nrpe + ssl on machines without /dev/random

Gerhard Lausser Gerhard.Lausser at consol.de
Thu Jan 12 16:25:35 CET 2006


Hi,

i made a patch to NRPE, which enables it to use SSL on operating systems
which have no /dev/[u]random by default or which have not been patched
accordingly. Normally a ssl-enabled nrpe will not be able to initialize
correctly on these machines and refuses handshakes with check_nrpe clients.
This patch is for people, who are forced by company policy to use SSL, or
who do not want to use both ssl-enabled and plaintext check_nrpe binaries
depending on the monitored server's capabilities.
What i added is a fallback to an alternative way of seeding the random
number generator. You enable it by setting "allow_weak_random_seed=1" in the
nrpe.cfg file. 
If there was no randomness device available for seeding, then this directive
allows 
- the seeding from a file (using RAND_file_name() and RAND_load_file()) and
if this was still not enough
- the seeding from the PRNG (using RAND_seed())

If this looks useful for you, please download it from
http://people.consol.de/~lausser/nagios/nrpe-2.0-allow_weak_random_seed.patc
h
and apply it with:
cd nrpe-2.0
patch -p1 < nrpe-2.0-allow_waek_random_seed.patch

Greetings from munich,
Gerhard




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click




More information about the Developers mailing list