
+  $nrpe_debug_level                       = $icinga2::params::nrpe_debug_level,
+  $nrpe_log_facility                      = $icinga2::params::nrpe_log_facility,
+  $nrpe_command_timeout                   = $icinga2::params::nrpe_command_timeout,
+  $nrpe_connection_timeout                = $icinga2::params::nrpe_connection_timeout,
+  $nrpe_allowed_hosts                     = $icinga2::params::nrpe_allowed_hosts,
+  $nrpe_allow_command_argument_processing = $icinga2::params::allow_command_argument_processing,

 ) inherits icinga2::params {

--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -287,6 +287,10 @@ class icinga2::params {
  $nrpe_connection_timeout = '300'
  #Note: because we use .join in the nrpe.cfg.erb template, this value *must* be an array
  $nrpe_allowed_hosts      = ['127.0.0.1',]
+  #Dtermines whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed
+  # *** ENABLING THIS OPTION IS A SECURITY RISK! ***
+  # Defaults to NOT allow command arguments
+  $allow_command_argument_processing = '0'

  case $::operatingsystem {
    #File and template variable names for Red Had/CentOS systems:
--- a/templates/nrpe.cfg.erb
+++ b/templates/nrpe.cfg.erb
@ -108,7 +108,7 @@ allowed_hosts=<%= scope.lookupvar('icinga2::nrpe::nrpe_allowed_hosts').join(',')
 #
 # Values: 0=do not allow arguments, 1=allow command arguments

-dont_blame_nrpe=0
+dont_blame_nrpe=<%= scope.lookupvar('icinga2::nrpe::allow_command_argument_processing') %>