Sigh. I've lost 1 hour on this "improvement".
Please note that there is still a bug: the installed
"/etc/nagios/nrpe.cfg" configuration file now contains a option which is
ignored, but AFAICS there is no warning about that fact in the file nor in
the log when starting nrpe, so people will keep trying to enable it and
fail without understanding that it is in fact ignored.
nrpe has several, not fixable security problems with argument parsing.
I do believe that.
You should not use it at all.
You do *NOT* know about other people context and balance of risks.
Debian is for grownups, you do not have to "decide" for us as if we were
children. I know my risks and benefits, and I can make the decision
whether to enable arguments or not, you do not have to take this decision
for me. The option name says it all "dont_blame_nrpe": *MY*
responsability, not yours.
A secure alternative would be to use check_by_ssh.
I disagree that using check_by_ssh is obviously better, because it means
allowing a shell access and a private key without password on the server,
or endless efforts to maintain some ssh-agent somewhere which have their
own risks... I'm not sure I can see how this is much better than nrpe with
arguments and IP control, for me this is the same.
The "just compile your own package" is a laughable fix: If I wanted to do
that, I would not use Debian in the first place.
--
Fabien.
