[Nagiosplug-help] Failing to compile nrpe against OpenSSL onHP-UX

Ralph.Grothe at itdz-berlin.de Ralph.Grothe at itdz-berlin.de
Fri Aug 29 10:21:28 CEST 2008


Just to inform you,
I applied these substituions (there weren't more in the file)

$ diff src/nrpe.c{,.dist}
617c617
<               log_facility=LOG_AUTH;
---
>               log_facility=LOG_AUTHPRIV;
619c619
<               log_facility=LOG_DAEMON;
---
>               log_facility=LOG_FTP;


And this time make produced an nrpe executable that looks like it could
work.

$ make
cd ./src/; /usr/local/bin/gmake ; cd ..
gmake[1]: Entering directory `/usr/local/src/nrpe-2.12/src'
/opt/ansic/bin/cc -g -I/opt/openssl/include/openssl
-I/opt/openssl/include -DHAVE_CONFIG_H -o nrpe nrpe.c utils.c
-L/opt/openssl/lib  -lssl -lcrypto -lnsl  ./snprintf.o 
nrpe.c:
cc: "nrpe.c", line 852: warning 604: Pointers are not
assignment-compatible.
cc: "nrpe.c", line 852: warning 563: Argument #3 is not the correct
type.
utils.c:
/opt/ansic/bin/cc -g -I/opt/openssl/include/openssl
-I/opt/openssl/include -DHAVE_CONFIG_H -o check_nrpe check_nrpe.c
utils.c -L/opt/openssl/lib  -lssl -lcrypto -lnsl 
check_nrpe.c:
utils.c:
gmake[1]: Leaving directory `/usr/local/src/nrpe-2.12/src'

*** Compile finished ***

If the NRPE daemon and client compiled without any errors, you
can continue with the installation or upgrade process.

Read the PDF documentation (NRPE.pdf) for information on the next
steps you should take to complete the installation or upgrade.


$ ll src/nrpe   
-rwxr-xr-x   1 weirdo      fiddle          243040 Aug 29 10:10 src/nrpe

$ src/nrpe -h

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad (nagios at nagios.org)
Version: 2.12
Last Modified: 03-10-2008
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required

***************************************************************
** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE!  **
**      Read the NRPE SECURITY file for more information     **
***************************************************************

Usage: nrpe [-n] -c <config_file> <mode>

Options:
 -n            = Do not use SSL
 <config_file> = Name of config file to use
 <mode>        = One of the following two operating modes:
   -i          =    Run as a service under inetd or xinetd
   -d          =    Run as a standalone daemon

Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios.  It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.





Of course, I first will have to test this build a bit
before I can really tell if that patch fixed the problem...


> -----Original Message-----
> From: nagiosplug-help-bounces at lists.sourceforge.net
> [mailto:nagiosplug-help-bounces at lists.sourceforge.net]On Behalf Of
> Ralph.Grothe at itdz-berlin.de
> Sent: Friday, August 29, 2008 10:01 AM
> To: dermoth at aei.ca; frimik at gmail.com
> Cc: nagiosplug-help at lists.sourceforge.net
> Subject: Re: [Nagiosplug-help] Failing to compile nrpe against OpenSSL
> onHP-UX
> 
> 
> Hi Thomas, hi Mikael,
> 
> I reply to you both in one response
> as your proposals, how to fix this, point in the same direction.
> 
> First, many thanks for taking the time to contemplate over my issue.
> 
> 
> > -----Original Message-----
> > From: Thomas Guyot-Sionnest [mailto:dermoth at aei.ca]
> > Sent: Friday, August 29, 2008 12:05 AM
> > To: Grothe, Ralph
> > Cc: nagiosplug-help at lists.sourceforge.net
> > Subject: Re: [Nagiosplug-help] Failing to compile nrpe 
> against OpenSSL
> > on HP-UX
> > 
> > Does it even compile without ssl? beside the configure bug, it looks
> > like your problem isn't SSL
> > 
> 
> Well, I haven't yet tried with this exact release of the nrpe sources.
> But I am currently using an earlier compile of nrpe on my HP-UX boxes
> which I did compile --without-ssl, and that has been working 
> fine so far.
> Now the need arose to establish SSL wrapped NRPE 
> communication on more 
> "hostile" routes.
> 
> > 
> > The problem isn't the type (it's only a warning), it's two
> > syslog-related constants that aren't defined.
> > 
> 
> Yes, I didn't really suspect libssl to be the culprit at this point.
> 
> > You might want to grep your system headers for "LOG_AUTHPRIV" and
> > "LOG_FTP" and add any missing include to nrpe.c. 
> 
> At least beneath /usr/include there don't seem to appear the two 
> unknown macro definitions in any header file.
> (Actually, this is also the case if I run find from / over 
> every local filesystem)
> 
> # find /usr/include -type f -name \*.h|xargs grep -l 
> 'LOG_(AUTHPRIV|FTP)'|wc -w
> 0
> 
> > If you can't find them,
> > try searching for substitute LOG_ macros (make sure it's 
> > syslog-related)
> > and replace them in nrpe.c.
> 
> Hm, I'm not quite sure if I can follow you 
> (sorry, I am not a C hacker, but I at least can read the code)
> 
> So I have quite a few files with macro definitions starting 
> with LOG_ here
> 
> # find /usr/include -type f -name \*.h|xargs grep -l '^#define  *LOG_'
> /usr/include/sys/net_diag.h
> /usr/include/sys/netdiag1.h
> /usr/include/sys/fcp_log.h
> /usr/include/sys/framebuf.h
> /usr/include/sys/netio.h
> /usr/include/sys/sem_utl.h
> /usr/include/xti_trace.h
> /usr/include/syslog.h
> 
> 
> To me syslog.h would look an obvious candidate.
> 
> But I suppose these aren't re-definitions, and not what you meant?
> 
> # grep '^#define  *LOG_' /usr/include/syslog.h                        
> #define LOG_KERN        (0<<3)  /* kernel messages */
> #define LOG_USER        (1<<3)  /* random user-level messages */
> #define LOG_MAIL        (2<<3)  /* mail system */
> #define LOG_DAEMON      (3<<3)  /* system daemons */
> #define LOG_AUTH        (4<<3)  /* security/authorization messages */
> #define LOG_SYSLOG      (5<<3)  /* messages generated 
> internally by syslogd */
> #define LOG_LPR         (6<<3)  /* line printer subsystem */
> #define LOG_NEWS        (7<<3)  /* messages generated by the 
> news system */
> #define LOG_UUCP        (8<<3)  /* messages generated by the 
> UUCP system */
> #define LOG_CRON        (9<<3)  /* messages generated by the 
> cron daemon */
> #define LOG_LOCAL0      (16<<3) /* reserved for local use */
> #define LOG_LOCAL1      (17<<3) /* reserved for local use */
> #define LOG_LOCAL2      (18<<3) /* reserved for local use */
> #define LOG_LOCAL3      (19<<3) /* reserved for local use */
> #define LOG_LOCAL4      (20<<3) /* reserved for local use */
> #define LOG_LOCAL5      (21<<3) /* reserved for local use */
> #define LOG_LOCAL6      (22<<3) /* reserved for local use */
> #define LOG_LOCAL7      (23<<3) /* reserved for local use */
> #define LOG_NFACILITIES 24      /* maximum number of facilities */
> #define LOG_FACMASK     0x03f8  /* mask to extract facility part */
> #define LOG_EMERG       0       /* system is unusable */
> #define LOG_ALERT       1       /* action must be taken immediately */
> #define LOG_CRIT        2       /* critical conditions */
> #define LOG_ERR         3       /* error conditions */
> #define LOG_WARNING     4       /* warning conditions */
> #define LOG_NOTICE      5       /* normal but signification 
> condition */
> #define LOG_INFO        6       /* informational */
> #define LOG_DEBUG       7       /* debug-level messages */
> #define LOG_PRIMASK     0x0007  /* mask to extract priority 
> part (internal) */
> #define LOG_NDELAY      0x08    /* don't delay open */
> #define LOG_NOWAIT      0x10    /* if forking to log on 
> console, don't wait() */
> 
> 
> > Last resort would be removing everything
> > syslog-related from the source (you won't have logging).
> > 
> 
> No that wouldn't be an option because I require the logging.
> 
> But maybe I could give Mikael's proposal a try?
> 
> > -----Original Message-----
> > From: Mikael Fridh [mailto:frimik at gmail.com]
> > Sent: Thursday, August 28, 2008 5:14 PM
> > To: Grothe, Ralph; nagiosplug-help at lists.sourceforge.net
> > Subject: Re: [Nagiosplug-help] Failing to compile nrpe 
> against OpenSSL
> > on HP-UX
> > 
> > The fix is probably in your case: 
> s/(LOG_FTP|LOG_AUTHPRIV)/LOG_DAEMON/
> > 
> 
> Of course there is the LOG_DAEMON facility (as on probably every Unix)
> and instead of LOG_AUTHPRIV (which sounds quite Linuxish to me) 
> on HP-UX I have LOG_AUTH, but no LOG_FTP (seems a bit 
> far-fetched to me),
> if you compare with the above grepped LOG facilities from 
> syslog.h above.
> 
> So I would substitute then every reference to LOG_AUTHPRIV by LOG_AUTH
> and every occurrence of LOG_FTP by LOG_DAEMON within nrpe.c then.
> Do you think this would work?
> 
> Btw, has anyone filed these bugs with some sort of bug 
> tracker of the developers?
> I think that the configure script of nrpe should be fixed in a manner
> that it consults the system's syslog.h file for valid facilities
> and accordingly renders appropriate substitutions in the source code.
> Well, this is my naive understanding from a non-systems 
> hacker's point of view
> how to ship more portable code.
> 
> Regards
> 
> Ralph
> 
> 
> 
> --------------------------------------------------------------
> -----------
> This SF.Net email is sponsored by the Moblin Your Move 
> Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & 
> win great prizes
> Grand prize is a trip for two to an Open Source event 
> anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting 
> any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 




More information about the Help mailing list