[bug-notifications] [nrpe 0003939]: NRPE installation instructions urge to use inetd for tcp_wrappers
Mantis Bug Tracker
noreply at opencsw.org
Sun Oct 11 22:02:53 CEST 2009
The following issue has been ASSIGNED.
======================================================================
http://www.opencsw.org/bugtrack/view.php?id=3939
======================================================================
Reported By: alexs77
Assigned To: ja
======================================================================
Project: nrpe
Issue ID: 3939
Category: regular use
Reproducibility: have not tried
Severity: tweak
Priority: normal
Status: assigned
======================================================================
Date Submitted: 2009-10-05 14:32 CEST
Last Modified: 2009-10-11 22:02 CEST
======================================================================
Summary: NRPE installation instructions urge to use inetd for
tcp_wrappers
Description:
The NRPE installation instructions strongly urge, that tcp_wrappers should
be used to protect the installation. For this, it's written that inetd
should be used.
Right now, nrpe is launched as a standalone daemon.
So that nrpe can be launched from inetd, the following line should be
appended to /etc/services:
nrpe 5666/tcp
And to make inetd start/stop nrpe, add this line to /etc/inetd.conf:
nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /opt/csw/bin/nrpe -c
/opt/csw/etc/nrpe.cfg -i
On Solaris 10, that line should be written to some temporary file and then
inetconv -i $temp_file_with_inetd_line
is to be invoked.
After that, it might be a good idea to enable TCP_WRAPPER support; on
Solaris 10, do:
inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE
For Solaris 8 & 9:
tcp_wrappers is equivalent to the previous inetd's
/etc/default/inetd property ENABLE_TCPWRAPPERS.
So that inetd is able to start nrpe, the $HOME directory of the user
starting nrpe (ie. "nagios") has to exist; IOW: /opt/csw/nagios must exist.
On a host which only has nrpe (and maybe nagios-plugins) installed, that's
not the case.
======================================================================
More information about the bug-notifications
mailing list