New releases after a longer time. Version 3.0.0 should also fix some security issues: SECURITY - Fix for CVE-2014-2913 However that is disputed: https://access.redhat.com/security/cve/cve-2014-2913
Created attachment 470694 [details] nrpe-3.1.0.ebuild
Created attachment 470696 [details] nrpe-3.1.0.init Give these a try... We had a bunch of nonstandard patches, and it would take a long time to port them all to v3.1.0, so I didn't =) As a result, the TCP wrappers are not optional, command arguments aren't allowed, the daemon is always installed, and the nrpe_check_control tool isn't there. I don't know if anyone will miss those features -- if not, we can just leave things as-is. If people do miss them... * The patch to make the daemon and tcp wrappers optional should go upstream. * The command args can simply be re-enabled, but we should probably mask the flag because it's a security risk. * The nrpe_check_control tool should be updated to use the paths from the build system.
Thanks, will try and report back.
Updating on some 20 servers went fine, but it seems you need to update all your instances to use new nrpe, because some nrpe checks failed (Invalid packet type received from server) and for some there is a log entry on the server (Error: Request packet type/version was invalid! / Client request was invalid, bailing out...).
(In reply to Tomáš Mózes from comment #4) > Updating on some 20 servers went fine, but it seems you need to update all > your instances to use new nrpe, because some nrpe checks failed Did you upgrade the server or the clients first? I just found this in the Changelog, which makes it sound like you should do the server first: - Added support for version 3 variable sized packets up to 64KB. nrpe will accept either version from check_nrpe. check_nrpe will try to send a version 3 packet first, and fall back to version 2. check_nrpe can be forced to only send version 2 packets if the switch `-2` is used. (John Frickson)
(In reply to Michael Orlitzky from comment #5) > (In reply to Tomáš Mózes from comment #4) > > Updating on some 20 servers went fine, but it seems you need to update all > > your instances to use new nrpe, because some nrpe checks failed > > Did you upgrade the server or the clients first? I just found this in the > Changelog, which makes it sound like you should do the server first: > > - Added support for version 3 variable sized packets up to 64KB. nrpe will > accept either version from check_nrpe. check_nrpe will try to send a > version 3 packet first, and fall back to version 2. check_nrpe can be > forced > to only send version 2 packets if the switch `-2` is used. (John Frickson) Started with the monitoring server (the one that checks others via check_nrpe). As it tried sending v3 packets, the servers being monitoring with nrpe 2.15 were confused and produced such errors/warnings. Maybe we should put a message in the ebuild.
Installed on 100 machines, seems to be working ok in my case.
Thanks for testing. I committed this with an elog warning against mixing major versions on the client/server.
Thanks