ports/118434: [patch] net-mgmt/nrpe2 should enable SSL by default
Andrew Daugherity
adaugherity at tamu.edu
Wed Dec 5 17:20:03 UTC 2007
The following reply was made to PR ports/118434; it has been noted by GNATS.
From: "Andrew Daugherity" <adaugherity at tamu.edu>
To: "Jarrod Sayers" <jarrod at netleader.com.au>
Cc: <bug-followup at FreeBSD.org>
Subject: Re: ports/118434: [patch] net-mgmt/nrpe2 should enable SSL by
default
Date: Wed, 05 Dec 2007 10:55:26 -0600
>>> On 12/5/2007 at 5:24 AM, in message
<A7FBA655-758C-4522-957A-FC944FCCB47A at netleader.com.au>, Jarrod Sayers
<jarrod at netleader.com.au> wrote:
> Andrew,
>=20
> The default for net-mgmt/nrpe2 is to be compiled without SSL support. =
=20
> This results in both nrpe2 and check_nrpe2 being unable to support SSL =
=20
> connections or services, and thus non-SSL becomes the default =20
> connection method. If the port is built with SSL support, nrpe2 =20
> supports only SSL connections but check_nrpe2 supports both with the =20
> default being SSL. You may then use the -n flag from the command line =
=20
> to connect to hosts without the SSL binary.
My mistake, I thought /usr/local/libexec/nagios/check_nrpe2 was install by =
the nagios-plugins port (which nrpe2 depends on, and installs everything =
else in /usr/local/libexec/nagios), but I see now it is part of nrpe2.
No SSL settings in make.conf, the only thing in there is the two lines =
added by use.perl.
In our case, check_nrpe2 will be run on our Nagios server (a Linux box), =
not this machine, and I installed nrpe2 with 'portinstall -P nrpe2' (using =
the campus mirror of packages-6-stable) to monitor things such as load =
average, ipmitool sensor output, etc. On the other Linux machines I =
installed nrpe (via YaST, apt-get, etc.) and it just worked, but in this =
case I had to rebuild the port and tick the SSL option (or else add -n to =
the nagios script).
It's not a huge problem, but IMO it violates the principle of least =
surprise. Is there any reason not to make SSL the default for this port? =
Would splitting into nrpe2{,-nossl} (or nrpe2{,-ssl}) ports (or at least =
pkg builds) be a better solution? On both 5.5 and 6.2, nrpe2 links =
against the system libssl so there aren't any additional ports dependencies=
.
Thanks,
Andrew Daugherity
More information about the freebsd-ports-bugs
mailing list