SLFO-pool/monitoring-plugins
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main monitoring-plugins revision f09e7dd02a45d44099779c0f3272c408

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 16:48:24 +02:00
commit e1ff58e07f
49 changed files with 5280 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

220
check_ircd_ssl Normal file
View File

@ -0,0 +1,220 @@
#!@PERL@ -w
#
# Copyright (C) 1999 Richard Mayhew <netsaint@splash.co.za>
# Copyright (C) 2014, SUSE Linux Products GmbH, Nuremberg
# Author: Richard Mayhew - South Africa
# rewritten by: Lars Vogdt <lars@linux-schulserver.de>
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the Novell nor the names of its contributors may be
# used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# Special thanks to Richard Mayhew for the original plugin written in
# 1999/09/20. Some code taken from Charlie Cook (check_disk.pl).
#
use Getopt::Long;
use IO::Socket::IP;
use strict;
use vars qw($PROGNAME $VERSION);
use vars qw($opt_V $opt_h $opt_t $opt_p $opt_H $opt_w $opt_c $ssl $verbose);
use lib '@libexecdir@';
use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
# ----------------------------------------------------[ Function Prototypes ]--
sub print_help ();
sub print_usage ();
# -------------------------------------------------------------[ Enviroment ]--
$ENV{PATH} = '';
$ENV{ENV} = '';
$ENV{BASH_ENV} = '';
# -----------------------------------------------------------------[ Global ]--
$PROGNAME = 'check_ircd';
$VERSION = '@NP_VERSION@';
my $nick = "ircd$$";
# -------------------------------------------------------------[ print_help ]--
sub print_help ()
{
print_revision($PROGNAME,$VERSION);
print "Copyright (c) 2014 SUSE Linux Products GmbH, Nuremberg
based on the original work of Richard Mayhew/Karl DeBisschop in 2000
Perl Check IRCD monitoring plugin.
";
print_usage();
print "
-H, --hostname=HOST
Name or IP address of host to check
-w, --warning=INTEGER
Number of connected users which generates a warning state (Default: 50)
-c, --critical=INTEGER
Number of connected users which generates a critical state (Default: 100)
-p, --port=INTEGER
Port that the ircd daemon is running on <host> (Default: 6667)
-v, --verbose
Print extra debugging information
-s, --ssl
Use SSL for connection (NOTE: might need '-p 6697' option)
";
}
# ------------------------------------------------------------[ print_usage ]--
sub print_usage () {
print "Usage: $PROGNAME -H <host> [-w <warn>] [-c <crit>] [-p <port>] [-s]\n";
}
# ------------------------------------------------------------------[ debug ]--
sub debug ($$)
{
my ($string,$verbose) = @_;
if ($verbose){
print STDOUT "DEBUG: $string";
}
}
# ----------------------------------------------------------------[ connect ]--
sub connection ($$$$$$) {
my ($server,$port,$ssl,$ping_timeout,$nick,$verbose) = @_;
my $user=-1;
debug("Attempting connect.\n",$verbose);
# Connect to server
debug("Connecting ...........\n",$verbose);
my $sock = IO::Socket::IP->new( PeerAddr => $server,
PeerPort => $port,
Proto => 'tcp',
Domain => AF_UNSPEC ) or return ($user);
if($ssl) {
use IO::Socket::SSL;
debug("Starting SSL .........\n",$verbose);
IO::Socket::SSL->start_SSL( $sock,
SSL_verify_mode => 0, # Do not verify certificate
) or die "SSL handshake failed: $SSL_ERROR";
}
debug("Connected to server: $server on port: $port\n",$verbose);
# Set nick and username
debug("Sending user info ....\n",$verbose);
print $sock "NICK $nick\nUSER monitor localhost localhost : \n";
# Catch SIGALRM from the OS when timeout expired.
local $SIG{ALRM} = sub {$sock->shutdown(0);};
# Send all incomming data to the parser
while (<$sock>) {
alarm 0;
chomp($_);
if (/^PING \:(.+)/) {
debug("Received PING request, sending PONG :$1\n",$verbose);
print $sock "PONG :$1\n";
}
elsif (/\:I have\s+(\d+)/){
$user=$1;
last;
}
alarm $ping_timeout;
}
debug("Closing socket.\n",$verbose);
close $sock;
return $user;
}
# ------------------------------------------------------------[ check_users ]--
sub check_users ($$$){
my ($users,$crit,$warn)=@_;
$users =~ s/\ //g;
my ($state,$answer);
if ($users >= 0) {
if ($users > $crit) {
$state = "CRITICAL";
$answer = "Critical Number Of Clients Connected : $users (Limit = $crit)";
} elsif ($users > $warn) {
$state = "WARNING";
$answer = "Warning Number Of Clients Connected : $users (Limit = $warn)";
} else {
$state = "OK";
$answer = "IRCD ok - Current Local Users: $users";
}
$answer.="|users=$users;$warn;$crit;0\n";
} else {
$state = "UNKNOWN";
$answer = "Server has less than 0 users! Something is Really WRONG!\n";
}
return ($answer,$state)
}
# ===================================================================[ MAIN ]==
MAIN:
{
my $answer = 'IRCD UNKNOWN: Unknown error - maybe could not authenticate\n';
my $state = 'UNKOWN';
my $hostname;
Getopt::Long::Configure('bundling');
GetOptions
( "V" => \$opt_V, "version" => \$opt_V,
"h" => \$opt_h, "help" => \$opt_h,
"v" => \$verbose,"verbose" => \$verbose,
"s" => \$ssl, "ssl" => \$ssl,
"t=i" => \$opt_t, "timeout=i" => \$opt_t,
"w=i" => \$opt_w, "warning=i" => \$opt_w,
"c=i" => \$opt_c, "critical=i" => \$opt_c,
"p=i" => \$opt_p, "port=i" => \$opt_p,
"H=s" => \$opt_H, "hostname=s" => \$opt_H);
if ($opt_V) {
print_revision($PROGNAME,$VERSION);
exit $ERRORS{'OK'};
}
if ($opt_h) {print_help(); exit $ERRORS{'OK'};}
($opt_H) || ($opt_H = shift @ARGV) || usage("Host name/address not specified\n");
my $server = $1 if ($opt_H =~ /([-.A-Za-z0-9]+)/);
($server) || usage("Invalid host: $opt_H\n");
($opt_w) || ($opt_w = shift @ARGV) || ($opt_w = 50);
my $warn = $1 if ($opt_w =~ /^([0-9]+)$/);
($warn) || usage("Invalid warning threshold: $opt_w\n");
($opt_c) || ($opt_c = shift @ARGV) || ($opt_c = 100);
my $crit = $1 if ($opt_c =~ /^([0-9]+)$/);
($crit) || usage("Invalid critical threshold: $opt_c\n");
if ($crit < $warn){
usage("Invalid threshold: $crit for critical is lower than $warn for warning\n");
}
($opt_p) || ($opt_p = shift @ARGV) || ($opt_p = 6667);
my $port = $1 if ($opt_p =~ /^([0-9]+)$/);
($port) || usage("Invalid port: $opt_p\n");
if ($opt_t && $opt_t =~ /^([0-9]+)$/) { $TIMEOUT = $1; }
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print "Somthing is Taking a Long Time, Increase Your TIMEOUT (Currently Set At $TIMEOUT Seconds)\n";
exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);
my $ping_timeout=$TIMEOUT-1;
my $users=connection($server,$port,$ssl,$ping_timeout,$nick,$verbose);
($answer,$state)=check_users($users,$crit,$warn);
print "$answer";
exit $ERRORS{$state};
}

46
monitoring-plugins-2.3.3-check_by_ssh.patch Normal file
View File

@ -0,0 +1,46 @@
Index: monitoring-plugins-2.3.3/plugins/check_by_ssh.c
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_by_ssh.c
+++ monitoring-plugins-2.3.3/plugins/check_by_ssh.c
@@ -109,6 +109,13 @@ main (int argc, char **argv)
return STATE_UNKNOWN;
}
+ /* SSH returns 255 if connection attempt fails; include the first line of error output */
+ if (result == 255 && unknown_timeout) {
+ printf (_("SSH connection failed: %s\n"),
+ chld_err.lines > 0 ? chld_err.line[0] : "(no error output)");
+ return STATE_UNKNOWN;
+ }
+
if (verbose) {
for(i = 0; i < chld_out.lines; i++)
printf("stdout: %s\n", chld_out.line[i]);
@@ -455,12 +462,12 @@ print_help (void)
printf (" %s\n", _("Tell ssh to use this configfile [optional]"));
printf (" %s\n","-q, --quiet");
printf (" %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]"));
- printf (UT_WARN_CRIT);
- printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
- printf (" %s\n","-U, --unknown-timeout");
- printf (" %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
- printf (UT_VERBOSE);
- printf("\n");
+ printf (UT_WARN_CRIT);
+ printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+ printf (" %s\n","-U, --unknown-timeout");
+ printf (" %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
+ printf (UT_VERBOSE);
+ printf("\n");
printf (" %s\n", _("The most common mode of use is to refer to a local identity file with"));
printf (" %s\n", _("the '-i' option. In this mode, the identity pair should have a null"));
printf (" %s\n", _("passphrase and the public key should be listed in the authorized_keys"));
@@ -479,7 +486,7 @@ print_help (void)
printf (" %s\n", "[1080933700] PROCESS_SERVICE_CHECK_RESULT;flint;c2;0; up 2 days");
printf (" %s\n", "[1080933700] PROCESS_SERVICE_CHECK_RESULT;flint;c3;0; up 2 days");
- printf(UT_SUPPORT);
+ printf(UT_SUPPORT);
}

25
monitoring-plugins-2.3.3-check_disk_on_btrfs.patch Normal file
View File

@ -0,0 +1,25 @@
commit a00fd77179dd6a6c2c96ff09350a9c213c18fd62
Author: George Hansper <george@hansper.id.au>
Date: Tue Sep 22 19:06:57 2020 +1000
check_disk - fix false DISK CRITICAL alert for btrfs filesystems due to BSD Gnulib workaround
Index: monitoring-plugins-2.3.3/plugins/check_disk.c
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_disk.c
+++ monitoring-plugins-2.3.3/plugins/check_disk.c
@@ -1041,7 +1041,14 @@ get_stats (struct parameter_list *p, str
void
get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
+#if defined(__NetBSD__) || defined(__FreeBSD__) || defined(OpenBSD )
+ /* 2007-12-08 - Workaround for Gnulib reporting insanely high available
+ * space on BSD (the actual value should be negative but fsp->fsu_bavail
+ * is unsigned) */
+ p->available = fsp->fsu_bavail > fsp->fsu_bfree ? 0 : fsp->fsu_bavail;
+#else
p->available = fsp->fsu_bavail;
+#endif
p->available_to_root = fsp->fsu_bfree;
p->used = fsp->fsu_blocks - fsp->fsu_bfree;
if (freespace_ignore_reserved) {

13
monitoring-plugins-2.3.3-check_ntp_perf_absolute.patch Normal file
View File

@ -0,0 +1,13 @@
Index: monitoring-plugins-2.3.3/plugins/check_ntp_time.c
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_ntp_time.c
+++ monitoring-plugins-2.3.3/plugins/check_ntp_time.c
@@ -533,7 +533,7 @@ int process_arguments(int argc, char **a
char *perfd_offset (double offset)
{
- return fperfdata ("offset", offset, "s",
+ return fperfdata ("offset", fabs(offset), "s",
TRUE, offset_thresholds->warning->end,
TRUE, offset_thresholds->critical->end,
FALSE, 0, FALSE, 0);

212
monitoring-plugins-2.3.3-check_ssh.patch Normal file
View File

@ -0,0 +1,212 @@
From e56255ee2f2887551e15aba2410138238efab030 Mon Sep 17 00:00:00 2001
From: Anton Lofgren <alofgren@op5.com>
Date: Mon, 21 Oct 2013 08:18:30 +0200
Subject: [PATCH 1/4] check_ssh: properly parse a delayed version control
string
This resolves an issue with SSH servers which do not respond with their
version control string as the first thing in the SSH protocol version
exchange phase after connection establishment.
This patch also makes sure that we disregard a potential comment in the
version exchange string to avoid nonsense mismatches. In the future, we
might want to add the capability to match against a user specified comment.
In addition, the patch largely improves the communication towards the
server, which adds better protocol adherence.
Of course, new test cases are added to support the trigger and guard
against regressions of the bugs solved by this patch.
This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
---
plugins/check_ssh.c | 122 +++++++++++++++++++++++++++++-------------
plugins/t/check_ssh.t | 97 ++++++++++++++++++++++++++-------
2 files changed, 164 insertions(+), 55 deletions(-)
Index: monitoring-plugins-2.3.3/plugins/check_ssh.c
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_ssh.c
+++ monitoring-plugins-2.3.3/plugins/check_ssh.c
@@ -106,7 +106,7 @@ process_arguments (int argc, char **argv
{"timeout", required_argument, 0, 't'},
{"verbose", no_argument, 0, 'v'},
{"remote-version", required_argument, 0, 'r'},
- {"remote-protcol", required_argument, 0, 'P'},
+ {"remote-protocol", required_argument, 0, 'P'},
{0, 0, 0, 0}
};
@@ -215,8 +215,13 @@ ssh_connect (char *haddr, int hport, cha
{
int sd;
int result;
+ int len = 0;
+ ssize_t byte_offset = 0;
+ ssize_t recv_ret = 0;
+ char *version_control_string = NULL;
char *output = NULL;
char *buffer = NULL;
+ char *tmp= NULL, *saveptr = NULL;
char *ssh_proto = NULL;
char *ssh_server = NULL;
static char *rev_no = VERSION;
@@ -231,51 +236,118 @@ ssh_connect (char *haddr, int hport, cha
return result;
output = (char *) malloc (BUFF_SZ + 1);
- memset (output, 0, BUFF_SZ + 1);
- recv (sd, output, BUFF_SZ, 0);
- if (strncmp (output, "SSH", 3)) {
- printf (_("Server answer: %s"), output);
- close(sd);
+ memset(output, 0, BUFF_SZ+1);
+ while (!version_control_string && (recv_ret = recv(sd, output+byte_offset, BUFF_SZ - byte_offset, 0)) > 0) {
+ if (strchr(output, '\n')) { /* we've got at least one full line, start parsing*/
+ byte_offset = 0;
+ while (strchr(output+byte_offset, '\n') != NULL) {
+ /*Partition the buffer so that this line is a separate string,
+ * by replacing the newline with NUL*/
+ output[(strchr(output+byte_offset, '\n')-output)]= '\0';
+ len = strlen(output+byte_offset);
+ if (len >= 4) {
+ /*if the string starts with SSH-, this _should_ be a valid version control string*/
+ if (strncmp (output+byte_offset, "SSH-", 4) == 0) {
+ version_control_string = output+byte_offset;
+ break;
+ }
+ }
+
+ /*the start of the next line (if one exists) will be after the current one (+ NUL)*/
+ byte_offset+=len+1;
+ }
+ if(!version_control_string) {
+ /* move unconsumed data to beginning of buffer, null rest */
+ memmove((void *)output, (void *)output+byte_offset+1, BUFF_SZ - len+1);
+ memset(output+byte_offset+1, 0, BUFF_SZ-byte_offset+1);
+
+ /*start reading from end of current line chunk on next recv*/
+ byte_offset = strlen(output);
+ }
+ }
+ else {
+ byte_offset += recv_ret;
+ }
+ }
+ tmp = NULL;
+ if (recv_ret < 0) {
+ printf("SSH CRITICAL - %s", strerror(errno));
+ exit(STATE_CRITICAL);
+ }
+ if (!version_control_string) {
+ printf("SSH CRITICAL - No version control string received");
+ exit(STATE_CRITICAL);
+ }
+ /*
+ * "When the connection has been established, both sides MUST send an
+ * identification string. This identification string MUST be
+ *
+ * SSH-protoversion-softwareversion SP comments CR LF"
+ * - RFC 4253:4.2
+ */
+ strip (version_control_string);
+ if (verbose)
+ printf ("%s\n", version_control_string);
+ ssh_proto = version_control_string + 4;
+
+ /*
+ * We assume the protoversion is of the form Major.Minor, although
+ * this is not _strictly_ required. See
+ *
+ * "Both the 'protoversion' and 'softwareversion' strings MUST consist of
+ * printable US-ASCII characters, with the exception of whitespace
+ * characters and the minus sign (-)"
+ * - RFC 4253:4.2
+ * and,
+ *
+ * "As stated earlier, the 'protoversion' specified for this protocol is
+ * "2.0". Earlier versions of this protocol have not been formally
+ * documented, but it is widely known that they use 'protoversion' of
+ * "1.x" (e.g., "1.5" or "1.3")."
+ * - RFC 4253:5
+ */
+ ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */
+
+ /* If there's a space in the version string, whatever's after the space is a comment
+ * (which is NOT part of the server name/version)*/
+ tmp = strchr(ssh_server, ' ');
+ if (tmp) {
+ ssh_server[tmp - ssh_server] = '\0';
+ }
+ if (strlen(ssh_proto) == 0 || strlen(ssh_server) == 0) {
+ printf(_("SSH CRITICAL - Invalid protocol version control string %s\n"), version_control_string);
exit (STATE_CRITICAL);
}
- else {
- strip (output);
- if (verbose)
- printf ("%s\n", output);
- ssh_proto = output + 4;
- ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789. ");
- ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
-
- xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
- send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
- if (verbose)
- printf ("%s\n", buffer);
-
- if (remote_version && strcmp(remote_version, ssh_server)) {
- printf
- (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
- ssh_server, ssh_proto, remote_version);
- close(sd);
- exit (STATE_CRITICAL);
- }
-
- if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
- printf
- (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
- ssh_server, ssh_proto, remote_protocol);
- close(sd);
- exit (STATE_CRITICAL);
- }
+ ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
- elapsed_time = (double)deltime(tv) / 1.0e6;
+ xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
+ send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
+ if (verbose)
+ printf ("%s\n", buffer);
+ if (remote_version && strcmp(remote_version, ssh_server)) {
printf
- (_("SSH OK - %s (protocol %s) | %s\n"),
- ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
- FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
+ (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
+ ssh_server, ssh_proto, remote_version);
close(sd);
- exit (STATE_OK);
+ exit (STATE_CRITICAL);
}
+
+ if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
+ printf
+ (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
+ ssh_server, ssh_proto, remote_protocol);
+ close(sd);
+ exit (STATE_CRITICAL);
+ }
+ elapsed_time = (double)deltime(tv) / 1.0e6;
+
+ printf
+ (_("SSH OK - %s (protocol %s) | %s\n"),
+ ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
+ FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
+ close(sd);
+ exit (STATE_OK);
}

139
monitoring-plugins-2.3.3-check_ssh.t_-_improve_testing.patch Normal file
View File

@ -0,0 +1,139 @@
Index: monitoring-plugins-2.3.3/plugins/t/check_ssh.t
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/t/check_ssh.t
+++ monitoring-plugins-2.3.3/plugins/t/check_ssh.t
@@ -8,34 +8,105 @@ use strict;
use Test::More;
use NPTest;
-# Required parameters
-my $ssh_host = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
-my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" );
-my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" );
-
-
-plan skip_all => "SSH_HOST must be defined" unless $ssh_host;
-plan tests => 6;
-
-
-my $result = NPTest->testCmd(
- "./check_ssh -H $ssh_host"
- );
-cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
-like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
+my $res;
-
-$result = NPTest->testCmd(
- "./check_ssh -H $host_nonresponsive -t 2"
- );
-cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
-like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
-
-
-
-$result = NPTest->testCmd(
- "./check_ssh -H $hostname_invalid -t 2"
- );
-cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
-like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
+# Required parameters
+my $ssh_host = getTestParameter("NP_SSH_HOST",
+ "A host providing SSH service",
+ "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
+ "The hostname of system not responsive to network requests",
+ "10.0.0.1" );
+my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID",
+ "An invalid (not known to DNS) hostname",
+ "nosuchhost" );
+
+plan tests => 14 + 6;
+
+SKIP: {
+ skip "SSH_HOST must be defined", 6 unless $ssh_host;
+ my $result = NPTest->testCmd(
+ "./check_ssh -H $ssh_host"
+ );
+ cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
+ like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
+
+ $result = NPTest->testCmd(
+ "./check_ssh -H $host_nonresponsive -t 2"
+ );
+ cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
+ like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
+
+ $result = NPTest->testCmd(
+ "./check_ssh -H $hostname_invalid -t 2"
+ );
+ cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
+ like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
+}
+
+SKIP: {
+ skip "No netcat available", 12 unless (system("which nc > /dev/null") == 0);
+
+ my $nc_flags = "-l 5003 -i 1";
+ #A valid protocol version control string has the form
+ # SSH-protoversion-softwareversion SP comments CR LF
+ #
+ # where `comments` is optional, protoversion is the SSH protocol version and
+ # softwareversion is an arbitrary string representing the server software version
+ open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
+ like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
+ close NC;
+
+ open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string");
+ like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string");
+ close NC;
+
+ open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
+ cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
+ like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
+ close NC;
+
+ open(NC, "echo 'SSH-' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
+ like( $res->output, '/^SSH CRITICAL/', "Output OK");
+ close NC;
+
+ open(NC, "echo '' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 2, "No version control string received");
+ like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
+ close NC;
+
+ open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 2, "No version control string received");
+ like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
+ close NC;
+
+ #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
+ open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 1;
+ echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 1;
+ echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 1;
+ echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 1;
+ printf 'EEEEEEEEEEEEEEEEEE'; sleep 1;
+ printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 1;
+ echo 'Some\nPrepended\nData\nLines\n'; sleep 1;
+ echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
+ like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
+ close NC;

21
monitoring-plugins-2.3.3-root-plugins-Makefile_-_no_chown.patch Normal file
View File

@ -0,0 +1,21 @@
Index: monitoring-plugins-2.3.3/plugins-root/Makefile.am
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins-root/Makefile.am
+++ monitoring-plugins-2.3.3/plugins-root/Makefile.am
@@ -49,7 +49,6 @@ INSTALL_SUID = \
p=$$f; \
echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
$(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
- echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \
chown root $(DESTDIR)$(libexecdir)/$$p; \
echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \
chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
@@ -64,7 +63,7 @@ install-exec-local: $(noinst_PROGRAMS)
echo > $$TMPFILE; \
## See if we can create a setuid root executable in $(libexecdir).
## If not, then don't even try to install setuid plugins.
- can_create_suid_root_executable=no; \
+ can_create_suid_root_executable=yes; \
chown root $$TMPFILE > /dev/null 2>&1 \
&& chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
&& can_create_suid_root_executable=yes; \

44
monitoring-plugins-2.3.3-wrong_percent_in_check_swap.patch Normal file
View File

@ -0,0 +1,44 @@
From f3e6c9663369d011b241c6fb2c8fd5312f98cacf Mon Sep 17 00:00:00 2001
From: Jan ONDREJ <ondrejj@salstar.sk>
Date: Thu, 7 Oct 2010 17:28:48 +0400
Subject: [PATCH 6/6] Prevent check_swap from returning OK, if no swap activated
My swap was not activated on boot for unknown reason and nagios does not
report this as a problem. Here is an example:
[root@kecom ~]# rpm -q nagios-plugins
nagios-plugins-1.4.13-11.fc10.i386
[root@kecom ~]# /usr/lib/nagios/plugins/check_swap -w 80% -c 40% -c 1 -w 2
SWAP CRITICAL - 100% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
If there is no swap and users is trying to test percentage of free swap,
consider 0 MB free swap space as problem, or of free/total raises division
by zero, then set percentage to 0%, not to 100%.
Steps to Reproduce:
1. make sure, your swap is empty or it's usage is not large
2. swapoff -a
3. /usr/lib/nagios/plugins/check_swap -w 80% -c 40%
Actual results:
SWAP OK - 100% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
Expected results:
SWAP CRITICAL - 0% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
Additional info:
https://bugzilla.redhat.com/512559
Index: monitoring-plugins-2.3.3/plugins/check_swap.c
===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_swap.c
+++ monitoring-plugins-2.3.3/plugins/check_swap.c
@@ -137,7 +137,7 @@ main (int argc, char **argv)
free_swap_mb += dskfree_mb;
if (allswaps) {
if (dsktotal_mb == 0)
- percent=100.0;
+ percent= 0.0;
else
percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));

BIN
monitoring-plugins-2.3.5.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

1
monitoring-plugins-2.3.5.tar.gz.sha1 Normal file
View File

@ -0,0 +1 @@
fcbe2068cb55aeaca3ebe67b619cb345a6705184 *monitoring-plugins-2.3.5.tar.gz

95
monitoring-plugins-README-extra-opts Normal file
View File

@ -0,0 +1,95 @@
Topics:
* Extra-Opts
* Further use of the /etc/monitoring-plugins directory
Extra-Opts
==========
Starting with the 1.4.12 release, most Monitoring Plugins (those written in C)
support reading options from a configuration file. Since version 2.0, this is
enabled by default.
You can easily know if a plugin supports Extra-Opts by checking the --help
output for the --extra-opts option. Once compiled in, the --extra-opts plugin
option allows reading extra options from a config file. The syntax for the
command is:
--extra-opts=[section][@file]
Some examples:
Read special_opts section of default config file:
$ ./check_stuff --extra-opts=special_opts
Read special_opts section of /etc/myconfig.ini:
$ ./check_stuff --extra-opts=special_opts@/etc/myconfig.ini
Read check_stuff section of /etc/myconfig.ini:
$ ./check_stuff --extra-opts=@/etc/myconfig.ini
Read check_stuff section of default config file and use additional
arguments along with the other specified arguments (Extra-Opts arguments are
always processed first no matter where --extra-opts appears on the command
line):
$ ./check_stuff --extra-opts -jk --some-other-opt
The default nagios plugins file is used if no explicit filename is given. The
current standard locations checked are:
/usr/local/etc/monitoring-plugins/monitoring-plugins.ini
/usr/local/etc/monitoring-plugins.ini
/etc/monitoring-plugins/monitoring-plugins.ini
/etc/monitoring-plugins.ini
To use a custom location, set the MP_CONFIG_FILE environment variable to the
desired path name.
To specify an option without parameter, you can use a key without value, but
the equal sign must remain, for example:
allow-regex=
Also note that repeated keys are allowed within sections just like you can
repeat arguments on the command line.
The basic theory is that options specified in the configuration files are
substituted at the beginning of the command line.
The initial use case for this functionality is for hiding passwords, so you do
not have to define sensitive credentials in the configuration of your
monitoring server and these options won't appear in the command line.
Permissions
===========
As some plugins require log in data, which are formerly stored in
/etc/{icinga,nagios}/resource.cfg
and can now be stored inside the extra-opts file, please remember that the same
security rules apply now also to this new extra-opts file. Under normal
circumstances, you should set restrictive permissions (600 or 640) on them.
User: root
Group: icinga or nagios, depending on your monitoring daemon
Further use of the /etc/monitoring-plugins directory
====================================================
Some Monitoring Plugins (like check_zypper) support additional configuration
files to be included/sourced in on execution. As long as the location of those
additional configuration files is not fixed, we recommend to use this directory
for it.
@Packagers: please consider encapsulating Plugins with Apparmor or SELinux
profiles. For security and conveniance reasons, please allow your plugins to
read in the /etc/monitoring-plugins directory - or even better: allow your
plugins to read their configuration file below /etc/monitoring-plugins.

27
monitoring-plugins-README.SUSE Normal file
View File

@ -0,0 +1,27 @@
README.SUSE for monitoring-plugins
== Features and documentation ==
Please refer to the upstream documentation on
* http://www.nagios.org/docs/
* http://docs.icinga.org/
* https://shinken.readthedocs.org/
* ...
* https://www.monitoring-plugins.org/
The openSUSE package contains most of the currently available plugins.
All plugins are installed in ''/usr/lib/nagios/plugins/'' on every architecture.
== Special permissions for some plugins ==
The following checks require special handling as they need some root privileges to run:
* check_dhcp
* check_icmp
* check_ide_smart
In a default installation, those checks will not work if executed as user with limited
rights (such as user nagios or icinga). Please have a look into the corresponding
documentation for those packages for more details.
( /usr/share/doc/packages/monitoring-plugins-icmp/README.SUSE-check_icmp for example )

110
monitoring-plugins-README.SUSE-check_cups Normal file
View File

@ -0,0 +1,110 @@
README.SUSE for monitoring-plugins-dhcp
== check_cups ==
Plugin for checking cups service
This plug-in will check the status of a remote CUPS print service for the printer status,
It is able to check all available printers configured on the cups daemon, or just one of them.
It can also check only the queue status. It will provide the size of the queue and
optionally the age of the queue.
Generally we sugesst to create separate checks for each printer and one additional check for
the queue itself.
Usage: check_cups -H <hostname> -P -p<The CUPS printer name> | -Q <s|b> -w <size warning level> -c <size critical level> -a <max age>
Notes:
-H: Hostname - Can be a hostname or IP address.
-P: Check only the printers status.
-p: It will check only one specific printer.
-Q: Type of check - Can be queue size (s) or both queu size and queue age (b)
-w: WARNING level for queue size
-c: CRITICAL level for queue size
-a: Max age of queue. Returns CRITICAL if jobs exists older than <max age> days
Example of test run usage:
----------------
Test all available printers and the queue.
(queue size warning is 3, critical 10 and max age 3 days):
nagios@nagios:~> /usr/lib/nagios/plugins/check_cups -H cups.server.org -P -Q s -w 3 -c 10 -a 3
Checking all printers...
OK - CUPS printer is idle.
Testing queue on the CUPS...
OK: CUPS queue size - 0| print_jobs=0;3;10;0
Test one printer only :
nagios@nagios:~> /usr/lib/nagios/plugins/check_cups -H cups.suse.cz -P -p myprinter
Checking only the printer myprinter.
OK - CUPS printer myprinter is idle.
Test only the queue, do not test any printer
(queue size warning is 3, critical 5 and max age 2 days):
nagios@nagios:~> /usr/lib/nagios/plugins/check_cups -H cups.suse.cz -Q b -w 3 -c 5 -a 2
No printer check is require. Checking the queue ...
Testing queue on the CUPS...
OK: CUPS queue size - 0| print_jobs=0;3;5;0
Example of Nagios/Icinga command settings:
----------------------------------
Example commands/check_cups.cfg:
# Check all printers in cups and queue size and queue age
define command{
command_name check_cups_all_queue
command_line $USER1$/check_cups -H $ARG1$ -P -Q b -w $ARG2$ -c $ARG3$ -a $ARG4$
}
# Check one printer in cups and queue size and queue age
define command{
command_name check_cups_one_queue
command_line $USER1$/check_cups -H $ARG1$ -P -p $ARG2$ -Q b -w $ARG3$ -c $ARG4$ -a $ARG5$
}
# Check all printers in cups and queue size and queue age
define command{
command_name check_cups_all
command_line $USER1$/check_cups -H $ARG1$ -P
}
# Check one printer in cups.
define command{
command_name check_cups_one
command_line $USER1$/check_cups -H $ARG1$ -P -p $ARG2$
}
# Check only the queue
define command{
command_name check_cups_queue
command_line $USER1$/check_cups -H $ARG1$ -Q b -w $ARG2$ -c $ARG3$ -a $ARG4$
}
Security:
---------
In the version 0.2 I added an Apparmor profile for the script usr.lib.nagios.plugins.check_cups
into /etc/apparmor.d
Autor notes:
------------
I`d like to thank to John E. Vincent (nagios-plugs@lusis.org)
I learn a lof from his check CUPS print queue plugin.
Then I`d like to thank to Mark Shirley for his check_cups_printer.sh
script, which was also inspiration for me.
Both of them you can find on http://exchange.nagios.org/ web site.
Martin Caj 31/01/2013 <mcaj@suse.cz>
Bugs:
------
Please report bugs to me mcaj@suse.cz
Thanks and have lot printers online ;-)
Martin

60
monitoring-plugins-README.SUSE-check_dhcp Normal file
View File

@ -0,0 +1,60 @@
README.SUSE for monitoring-plugins-dhcp
== check_dhcp and SuSEfirewall ==
If you run the check_dhcp script on the server, please make sure your UDP ports
67 and 68 on the _client_ are opened in the firewall. You also need to allow
to receive broadcasts for this interface. Otherwise the script will be unable
to detect anything.
Example:
If your client uses the "external" interface for the check, the entries in
/etc/sysconfig/SuSEfirewall2 should look like:
FW_SERVICES_EXT_UDP="67 68"
FW_ALLOW_FW_BROADCAST_EXT="67 68"
== Special privileges ==
To be "safe per default", SUSE doesn't install this plugin with the
suid bit set. There are two recommended ways about overriding this on
your system:
=== Set the suid bit ===
Copy the prepared permissions file from this directory to the right place
in your file system:
~ # cp /usr/share/doc/packages/monitoring-plugins-common/example/permissions.d/monitoring-plugins \
/etc/permissions.d/monitoring-plugins
...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
(see comments in the file) and run:
~ # SuSEconfig --module permissions
or (on newer openSUSE distributions without SuSEconfig):
~ # chkstat --system --set
This will set the correct permissions (from now on also during an update).
=== Alternative: Use sudo to grant the permission and modify your plugin config ===
This way you just need an entry like:
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_dhcp
in ''/etc/sudoers'' and an adapted command definition like the following:
define command{
command_name check_dhcp
command_line /usr/bin/sudo $USER1$/check_dhcp <other_options_here>
}
== Apparmor profile ==
Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_dhcp if you are using
the --extra-opts option. The Apparmor profile allows to open every file below
the /etc/monitoring-plugins/ directory read only for this. All files in other
directories are not allowed.

48
monitoring-plugins-README.SUSE-check_icmp Normal file
View File

@ -0,0 +1,48 @@
README.SUSE for monitoring-plugins-icmp
== Special privileges ==
To be "safe per default", SUSE doesn't install this plugin with the
suid bit set. There are two recommended ways about overriding this on
your system:
=== Set the suid bit ===
Copy the prepared permissions file from this directory to the right place
in your file system:
~ # cp /usr/share/doc/packages/monitoring-plugins/example/permissions.d/monitoring-plugins \
/etc/permissions.d/monitoring-plugins
...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
(see comments in the file) and run:
~ # SuSEconfig --module permissions
or (on newer openSUSE distributions without SuSEconfig):
~ # chkstat --system --set
This will set the correct permissions (from now on also during an update).
=== Alternative: Use sudo to grant the permission and modify your plugin config ===
This way you just need an entry like:
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_icmp
in ''/etc/sudoers'' and an adapted command definition like the following:
define command{
command_name check_icmp
command_line /usr/bin/sudo $USER1$/check_icmp <other_options_here>
}
== Apparmor profile ==
Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_icmp if you are
using the --extra-opts option. The Apparmor profile allows to open every file
below the /etc/monitoring-plugins/ directory read only for this. All files in
other directories are not allowed.

48
monitoring-plugins-README.SUSE-check_ide_smart Normal file
View File

@ -0,0 +1,48 @@
README.SUSE for monitoring-plugins-ide_smart
== Special privileges ==
To be "safe per default", SUSE doesn't install this plugin with the
suid bit set. There are two recommended ways about overriding this on
your system:
=== Set the suid bit ===
Copy the prepared permissions file from this directory to the right place
in your file system:
~ # cp /usr/share/doc/packages/monitoring-plugins/example/permissions.d/monitoring-plugins \
/etc/permissions.d/monitoring-plugins
...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
(see comments in the file) and run:
~ # SuSEconfig --module permissions
or (on newer openSUSE distributions without SuSEconfig):
~ # chkstat --system --set
This will set the correct permissions (from now on also during an update).
=== Alternative: Use sudo to grant the permission and modify your plugin config ===
This way you just need an entry like:
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ide_smart
in ''/etc/sudoers'' and an adapted command definition like the following:
define command{
command_name check_ide_smart
command_line /usr/bin/sudo $USER1$/check_ide_smart <other_options_here>
}
== Apparmor profile ==
Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ide_smart if you are
using the --extra-opts option. The Apparmor profile allows to open every file
below the /etc/monitoring-plugins/ directory read only for this. All files in
other directories are not allowed.

10
monitoring-plugins-README.SUSE-check_ntp_time Normal file
View File

@ -0,0 +1,10 @@
README.SUSE for monitoring-plugins-ntp_time
== Apparmor profile ==
Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ntp_time if you are
using the --extra-opts option. The Apparmor profile allows to open every file
below the /etc/monitoring-plugins/ directory read only for this. All files in
other directories are not allowed.

10
monitoring-plugins-README.SUSE-check_ping Normal file
View File

@ -0,0 +1,10 @@
README.SUSE for monitoring-plugins-ping
== Apparmor profile ==
Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ping if you are
using the --extra-opts option. The Apparmor profile allows to open every file
below the /etc/monitoring-plugins/ directory read only for this. All files in
other directories are not allowed.

18
monitoring-plugins-permissions Normal file
View File

@ -0,0 +1,18 @@
# Please uncomment the needed plugins and place the file in the
# /etc/permissions.d/ directory:
# cp monitoring-plugins /etc/permissions.d/
#
# Afterwards the files below will be adapted after a nagios-plugins
# update via
# 'SuSEconfig --module permissions'
# or (on newer openSUSE distributions without SuSEconfig):
# 'chkstat --system --set'
# automatically.
#
# Note: You may check/set the following variable in /etc/sysconfg/security
# to allow SuSEconfig to correct the file permissions:
# CHECK_PERMISSIONS="set"
#
# /usr/lib/nagios/plugins/check_dhcp root.root 4755
# /usr/lib/nagios/plugins/check_icmp root.root 4755
# /usr/lib/nagios/plugins/check_ide_smart root.root 4755

5
monitoring-plugins-rpmlintrc Normal file
View File

@ -0,0 +1,5 @@
# the virtual dbi-{mysql,pgsql,sqlite3} packages are there to require
# the needed library for the generic dbi package.
addFilter("explicit-lib-dependency.*libdbi-drivers-dbd-mysql");
addFilter("explicit-lib-dependency.*libdbi-drivers-dbd-sqlite3");
addFilter("explicit-lib-dependency.*libdbi-drivers-dbd-pgsql");

1840
monitoring-plugins.changes Normal file
View File

File diff suppressed because it is too large Load Diff

377
monitoring-plugins.check_cups.sh Normal file
View File

@ -0,0 +1,377 @@
#!/bin/bash
# check_cups - nagios plugin
#
# Copyright (C) 2008-2010, Novell, Inc.
# Copyright (C) 2011-2013, SUSE Linux Products GmbH
# Author: Martin Caj <mcaj@suse.cz>
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the Novell nor the names of its contributors may be
# used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
#
# Autor notes:
# I`d like to thank to John E. Vincent (nagios-plugs@lusis.org)
# I learn a lof from his check CUPS print queue plugin.
# Then I`d like to thank to Mark Shirley for his check_cups_printer.sh
# script, which was also inspiration for me.
# Both of them you can find on http://exchange.nagios.org/ web site.
# Martin Caj 31/01/2013 <mcaj@suse.cz>
#
# version 0.3 has no awk any more, cut can do it as well.
# the appamor profile was fixed as well.
# Martin Caj 01/11/2013
#
# check_cups - nagios plugin for checking cups service
# Description:
#
# This plugin will check the status of a remote CUPS
# print service for the printer status, then if status is ok
# it will check the queue. It can check all avaible printes
# on the cups, or just one of them.
# Then the plugin will check the queue:
# it will provide the size of the queue
# and optionally the age of the queue
#
# Version : 0.3
#searchning the lpstat:
LPSTAT="$(which lpstat)"
DEBUG='no'
# debug the script:
#set -x
# Nagios return codes
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
# check it lpstat is missing.
if [ ! -x "$LPSTAT" ]
then
echo "UNKNOWN: "$LPSTAT" not found or is not executable by the nagios user"
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
fi
PROGNAME=$(basename $0)
print_usage() {
# Name: print_usage
# Desc: It just prints the usage.
echo "Usage: $PROGNAME -H <hostname> -w <size warning level> -c <size critical level> [-P] [-p<The CUPS printer name>] [-Q <s|b>] [-a <max age>] [-d]"
echo
echo "Notes:"
echo "-H <hostname> : Hostname - Can be a hostname or IP address."
echo "-P : Check only the printers status."
echo "-p <printername> : will check only the specified printer."
echo "-Q <s|b> : Type of check - Can be queue size (s) or both queue size and queue age (b)."
echo "-w <int> : WARNING level for queue size."
echo "-c <int> : CRITICAL level for queue size."
echo "-a <int> : Max age of queue. Returns CRITICAL if jobs exists longer than <max age> days."
echo "-d : enable debug output"
echo
}
print_help() {
# Name: print_help
# Desc: Print the usage and help.
print_usage
echo
echo "This plugin will check the CUPS print service for the printer status."
echo "It can check the queue on a remote (or local with -H localhost) CUPS server."
echo "It can check both: the size of the queue and the age of the oldest print job in the queue."
echo "-w and -c are for warning and critical levels of the queue size."
echo "-a is optional for specifying the max age of a job in the print queue. Anything older than <max age>"
echo "will return a CRITICAL"
echo "For more details have look into the README file. "
echo
exit 0
}
check_queue_size() {
# Name: check_queue_size
# Desc: It check the status of the CUPS queue size.
# $exitstatus= might be ok|warn"crittical deppends on -w and -c
if [ "$JOBCOUNT" -ge "$critlevel" ]
then
MESSAGE="CRITICAL: CUPS queue size - "$JOBCOUNT"| "$PERFDATA""
exitstatus="$STATE_CRITICAL"
elif [ "$JOBCOUNT" -ge "$warnlevel" ]
then
MESSAGE="WARNING: CUPS queue size - "$JOBCOUNT"| "$PERFDATA""
exitstatus="$STATE_WARNING"
else
MESSAGE="OK: CUPS queue size - "$JOBCOUNT"| "$PERFDATA""
exitstatus="$STATE_OK"
fi
}
check_printer_status() {
# Name:check_printer_status
# Desc: It check status of all printers or one specific printer
# output is store in $OUTPUT and $exitstatus
if [ -z "$printername" ]
then
if [ "$DEBUG" == 'yes' ]; then
echo "Checking all printers..."
fi
RESULT=$("$LPSTAT" -h "$hostname" -p )
if [ $? != 0 ]
then
echo "ERROR: Probably wrong host name: "$hostname", or CUPS is not running."
exit "$STATE_UNKNOWN"
fi
else
if [ "$DEBUG" == 'yes' ]; then
echo "Checking only printer: $printername"
fi
RESULT=$("$LPSTAT" -h "$hostname" -p "$printername")
if [ $? != 0 ]
then
echo "ERROR: the printer $printername doesn't exist on CUPS server $hostname."
echo "please check command: '$LPSTAT -h $hostname -p' without printer name."
exit "$STATE_UNKNOWN"
fi
fi
case "$RESULT" in
*Rejecting*)
messages=$(echo "$RESULT"|grep -i rejecting )
OUTPUT="CRITICAL - CUPS printer is rejecting jobs for: $messages."
exitstatus="$STATE_CRITICAL"
;;
*Unable*)
messages=$(echo "$RESULT"|grep -i unable )
OUTPUT="CRITICAL - CUPS Unable to connect: $messages."
exitstatus="$STATE_CRITICAL"
;;
*disabled*)
messages=$(echo "$RESULT"|grep -i disabled)
OUTPUT="CRITICAL - CUPS printer: $messages."
exitstatus="$STATE_CRITICAL"
;;
*Paused*)
messages=$(echo "$RESULT"|grep -i paused)
OUTPUT="WARNING: - CUPS printer is: $messages."
exitstatus="$STATE_WARNING"
;;
*printing*)
OUTPUT="OK - CUPS printer is printing now."
exitstatus="$STATE_OK"
;;
*idle*)
OUTPUT="OK - CUPS printer $printername is idle."
exitstatus="$STATE_OK"
;;
*)
OUTPUT="CRITICAL - Unknown error occured while checking: $RESULT."
exitstatus="$STATE_CRITICAL"
;;
esac
}
# Test how many variable we got on command line
# The minimum for test printers is 3
if [ $# -lt 3 ]; then
print_usage
exit "$STATE_UNKNOWN"
fi
# this set default exit status to:
exitstatus="$STATE_UNKNOWN"
# by default is test pritner disabled, you must allow it with -p $printer or -P all printers
testprinter="0"
# testing arguments:
while test -n "$1"; do
case "$1" in
--help)
print_help
exit "$STATE_OK"
;;
-h)
print_help
exit "$STATE_OK"
;;
-P)
testprinter="1"
;;
-p)
testprinter="2"
printername="$2"
shift
;;
-H)
hostname="$2"
shift
;;
-Q)
testtype="$2"
shift
;;
-w)
warnlevel="$2"
shift
;;
-c)
critlevel="$2"
shift
;;
-a)
maxage="$2"
shift
;;
-d)
DEBUG='yes'
;;
esac
shift
done
# Check arguments for validity:
if [ -z "$hostname" ]
then
echo "You must specify a hostname (or localhost to test the local system)" >&2
print_usage
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
fi
# testing printer(s)
if [ "$testprinter" -eq "2" ] # Check specific printer and continue with the script
then
check_printer_status "$printername"
if [ -z "$testtype" ] # exit if there is no -Q checks
then
echo "$OUTPUT"
exit "$exitstatus"
fi
elif [ "$testprinter" -eq "1" ]; then # check all printers
check_printer_status
if [ -z "$testtype" ]; then # exit if there is no -Q checks
echo "$OUTPUT"
exit "$exitstatus"
fi
else # no cuos check is need
if [ "$DEBUG" == 'yes' ]; then
echo "No printer check required. Checking the queue ..."
fi
fi
# testing arguments for the queue checks:
if [[ -z "$critlevel" || -z "$warnlevel" ]] # Did we get warn and crit values?
then
echo "You must specify a warning and critical level"
print_usage
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
elif [ $critlevel -lt $warnlevel ] # Do the warn/crit values make sense?
then
echo "CRITICAL value of $critlevel is less than WARNING level of $warnlevel"
print_usage
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
fi
# what kind of queue test will be run:
if [ -z "$testtype" ]
then
echo "You must specify a test type"
print_usage
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
# this is a very nice elif, it match if -a X is missing
elif [[ "$testtype" = [b]* && -z "$maxage" ]]
then
echo "You must specify <max age> when using a test type of 'b'"
print_usage
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
else
if [ "$DEBUG" == 'yes' ]; then
echo "Testing queue on $hostname ..."
fi
JOBTMP=$(mktemp -t lpstat.XXXXXX) # Create a tmpfile to store the lpstat results
STALEJOBCOUNT=0 # default number of old jobs
CURDATETS=$(date +%s) # Get the current date as unixtime
"$LPSTAT" -h "$hostname" -o > "$JOBTMP" # run the lpstat command against the host.
if [ $? -ne 0 ]
then
rm -rf "$JOBTMP"
echo "UNKNOWN: lpstat command returned an error. Please test this script manually."
exitstatus="$STATE_UNKNOWN"
exit "$exitstatus"
fi
JOBCOUNT=$(wc -l < $JOBTMP) # populate the jobcount
PERFDATA="print_jobs=${JOBCOUNT};${warnlevel};${critlevel};0"
if [[ "$JOBCOUNT" -gt 0 && "$maxage" ]]
then
MAXAGETS=$(echo "86400 * $maxage" | bc) # 86400 seconds in a day * maxage
exec<"$JOBTMP" # read the file to determine job age
while read PRINTJOB
do
# Grab the job date from the job listing
JOBDATE=$(echo "$PRINTJOB" | cut -c50-73)
# Convert the job date to unixtime
JOBDATETS=$(date --date="$JOBDATE" +%s)
DATEDIFF=$(echo "($CURDATETS - $JOBDATETS)" | bc)
if [ $DATEDIFF -gt $MAXAGETS ]
then
MESSAGE="CRITICAL: Some CUPS jobs are older than $maxage days| $PERFDATA"
exitstatus="$STATE_CRITICAL"
else
check_queue_size
fi
done
else
check_queue_size
fi
rm -rf "$JOBTMP"
fi
# end: print the results and end with exit code for Nagios
echo "$OUTPUT"
echo "$MESSAGE"
exit "$exitstatus"

5
monitoring-plugins.obsinfo Normal file
View File

@ -0,0 +1,5 @@
name: monitoring-plugins
version: 2.3~alpha.20200520T233014.cadac85e
mtime: 1590010214
commit: cadac85e12d48d662ff39bfc9f5feb5601af1485

1701
monitoring-plugins.spec Normal file
View File

File diff suppressed because it is too large Load Diff

1
nrpe-check_load Normal file
View File

@ -0,0 +1 @@
command[check_load]=/usr/lib/nagios/plugins/check_load -w 10,6,5 -c 15,10,8

1
nrpe-check_mailq Normal file
View File

@ -0,0 +1 @@
command[check_mailq]=/usr/lib/nagios/plugins/check_mailq -c 50 -w 30 -M postfix

1
nrpe-check_mysql Normal file
View File

@ -0,0 +1 @@
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -u root

1
nrpe-check_ntp_time Normal file
View File

@ -0,0 +1 @@
command[check_ntp_time]=/usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org -w 1 -c 2

1
nrpe-check_partition Normal file
View File

@ -0,0 +1 @@
command[check_partition_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /

1
nrpe-check_proc_cron Normal file
View File

@ -0,0 +1 @@
command[check_proc_cron]=/usr/lib/nagios/plugins/check_procs --command=cron -u root -c 1:1024

1
nrpe-check_swap Normal file
View File

@ -0,0 +1 @@
command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 10 -c 5

1
nrpe-check_total_procs Normal file
View File

@ -0,0 +1 @@
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 6000 -c 7500

1
nrpe-check_ups Normal file
View File

@ -0,0 +1 @@
command[check_ups]=/usr/lib/nagios/plugins/check_ups -H 127.0.0.1 -u liebert

1
nrpe-check_users Normal file
View File

@ -0,0 +1 @@
command[check_users]=/usr/lib/nagios/plugins/check_users -w 30 -c 40

1
nrpe-check_zombie_procs Normal file
View File

@ -0,0 +1 @@
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z

31
usr.lib.nagios.plugins.check_cups Normal file
View File

@ -0,0 +1,31 @@
# Last Modified: Mon Mar 11 14:58:16 2013
#include <tunables/global>
/usr/lib/nagios/plugins/check_cups {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/consoles>
#include <abstractions/nameservice>
network inet dgram,
network inet stream,
/{usr/,}bin/bash rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/which rix,
/{usr/,}bin/lpstat rix,
/{usr/,}bin/basename rix,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/date rix,
/{usr/,}bin/rm rix,
/{usr/,}bin/cut rix,
/{usr/,}bin/bc rix,
/{usr/,}bin/wc rix,
/tmp/lpstat* wr,
/var/run/nscd/services r,
/etc/cups/client.conf r,
/proc/sys/crypto/fips_enabled r,
}

8
usr.lib.nagios.plugins.check_dhcp Normal file
View File

@ -0,0 +1,8 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_dhcp {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_raw,
/etc/monitoring-plugins/* r,
}

9
usr.lib.nagios.plugins.check_disk Normal file
View File

@ -0,0 +1,9 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_disk {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
/etc/mtab r,
@{PROC}/[0-9]*/mounts r,
/usr/lib/nagios/plugins/check_disk rm,
}

11
usr.lib.nagios.plugins.check_icmp Normal file
View File

@ -0,0 +1,11 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_icmp {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_raw,
capability setuid,
network inet raw,
/etc/monitoring-plugins/* r,
}

12
usr.lib.nagios.plugins.check_ide_smart Normal file
View File

@ -0,0 +1,12 @@
# Last Modified: Wed May 16 10:38:11 2012
#include <tunables/global>
/usr/lib/nagios/plugins/check_ide_smart {
#include <abstractions/base>
capability sys_admin,
capability sys_rawio,
/dev/s* r,
/dev/h* r,
/etc/monitoring-plugins/* r,
}

11
usr.lib.nagios.plugins.check_load Normal file
View File

@ -0,0 +1,11 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_load {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/wutmp>
/usr/lib/nagios/plugins/check_load rm,
/usr/bin/uptime rmix,
/proc/uptime r,
/proc/meminfo r,
/proc/loadavg r,
}

24
usr.lib.nagios.plugins.check_ntp_time Normal file
View File

@ -0,0 +1,24 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_ntp_time {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
#include <abstractions/xad>
network inet dgram,
network inet6 dgram,
capability ipc_lock,
capability net_bind_service,
capability sys_time,
capability sys_resource,
/etc/gai.conf r,
/usr/lib/nagios/plugins/check_ntp_time rm,
/etc/hosts r,
/etc/resolv.conf r,
/var/run/nscd/* r,
/etc/monitoring-plugins/* r,
}

14
usr.lib.nagios.plugins.check_ping Normal file
View File

@ -0,0 +1,14 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_ping {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_raw,
capability setuid,
network inet raw,
network inet6 raw,
/{usr/,}bin/ping rix,
/{usr/,}bin/ping6 rix,
/etc/monitoring-plugins/* r,
}

13
usr.lib.nagios.plugins.check_procs Normal file
View File

@ -0,0 +1,13 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_procs flags=(attach_disconnected) {
#include <abstractions/nameservice>
#include <abstractions/base>
#include <abstractions/consoles>
capability sys_ptrace,
/{usr/,}bin/ps rix,
/proc/ r,
/proc/** r,
/usr/lib/nagios/plugins/check_procs mr,
}

14
usr.lib.nagios.plugins.check_procs.sle15 Normal file
View File

@ -0,0 +1,14 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_procs flags=(attach_disconnected) {
#include <abstractions/nameservice>
#include <abstractions/base>
#include <abstractions/consoles>
ptrace,
ptrace (read) peer=unconfined,
/{usr/,}bin/ps rix,
/proc/ r,
/proc/** r,
/usr/lib/nagios/plugins/check_procs mr,
}

7
usr.lib.nagios.plugins.check_ssh Normal file
View File

@ -0,0 +1,7 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_ssh flags=(complain) {
#include <abstractions/base>
#include <abstractions/nameservice>
/etc/monitoring-plugins/* r,
}

6
usr.lib.nagios.plugins.check_swap Normal file
View File

@ -0,0 +1,6 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_swap {
#include <abstractions/base>
#include <abstractions/consoles>
/usr/lib/nagios/plugins/check_swap rm,
}

8
usr.lib.nagios.plugins.check_users Normal file
View File

@ -0,0 +1,8 @@
#include <tunables/global>
/usr/lib/nagios/plugins/check_users {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/wutmp>
/usr/lib/nagios/plugins/check_users rm,
}