Accepting request 1194151 from home:lrupp:branches:server:monitoring

- update to 2.4.0
  General
  + Use C99 booleans @RincewindsHat
  + Improve negate plugin helptext @euniceremoquillo
  + Add new test function for percentage expressions @RincewindsHat
  Single Plugins
  + check_mailq: remove trailing whitespaces @sni
  + check_mailq: unify tabs/spaces @sni
  + check_oracle: Shellcheck fixes @RincewindsHat
  + check_ups: output ups.realpower if supported @sbraz
  + check_disk: add -n short option for --ignore-missing @sni
  + check_procs: Improve help text, mentioning excluded processes @shartge
  + check_procs: Generalise wording, remove mentioning of nrpe @shartge
  + check_curl: add haproxy protocol option @emriver
  + check_disk: increase alert precision @sni
  + check_ircd: IPv6 support @oxzi
  + check_nwstat: adds percentage used space
  + check_swap: Possibility to run check_swap without thresholds @Napsty
  + check_ups: additional alarm conditions @RincewindsHat
  + check_http/check_curl: added a --regex-state option to change the state of a regex check @andreasbaumann
  General Fixes
  + Fixes for -Wsign-compare @RincewindsHat
  + Fix logic in is_uint64_t to fix type-limit warning @RincewindsHat
  + Prevent -lcrypto from showing up in Makefile dependencies @EricFromCanada
  + Change irritating NULL assignment @RincewindsHat
  Single Plugin Fixes
  + check_dbi: Compiler warning for uninitialized variable @RincewindsHat
  + check_curl: Initialize pointer before usage @RincewindsHat
  + check_ntp: Initialize intermediate results in any case @RincewindsHat
  + check_tcp: Fixes an error with using the wrong type for a variable @RincewindsHat

OBS-URL: https://build.opensuse.org/request/show/1194151
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=123

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

_service

@@ -0,0 +1,20 @@
+<services>
+  <service name="download_url">
+    <param name="host">www.monitoring-plugins.org</param>
+    <param name="protocol">https</param>
+    <param name="path">/download/monitoring-plugins-2.4.0.tar.gz</param>
+    <param name="filename">monitoring-plugins-2.4.0.tar.gz</param>
+  </service>
+  <service name="download_url">
+    <param name="host">www.monitoring-plugins.org</param>
+    <param name="protocol">https</param>
+    <param name="path">/download/monitoring-plugins-2.4.0.tar.gz.sha1</param>
+    <param name="filename">monitoring-plugins-2.4.0.tar.gz.sha1</param>
+  </service>
+  <service name="verify_file">
+	<param name="verifier">sha1</param>
+	<param name="checksum">595fcfe92a5273031e8ad7f294ba683c27078a1a</param>
+<!--	<param name="file">monitoring-plugins-2.4.0.tar.gz</param> -->
+   <param name="file">_service:download_url:monitoring-plugins-2.4.0.tar.gz</param>
+  </service>
+</services>

_service:download_url:monitoring-plugins-2.4.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e5dfd4ad8fde0a40da50aab3aff6d9a27020b8f283e332bc4da6ef9914f4028c
+size 2746382

_service:download_url:monitoring-plugins-2.4.0.tar.gz.sha1

@@ -0,0 +1 @@
+595fcfe92a5273031e8ad7f294ba683c27078a1a *monitoring-plugins-2.4.0.tar.gz

check_ircd_ssl

@@ -0,0 +1,220 @@
+#!@PERL@ -w
+#
+# Copyright (C) 1999 Richard Mayhew <netsaint@splash.co.za>
+# Copyright (C) 2014, SUSE Linux Products GmbH, Nuremberg
+# Author:       Richard Mayhew - South Africa
+# rewritten by: Lars Vogdt <lars@linux-schulserver.de>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# * Neither the name of the Novell nor the names of its contributors may be
+#   used to endorse or promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+# Special thanks to Richard Mayhew for the original plugin written in 
+# 1999/09/20. Some code taken from Charlie Cook (check_disk.pl).
+#
+use Getopt::Long;
+use IO::Socket::IP;
+use strict;
+use vars qw($PROGNAME $VERSION);
+use vars qw($opt_V $opt_h $opt_t $opt_p $opt_H $opt_w $opt_c $ssl $verbose);
+use lib '@libexecdir@';
+use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
+
+# ----------------------------------------------------[ Function Prototypes ]--
+sub print_help ();
+sub print_usage ();
+
+# -------------------------------------------------------------[ Enviroment ]--
+$ENV{PATH}     = '';
+$ENV{ENV}      = '';
+$ENV{BASH_ENV} = '';
+
+# -----------------------------------------------------------------[ Global ]--
+$PROGNAME        = 'check_ircd';
+$VERSION         = '@NP_VERSION@';
+my $nick         = "ircd$$";
+
+# -------------------------------------------------------------[ print_help ]--
+sub print_help ()
+{
+    print_revision($PROGNAME,$VERSION);
+    print "Copyright (c) 2014 SUSE Linux Products GmbH, Nuremberg
+based on the original work of Richard Mayhew/Karl DeBisschop in 2000
+
+Perl Check IRCD monitoring plugin.
+
+";
+    print_usage();
+    print "
+-H, --hostname=HOST
+   Name or IP address of host to check
+-w, --warning=INTEGER
+   Number of connected users which generates a warning state (Default: 50)
+-c, --critical=INTEGER
+   Number of connected users which generates a critical state (Default: 100)
+-p, --port=INTEGER
+   Port that the ircd daemon is running on <host> (Default: 6667)
+-v, --verbose
+   Print extra debugging information
+-s, --ssl
+   Use SSL for connection (NOTE: might need '-p 6697' option)
+";
+}
+
+# ------------------------------------------------------------[ print_usage ]--
+sub print_usage () {
+    print "Usage: $PROGNAME -H <host> [-w <warn>] [-c <crit>] [-p <port>] [-s]\n";
+}
+
+# ------------------------------------------------------------------[ debug ]--
+sub debug ($$)
+{
+    my ($string,$verbose) = @_;
+    if ($verbose){
+        print STDOUT "DEBUG: $string";
+    }
+}
+
+# ----------------------------------------------------------------[ connect ]--
+sub connection ($$$$$$) {
+    my ($server,$port,$ssl,$ping_timeout,$nick,$verbose) = @_;
+    my $user=-1;
+    debug("Attempting connect.\n",$verbose);
+    # Connect to server
+    debug("Connecting ...........\n",$verbose);
+    my $sock = IO::Socket::IP->new( PeerAddr => $server,
+                                    PeerPort => $port,
+                                    Proto => 'tcp',
+                                    Domain => AF_UNSPEC ) or return ($user);
+    if($ssl) {
+        use IO::Socket::SSL;
+        debug("Starting SSL .........\n",$verbose);
+        IO::Socket::SSL->start_SSL( $sock,
+                                    SSL_verify_mode => 0, # Do not verify certificate
+        ) or die "SSL handshake failed: $SSL_ERROR";
+    }
+    debug("Connected to server:   $server on port: $port\n",$verbose);
+    # Set nick and username
+    debug("Sending user info ....\n",$verbose);
+    print $sock "NICK $nick\nUSER monitor localhost localhost : \n";
+    # Catch SIGALRM from the OS when timeout expired.
+    local $SIG{ALRM} = sub {$sock->shutdown(0);};
+    # Send all incomming data to the parser
+    while (<$sock>) {
+        alarm 0;
+        chomp($_);
+        if (/^PING \:(.+)/) {
+            debug("Received PING request, sending PONG :$1\n",$verbose);
+            print $sock "PONG :$1\n";
+        }
+        elsif (/\:I have\s+(\d+)/){
+            $user=$1;
+            last;
+        }
+        alarm $ping_timeout;
+    }
+    debug("Closing socket.\n",$verbose);
+    close $sock;
+    return $user;
+}
+
+# ------------------------------------------------------------[ check_users ]--
+sub check_users ($$$){
+    my ($users,$crit,$warn)=@_;
+	$users =~ s/\ //g;
+    my ($state,$answer);
+    if ($users >= 0) {
+        if ($users > $crit) {
+                $state = "CRITICAL";
+                $answer = "Critical Number Of Clients Connected : $users (Limit = $crit)";
+        
+        } elsif ($users > $warn) {
+                $state = "WARNING";
+                $answer = "Warning Number Of Clients Connected : $users (Limit = $warn)";
+        
+        } else {
+                $state = "OK";
+                $answer = "IRCD ok - Current Local Users: $users";
+        }
+        $answer.="|users=$users;$warn;$crit;0\n";
+    } else {
+        $state = "UNKNOWN";
+        $answer = "Server has less than 0 users! Something is Really WRONG!\n";
+    }
+	return ($answer,$state)
+}
+
+# ===================================================================[ MAIN ]==
+MAIN:
+{
+    my $answer = 'IRCD UNKNOWN: Unknown error - maybe could not authenticate\n';
+    my $state = 'UNKOWN';
+    my $hostname;
+    Getopt::Long::Configure('bundling');
+    GetOptions
+         (  "V"   => \$opt_V,  "version"    => \$opt_V,
+            "h"   => \$opt_h,  "help"       => \$opt_h,
+            "v"   => \$verbose,"verbose"    => \$verbose,
+            "s"   => \$ssl,    "ssl"        => \$ssl,
+            "t=i" => \$opt_t,  "timeout=i"  => \$opt_t,
+            "w=i" => \$opt_w,  "warning=i"  => \$opt_w,
+            "c=i" => \$opt_c,  "critical=i" => \$opt_c,
+            "p=i" => \$opt_p,  "port=i"     => \$opt_p,
+            "H=s" => \$opt_H,  "hostname=s" => \$opt_H);
+    if ($opt_V) {
+        print_revision($PROGNAME,$VERSION);
+        exit $ERRORS{'OK'};
+    }
+    if ($opt_h) {print_help(); exit $ERRORS{'OK'};}
+    ($opt_H) || ($opt_H = shift @ARGV) || usage("Host name/address not specified\n");
+    my $server = $1 if ($opt_H =~ /([-.A-Za-z0-9]+)/);
+    ($server) || usage("Invalid host: $opt_H\n");
+    ($opt_w) || ($opt_w = shift @ARGV) || ($opt_w = 50);
+    my $warn = $1 if ($opt_w =~ /^([0-9]+)$/);
+    ($warn) || usage("Invalid warning threshold: $opt_w\n");
+    ($opt_c) || ($opt_c = shift @ARGV) || ($opt_c = 100);
+    my $crit = $1 if ($opt_c =~ /^([0-9]+)$/);
+    ($crit) || usage("Invalid critical threshold: $opt_c\n");
+    if ($crit < $warn){
+	    usage("Invalid threshold: $crit for critical is lower than $warn for warning\n");
+    }
+    ($opt_p) || ($opt_p = shift @ARGV) || ($opt_p = 6667);
+    my $port = $1 if ($opt_p =~ /^([0-9]+)$/);
+    ($port) || usage("Invalid port: $opt_p\n");
+    if ($opt_t && $opt_t =~ /^([0-9]+)$/) { $TIMEOUT = $1; }
+    # Just in case of problems, let's not hang Nagios
+    $SIG{'ALRM'} = sub {
+        print "Somthing is Taking a Long Time, Increase Your TIMEOUT (Currently Set At $TIMEOUT Seconds)\n";
+        exit $ERRORS{"UNKNOWN"};
+    };
+    alarm($TIMEOUT);
+    my $ping_timeout=$TIMEOUT-1;
+    my $users=connection($server,$port,$ssl,$ping_timeout,$nick,$verbose);
+    ($answer,$state)=check_users($users,$crit,$warn);
+    print "$answer";
+    exit $ERRORS{$state};
+}

monitoring-plugins-2.3.5-check_http-proxy.patch

@@ -0,0 +1,169 @@
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 8dda046f..2ab6a7a3 100644
+--- a/plugins/check_http.c
++++ b/plugins/check_http.c
+@@ -126,6 +126,9 @@ int sd;
+ int min_page_len = 0;
+ int max_page_len = 0;
+ int redir_depth = 0;
++bool ssl_proxy = false;
++char *proxy_server_address;
++int proxy_server_port;
+ int max_depth = DEFAULT_MAX_REDIRS;
+ char *http_method;
+ char *http_method_proxy;
+@@ -139,6 +142,7 @@ char *client_privkey = NULL;
+ bool process_arguments (int, char **);
+ int check_http (void);
+ void redir (char *pos, char *status_line);
++const char *find_uri_path (const char *url);
+ bool server_type_check(const char *type);
+ int server_port_check(int ssl_flag);
+ char *perfd_time (double microsec);
+@@ -609,6 +613,17 @@ bool process_arguments (int argc, char **argv)
+   if (virtual_port == 0)
+     virtual_port = server_port;
+ 
++  /* if we are called with the -I option, the -j method is CONNECT and */
++  /* we received -S for SSL, then we tunnel the request through a proxy*/
++  /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
++
++  ssl_proxy = server_address != NULL && strcmp(http_method, "CONNECT") == 0
++    && host_name != NULL && use_ssl == true;
++  if (ssl_proxy) {
++    proxy_server_address = strdup(server_address);
++    proxy_server_port = server_port;
++  }
++
+   return true;
+ }
+ 
+@@ -940,18 +955,18 @@ check_http (void)
+ 
+   /* try to connect to the host at the given port number */
+   gettimeofday (&tv_temp, NULL);
+-  if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
++  result = ssl_proxy ?
++    my_tcp_connect (proxy_server_address, proxy_server_port, &sd) :
++    my_tcp_connect (server_address, server_port, &sd);
++  if (result != STATE_OK)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+   microsec_connect = deltime (tv_temp);
+ 
+-    /* if we are called with the -I option, the -j method is CONNECT and */
+-    /* we received -S for SSL, then we tunnel the request through a proxy*/
+-    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
++  /* handle connection via SSL proxy */
++  if (ssl_proxy) {
+ 
+-    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-      && host_name != NULL && use_ssl == true) {
+-
+-    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
++    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n",
++      proxy_server_address, proxy_server_port, host_name, HTTPS_PORT);
+     asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+     if (strlen(proxy_auth)) {
+       base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+@@ -986,7 +1001,7 @@ check_http (void)
+   if (use_ssl == true) {
+     gettimeofday (&tv_temp, NULL);
+     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+-    if (verbose) printf ("SSL initialized\n");
++    if (verbose) printf ("SSL initialization %s\n", result == STATE_OK ? "successful" : "failed");
+     if (result != STATE_OK)
+       die (STATE_CRITICAL, NULL);
+     microsec_ssl = deltime (tv_temp);
+@@ -1002,9 +1017,8 @@ check_http (void)
+   }
+ #endif /* HAVE_SSL */
+ 
+-  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-       && host_name != NULL && use_ssl == true)
+-    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
++  if (ssl_proxy)
++    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, find_uri_path(server_url), host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+   else
+     asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ 
+@@ -1033,8 +1047,7 @@ check_http (void)
+        */
+       if ((use_ssl == false && virtual_port == HTTP_PORT) ||
+           (use_ssl == true && virtual_port == HTTPS_PORT) ||
+-          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-         && host_name != NULL && use_ssl == true))
++          ssl_proxy)
+         xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+       else
+         xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
+@@ -1138,10 +1151,17 @@ check_http (void)
+   /* leave full_page untouched so we can free it later */
+   page = full_page;
+ 
+-  if (verbose)
+-    printf ("%s://%s:%d%s is %d characters\n",
+-      use_ssl ? "https" : "http", server_address,
+-      server_port, server_url, (int)pagesize);
++  if (verbose) {
++    if (ssl_proxy)  {
++      printf ("[via proxy %s://%s:%d] %s returned %d bytes\n",
++        use_ssl ? "https" : "http", proxy_server_address, proxy_server_port,
++        server_url, (int)pagesize);
++    } else {
++      printf ("%s://%s:%d%s returned %d bytes\n",
++        use_ssl ? "https" : "http", server_address,
++        server_port, server_url, (int)pagesize);
++    }
++  }
+ 
+   /* find status line and null-terminate it */
+   status_line = page;
+@@ -1301,7 +1321,12 @@ check_http (void)
+         bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+               4);
+       }
+-      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
++      if (ssl_proxy) {
++        xasprintf (&msg, _("%sstring '%s' not found on '%s', "), msg, output_string_search, server_url);
++      } else {
++        xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search,
++          use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
++      }
+       result = STATE_CRITICAL;
+     }
+   }
+@@ -1642,6 +1667,25 @@ redir (char *pos, char *status_line)
+   check_http ();
+ }
+ 
++// Locate the URI path inside a complete URL. If we fail, just return the original URL.
++const char *
++find_uri_path (const char *url)
++{
++  const char *s = url;
++
++  if (strncmp(s, "http://", 7) == 0)
++    s += 7;
++  else if (strncmp(s, "https://", 8) == 0)
++    s += 8;
++  else
++    return url;
++  while (*s != '\0') {
++    if (strchr("/?#", *s) != NULL)
++      return s;
++    s++;
++  }
++  return url;
++}
+ 
+ bool
+ server_type_check (const char *type)
+@@ -1861,7 +1905,7 @@ print_help (void)
+   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+-
++  printf ("\n");
+   printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+   printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+   printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));

monitoring-plugins-2.3.5-check_log_-_quoting.patch

@@ -0,0 +1,33 @@
+Index: monitoring-plugins-2.3.3/plugins-scripts/check_log.sh
+===================================================================
+--- monitoring-plugins-2.3.3.orig/plugins-scripts/check_log.sh
++++ monitoring-plugins-2.3.3/plugins-scripts/check_log.sh
+@@ -112,23 +112,23 @@ while test -n "$1"; do
+             exit "$STATE_UNKNOWN"
+             ;;
+         -F | --filename)
+-            logfile=$2
++            logfile="$2"
+             shift 2
+             ;;
+         -O | --oldlog)
+-            oldlog=$2
++            oldlog="$2"
+             shift 2
+             ;;
+         -q | --query)
+-            query=$2
++            query="$2"
+             shift 2
+             ;;
+         --exclude)
+-            exclude=$2
++            exclude="$2"
+             shift 2
+             ;;
+         -x | --exitstatus)
+-            exitstatus=$2
++            exitstatus="$2"
+             shift 2
+             ;;
+         -e | --extended-regex)

monitoring-plugins-2.3.5-check_ntp_perf_absolute.patch

@@ -0,0 +1,13 @@
+Index: monitoring-plugins-2.3.3/plugins/check_ntp_time.c
+===================================================================
+--- monitoring-plugins-2.3.3.orig/plugins/check_ntp_time.c
++++ monitoring-plugins-2.3.3/plugins/check_ntp_time.c
+@@ -533,7 +533,7 @@ int process_arguments(int argc, char **a
+ 
+ char *perfd_offset (double offset)
+ {
+-	return fperfdata ("offset", offset, "s",
++	return fperfdata ("offset", fabs(offset), "s",
+ 		TRUE, offset_thresholds->warning->end,
+ 		TRUE, offset_thresholds->critical->end,
+ 		FALSE, 0, FALSE, 0);

monitoring-plugins-2.3.5-check_ssh.patch

@@ -0,0 +1,212 @@
+From e56255ee2f2887551e15aba2410138238efab030 Mon Sep 17 00:00:00 2001
+From: Anton Lofgren <alofgren@op5.com>
+Date: Mon, 21 Oct 2013 08:18:30 +0200
+Subject: [PATCH 1/4] check_ssh: properly parse a delayed version control
+ string
+
+This resolves an issue with SSH servers which do not respond with their
+version control string as the first thing in the SSH protocol version
+exchange phase after connection establishment.
+
+This patch also makes sure that we disregard a potential comment in the
+version exchange string to avoid nonsense mismatches. In the future, we
+might want to add the capability to match against a user specified comment.
+
+In addition, the patch largely improves the communication towards the
+server, which adds better protocol adherence.
+
+Of course, new test cases are added to support the trigger and guard
+against regressions of the bugs solved by this patch.
+
+This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945)
+
+Signed-off-by: Anton Lofgren <alofgren@op5.com>
+---
+ plugins/check_ssh.c   | 122 +++++++++++++++++++++++++++++-------------
+ plugins/t/check_ssh.t |  97 ++++++++++++++++++++++++++-------
+ 2 files changed, 164 insertions(+), 55 deletions(-)
+
+Index: monitoring-plugins-2.3.3/plugins/check_ssh.c
+===================================================================
+--- monitoring-plugins-2.3.3.orig/plugins/check_ssh.c
++++ monitoring-plugins-2.3.3/plugins/check_ssh.c
+@@ -106,7 +106,7 @@ process_arguments (int argc, char **argv
+ 		{"timeout", required_argument, 0, 't'},
+ 		{"verbose", no_argument, 0, 'v'},
+ 		{"remote-version", required_argument, 0, 'r'},
+-		{"remote-protcol", required_argument, 0, 'P'},
++		{"remote-protocol", required_argument, 0, 'P'},
+ 		{0, 0, 0, 0}
+ 	};
+ 
+@@ -215,8 +215,13 @@ ssh_connect (char *haddr, int hport, cha
+ {
+ 	int sd;
+ 	int result;
++	int len = 0;
++	ssize_t byte_offset = 0;
++	ssize_t recv_ret = 0;
++	char *version_control_string = NULL;
+ 	char *output = NULL;
+ 	char *buffer = NULL;
++	char *tmp= NULL, *saveptr = NULL;
+ 	char *ssh_proto = NULL;
+ 	char *ssh_server = NULL;
+ 	static char *rev_no = VERSION;
+@@ -231,51 +236,118 @@ ssh_connect (char *haddr, int hport, cha
+ 		return result;
+ 
+ 	output = (char *) malloc (BUFF_SZ + 1);
+-	memset (output, 0, BUFF_SZ + 1);
+-	recv (sd, output, BUFF_SZ, 0);
+-	if (strncmp (output, "SSH", 3)) {
+-		printf (_("Server answer: %s"), output);
+-		close(sd);
++	memset(output, 0, BUFF_SZ+1);
++	while (!version_control_string && (recv_ret = recv(sd, output+byte_offset, BUFF_SZ - byte_offset, 0)) > 0) {
++		if (strchr(output, '\n')) { /* we've got at least one full line, start parsing*/
++			byte_offset = 0;
++			while (strchr(output+byte_offset, '\n') != NULL) {
++				/*Partition the buffer so that this line is a separate string,
++				 * by replacing the newline with NUL*/
++				output[(strchr(output+byte_offset, '\n')-output)]= '\0';
++				len = strlen(output+byte_offset);
++				if (len >= 4) {
++					/*if the string starts with SSH-, this _should_ be a valid version control string*/
++					if (strncmp (output+byte_offset, "SSH-", 4) == 0) {
++						version_control_string = output+byte_offset;
++						break;
++					}
++				}
++
++				/*the start of the next line (if one exists) will be after the current one (+ NUL)*/
++				byte_offset+=len+1;
++			}
++			if(!version_control_string) {
++				/* move unconsumed data to beginning of buffer, null rest */
++				memmove((void *)output, (void *)output+byte_offset+1, BUFF_SZ - len+1);
++				memset(output+byte_offset+1, 0, BUFF_SZ-byte_offset+1);
++
++				/*start reading from end of current line chunk on next recv*/
++				byte_offset = strlen(output);
++			}
++		}
++		else {
++			byte_offset += recv_ret;
++		}
++	}
++	tmp = NULL;
++	if (recv_ret < 0) {
++		printf("SSH CRITICAL - %s", strerror(errno));
++		exit(STATE_CRITICAL);
++	}
++	if (!version_control_string) {
++		printf("SSH CRITICAL - No version control string received");
++		exit(STATE_CRITICAL);
++	}
++	/*
++	 * "When the connection has been established, both sides MUST send an
++	 * identification string.  This identification string MUST be
++	 *
++	 * SSH-protoversion-softwareversion SP comments CR LF"
++	 *		- RFC 4253:4.2
++	 */
++	strip (version_control_string);
++	if (verbose)
++		printf ("%s\n", version_control_string);
++	ssh_proto = version_control_string + 4;
++
++	/*
++	 * We assume the protoversion is of the form Major.Minor, although
++	 * this is not _strictly_ required. See
++	 *
++	 * "Both the 'protoversion' and 'softwareversion' strings MUST consist of
++	 * printable US-ASCII characters, with the exception of whitespace
++	 * characters and the minus sign (-)"
++	 *		- RFC 4253:4.2
++	 * and,
++	 *
++	 * "As stated earlier, the 'protoversion' specified for this protocol is
++	 * "2.0".  Earlier versions of this protocol have not been formally
++	 * documented, but it is widely known that they use 'protoversion' of
++	 * "1.x" (e.g., "1.5" or "1.3")."
++	 *		- RFC 4253:5
++	 */
++	ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */
++
++	/* If there's a space in the version string, whatever's after the space is a comment
++	 * (which is NOT part of the server name/version)*/
++	tmp = strchr(ssh_server, ' ');
++	if (tmp) {
++		ssh_server[tmp - ssh_server] = '\0';
++	}
++	if (strlen(ssh_proto) == 0 || strlen(ssh_server) == 0) {
++		printf(_("SSH CRITICAL - Invalid protocol version control string %s\n"), version_control_string);
+ 		exit (STATE_CRITICAL);
+ 	}
+-	else {
+-		strip (output);
+-		if (verbose)
+-			printf ("%s\n", output);
+-		ssh_proto = output + 4;
+-		ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789. ");
+-		ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
+-
+-		xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
+-		send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
+-		if (verbose)
+-			printf ("%s\n", buffer);
+-
+-		if (remote_version && strcmp(remote_version, ssh_server)) {
+-			printf
+-				(_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
+-				 ssh_server, ssh_proto, remote_version);
+-			close(sd);
+-			exit (STATE_CRITICAL);
+-		}
+-
+-		if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
+-			printf
+-				(_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
+-				 ssh_server, ssh_proto, remote_protocol);
+-			close(sd);
+-			exit (STATE_CRITICAL);
+-		}
++	ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
+ 
+-		elapsed_time = (double)deltime(tv) / 1.0e6;
++	xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
++	send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
++	if (verbose)
++		printf ("%s\n", buffer);
+ 
++	if (remote_version && strcmp(remote_version, ssh_server)) {
+ 		printf
+-			(_("SSH OK - %s (protocol %s) | %s\n"),
+-			 ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
+-			 FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
++			(_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
++			 ssh_server, ssh_proto, remote_version);
+ 		close(sd);
+-		exit (STATE_OK);
++		exit (STATE_CRITICAL);
+ 	}
++
++	if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
++		printf
++			(_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
++			 ssh_server, ssh_proto, remote_protocol);
++		close(sd);
++		exit (STATE_CRITICAL);
++	}
++	elapsed_time = (double)deltime(tv) / 1.0e6;
++
++	printf
++		(_("SSH OK - %s (protocol %s) | %s\n"),
++		 ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
++			 FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
++	close(sd);
++	exit (STATE_OK);
+ }
+ 
+ 

monitoring-plugins-2.3.5-check_ssh.t_-_improve_testing.patch

@@ -0,0 +1,139 @@
+Index: monitoring-plugins-2.3.3/plugins/t/check_ssh.t
+===================================================================
+--- monitoring-plugins-2.3.3.orig/plugins/t/check_ssh.t
++++ monitoring-plugins-2.3.3/plugins/t/check_ssh.t
+@@ -8,34 +8,105 @@ use strict;
+ use Test::More;
+ use NPTest;
+ 
+-# Required parameters
+-my $ssh_host           = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
+-my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" );
+-my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" );
+-
+-
+-plan skip_all => "SSH_HOST must be defined" unless $ssh_host;
+-plan tests    => 6;
+-
+-
+-my $result = NPTest->testCmd(
+-    "./check_ssh -H $ssh_host"
+-    );
+-cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
+-like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
++my $res;
+ 
+-
+-$result = NPTest->testCmd(
+-    "./check_ssh -H $host_nonresponsive -t 2"
+-    );
+-cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
+-like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
+-
+-
+-
+-$result = NPTest->testCmd(
+-    "./check_ssh -H $hostname_invalid -t 2"
+-    );
+-cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
+-like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
++# Required parameters
++my $ssh_host           = getTestParameter("NP_SSH_HOST",
++                                          "A host providing SSH service",
++                                          "localhost");
++my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
++                                          "The hostname of system not responsive to network requests",
++                                          "10.0.0.1" );
++my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID",
++                                          "An invalid (not known to DNS) hostname",
++                                          "nosuchhost" );
++
++plan tests => 14 + 6;
++
++SKIP: {
++   skip "SSH_HOST must be defined", 6 unless $ssh_host;
++   my $result = NPTest->testCmd(
++       "./check_ssh -H $ssh_host"
++       );
++   cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
++   like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
++
++   $result = NPTest->testCmd(
++       "./check_ssh -H $host_nonresponsive -t 2"
++       );
++   cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
++   like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
++
++   $result = NPTest->testCmd(
++       "./check_ssh -H $hostname_invalid -t 2"
++       );
++   cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
++   like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
++}
++
++SKIP: {
++   skip "No netcat available", 12 unless (system("which nc > /dev/null") == 0);
++
++   my $nc_flags = "-l 5003 -i 1";
++   #A valid protocol version control string has the form
++   #       SSH-protoversion-softwareversion SP comments CR LF
++   #
++   # where `comments` is optional, protoversion is the SSH protocol version and
++   # softwareversion is an arbitrary string representing the server software version
++   open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
++   cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
++   like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
++   close NC;
++
++   open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
++   cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string");
++   like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string");
++   close NC;
++
++   open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
++   cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
++   like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
++   close NC;
++
++   open(NC, "echo 'SSH-' | nc ${nc_flags}|");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
++   cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
++   like( $res->output, '/^SSH CRITICAL/', "Output OK");
++   close NC;
++
++   open(NC, "echo '' | nc ${nc_flags}|");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
++   cmp_ok( $res->return_code, '==', 2, "No version control string received");
++   like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
++   close NC;
++
++   open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
++   cmp_ok( $res->return_code, '==', 2, "No version control string received");
++   like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
++   close NC;
++
++   #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
++   open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 1;
++       echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 1;
++       echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 1;
++       echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 1;
++       printf 'EEEEEEEEEEEEEEEEEE'; sleep 1;
++       printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 1;
++       echo 'Some\nPrepended\nData\nLines\n'; sleep 1;
++       echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|");
++   sleep 1;
++   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
++   cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
++   like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
++   close NC;
+ 

monitoring-plugins-2.3.5-check_swap_wrong_percent.patch

@@ -0,0 +1,44 @@
+From f3e6c9663369d011b241c6fb2c8fd5312f98cacf Mon Sep 17 00:00:00 2001
+From: Jan ONDREJ <ondrejj@salstar.sk>
+Date: Thu, 7 Oct 2010 17:28:48 +0400
+Subject: [PATCH 6/6] Prevent check_swap from returning OK, if no swap activated
+
+My swap was not activated on boot for unknown reason and nagios does not
+report this as a problem. Here is an example:
+
+[root@kecom ~]# rpm -q nagios-plugins
+nagios-plugins-1.4.13-11.fc10.i386
+[root@kecom ~]# /usr/lib/nagios/plugins/check_swap -w 80% -c 40% -c 1 -w 2
+SWAP CRITICAL - 100% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
+
+If there is no swap and users is trying to test percentage of free swap,
+consider 0 MB free swap space as problem, or of free/total raises division
+by zero, then set percentage to 0%, not to 100%.
+
+Steps to Reproduce:
+1. make sure, your swap is empty or it's usage is not large
+2. swapoff -a
+3. /usr/lib/nagios/plugins/check_swap -w 80% -c 40%
+
+Actual results:
+SWAP OK - 100% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
+
+Expected results:
+SWAP CRITICAL - 0% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
+
+Additional info:
+https://bugzilla.redhat.com/512559
+
+Index: monitoring-plugins-2.3.3/plugins/check_swap.c
+===================================================================
+--- monitoring-plugins-2.3.3.orig/plugins/check_swap.c
++++ monitoring-plugins-2.3.3/plugins/check_swap.c
+@@ -134,7 +134,7 @@ main (int argc, char **argv)
+ 			free_swap_mb += dskfree_mb;
+ 			if (allswaps) {
+ 				if (dsktotal_mb == 0)
+-					percent=100.0;
++					percent = 0.0;
+ 				else
+ 					percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
+ 				result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));

monitoring-plugins-2.3.5-plugins-root-Makefile_-_no_chown.patch

@@ -0,0 +1,20 @@
+--- monitoring-plugins-2.3.5/plugins-root/Makefile.in.orig	2023-11-28 17:23:06.400019507 -0600
++++ monitoring-plugins-2.3.5/plugins-root/Makefile.in	2023-11-28 17:49:03.832492223 -0600
+@@ -1960,8 +1960,6 @@
+ 	p=$$f; \
+ 	echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
+ 	$(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
+-	echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \
+-	chown root $(DESTDIR)$(libexecdir)/$$p; \
+ 	echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \
+ 	chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
+ 	done
+@@ -2484,7 +2482,7 @@
+ 	@TMPFILE=$(DESTDIR)$(libexecdir)/.setuid-$$$$; \
+ 	rm -f $$TMPFILE; \
+ 	echo > $$TMPFILE; \
+-	can_create_suid_root_executable=no; \
++	can_create_suid_root_executable=yes; \
+ 	chown root $$TMPFILE > /dev/null 2>&1 \
+ 	  && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
+ 	  && can_create_suid_root_executable=yes; \

monitoring-plugins-2.3.5.tar.gz.sha1

@@ -0,0 +1 @@
+fcbe2068cb55aeaca3ebe67b619cb345a6705184 *monitoring-plugins-2.3.5.tar.gz

monitoring-plugins-2.4.0-check_http-proxy.patch

@@ -0,0 +1,169 @@
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 425ce86bb..e460e11ac 100644
+--- a/plugins/check_http.c
++++ b/plugins/check_http.c
+@@ -126,6 +126,9 @@ int sd;
+ int min_page_len = 0;
+ int max_page_len = 0;
+ int redir_depth = 0;
++bool ssl_proxy = false;
++char *proxy_server_address;
++int proxy_server_port;
+ int max_depth = DEFAULT_MAX_REDIRS;
+ char *http_method;
+ char *http_method_proxy;
+@@ -139,6 +142,7 @@ char *client_privkey = NULL;
+ bool process_arguments (int, char **);
+ int check_http (void);
+ void redir (char *pos, char *status_line);
++const char *find_uri_path (const char *url);
+ bool server_type_check(const char *type);
+ int server_port_check(int ssl_flag);
+ char *perfd_time (double microsec);
+@@ -608,6 +612,17 @@ bool process_arguments (int argc, char **argv)
+   if (virtual_port == 0)
+     virtual_port = server_port;
+ 
++  /* if we are called with the -I option, the -j method is CONNECT and */
++  /* we received -S for SSL, then we tunnel the request through a proxy*/
++  /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
++
++  ssl_proxy = server_address != NULL && strcmp(http_method, "CONNECT") == 0
++    && host_name != NULL && use_ssl == true;
++  if (ssl_proxy) {
++    proxy_server_address = strdup(server_address);
++    proxy_server_port = server_port;
++  }
++
+   return true;
+ }
+ 
+@@ -939,18 +954,18 @@ check_http (void)
+ 
+   /* try to connect to the host at the given port number */
+   gettimeofday (&tv_temp, NULL);
+-  if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
++  result = ssl_proxy ?
++    my_tcp_connect (proxy_server_address, proxy_server_port, &sd) :
++    my_tcp_connect (server_address, server_port, &sd);
++  if (result != STATE_OK)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+   microsec_connect = deltime (tv_temp);
+ 
+-    /* if we are called with the -I option, the -j method is CONNECT and */
+-    /* we received -S for SSL, then we tunnel the request through a proxy*/
+-    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
++  /* handle connection via SSL proxy */
++  if (ssl_proxy) {
+ 
+-    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-      && host_name != NULL && use_ssl == true) {
+-
+-    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
++    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n",
++      proxy_server_address, proxy_server_port, host_name, HTTPS_PORT);
+     asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+     if (strlen(proxy_auth)) {
+       base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+@@ -985,7 +1000,7 @@ check_http (void)
+   if (use_ssl == true) {
+     gettimeofday (&tv_temp, NULL);
+     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+-    if (verbose) printf ("SSL initialized\n");
++    if (verbose) printf ("SSL initialization %s\n", result == STATE_OK ? "successful" : "failed");
+     if (result != STATE_OK)
+       die (STATE_CRITICAL, NULL);
+     microsec_ssl = deltime (tv_temp);
+@@ -1001,9 +1016,8 @@ check_http (void)
+   }
+ #endif /* HAVE_SSL */
+ 
+-  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-       && host_name != NULL && use_ssl == true)
+-    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
++  if (ssl_proxy)
++    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, find_uri_path(server_url), host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+   else
+     asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ 
+@@ -1032,8 +1046,7 @@ check_http (void)
+        */
+       if ((use_ssl == false && virtual_port == HTTP_PORT) ||
+           (use_ssl == true && virtual_port == HTTPS_PORT) ||
+-          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-         && host_name != NULL && use_ssl == true))
++          ssl_proxy)
+         xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+       else
+         xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
+@@ -1137,10 +1150,17 @@ check_http (void)
+   /* leave full_page untouched so we can free it later */
+   page = full_page;
+ 
+-  if (verbose)
+-    printf ("%s://%s:%d%s is %d characters\n",
+-      use_ssl ? "https" : "http", server_address,
+-      server_port, server_url, (int)pagesize);
++  if (verbose) {
++    if (ssl_proxy)  {
++      printf ("[via proxy %s://%s:%d] %s returned %d bytes\n",
++        use_ssl ? "https" : "http", proxy_server_address, proxy_server_port,
++        server_url, (int)pagesize);
++    } else {
++      printf ("%s://%s:%d%s returned %d bytes\n",
++        use_ssl ? "https" : "http", server_address,
++        server_port, server_url, (int)pagesize);
++    }
++  }
+ 
+   /* find status line and null-terminate it */
+   status_line = page;
+@@ -1300,7 +1320,12 @@ check_http (void)
+         bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+               4);
+       }
+-      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
++      if (ssl_proxy) {
++        xasprintf (&msg, _("%sstring '%s' not found on '%s', "), msg, output_string_search, server_url);
++      } else {
++        xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search,
++          use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
++      }
+       result = STATE_CRITICAL;
+     }
+   }
+@@ -1641,6 +1666,25 @@ redir (char *pos, char *status_line)
+   check_http ();
+ }
+ 
++// Locate the URI path inside a complete URL. If we fail, just return the original URL.
++const char *
++find_uri_path (const char *url)
++{
++  const char *s = url;
++
++  if (strncmp(s, "http://", 7) == 0)
++    s += 7;
++  else if (strncmp(s, "https://", 8) == 0)
++    s += 8;
++  else
++    return url;
++  while (*s != '\0') {
++    if (strchr("/?#", *s) != NULL)
++      return s;
++    s++;
++  }
++  return url;
++}
+ 
+ bool
+ server_type_check (const char *type)
+@@ -1860,7 +1904,7 @@ print_help (void)
+   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+-
++  printf ("\n");
+   printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+   printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+   printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));

monitoring-plugins-2.4.0-check_log_-_quoting.patch

@@ -0,0 +1,33 @@
+Index: monitoring-plugins-2.4.0/plugins-scripts/check_log.sh
+===================================================================
+--- monitoring-plugins-2.4.0.orig/plugins-scripts/check_log.sh
++++ monitoring-plugins-2.4.0/plugins-scripts/check_log.sh
+@@ -112,23 +112,23 @@ while test -n "$1"; do
+             exit "$STATE_UNKNOWN"
+             ;;
+         -F | --filename)
+-            logfile=$2
++            logfile="$2"
+             shift 2
+             ;;
+         -O | --oldlog)
+-            oldlog=$2
++            oldlog="$2"
+             shift 2
+             ;;
+         -q | --query)
+-            query=$2
++            query="$2"
+             shift 2
+             ;;
+         --exclude)
+-            exclude=$2
++            exclude="$2"
+             shift 2
+             ;;
+         -x | --exitstatus)
+-            exitstatus=$2
++            exitstatus="$2"
+             shift 2
+             ;;
+         -e | --extended-regex)

monitoring-plugins-2.4.0-check_ntp_perf_absolute.patch

@@ -0,0 +1,13 @@
+Index: monitoring-plugins-2.4.0/plugins/check_ntp_time.c
+===================================================================
+--- monitoring-plugins-2.4.0.orig/plugins/check_ntp_time.c
++++ monitoring-plugins-2.4.0/plugins/check_ntp_time.c
+@@ -532,7 +532,7 @@ int process_arguments(int argc, char **a
+ }
+ 
+ char *perfd_offset (double offset) {
+-	return fperfdata ("offset", offset, "s",
++	return fperfdata ("offset", fabs(offset), "s",
+ 		true, offset_thresholds->warning->end,
+ 		true, offset_thresholds->critical->end,
+ 		false, 0, false, 0);

monitoring-plugins-2.4.0-check_swap_wrong_percent.patch

@@ -0,0 +1,44 @@
+From f3e6c9663369d011b241c6fb2c8fd5312f98cacf Mon Sep 17 00:00:00 2001
+From: Jan ONDREJ <ondrejj@salstar.sk>
+Date: Thu, 7 Oct 2010 17:28:48 +0400
+Subject: [PATCH 6/6] Prevent check_swap from returning OK, if no swap activated
+
+My swap was not activated on boot for unknown reason and nagios does not
+report this as a problem. Here is an example:
+
+[root@kecom ~]# rpm -q nagios-plugins
+nagios-plugins-1.4.13-11.fc10.i386
+[root@kecom ~]# /usr/lib/nagios/plugins/check_swap -w 80% -c 40% -c 1 -w 2
+SWAP CRITICAL - 100% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
+
+If there is no swap and users is trying to test percentage of free swap,
+consider 0 MB free swap space as problem, or of free/total raises division
+by zero, then set percentage to 0%, not to 100%.
+
+Steps to Reproduce:
+1. make sure, your swap is empty or it's usage is not large
+2. swapoff -a
+3. /usr/lib/nagios/plugins/check_swap -w 80% -c 40%
+
+Actual results:
+SWAP OK - 100% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
+
+Expected results:
+SWAP CRITICAL - 0% free (0 MB out of 0 MB) |swap=0MB;0;0;0;0
+
+Additional info:
+https://bugzilla.redhat.com/512559
+
+Index: monitoring-plugins-2.3.3/plugins/check_swap.c
+===================================================================
+--- monitoring-plugins-2.3.3.orig/plugins/check_swap.c
++++ monitoring-plugins-2.3.3/plugins/check_swap.c
+@@ -134,7 +134,7 @@ main (int argc, char **argv)
+ 			free_swap_mb += dskfree_mb;
+ 			if (allswaps) {
+ 				if (dsktotal_mb == 0)
+-					percent=100.0;
++					percent = 0.0;
+ 				else
+ 					percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
+ 				result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));

monitoring-plugins-2.4.0-plugins-root-Makefile_-_no_chown.patch

@@ -0,0 +1,23 @@
+Index: monitoring-plugins-2.4.0/plugins-root/Makefile.am
+===================================================================
+--- monitoring-plugins-2.4.0.orig/plugins-root/Makefile.am
++++ monitoring-plugins-2.4.0/plugins-root/Makefile.am
+@@ -49,8 +49,6 @@ INSTALL_SUID = \
+ 	p=$$f; \
+ 	echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
+ 	$(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
+-	echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \
+-	chown root $(DESTDIR)$(libexecdir)/$$p; \
+ 	echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \
+ 	chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
+ 	done
+@@ -65,8 +63,7 @@ install-exec-local: $(noinst_PROGRAMS)
+ 	## See if we can create a setuid root executable in $(libexecdir).
+ 	## If not, then don't even try to install setuid plugins.
+ 	can_create_suid_root_executable=no; \
+-	chown root $$TMPFILE > /dev/null 2>&1 \
+-	  && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
++	  chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
+ 	  && can_create_suid_root_executable=yes; \
+ 	rm -f $$TMPFILE; \
+ 	if test $$can_create_suid_root_executable = yes; then \

monitoring-plugins-2.4.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e5dfd4ad8fde0a40da50aab3aff6d9a27020b8f283e332bc4da6ef9914f4028c
+size 2746382

monitoring-plugins-README-extra-opts

@@ -0,0 +1,95 @@
+Topics:
+* Extra-Opts
+* Further use of the /etc/monitoring-plugins directory
+
+
+
+
+Extra-Opts
+==========
+
+Starting with the 1.4.12 release, most Monitoring Plugins (those written in C)
+support reading options from a configuration file. Since version 2.0, this is
+enabled by default.
+
+You can easily know if a plugin supports Extra-Opts by checking the --help
+output for the --extra-opts option. Once compiled in, the --extra-opts plugin
+option allows reading extra options from a config file. The syntax for the
+command is:
+
+--extra-opts=[section][@file]
+
+Some examples:
+
+    Read special_opts section of default config file:
+
+    $ ./check_stuff --extra-opts=special_opts
+
+    Read special_opts section of /etc/myconfig.ini:
+
+    $ ./check_stuff --extra-opts=special_opts@/etc/myconfig.ini
+
+    Read check_stuff section of /etc/myconfig.ini:
+
+    $ ./check_stuff --extra-opts=@/etc/myconfig.ini
+
+	Read check_stuff section of default config file and use additional
+    arguments along with the other specified arguments (Extra-Opts arguments are
+    always processed first no matter where --extra-opts appears on the command
+    line):
+
+    $ ./check_stuff --extra-opts -jk --some-other-opt
+
+The default nagios plugins file is used if no explicit filename is given. The
+current standard locations checked are:
+
+    /usr/local/etc/monitoring-plugins/monitoring-plugins.ini
+    /usr/local/etc/monitoring-plugins.ini
+    /etc/monitoring-plugins/monitoring-plugins.ini
+    /etc/monitoring-plugins.ini
+
+To use a custom location, set the MP_CONFIG_FILE environment variable to the
+desired path name.
+
+To specify an option without parameter, you can use a key without value, but
+the equal sign must remain, for example:
+
+     allow-regex=
+
+Also note that repeated keys are allowed within sections just like you can
+repeat arguments on the command line.
+
+The basic theory is that options specified in the configuration files are
+substituted at the beginning of the command line.
+
+The initial use case for this functionality is for hiding passwords, so you do
+not have to define sensitive credentials in the configuration of your
+monitoring server and these options won't appear in the command line.
+
+
+Permissions
+===========
+
+As some plugins require log in data, which are formerly stored in 
+ /etc/{icinga,nagios}/resource.cfg 
+and can now be stored inside the extra-opts file, please remember that the same
+security rules apply now also to this new extra-opts file. Under normal 
+circumstances, you should set restrictive permissions (600 or 640) on them.
+User: root
+Group: icinga or nagios, depending on your monitoring daemon
+
+
+Further use of the /etc/monitoring-plugins directory
+====================================================
+
+Some Monitoring Plugins (like check_zypper) support additional configuration
+files to be included/sourced in on execution. As long as the location of those
+additional configuration files is not fixed, we recommend to use this directory
+for it. 
+
+@Packagers: please consider encapsulating Plugins with Apparmor or SELinux
+profiles. For security and conveniance reasons, please allow your plugins to
+read in the /etc/monitoring-plugins directory - or even better: allow your
+plugins to read their configuration file below /etc/monitoring-plugins. 
+
+

monitoring-plugins-README.SUSE

@@ -0,0 +1,27 @@
+README.SUSE for monitoring-plugins
+
+== Features and documentation ==
+
+Please refer to the upstream documentation on 
+* http://www.nagios.org/docs/
+* http://docs.icinga.org/
+* https://shinken.readthedocs.org/
+* ...
+* https://www.monitoring-plugins.org/
+
+The openSUSE package contains most of the currently available plugins.
+
+All plugins are installed in ''/usr/lib/nagios/plugins/'' on every architecture. 
+
+== Special permissions for some plugins ==
+
+The following checks require special handling as they need some root privileges to run:
+* check_dhcp
+* check_icmp
+* check_ide_smart
+
+In a default installation, those checks will not work if executed as user with limited
+rights (such as user nagios or icinga). Please have a look into the corresponding 
+documentation for those packages for more details. 
+( /usr/share/doc/packages/monitoring-plugins-icmp/README.SUSE-check_icmp for example )
+

monitoring-plugins-README.SUSE-check_cups

@@ -0,0 +1,110 @@
+README.SUSE for monitoring-plugins-dhcp
+
+== check_cups  ==
+
+Plugin for checking cups service
+
+This plug-in will check the status of a remote CUPS print service for the printer status, 
+It is able to check all available printers configured on the cups daemon, or just one of them.
+It can also check only the queue status. It will provide the size of the queue and
+optionally the age of the queue.
+
+Generally we sugesst to create separate checks for each printer and one additional check for
+the queue itself.
+
+Usage: check_cups -H <hostname> -P -p<The CUPS printer name> | -Q <s|b>  -w <size warning level> -c <size critical level> -a <max age>
+
+Notes:
+-H: Hostname - Can be a hostname or IP address.
+-P: Check only the printers status.
+-p: It will check only one specific printer. 
+-Q: Type of check - Can be queue size (s) or both queu size and queue age (b)
+-w: WARNING level for queue size
+-c: CRITICAL level for queue size
+-a: Max age of queue. Returns CRITICAL if jobs exists older than <max age> days
+
+Example of test run usage:
+----------------
+Test all available printers and the queue. 
+(queue size warning is 3, critical 10 and max age 3 days):
+  
+nagios@nagios:~> /usr/lib/nagios/plugins/check_cups -H cups.server.org -P -Q s -w 3 -c 10 -a 3
+
+Checking all printers...
+OK - CUPS printer  is idle.
+Testing queue on the CUPS...
+OK: CUPS queue size - 0| print_jobs=0;3;10;0
+
+Test one printer only : 
+nagios@nagios:~> /usr/lib/nagios/plugins/check_cups  -H cups.suse.cz -P -p myprinter
+
+Checking only the printer myprinter.
+OK - CUPS printer myprinter is idle.
+
+Test only the queue, do not test any printer  
+(queue size warning is 3, critical 5 and max age 2 days):
+
+nagios@nagios:~> /usr/lib/nagios/plugins/check_cups  -H cups.suse.cz -Q b -w 3 -c 5 -a 2
+No printer check is require. Checking the queue ...
+Testing queue on the CUPS...
+
+OK: CUPS queue size - 0| print_jobs=0;3;5;0
+
+Example of Nagios/Icinga command settings:
+----------------------------------
+
+Example commands/check_cups.cfg:
+
+# Check all printers in cups and queue size and queue age
+define command{
+        command_name check_cups_all_queue
+        command_line $USER1$/check_cups -H $ARG1$ -P -Q b -w $ARG2$ -c $ARG3$ -a $ARG4$
+}
+
+# Check one printer in cups and queue size and queue age
+define command{
+        command_name check_cups_one_queue
+        command_line $USER1$/check_cups -H $ARG1$ -P -p $ARG2$ -Q b -w $ARG3$ -c $ARG4$ -a $ARG5$
+}
+
+# Check all printers in cups and queue size and queue age
+define command{
+        command_name check_cups_all
+        command_line $USER1$/check_cups -H $ARG1$ -P 
+}
+
+# Check one printer in cups.
+define command{
+        command_name check_cups_one
+        command_line $USER1$/check_cups -H $ARG1$ -P -p $ARG2$ 
+}
+
+# Check only the queue
+define command{
+        command_name check_cups_queue
+        command_line $USER1$/check_cups -H $ARG1$ -Q b -w $ARG2$ -c $ARG3$ -a $ARG4$
+}
+
+
+Security:
+---------
+In the version 0.2 I added an Apparmor profile for the script usr.lib.nagios.plugins.check_cups 
+into /etc/apparmor.d
+
+
+Autor notes:
+------------
+I`d like to thank to John E. Vincent (nagios-plugs@lusis.org)
+I learn a lof from his check CUPS print queue plugin.
+Then I`d like to thank to Mark Shirley for his check_cups_printer.sh
+script, which was also inspiration for me.
+Both of them you can find on http://exchange.nagios.org/ web site.
+Martin Caj 31/01/2013 <mcaj@suse.cz>
+
+
+Bugs:
+------
+Please report bugs to me mcaj@suse.cz
+
+Thanks and have lot printers online ;-)
+Martin

monitoring-plugins-README.SUSE-check_dhcp

@@ -0,0 +1,60 @@
+README.SUSE for monitoring-plugins-dhcp
+
+== check_dhcp and SuSEfirewall ==
+
+If you run the check_dhcp script on the server, please make sure your UDP ports
+67 and 68 on the _client_ are opened in the firewall. You also need to allow
+to receive broadcasts for this interface. Otherwise  the script will be unable
+to detect anything.
+
+Example:
+If your client uses the "external" interface for the check, the entries in
+/etc/sysconfig/SuSEfirewall2 should look like:
+
+FW_SERVICES_EXT_UDP="67 68"
+FW_ALLOW_FW_BROADCAST_EXT="67 68"
+
+== Special privileges ==
+
+To be "safe per default", SUSE doesn't install this plugin with the
+suid bit set. There are two recommended ways about overriding this on
+your system:
+
+=== Set the suid bit ===
+
+Copy the prepared permissions file from this directory to the right place 
+in your file system:
+
+~ # cp /usr/share/doc/packages/monitoring-plugins-common/example/permissions.d/monitoring-plugins \
+    /etc/permissions.d/monitoring-plugins
+
+...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
+(see comments in the file) and run:
+
+~ # SuSEconfig --module permissions
+
+or (on newer openSUSE distributions without SuSEconfig):
+~ # chkstat --system --set
+
+This will set the correct permissions (from now on also during an update).
+
+=== Alternative: Use sudo to grant the permission and modify your plugin config ===
+
+This way you just need an entry like:
+
+   nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_dhcp
+
+in ''/etc/sudoers'' and an adapted command definition like the following:
+
+   define command{
+        command_name    check_dhcp
+        command_line    /usr/bin/sudo $USER1$/check_dhcp <other_options_here>
+   }
+
+== Apparmor profile ==
+
+Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_dhcp if you are using
+the --extra-opts option. The Apparmor profile allows to open every file below
+the /etc/monitoring-plugins/ directory read only for this. All files in other
+directories are not allowed.
+

monitoring-plugins-README.SUSE-check_icmp

@@ -0,0 +1,48 @@
+README.SUSE for monitoring-plugins-icmp
+
+== Special privileges ==
+
+To be "safe per default", SUSE doesn't install this plugin with the
+suid bit set. There are two recommended ways about overriding this on
+your system:
+
+=== Set the suid bit ===
+
+Copy the prepared permissions file from this directory to the right place 
+in your file system:
+
+~ # cp /usr/share/doc/packages/monitoring-plugins/example/permissions.d/monitoring-plugins \
+    /etc/permissions.d/monitoring-plugins
+
+...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
+(see comments in the file) and run:
+
+~ # SuSEconfig --module permissions
+
+or (on newer openSUSE distributions without SuSEconfig):
+
+~ # chkstat --system --set
+
+This will set the correct permissions (from now on also during an update).
+
+=== Alternative: Use sudo to grant the permission and modify your plugin config ===
+
+This way you just need an entry like:
+
+   nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_icmp
+
+in ''/etc/sudoers'' and an adapted command definition like the following:
+
+   define command{
+        command_name    check_icmp
+        command_line    /usr/bin/sudo $USER1$/check_icmp <other_options_here>
+   }
+
+
+== Apparmor profile ==
+
+Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_icmp if you are
+using the --extra-opts option. The Apparmor profile allows to open every file
+below the /etc/monitoring-plugins/ directory read only for this. All files in
+other directories are not allowed.
+

monitoring-plugins-README.SUSE-check_ide_smart

@@ -0,0 +1,48 @@
+README.SUSE for monitoring-plugins-ide_smart
+
+== Special privileges ==
+
+To be "safe per default", SUSE doesn't install this plugin with the
+suid bit set. There are two recommended ways about overriding this on
+your system:
+
+=== Set the suid bit ===
+
+Copy the prepared permissions file from this directory to the right place 
+in your file system:
+
+~ # cp /usr/share/doc/packages/monitoring-plugins/example/permissions.d/monitoring-plugins \
+    /etc/permissions.d/monitoring-plugins
+
+...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
+(see comments in the file) and run:
+
+~ # SuSEconfig --module permissions
+
+or (on newer openSUSE distributions without SuSEconfig):
+
+~ # chkstat --system --set
+
+This will set the correct permissions (from now on also during an update).
+
+=== Alternative: Use sudo to grant the permission and modify your plugin config ===
+
+This way you just need an entry like:
+
+   nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ide_smart
+
+in ''/etc/sudoers'' and an adapted command definition like the following:
+
+   define command{
+        command_name    check_ide_smart
+        command_line    /usr/bin/sudo $USER1$/check_ide_smart <other_options_here>
+   }
+
+== Apparmor profile ==
+
+Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ide_smart if you are
+using the --extra-opts option. The Apparmor profile allows to open every file
+below the /etc/monitoring-plugins/ directory read only for this. All files in
+other directories are not allowed.
+
+

monitoring-plugins-README.SUSE-check_ntp_time

@@ -0,0 +1,10 @@
+README.SUSE for monitoring-plugins-ntp_time
+
+== Apparmor profile ==
+
+Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ntp_time if you are
+using the --extra-opts option. The Apparmor profile allows to open every file
+below the /etc/monitoring-plugins/ directory read only for this. All files in
+other directories are not allowed.
+
+

monitoring-plugins-README.SUSE-check_ping

@@ -0,0 +1,10 @@
+README.SUSE for monitoring-plugins-ping 
+
+== Apparmor profile ==
+
+Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ping if you are
+using the --extra-opts option. The Apparmor profile allows to open every file
+below the /etc/monitoring-plugins/ directory read only for this. All files in
+other directories are not allowed.
+
+

monitoring-plugins-permissions

@@ -0,0 +1,18 @@
+# Please uncomment the needed plugins and place the file in the 
+# /etc/permissions.d/ directory:
+# cp monitoring-plugins /etc/permissions.d/ 
+#
+# Afterwards the files below will be adapted after a nagios-plugins
+# update via 
+#             'SuSEconfig --module permissions'
+# or (on newer openSUSE distributions without SuSEconfig):
+#             'chkstat --system --set'
+# automatically. 
+#
+# Note: You may check/set the following variable in /etc/sysconfg/security
+#       to allow SuSEconfig to correct the file permissions: 
+#       CHECK_PERMISSIONS="set"
+#
+# /usr/lib/nagios/plugins/check_dhcp           root.root      4755
+# /usr/lib/nagios/plugins/check_icmp           root.root      4755
+# /usr/lib/nagios/plugins/check_ide_smart      root.root      4755

monitoring-plugins-rpmlintrc

@@ -0,0 +1,5 @@
+# the virtual dbi-{mysql,pgsql,sqlite3} packages are there to require 
+# the needed library for the generic dbi package.
+addFilter("explicit-lib-dependency.*libdbi-drivers-dbd-mysql");
+addFilter("explicit-lib-dependency.*libdbi-drivers-dbd-sqlite3");
+addFilter("explicit-lib-dependency.*libdbi-drivers-dbd-pgsql");

monitoring-plugins.check_cups.sh

@@ -0,0 +1,377 @@
+#!/bin/bash
+
+# check_cups - nagios plugin
+#
+# Copyright (C) 2008-2010, Novell, Inc.
+# Copyright (C) 2011-2013, SUSE Linux Products GmbH
+# Author: Martin Caj <mcaj@suse.cz>
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# * Neither the name of the Novell nor the names of its contributors may be
+#   used to endorse or promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+#
+# Autor notes:    
+#        I`d like to thank to John E. Vincent (nagios-plugs@lusis.org)
+#        I learn a lof from his check CUPS print queue plugin.
+#        Then I`d like to thank to Mark Shirley for his check_cups_printer.sh
+#        script, which was also inspiration for me.
+#        Both of them you can find on http://exchange.nagios.org/ web site.
+#        Martin Caj 31/01/2013 <mcaj@suse.cz>
+#
+#        version 0.3 has no awk any more, cut can do it as well.
+#        the appamor profile was fixed as well.
+#         Martin Caj 01/11/2013 
+#
+# check_cups - nagios plugin for checking cups service
+# Description:
+#
+# This plugin will check the status of a remote CUPS
+# print service for the printer status, then if status is ok 
+# it will check the queue. It can check all avaible printes
+# on the cups, or just one of them.
+# Then the plugin will check the queue:
+# it will provide the size of the queue
+# and optionally the age of the queue
+#
+# Version : 0.3
+
+#searchning the lpstat:
+LPSTAT="$(which lpstat)"
+DEBUG='no'
+
+# debug the script:
+#set -x
+
+# Nagios return codes
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+STATE_DEPENDENT=4
+
+
+# check it lpstat is missing.
+if [ ! -x "$LPSTAT" ]
+then
+    echo "UNKNOWN: "$LPSTAT" not found or is not executable by the nagios user"
+    exitstatus="$STATE_UNKNOWN"
+    exit "$exitstatus"
+fi
+
+PROGNAME=$(basename $0)
+
+
+print_usage() {
+# Name: print_usage
+# Desc: It just prints the usage. 
+
+    echo "Usage: $PROGNAME -H <hostname> -w <size warning level> -c <size critical level> [-P] [-p<The CUPS printer name>] [-Q <s|b>] [-a <max age>] [-d]"
+    echo 
+    echo "Notes:"
+    echo "-H <hostname>    : Hostname - Can be a hostname or IP address."
+    echo "-P               : Check only the printers status."
+    echo "-p <printername> : will check only the specified printer."
+    echo "-Q <s|b>         : Type of check - Can be queue size (s) or both queue size and queue age (b)."
+    echo "-w <int>         : WARNING level for queue size."
+    echo "-c <int>         : CRITICAL level for queue size."
+    echo "-a <int>         : Max age of queue. Returns CRITICAL if jobs exists longer than <max age> days."
+	echo "-d               : enable debug output"
+    echo 
+}
+
+print_help() {
+# Name: print_help
+# Desc: Print the usage and help.
+
+    print_usage
+    echo 
+    echo "This plugin will check the CUPS print service for the printer status."
+    echo "It can check the queue on a remote (or local with -H localhost) CUPS server."
+    echo "It can check both: the size of the queue and the age of the oldest print job in the queue."
+    echo "-w and -c are for warning and critical levels of the queue size."
+    echo "-a is optional for specifying the max age of a job in the print queue. Anything older than <max age>"
+    echo "will return a CRITICAL"
+    echo "For more details have look into the README file. "
+    echo 
+    exit 0
+}
+
+
+check_queue_size() {
+# Name: check_queue_size
+# Desc: It check the status of the CUPS queue size.
+# $exitstatus= might be ok|warn"crittical deppends on -w and -c 
+                        
+if [ "$JOBCOUNT" -ge "$critlevel" ]
+then
+    MESSAGE="CRITICAL: CUPS queue size - "$JOBCOUNT"| "$PERFDATA""
+        exitstatus="$STATE_CRITICAL"
+elif [ "$JOBCOUNT" -ge "$warnlevel" ]
+then
+    MESSAGE="WARNING: CUPS queue size - "$JOBCOUNT"| "$PERFDATA""
+        exitstatus="$STATE_WARNING"
+else
+    MESSAGE="OK: CUPS queue size - "$JOBCOUNT"| "$PERFDATA""
+        exitstatus="$STATE_OK"
+fi 
+
+}
+
+check_printer_status() {
+# Name:check_printer_status
+# Desc: It check status of all printers or one specific printer 
+# output is store in $OUTPUT and $exitstatus
+
+if [ -z "$printername" ]
+    then
+    if [ "$DEBUG" == 'yes' ]; then
+        echo "Checking all printers..."
+    fi
+    RESULT=$("$LPSTAT" -h "$hostname" -p )
+    if [ $? != 0 ]
+        then
+            echo "ERROR:  Probably wrong host name: "$hostname", or CUPS is not running." 
+            exit "$STATE_UNKNOWN"
+        fi
+else
+    if [ "$DEBUG" == 'yes' ]; then
+        echo "Checking only printer: $printername"
+    fi
+    RESULT=$("$LPSTAT" -h "$hostname" -p "$printername")
+    if [ $? != 0 ] 
+    then
+        echo "ERROR: the printer $printername doesn't exist on CUPS server $hostname." 
+        echo "please check command: '$LPSTAT -h $hostname -p' without printer name."
+        exit "$STATE_UNKNOWN"
+    fi
+fi
+
+case "$RESULT" in
+    *Rejecting*)
+        messages=$(echo "$RESULT"|grep -i rejecting )
+        OUTPUT="CRITICAL - CUPS printer is rejecting jobs for: $messages."
+        exitstatus="$STATE_CRITICAL"
+    ;;
+    *Unable*)
+        messages=$(echo "$RESULT"|grep -i unable )
+        OUTPUT="CRITICAL - CUPS Unable to connect: $messages."
+        exitstatus="$STATE_CRITICAL"
+    ;;
+    *disabled*)
+        messages=$(echo "$RESULT"|grep -i disabled)
+        OUTPUT="CRITICAL - CUPS printer: $messages."
+        exitstatus="$STATE_CRITICAL"
+    ;;
+    *Paused*)
+        messages=$(echo "$RESULT"|grep -i paused)
+        OUTPUT="WARNING: - CUPS printer is: $messages."
+        exitstatus="$STATE_WARNING"
+    ;;
+    *printing*)
+        OUTPUT="OK - CUPS printer is printing now."
+        exitstatus="$STATE_OK"
+    ;;
+    *idle*)
+        OUTPUT="OK - CUPS printer $printername is idle."
+        exitstatus="$STATE_OK"
+    ;;
+    *)
+        OUTPUT="CRITICAL - Unknown error occured while checking: $RESULT."
+        exitstatus="$STATE_CRITICAL"
+    ;;
+esac
+
+}
+
+# Test how many variable we got on command line
+# The minimum for test printers is 3
+
+if [ $# -lt 3 ]; then
+    print_usage
+    exit "$STATE_UNKNOWN"
+fi
+
+# this set default exit status to:
+exitstatus="$STATE_UNKNOWN"
+
+# by default is test pritner disabled, you must allow it with -p $printer or -P all printers
+testprinter="0"
+
+# testing arguments:
+while test -n "$1"; do
+    case "$1" in
+        --help)
+            print_help
+            exit "$STATE_OK"
+            ;;
+        -h)
+            print_help
+            exit "$STATE_OK"
+            ;;
+        -P)
+            testprinter="1"
+            ;;
+        -p)
+            testprinter="2"
+            printername="$2"
+            shift
+            ;;
+        -H)
+            hostname="$2"
+            shift
+            ;;
+        -Q)
+            testtype="$2"
+            shift
+            ;;
+        -w)
+            warnlevel="$2"
+            shift
+            ;;
+        -c)    
+            critlevel="$2"
+            shift
+            ;;
+        -a)    
+            maxage="$2"
+            shift
+            ;;
+        -d)
+            DEBUG='yes'
+            ;;
+    esac
+    shift
+done
+
+# Check arguments for validity:
+if [ -z "$hostname" ]
+then
+    echo "You must specify a hostname (or localhost to test the local system)" >&2
+    print_usage
+    exitstatus="$STATE_UNKNOWN"
+    exit "$exitstatus"
+fi
+
+# testing printer(s) 
+if [ "$testprinter" -eq "2" ] # Check specific printer and continue with the script
+then
+    check_printer_status "$printername" 
+    
+    if [ -z "$testtype" ] # exit if there is no -Q checks
+    then
+        echo "$OUTPUT"
+        exit "$exitstatus"
+    fi
+elif [ "$testprinter" -eq "1" ]; then # check all printers 
+    check_printer_status
+    if [ -z "$testtype" ]; then # exit if there is no -Q checks
+        echo "$OUTPUT"
+        exit "$exitstatus"
+    fi
+else # no cuos check is need
+    if [ "$DEBUG" == 'yes' ]; then	
+        echo "No printer check required. Checking the queue ..."
+    fi
+fi
+
+# testing arguments for the queue checks:
+if [[ -z "$critlevel" || -z "$warnlevel" ]] # Did we get warn and crit values?
+then    
+    echo "You must specify a warning and critical level"
+    print_usage
+    exitstatus="$STATE_UNKNOWN"
+    exit "$exitstatus" 
+elif [ $critlevel -lt $warnlevel ] # Do the warn/crit values make sense?
+then
+    echo "CRITICAL value of $critlevel is less than WARNING level of $warnlevel"
+    print_usage
+    exitstatus="$STATE_UNKNOWN"
+    exit "$exitstatus"
+fi
+
+# what kind of queue test will be run:
+if [ -z "$testtype" ]
+then
+    echo "You must specify a test type"
+    print_usage
+    exitstatus="$STATE_UNKNOWN"
+    exit "$exitstatus"
+# this is a very nice elif, it match if -a X is missing
+elif [[ "$testtype" = [b]* && -z "$maxage" ]] 
+then
+    echo "You must specify <max age> when using a test type of 'b'"
+    print_usage
+    exitstatus="$STATE_UNKNOWN"
+    exit "$exitstatus"
+else
+    if [ "$DEBUG" == 'yes' ]; then
+        echo "Testing queue on $hostname ..."
+    fi
+    JOBTMP=$(mktemp -t lpstat.XXXXXX) # Create a tmpfile to store the lpstat results
+    STALEJOBCOUNT=0 # default number of old jobs
+    CURDATETS=$(date +%s) # Get the current date as unixtime
+    "$LPSTAT" -h "$hostname" -o > "$JOBTMP" # run the lpstat command against the host.
+
+    if [ $? -ne 0 ]
+    then
+        rm -rf "$JOBTMP"
+        echo "UNKNOWN: lpstat command returned an error. Please test this script manually."
+        exitstatus="$STATE_UNKNOWN"
+        exit "$exitstatus"
+    fi
+    JOBCOUNT=$(wc -l < $JOBTMP) # populate the jobcount
+    PERFDATA="print_jobs=${JOBCOUNT};${warnlevel};${critlevel};0"
+    if [[ "$JOBCOUNT" -gt 0 && "$maxage" ]]
+    then
+        MAXAGETS=$(echo "86400 * $maxage" | bc) # 86400 seconds in a day * maxage
+        exec<"$JOBTMP" # read the file to determine job age
+        while read PRINTJOB
+        do
+            # Grab the job date from the job listing
+            JOBDATE=$(echo "$PRINTJOB" | cut -c50-73) 
+            # Convert the job date to unixtime
+            JOBDATETS=$(date --date="$JOBDATE" +%s) 
+            DATEDIFF=$(echo "($CURDATETS - $JOBDATETS)" | bc)
+            if [ $DATEDIFF -gt $MAXAGETS ]
+            then
+                MESSAGE="CRITICAL: Some CUPS jobs are older than $maxage days| $PERFDATA"
+                exitstatus="$STATE_CRITICAL"
+            else
+                check_queue_size
+            fi
+        done
+    else
+        check_queue_size
+    fi
+    rm -rf "$JOBTMP"
+fi
+
+# end: print the results and end with exit code for Nagios
+echo "$OUTPUT"
+echo "$MESSAGE"
+exit "$exitstatus"

monitoring-plugins.obsinfo

@@ -0,0 +1,5 @@
+name: monitoring-plugins
+version: 2.3~alpha.20200520T233014.cadac85e
+mtime: 1590010214
+commit: cadac85e12d48d662ff39bfc9f5feb5601af1485
+

nrpe-check_load

@@ -0,0 +1 @@
+command[check_load]=/usr/lib/nagios/plugins/check_load -w 10,6,5 -c 15,10,8

nrpe-check_mailq

@@ -0,0 +1 @@
+command[check_mailq]=/usr/lib/nagios/plugins/check_mailq -c 50 -w 30 -M postfix

nrpe-check_mysql

@@ -0,0 +1 @@
+command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -u root

nrpe-check_ntp_time

@@ -0,0 +1 @@
+command[check_ntp_time]=/usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org  -w 1 -c 2

nrpe-check_partition

@@ -0,0 +1 @@
+command[check_partition_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p / 

nrpe-check_proc_cron

@@ -0,0 +1 @@
+command[check_proc_cron]=/usr/lib/nagios/plugins/check_procs --command=cron -u root -c 1:1024 

nrpe-check_swap

@@ -0,0 +1 @@
+command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 10 -c 5

nrpe-check_total_procs

@@ -0,0 +1 @@
+command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 6000 -c 7500

nrpe-check_ups

@@ -0,0 +1 @@
+command[check_ups]=/usr/lib/nagios/plugins/check_ups -H 127.0.0.1 -u liebert

nrpe-check_users

@@ -0,0 +1 @@
+command[check_users]=/usr/lib/nagios/plugins/check_users -w 30 -c 40

nrpe-check_zombie_procs

@@ -0,0 +1 @@
+command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z 

usr.lib.nagios.plugins.check_cups

@@ -0,0 +1,31 @@
+# Last Modified: Mon Mar 11 14:58:16 2013
+#include <tunables/global>
+
+/usr/lib/nagios/plugins/check_cups {
+  #include <abstractions/base>
+  #include <abstractions/bash>
+  #include <abstractions/consoles>
+  #include <abstractions/nameservice>
+
+  network inet dgram,
+  network inet stream,
+
+  /{usr/,}bin/bash rix,
+  /{usr/,}bin/grep rix,
+  /{usr/,}bin/which rix,
+  /{usr/,}bin/lpstat rix,
+  /{usr/,}bin/basename rix,
+  /{usr/,}bin/mktemp rix,
+  /{usr/,}bin/date rix,
+  /{usr/,}bin/rm rix,
+  /{usr/,}bin/cut rix,
+  /{usr/,}bin/bc rix,
+  /{usr/,}bin/wc rix,
+  /tmp/lpstat* wr,
+
+  /var/run/nscd/services r,
+
+  /etc/cups/client.conf r,
+  /proc/sys/crypto/fips_enabled r,
+
+}

usr.lib.nagios.plugins.check_dhcp

@@ -0,0 +1,8 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_dhcp {
+    #include <abstractions/base>
+    #include <abstractions/nameservice>
+    capability net_raw,
+
+    /etc/monitoring-plugins/* r,
+}

usr.lib.nagios.plugins.check_disk

@@ -0,0 +1,10 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_disk {
+   #include <abstractions/base>
+   #include <abstractions/consoles>
+   #include <abstractions/nameservice>
+   /etc/mtab                        r,
+   @{PROC}/@{pid}/mounts            r,
+   @{PROC}/@{pid}/mountinfo         r,
+   /usr/lib/nagios/plugins/check_disk rm,
+}

usr.lib.nagios.plugins.check_icmp

@@ -0,0 +1,11 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_icmp {
+    #include <abstractions/base>
+    #include <abstractions/nameservice>
+
+    capability net_raw,
+    capability setuid,
+    network inet raw,
+
+    /etc/monitoring-plugins/* r,
+}

usr.lib.nagios.plugins.check_ide_smart

@@ -0,0 +1,12 @@
+# Last Modified: Wed May 16 10:38:11 2012
+#include <tunables/global>
+
+/usr/lib/nagios/plugins/check_ide_smart {
+  #include <abstractions/base>
+  capability sys_admin,
+  capability sys_rawio,
+  /dev/s* r,
+  /dev/h* r,
+
+  /etc/monitoring-plugins/* r,
+}

usr.lib.nagios.plugins.check_load

@@ -0,0 +1,12 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_load {
+   #include <abstractions/base>
+   #include <abstractions/consoles>
+   #include <abstractions/wutmp>
+   /usr/lib/nagios/plugins/check_load rm,
+   /usr/bin/uptime rmix,
+   /proc/uptime r,
+   /proc/meminfo r,
+   /proc/loadavg r,
+   /run/systemd/sessions/1 r,
+}

usr.lib.nagios.plugins.check_ntp_time

@@ -0,0 +1,24 @@
+#include <tunables/global>
+
+/usr/lib/nagios/plugins/check_ntp_time {
+  #include <abstractions/base> 
+  #include <abstractions/consoles>
+  #include <abstractions/nameservice>
+  #include <abstractions/xad>
+
+  network inet dgram,
+  network inet6 dgram,
+
+  capability ipc_lock,
+  capability net_bind_service,
+  capability sys_time,
+  capability sys_resource,
+
+  /etc/gai.conf r,
+  /usr/lib/nagios/plugins/check_ntp_time rm,
+  /etc/hosts r,
+  /etc/resolv.conf r,
+  /var/run/nscd/* r,
+
+  /etc/monitoring-plugins/* r,
+}

usr.lib.nagios.plugins.check_ping

@@ -0,0 +1,14 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_ping {
+    #include <abstractions/base>
+    #include <abstractions/nameservice>
+
+    capability net_raw,
+    capability setuid,
+    network inet raw,
+    network inet6 raw,
+    /{usr/,}bin/ping rix,
+    /{usr/,}bin/ping6 rix,
+
+    /etc/monitoring-plugins/* r,
+}

usr.lib.nagios.plugins.check_procs

@@ -0,0 +1,13 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_procs flags=(attach_disconnected) {
+  #include <abstractions/nameservice>
+  #include <abstractions/base>
+  #include <abstractions/consoles>
+
+  capability sys_ptrace,
+
+  /{usr/,}bin/ps rix,
+  /proc/ r,
+  /proc/** r,
+  /usr/lib/nagios/plugins/check_procs mr,
+}

usr.lib.nagios.plugins.check_procs.sle15

@@ -0,0 +1,14 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_procs flags=(attach_disconnected) {
+  #include <abstractions/nameservice>
+  #include <abstractions/base>
+  #include <abstractions/consoles>
+
+  ptrace,
+  ptrace (read) peer=unconfined,
+
+  /{usr/,}bin/ps rix,
+  /proc/ r,
+  /proc/** r,
+  /usr/lib/nagios/plugins/check_procs mr,
+}

usr.lib.nagios.plugins.check_ssh

@@ -0,0 +1,7 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_ssh flags=(complain) {
+    #include <abstractions/base>
+    #include <abstractions/nameservice>
+
+    /etc/monitoring-plugins/* r,
+}

usr.lib.nagios.plugins.check_swap

@@ -0,0 +1,6 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_swap {
+  #include <abstractions/base> 
+  #include <abstractions/consoles>
+  /usr/lib/nagios/plugins/check_swap rm,
+}

usr.lib.nagios.plugins.check_users

@@ -0,0 +1,8 @@
+#include <tunables/global>
+/usr/lib/nagios/plugins/check_users {
+  #include <abstractions/base> 
+  #include <abstractions/consoles>
+  #include <abstractions/wutmp>
+  /usr/lib/nagios/plugins/check_users rm,
+}
+