Re: [Nagios-devel] NRPE Code update post
Posted: Mon Jan 20, 2003 8:51 pm
Thanks -
I'll try and take a look at it this week. I've been swamped with
server and network upgrades at work recently, so I haven't had as
much free time at night as I'd like.
On 17 Jan 2003 at 8:16, Moe wrote:
> Ethan,
>
> Here are the diffs for the current code, and the changes to the Makefile are.
> LDFLAGS=-I/usr/local/ssl/include -L/usr/local/ssl/lib -R/usr/local/ssl/lib
> SOCKETLIBS= -lnsl -lsocket -lcrypto
>
> Things that need to be changed.
> - My coding is not the greatest, and parts of this were taken from openssl
> samples so there is always room for improvement.
> - The encryption PW is a static variable right now that I want to move to the
> config file and command line.
> - The Encryption Key salt is a static set right now and I want to make it more
> dynamic. I don't want to get into a whole diffe key exchange setup though so I
> was thinking basing it on date or day and hour. This just ensures that each day
> or hour the encoded data would be different.
> - While doing my best to not use strcpy's and only using length limited buffer
> commands I have not completed all the buffer checking overview. Encrypted data
> is weird in that you can't do strlen functions or other so the length has to be
> tracked. That is why I Hex convert the encrypted data to make it suitable for
> transport.
> - This only encrypts the packet buffer.
>
> All comments and code changes welcome.
> This is based on NRPE 1.6 source.
> Thanks for your time.
> Derrick
>
>
>
> Quoting Ethan Galstad :
>
> > Can you post a copy to the list? I'm about to start adding crypto
> > support to NRPE for support of command arguments and want to compare
> > this with libmcrypt before deciding what to use. Thanks.
> >
> >
> > On 15 Jan 2003 at 11:57, local.coder wrote:
> >
> > > Hello all,
> > >
> > > Been a while since I have made any changes and posted but this time it's
> > kind
> > > of a biggy. I have been working on NRPE for the last few days and have
> > added in
> > > tcp buffer encryption for the data going to and from check_nrpe to NRPE for
> > a
> > > local requirement and wanted to get the code into the tree for others to
> > use.
> > > Based on input from Ethan way back I have opted to use the Openssl libs for
> >
> > > encryption so as to limit extra needs and options and to allow for easy
> > > adaptation and selection of encryption routines. However I am not the
> > worlds
> > > best programmer and would like at least one other person to review my
> > diff's or
> > > full code for check_nrpe.c and nrpe.c to validate I haven't made any huge
> > > mistakes or missed something major. So if anyone would like to have a spin
> > with
> > > it please email me and once it's all cleaned up I will post the diff's to
> > here
> > > for the tree if everyone wants it.
> > >
> > > I also have not put in all the happy Define's that say only compile this if
> >
> > > openssl is installed so that may take me some more time as is.
> > >
> > > Thoughts & comments welcome,
> > > Derrick
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.NET email is sponsored by: A Thawte Code Signing Certificate
> > > is essential in establishing user confidence by providing assurance of
> > > authenticity and code integrity. Download our Free Code Signing guide:
> > > http://ads.sourceforge.net/cgi-bin/redi ... thaw0028en
> > > _______________________________________________
> > > Nagios-devel mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/lis ... gios-devel
> > >
> >
> >
> >
> > Ethan Galstad,
> > Nagios Developer
> > ---
> > Email: [email protected]
> > Website: http://www.nagios.org
> >
> >
> >
> > -------------------------------------------------------
> > This SF.NET email is sponsored by: Thawte.com
> > Understand how to protect your customers personal information by
> > implementing
> > SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
> > Guide: http://ads.sourceforge.net/cgi-bin/redi ... thaw0029en
> > ___
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
I'll try and take a look at it this week. I've been swamped with
server and network upgrades at work recently, so I haven't had as
much free time at night as I'd like.
On 17 Jan 2003 at 8:16, Moe wrote:
> Ethan,
>
> Here are the diffs for the current code, and the changes to the Makefile are.
> LDFLAGS=-I/usr/local/ssl/include -L/usr/local/ssl/lib -R/usr/local/ssl/lib
> SOCKETLIBS= -lnsl -lsocket -lcrypto
>
> Things that need to be changed.
> - My coding is not the greatest, and parts of this were taken from openssl
> samples so there is always room for improvement.
> - The encryption PW is a static variable right now that I want to move to the
> config file and command line.
> - The Encryption Key salt is a static set right now and I want to make it more
> dynamic. I don't want to get into a whole diffe key exchange setup though so I
> was thinking basing it on date or day and hour. This just ensures that each day
> or hour the encoded data would be different.
> - While doing my best to not use strcpy's and only using length limited buffer
> commands I have not completed all the buffer checking overview. Encrypted data
> is weird in that you can't do strlen functions or other so the length has to be
> tracked. That is why I Hex convert the encrypted data to make it suitable for
> transport.
> - This only encrypts the packet buffer.
>
> All comments and code changes welcome.
> This is based on NRPE 1.6 source.
> Thanks for your time.
> Derrick
>
>
>
> Quoting Ethan Galstad :
>
> > Can you post a copy to the list? I'm about to start adding crypto
> > support to NRPE for support of command arguments and want to compare
> > this with libmcrypt before deciding what to use. Thanks.
> >
> >
> > On 15 Jan 2003 at 11:57, local.coder wrote:
> >
> > > Hello all,
> > >
> > > Been a while since I have made any changes and posted but this time it's
> > kind
> > > of a biggy. I have been working on NRPE for the last few days and have
> > added in
> > > tcp buffer encryption for the data going to and from check_nrpe to NRPE for
> > a
> > > local requirement and wanted to get the code into the tree for others to
> > use.
> > > Based on input from Ethan way back I have opted to use the Openssl libs for
> >
> > > encryption so as to limit extra needs and options and to allow for easy
> > > adaptation and selection of encryption routines. However I am not the
> > worlds
> > > best programmer and would like at least one other person to review my
> > diff's or
> > > full code for check_nrpe.c and nrpe.c to validate I haven't made any huge
> > > mistakes or missed something major. So if anyone would like to have a spin
> > with
> > > it please email me and once it's all cleaned up I will post the diff's to
> > here
> > > for the tree if everyone wants it.
> > >
> > > I also have not put in all the happy Define's that say only compile this if
> >
> > > openssl is installed so that may take me some more time as is.
> > >
> > > Thoughts & comments welcome,
> > > Derrick
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.NET email is sponsored by: A Thawte Code Signing Certificate
> > > is essential in establishing user confidence by providing assurance of
> > > authenticity and code integrity. Download our Free Code Signing guide:
> > > http://ads.sourceforge.net/cgi-bin/redi ... thaw0028en
> > > _______________________________________________
> > > Nagios-devel mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/lis ... gios-devel
> > >
> >
> >
> >
> > Ethan Galstad,
> > Nagios Developer
> > ---
> > Email: [email protected]
> > Website: http://www.nagios.org
> >
> >
> >
> > -------------------------------------------------------
> > This SF.NET email is sponsored by: Thawte.com
> > Understand how to protect your customers personal information by
> > implementing
> > SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
> > Guide: http://ads.sourceforge.net/cgi-bin/redi ... thaw0029en
> > ___
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]