Nessus scanning reports "Nagios NRPE Command Argument Processing Enabled (73757)" even if accept-params : false in jnrpe.ini #126
Description
Describe the bug
We do Nessus scanning and get Nagios NRPE Command Argument Processing Enabled (73757) in the report even if we have set the accept-params : false in the jnrpe.ini file .
https://www.tenable.com/plugins/nessus/73757
While setting the accept-params : false in the jnrpe.ini file prohibits arguments to be passed or changed from the one we have specified in the command section of jnrpe.ini, Nessus scanning still reports NRPE Command Argument Processing Enabled.
Source code of the Nessus plugin is published here: https://www.infosecmatter.com/nessus-plugin-library/?id=73757
To comply with the nrpe standard, as you can see on line 116 -117, if command argument is disabled (accept-params : false) executing jcheck_nrpe with -a or --arglist the server should not respond at all.
Please change so when accept-params : false is specified in the jnrpe.ini file and jcheck_nrpe is executed with --arglist or the -a flag to not respond at all.
To Reproduce
Set accept-params : false
execute
jcheck_nrpe -n -H localhost -a anything
or
jcheck_nrpe --nossl --host localhost --arglist anything
JNRPE server will send a respons about the version, like:
JNRPE library V. 2.0.5
Expected behavior
Set accept-params : false
execute
jcheck_nrpe -n -H localhost -a anything
or
jcheck_nrpe --nossl --host localhost --arglist anything
JNRPE server should not send any respons at all