NSClient

What's Changed

NRPE setup now supports 2-way tls

Command to set up 1-way TLS NRPE server

nscp nrpe install ^
    --allowed-hosts 127.0.0.1 ^
    --insecure=false --verify=none ^
    --certificate nsclient.pem ^
    --certificate-key nsclient.key

Command to set up 2-way TLS NRPE server

nscp nrpe install ^
    --allowed-hosts 127.0.0.1 ^
    --insecure=false --verify=peer-cert ^
    --certificate nsclient.pem ^
    --certificate-key nsclient.key ^
    --ca ca.pem

debug queries is now much simpler.

Using the debug option with queries is now much simpler. First it will return the debug data instead of adding it to the log making it possible to use this remote (please note that many protocols have payload limits).

THe output is now simplified as it includes useful details about the object as well as a standardised list:

ignored  c:\src\nscp\build\docker\debian-9\Dockerfile
ignored  c:\src\nscp\build\docker\debian-jessie\Dockerfile
match    c:\src\nscp\build\docker\files\plugin_pb2.py
ignored  c:\src\nscp\build\docker\ubuntu-14.04\Dockerfile
ignored  c:\src\nscp\build\docker\ubuntu-16.04\Dockerfile
ignored  c:\src\nscp\build\docker\ubuntu-16.10\Dockerfile
ignored  c:\src\nscp\build\docker\ubuntu-17.04\Dockerfile
ignored  c:\src\nscp\build\perl\echo_date.pl
ignored  c:\src\nscp\build\perl\echo_version.pl
ignored  c:\src\nscp\build\perl\postbuild.pl
ignored  c:\src\nscp\build\powershell\install-nscp.ps1
ignored  c:\src\nscp\build\powershell\setup-machine.ps1
ignored  c:\src\nscp\build\powershell\teardown-machine.ps1
ignored  c:\src\nscp\build\powershell\validate-install.ps1
match    c:\src\nscp\build\python\config.py
warning  c:\src\nscp\build\python\create_plugin_module.py
match    c:\src\nscp\build\python\create_zip_module.py
match    c:\src\nscp\build\python\fetchdeps.py
match    c:\src\nscp\build\python\mk_pyzip.py
match    c:\src\nscp\build\python\msdev-to-dynamic.py
match    c:\src\nscp\build\python\msdev-to-static.py
match    c:\src\nscp\build\python\msdev-to-x.py
match    c:\src\nscp\build\python\msdev-to-x64.py
match    c:\src\nscp\build\python\openssl_xp_patch.py

Where:

• ignored means the item did not match the filter
• match means the item matched the filter and was not critical nor warning.
• warningand critical means the item is a warning or a critical.

Added tests to validate thet NRP works correctly.

There are now test which use actual ccheck_nrpe command to validwte that NRPE works.

Full Changelog: https://github.com/mickem/nscp/compare/0.10.3...0.10.4

What's Changed

OpenSSL updated to 3.5.2

This is actually huge as OpenSSL which I updated to a year or so ago when I started to updated dependencies was the last 1.1.1 version. There are numerous changes is 3.5.2 which we will eventually start to benefit from but for now the only benefit is that the certificate generation is abit improved.

Fixed some issues in the NRPE CLI

Settings up two-way ssl now works correctly.

nscp nrpe install --insecure=false --arguments=safe --allowed-hosts=172.17.251.17 --verify=peer-cert

Replaced boost::bind with lambda

This is another rather big change which updates the code to modern C++.

Full Changelog: https://github.com/mickem/nscp/compare/0.10.2...0.10.3

What's Changed

New NRPE Guide

A new guid explaining how to configure NRPE with and without certificate authentication making on boarding NRPE much much easier. Read the guide here

Other changes:

• When enabling insecure mode the default ciphers should be ALL:!MD5:@strength[:@SECLEVEL=0]
• Added option debug verify to show why certificate validation fails, this option will likely be removed and replaced by default handling in the future.

Full Changelog: https://github.com/mickem/nscp/compare/0.10.1...0.10.2