-------------------------------------------------------------------------
Netsaint Remote Plugin Executor/Perl (nrpep) Version 0.2
Copyright (c) 2000 Adam Jacob (adam@cybertrails.com)

nrpep is covered under the GNU GPL Version 2.0 or greater.

Use at your own risk. Author is not responsible for broken data, security
holes, dogs eating cats, or cold TV dinners.  

nrpe (the inspiration for nrpep) is a program written by the most 
excellent author of Netsaint, Ethan Galstad.  Much thanks to him.

The wonderfull Rob Remus was responsible for the move from 
CBC/DES to TripleDES.  Thank him.  It is good. :)  

If you have any problems, feel free to send a message to me at
adam@cybertrails.com.  
-------------------------------------------------------------------------

*** FYI *** 
If you are reading this after you typed "make", it's because your a freak
and didn't read the README.  You can't just type "make".  You must type
make install-client or make install-server. :)  
*** End FYI ***

*** THIS PROGRAM REQUIRES OTHER STUFF!!! ***
This program requires other stuff!  What you need:

Perl 5.004
Digest-MD5 Perl Module 2.09+ (found at CPAN)
Crypt-TripleDES 0.24+ (found at CPAN)
*** END OTHER STUFF ***

-----------------
Table of Contents
-----------------
1. What is this?
2. Ok, neat. How do I install it?
3. Common problems

------------------------
Section 1: What is this?
------------------------
	Netsaint Remote Plug Executor/Perl is written to be a fully functional
replacement to the mostly-finished nrpe program by Ethan Galstad.  Basically,
it's a meant to allow you to execute plugins developed to be run on the
localhost on remote machines securely.  

	The reason I wrote this instead of just finished nrpe is because IMHO,
I think it will be easier to write in Perl.  Not to mention, I think it
will be more versatile.

	Also, at the suggestion of Karl DeBisschop (Netsaint Plugin developer
extraordianaire) nrpep implements a secret-key style encryption scheme.
Any data transmitted accross the network to execute a plugin and see the
results is encrypted in TripleDES. 

-----------------------------------------
Section 2: Ok, neat. How do I install it?
-----------------------------------------
	The program comes in two parts.  One is the nrpep server itself, and
the other is the check_nrpep plugin.  The check_nrpep plugin goes on the
Netsaint server itself; the nrpep server goes on each host on which
you would like to remotely execute plugins.

	Here is a picture:

+------------------------+
| Server to be Monitored |
| Running nrpep          |
+------------------------+
          |
          |
+------------------------+
| Netsaint Server        |
| Running check_nrpep    |
+------------------------+

	And so on.  Simple.  

	The first step to installation is to edit the Makefile; the top of
it holds some variable definitions you may want to tweak.  (Like where the
executables/config files are put, who owns them, etc.)  The default
should work if you compiled Netsaint from source; edit it anyway. 


	The next step is to type either:

	make install-client

		or

	make install-server

	This will install the requested piece of nrpep in the location
defined in the Makefile. (Did I tell you to edit the Makefile?) 

	If you are installing the plugin, you probably want to add a line
similar to this one in your Netsaint hosts.cfg file.  

command[check_nrpep]=/usr/local/netsaint/libexec/check_nrpep -h $HOSTADDRESS$ -c
 $ARG1$

	And a service check line for each host like this:

service[doors]=Users;24x7;3;5;2;sysadmins;10;24x7;1;1;1;;check_nrpep!check_users

	Where ARG1 is the command you want to execute on the remote host.

	Astute hackers will note the existence of a check_nrpep.cfg file.  This
is where you can set all the defaults for the check_nrpep plugin and set
the shared secret.  This is important.  Edit this file.  If you edited the
Makefile like a good boy, you know where it lives. :)  It's well commented
and self explanitory.

	If you are installing the server, you need to put in in inetd.  A line
like this one should cut the mustard:

nrpep  stream  tcp     nowait  nobody    /usr/sbin/tcpd /usr/sbin/nrpep -c \
 /usr/local/netsaint/etc/nrpep.cfg

	(All one line)

	The "nrpep" part is an entry in /etc/services for the port that nrpep
needs to run on.  The "default" is 8086.  I pulled it out of my ass.  If
it conflicts with anything, let me know.  Otherwise, that's the default.
An example:

nrpep        8086/tcp 

	Make sure you edit nrpep.cfg to add all the service checks you want
and define the shared secret.  More information on editing this file can
be found in the comments containted within it.

	If you want access control (ie only talk to one host) make the
proper entry in /etc/hosts.allow. :)

---------------------------
Section 3: Common Problems
---------------------------

	1. The check_nrpep plugin gives me a timeout error. (I have timed out
captain!)  

	This could be related to several things.  Either the host you are
contacting is not responding, or the secret is wrong.

	2. bash: ./check_nrpep: No such file or directory

	The scripts all have perl living at /usr/bin/perl.  If it's somewhere
else, you will get this message.

	
