From f1a27a1d5822123a08ae79835023b7873eb316f7ac304c3ebf0fa23eec91f149 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Tue, 22 Jul 2014 14:20:27 +0000 Subject: [PATCH] - allow plugins to open files in /etc/monitoring-plugins/ (Apparmor profiles in /etc/apparmor.d/) - add README files for check_ping and check_ntp_time - enhance all README files with Apparmor information - whitespace and some spelling fixes on check_cups - added debug option to check_cups OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=7 --- monitoring-plugins-README.SUSE-check_dhcp | 5 + monitoring-plugins-README.SUSE-check_icmp | 6 + ...toring-plugins-README.SUSE-check_ide_smart | 6 + monitoring-plugins-README.SUSE-check_ntp_time | 10 + monitoring-plugins-README.SUSE-check_ping | 10 + monitoring-plugins.changes | 10 + monitoring-plugins.check_cups.sh | 440 +++++++++--------- monitoring-plugins.spec | 5 + usr.lib.nagios.plugins.check_dhcp | 2 + usr.lib.nagios.plugins.check_icmp | 2 + usr.lib.nagios.plugins.check_ide_smart | 2 + usr.lib.nagios.plugins.check_ntp_time | 2 + usr.lib.nagios.plugins.check_ping | 2 + usr.lib.nagios.plugins.check_ssh | 2 + 14 files changed, 287 insertions(+), 217 deletions(-) create mode 100644 monitoring-plugins-README.SUSE-check_ntp_time create mode 100644 monitoring-plugins-README.SUSE-check_ping diff --git a/monitoring-plugins-README.SUSE-check_dhcp b/monitoring-plugins-README.SUSE-check_dhcp index 3aa1b98..68b8d1d 100644 --- a/monitoring-plugins-README.SUSE-check_dhcp +++ b/monitoring-plugins-README.SUSE-check_dhcp @@ -51,5 +51,10 @@ in ''/etc/sudoers'' and an adapted command definition like the following: command_line /usr/bin/sudo $USER1$/check_dhcp } +== Apparmor profile == +Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_dhcp if you are using +the --extra-opts option. The Apparmor profile allows to open every file below +the /etc/monitoring-plugins/ directory read only for this. All files in other +directories are not allowed. diff --git a/monitoring-plugins-README.SUSE-check_icmp b/monitoring-plugins-README.SUSE-check_icmp index a139d2a..2770280 100644 --- a/monitoring-plugins-README.SUSE-check_icmp +++ b/monitoring-plugins-README.SUSE-check_icmp @@ -39,4 +39,10 @@ in ''/etc/sudoers'' and an adapted command definition like the following: } +== Apparmor profile == + +Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_icmp if you are +using the --extra-opts option. The Apparmor profile allows to open every file +below the /etc/monitoring-plugins/ directory read only for this. All files in +other directories are not allowed. diff --git a/monitoring-plugins-README.SUSE-check_ide_smart b/monitoring-plugins-README.SUSE-check_ide_smart index 0e158fc..889adff 100644 --- a/monitoring-plugins-README.SUSE-check_ide_smart +++ b/monitoring-plugins-README.SUSE-check_ide_smart @@ -38,5 +38,11 @@ in ''/etc/sudoers'' and an adapted command definition like the following: command_line /usr/bin/sudo $USER1$/check_ide_smart } +== Apparmor profile == + +Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ide_smart if you are +using the --extra-opts option. The Apparmor profile allows to open every file +below the /etc/monitoring-plugins/ directory read only for this. All files in +other directories are not allowed. diff --git a/monitoring-plugins-README.SUSE-check_ntp_time b/monitoring-plugins-README.SUSE-check_ntp_time new file mode 100644 index 0000000..f985fd8 --- /dev/null +++ b/monitoring-plugins-README.SUSE-check_ntp_time @@ -0,0 +1,10 @@ +README.SUSE for monitoring-plugins-ntp_time + +== Apparmor profile == + +Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ntp_time if you are +using the --extra-opts option. The Apparmor profile allows to open every file +below the /etc/monitoring-plugins/ directory read only for this. All files in +other directories are not allowed. + + diff --git a/monitoring-plugins-README.SUSE-check_ping b/monitoring-plugins-README.SUSE-check_ping new file mode 100644 index 0000000..7186b8c --- /dev/null +++ b/monitoring-plugins-README.SUSE-check_ping @@ -0,0 +1,10 @@ +README.SUSE for monitoring-plugins-ping + +== Apparmor profile == + +Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_ping if you are +using the --extra-opts option. The Apparmor profile allows to open every file +below the /etc/monitoring-plugins/ directory read only for this. All files in +other directories are not allowed. + + diff --git a/monitoring-plugins.changes b/monitoring-plugins.changes index 0f66fe5..3e86ee4 100644 --- a/monitoring-plugins.changes +++ b/monitoring-plugins.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Jul 22 13:50:10 UTC 2014 - lars@linux-schulserver.de + +- allow plugins to open files in /etc/monitoring-plugins/ + (Apparmor profiles in /etc/apparmor.d/) +- add README files for check_ping and check_ntp_time +- enhance all README files with Apparmor information +- whitespace and some spelling fixes on check_cups +- added debug option to check_cups + ------------------------------------------------------------------- Tue Jul 15 13:05:27 UTC 2014 - lars@linux-schulserver.de diff --git a/monitoring-plugins.check_cups.sh b/monitoring-plugins.check_cups.sh index 3c350a7..175aba0 100644 --- a/monitoring-plugins.check_cups.sh +++ b/monitoring-plugins.check_cups.sh @@ -34,20 +34,19 @@ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # -# $Id$ # - -# Autor notes: I`d like to thank to John E. Vincent (nagios-plugs@lusis.org) -# I learn a lof from his check CUPS print queue plugin. -# Then I`d like to thank to Mark Shirley for his check_cups_printer.sh -# script, which was also inspiration for me. -# Both of them you can find on http://exchange.nagios.org/ web site. -# Martin Caj 31/01/2013 - -# version 0.3 has no awk any more, cut can do it as well. -# the appamor profile was fix as well. -# Martin Caj 01/11/2013 - +# Autor notes: +# I`d like to thank to John E. Vincent (nagios-plugs@lusis.org) +# I learn a lof from his check CUPS print queue plugin. +# Then I`d like to thank to Mark Shirley for his check_cups_printer.sh +# script, which was also inspiration for me. +# Both of them you can find on http://exchange.nagios.org/ web site. +# Martin Caj 31/01/2013 +# +# version 0.3 has no awk any more, cut can do it as well. +# the appamor profile was fixed as well. +# Martin Caj 01/11/2013 +# # check_cups - nagios plugin for checking cups service # Description: # @@ -63,6 +62,7 @@ #searchning the lpstat: LPSTAT="$(which lpstat)" +DEBUG='no' # debug the script: #set -x @@ -78,9 +78,9 @@ STATE_DEPENDENT=4 # check it lpstat is missing. if [ ! -x "$LPSTAT" ] then - echo "UNKNOWN: "$LPSTAT" not found or is not executable by the nagios user" - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" + echo "UNKNOWN: "$LPSTAT" not found or is not executable by the nagios user" + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" fi PROGNAME=$(basename $0) @@ -88,36 +88,37 @@ PROGNAME=$(basename $0) print_usage() { # Name: print_usage -# Desc: It just print the usage out. +# Desc: It just prints the usage. - echo "Usage: "$PROGNAME" -H -P -p | -Q -w -c -a " - echo - echo "Notes:" - echo "-H: Hostname - Can be a hostname or IP address." - echo "-P: Check only the printers status." - echo "-p: It will check only one specific printer." - echo "-Q: Type of check - Can be queue size (s) or both queu size and queue age (b)." - echo "-w: WARNING level for queue size." - echo "-c: CRITICAL level for queue size." - echo "-a: Max age of queue. Returns CRITICAL if jobs exists older than days." - echo + echo "Usage: $PROGNAME -H -w -c [-P] [-p] [-Q ] [-a ] [-d]" + echo + echo "Notes:" + echo "-H : Hostname - Can be a hostname or IP address." + echo "-P : Check only the printers status." + echo "-p : will check only the specified printer." + echo "-Q : Type of check - Can be queue size (s) or both queue size and queue age (b)." + echo "-w : WARNING level for queue size." + echo "-c : CRITICAL level for queue size." + echo "-a : Max age of queue. Returns CRITICAL if jobs exists longer than days." + echo "-d : enable debug output" + echo } print_help() { # Name: print_help -# Desc: It just print the usage and the help out. Then it end with exit code 0 +# Desc: Print the usage and help. - print_usage - echo - echo "This plugin will check the CUPS print service for the printer status" - echo "it can check the queue on a remote (or local with -H localhost) CUPS server." - echo "It can check both the size of the queue and the age of the oldest print job in the queue." - echo "-w and -c are for reporting warning and critical levels of the queue size." - echo "-a is optional for specifying the max age of a job in the print queue. Anything older thatn " - echo "will return a CRITICAL" - echo "For more details have look into README file. " - echo - exit 0 + print_usage + echo + echo "This plugin will check the CUPS print service for the printer status." + echo "It can check the queue on a remote (or local with -H localhost) CUPS server." + echo "It can check both: the size of the queue and the age of the oldest print job in the queue." + echo "-w and -c are for warning and critical levels of the queue size." + echo "-a is optional for specifying the max age of a job in the print queue. Anything older than " + echo "will return a CRITICAL" + echo "For more details have look into the README file. " + echo + exit 0 } @@ -128,14 +129,14 @@ check_queue_size() { if [ "$JOBCOUNT" -ge "$critlevel" ] then - MESSAGE="CRITICAL: CUPS queue size - "$JOBCOUNT"| "$PERFDATA"" + MESSAGE="CRITICAL: CUPS queue size - "$JOBCOUNT"| "$PERFDATA"" exitstatus="$STATE_CRITICAL" elif [ "$JOBCOUNT" -ge "$warnlevel" ] then - MESSAGE="WARNING: CUPS queue size - "$JOBCOUNT"| "$PERFDATA"" + MESSAGE="WARNING: CUPS queue size - "$JOBCOUNT"| "$PERFDATA"" exitstatus="$STATE_WARNING" else - MESSAGE="OK: CUPS queue size - "$JOBCOUNT"| "$PERFDATA"" + MESSAGE="OK: CUPS queue size - "$JOBCOUNT"| "$PERFDATA"" exitstatus="$STATE_OK" fi @@ -146,70 +147,73 @@ check_printer_status() { # Desc: It check status of all printers or one specific printer # output is store in $OUTPUT and $exitstatus -if [ -z $printername ] - then - echo "Checking all printers..." - RESULT=$("$LPSTAT" -h "$hostname" -p ) - if [ $? != 0 ] +if [ -z "$printername" ] + then + if [ "$DEBUG" == 'yes' ]; then + echo "Checking all printers..." + fi + RESULT=$("$LPSTAT" -h "$hostname" -p ) + if [ $? != 0 ] then - echo "ERROR: Probably wrong host name: "$hostname", or CUPS is not running there." - exit "$STATE_UNKNOWN" + echo "ERROR: Probably wrong host name: "$hostname", or CUPS is not running." + exit "$STATE_UNKNOWN" fi - else - echo "Checking only the printer "$printername"." - RESULT=$("$LPSTAT" -h "$hostname" -p "$printername") - if [ $? != 0 ] - then - echo "ERROR: the printer "$printername" doesn't exist on the cups server "$hostname"." - echo "please check command: '"$LPSTAT" -h "$hostname" -p' without printer name." - exit "$STATE_UNKNOWN" - fi + if [ "$DEBUG" == 'yes' ]; then + echo "Checking only printer: $printername" + fi + RESULT=$("$LPSTAT" -h "$hostname" -p "$printername") + if [ $? != 0 ] + then + echo "ERROR: the printer $printername doesn't exist on CUPS server $hostname." + echo "please check command: '$LPSTAT -h $hostname -p' without printer name." + exit "$STATE_UNKNOWN" + fi fi case "$RESULT" in - *Rejecting*) - messages=$(echo "$RESULT"|grep -i rejecting ) - OUTPUT="CRITICAL - CUPS printer is rejecting jobs for: "$messages"." - exitstatus="$STATE_CRITICAL" - ;; - *Unable*) - messages=$(echo "$RESULT"|grep -i unable ) - OUTPUT="CRITICAL - CUPS Unable to connect: "$messages"." - exitstatus="$STATE_CRITICAL" - ;; - *disabled*) - messages=$(echo "$RESULT"|grep -i disabled) - OUTPUT="CRITICAL - CUPS printer: "$messages"." - exitstatus="$STATE_CRITICAL" - ;; - *Paused*) - messages=$(echo "$RESULT"|grep -i paused) - OUTPUT="WARNING: - CUPS printer is: "$messages"." - exitstatus="$STATE_WARNING" - ;; - *printing*) - OUTPUT="OK - CUPS printer is printing now." - exitstatus="$STATE_OK" - ;; - *idle*) - OUTPUT="OK - CUPS printer "$printername" is idle." - exitstatus="$STATE_OK" - ;; - *) - OUTPUT="CRITICAL - Unknown error occured while checking: "$RESULT"." - exitstatus="$STATE_CRITICAL" - ;; + *Rejecting*) + messages=$(echo "$RESULT"|grep -i rejecting ) + OUTPUT="CRITICAL - CUPS printer is rejecting jobs for: $messages." + exitstatus="$STATE_CRITICAL" + ;; + *Unable*) + messages=$(echo "$RESULT"|grep -i unable ) + OUTPUT="CRITICAL - CUPS Unable to connect: $messages." + exitstatus="$STATE_CRITICAL" + ;; + *disabled*) + messages=$(echo "$RESULT"|grep -i disabled) + OUTPUT="CRITICAL - CUPS printer: $messages." + exitstatus="$STATE_CRITICAL" + ;; + *Paused*) + messages=$(echo "$RESULT"|grep -i paused) + OUTPUT="WARNING: - CUPS printer is: $messages." + exitstatus="$STATE_WARNING" + ;; + *printing*) + OUTPUT="OK - CUPS printer is printing now." + exitstatus="$STATE_OK" + ;; + *idle*) + OUTPUT="OK - CUPS printer $printername is idle." + exitstatus="$STATE_OK" + ;; + *) + OUTPUT="CRITICAL - Unknown error occured while checking: $RESULT." + exitstatus="$STATE_CRITICAL" + ;; esac } -# It testing how many variable user add on command line -# The minimu for test printes only is 3 +# Test how many variable we got on command line +# The minimum for test printers is 3 if [ $# -lt 3 ]; then - print_usage - exit "$STATE_UNKNOWN" + print_usage + exit "$STATE_UNKNOWN" fi # this set default exit status to: @@ -218,153 +222,155 @@ exitstatus="$STATE_UNKNOWN" # by default is test pritner disabled, you must allow it with -p $printer or -P all printers testprinter="0" - # testing arguments: while test -n "$1"; do - case "$1" in - --help) - print_help - exit "$STATE_OK" - ;; - -h) - print_help - exit "$STATE_OK" - ;; - -P) - testprinter="1" - ;; - -p) - testprinter="2" - printername="$2" - shift - ;; - -H) - hostname=$2 - shift - ;; - -Q) - testtype=$2 - shift - ;; - -w) - warnlevel=$2 - shift - ;; - -c) - critlevel=$2 - shift - ;; - -a) - maxage=$2 - shift - ;; - esac - shift + case "$1" in + --help) + print_help + exit "$STATE_OK" + ;; + -h) + print_help + exit "$STATE_OK" + ;; + -P) + testprinter="1" + ;; + -p) + testprinter="2" + printername="$2" + shift + ;; + -H) + hostname="$2" + shift + ;; + -Q) + testtype="$2" + shift + ;; + -w) + warnlevel="$2" + shift + ;; + -c) + critlevel="$2" + shift + ;; + -a) + maxage="$2" + shift + ;; + -d) + DEBUG='yes' + ;; + esac + shift done # Check arguments for validity: -if [ -z $hostname ] +if [ -z "$hostname" ] then - echo "You must specify a hostname (or localhost to test the local system)" - print_usage - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" + echo "You must specify a hostname (or localhost to test the local system)" >&2 + print_usage + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" fi -# testing priner(s) - - -if [ $testprinter -eq 2 ] #Check specifics printer and continue with the script +# testing printer(s) +if [ "$testprinter" -eq "2" ] # Check specific printer and continue with the script then - check_printer_status "$printername" - - if [ -z $testtype ] # exits if there is no -Q checks - then - echo "$OUTPUT" - exit "$exitstatus" - fi -elif [ $testprinter -eq 1 ]; then # check all printers - check_printer_status - if [ -z $testtype ]; then # exits if there is no -Q checks - echo "$OUTPUT" - exit "$exitstatus" - fi -else # no cuos check is need - echo "No printer check is require. Checking the queue ..." + check_printer_status "$printername" + + if [ -z "$testtype" ] # exit if there is no -Q checks + then + echo "$OUTPUT" + exit "$exitstatus" + fi +elif [ "$testprinter" -eq "1" ]; then # check all printers + check_printer_status + if [ -z "$testtype" ]; then # exit if there is no -Q checks + echo "$OUTPUT" + exit "$exitstatus" + fi +else # no cuos check is need + if [ "$DEBUG" == 'yes' ]; then + echo "No printer check required. Checking the queue ..." + fi fi # testing arguments for the queue checks: -if [[ -z $critlevel || -z $warnlevel ]] # Did we get warn and crit values? +if [[ -z "$critlevel" || -z "$warnlevel" ]] # Did we get warn and crit values? then - echo "You must specify a warning and critical level" - print_usage - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" + echo "You must specify a warning and critical level" + print_usage + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" elif [ $critlevel -lt $warnlevel ] # Do the warn/crit values make sense? then - echo "CRITICAL value of "$critlevel" is less than WARNING level of "$warnlevel"" - print_usage - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" + echo "CRITICAL value of $critlevel is less than WARNING level of $warnlevel" + print_usage + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" fi # what kind of queue test will be run: -if [ -z $testtype ] +if [ -z "$testtype" ] then - - echo "You must specify a test type" - print_usage - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" + echo "You must specify a test type" + print_usage + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" # this is a very nice elif, it match if -a X is missing -elif [[ "$testtype" = [b]* && -z $maxage ]] +elif [[ "$testtype" = [b]* && -z "$maxage" ]] then - echo "You must specify when using a test type of 'b'" - print_usage - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" + echo "You must specify when using a test type of 'b'" + print_usage + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" else - echo "Testing queue on the CUPS..." - JOBTMP=$(mktemp -t lpstat.XXXXXX) # Create a tmpfile to store the lpstat results - STALEJOBCOUNT=0 # default number of old jobs - CURDATETS=$(date +%s) # Get the current date as unixtime - "$LPSTAT" -h "$hostname" -o > "$JOBTMP" # run the lpstat command against the host. + if [ "$DEBUG" == 'yes' ]; then + echo "Testing queue on $hostname ..." + fi + JOBTMP=$(mktemp -t lpstat.XXXXXX) # Create a tmpfile to store the lpstat results + STALEJOBCOUNT=0 # default number of old jobs + CURDATETS=$(date +%s) # Get the current date as unixtime + "$LPSTAT" -h "$hostname" -o > "$JOBTMP" # run the lpstat command against the host. - if [ $? -ne 0 ] - then - rm -rf "$JOBTMP" - echo "UNKNOWN: lpstat command returned an error. Please test this script manually." - exitstatus="$STATE_UNKNOWN" - exit "$exitstatus" - fi - JOBCOUNT=$(wc -l < $JOBTMP) # populate the jobcount - PERFDATA="print_jobs="$JOBCOUNT";"$warnlevel";"$critlevel";0" - if [[ "$JOBCOUNT" -gt 0 && $maxage ]] - then - MAXAGETS=$(echo "86400 * $maxage" | bc) # 86400 seconds in a day * maxage - exec<"$JOBTMP" # read the file to determine job age - while read PRINTJOB - do - # Grab the job date from the job listing - JOBDATE=$(echo $PRINTJOB | cut -c50-73) - # Convert the job date to unixtime - JOBDATETS=$(date --date="$JOBDATE" +%s) - DATEDIFF=$(echo "($CURDATETS - $JOBDATETS)" | bc) - if [ $DATEDIFF -gt $MAXAGETS ] - then - MESSAGE="CRITICAL: Some CUPS jobs are older than "$maxage" days| "$PERFDATA"" - exitstatus="$STATE_CRITICAL" - else - check_queue_size - fi - done - else - check_queue_size - fi - rm -rf "$JOBTMP" + if [ $? -ne 0 ] + then + rm -rf "$JOBTMP" + echo "UNKNOWN: lpstat command returned an error. Please test this script manually." + exitstatus="$STATE_UNKNOWN" + exit "$exitstatus" + fi + JOBCOUNT=$(wc -l < $JOBTMP) # populate the jobcount + PERFDATA="print_jobs=${JOBCOUNT};${warnlevel};${critlevel};0" + if [[ "$JOBCOUNT" -gt 0 && "$maxage" ]] + then + MAXAGETS=$(echo "86400 * $maxage" | bc) # 86400 seconds in a day * maxage + exec<"$JOBTMP" # read the file to determine job age + while read PRINTJOB + do + # Grab the job date from the job listing + JOBDATE=$(echo "$PRINTJOB" | cut -c50-73) + # Convert the job date to unixtime + JOBDATETS=$(date --date="$JOBDATE" +%s) + DATEDIFF=$(echo "($CURDATETS - $JOBDATETS)" | bc) + if [ $DATEDIFF -gt $MAXAGETS ] + then + MESSAGE="CRITICAL: Some CUPS jobs are older than $maxage days| $PERFDATA" + exitstatus="$STATE_CRITICAL" + else + check_queue_size + fi + done + else + check_queue_size + fi + rm -rf "$JOBTMP" fi - # end: print the results and end with exit code for Nagios echo "$OUTPUT" echo "$MESSAGE" diff --git a/monitoring-plugins.spec b/monitoring-plugins.spec index 3170529..e7c06a1 100644 --- a/monitoring-plugins.spec +++ b/monitoring-plugins.spec @@ -42,6 +42,8 @@ Source24: usr.lib.nagios.plugins.check_ide_smart Source25: usr.lib.nagios.plugins.check_ssh Source26: check_ircd_ssl Source27: %{name}-README-extra-opts +Source28: %{name}-README.SUSE-check_ping +Source29: %{name}-README.SUSE-check_ntp_time Patch1: %{name}-1.4.14-ntpd.patch Patch2: %{name}-1.4.14-check_log.patch Patch6: %{name}-1.4.6-no_chown.patch @@ -1070,6 +1072,9 @@ it will provide the size of the queue of age of queue. %{__cp} %{S:14} ./README.SUSE-check_icmp %{__cp} %{S:15} ./README.SUSE-check_ide_smart %{__cp} %{S:20} ./README.SUSE-check_cups +%{__cp} %{S:28} ./README.SUSE-check_ping +%{__cp} %{S:29} ./README.SUSE-check_ntp_time + for extension in mysql pgsql sqlite3 ; do cat >> README.SUSE-dbi-$extension << EOF This program connects to an (SQL) database using DBI and checks the diff --git a/usr.lib.nagios.plugins.check_dhcp b/usr.lib.nagios.plugins.check_dhcp index a31f5b8..febbf4a 100644 --- a/usr.lib.nagios.plugins.check_dhcp +++ b/usr.lib.nagios.plugins.check_dhcp @@ -3,4 +3,6 @@ #include #include capability net_raw, + + /etc/monitoring-plugins/* r, } diff --git a/usr.lib.nagios.plugins.check_icmp b/usr.lib.nagios.plugins.check_icmp index 01ecfaf..0581642 100644 --- a/usr.lib.nagios.plugins.check_icmp +++ b/usr.lib.nagios.plugins.check_icmp @@ -6,4 +6,6 @@ capability net_raw, capability setuid, network inet raw, + + /etc/monitoring-plugins/* r, } diff --git a/usr.lib.nagios.plugins.check_ide_smart b/usr.lib.nagios.plugins.check_ide_smart index 31b4726..d24a0f2 100644 --- a/usr.lib.nagios.plugins.check_ide_smart +++ b/usr.lib.nagios.plugins.check_ide_smart @@ -7,4 +7,6 @@ capability sys_rawio, /dev/s* r, /dev/h* r, + + /etc/monitoring-plugins/* r, } diff --git a/usr.lib.nagios.plugins.check_ntp_time b/usr.lib.nagios.plugins.check_ntp_time index 5b91bdc..231af9c 100644 --- a/usr.lib.nagios.plugins.check_ntp_time +++ b/usr.lib.nagios.plugins.check_ntp_time @@ -19,4 +19,6 @@ /etc/hosts r, /etc/resolv.conf r, /var/run/nscd/* r, + + /etc/monitoring-plugins/* r, } diff --git a/usr.lib.nagios.plugins.check_ping b/usr.lib.nagios.plugins.check_ping index 4f3646d..069174a 100644 --- a/usr.lib.nagios.plugins.check_ping +++ b/usr.lib.nagios.plugins.check_ping @@ -9,4 +9,6 @@ network inet6 raw, /{usr/,}bin/ping rix, /{usr/,}bin/ping6 rix, + + /etc/monitoring-plugins/* r, } diff --git a/usr.lib.nagios.plugins.check_ssh b/usr.lib.nagios.plugins.check_ssh index e61da98..ea20856 100644 --- a/usr.lib.nagios.plugins.check_ssh +++ b/usr.lib.nagios.plugins.check_ssh @@ -2,4 +2,6 @@ /usr/lib/nagios/plugins/check_ssh flags=(complain) { #include #include + + /etc/monitoring-plugins/* r, }