rpm/monitoring-plugins
SHA256
1
0
Fork 0
forked from pool/monitoring-plugins
Code Pull Requests Activity

Accepting request 933139 from server:monitoring

Browse Source 
JFYI: this is planned as update also for SLE12 and SLE15.
Please have a closer look, not that I missed something.
As the plugins are in productive use on monitor.opensuse.org, I
do not expect big issues. But the dhcpd plugin was not extensively tested, yet.


- recommend syslog for monitoring-plugins-log, as people probably 
  want to analize logs generated by (r)syslog or journald
Renamed patches:
- renamed monitoring-plugins-1.4.6-no_chown.patch to 
  monitoring-plugins-1.4.6-Makefile_-_no_chown.patch to make it
  easier to detect the patched file
- renamed monitoring-plugins-2.1.1-check_logfile.patch to 
  monitoring-plugins-2.1.1-check_log_-_quoting.patch to make it
  easier to detect the patched file and reason for the patch
New patches:
- added monitoring-plugins-2.3.1-check_snmp_segfaults.patch 
  check_snmp will segfaults at line 489 if number of lines returned 
  by SNMPD is greater than number of defined thresholds
  -> https://github.com/monitoring-plugins/monitoring-plugins/pull/1589
- added monitoring-plugins-2.3.1-check_snmp_hang_on_STDERR_workaround.patch
  When the MIBs are not quite right, snmpget outputs lots of errors on 
  STDERR before getting down to business.
  If this is enough to fill the pipe buffer, snmpget hangs waiting for 
  it to be cleared, which it never will be because check_snmp is 
  waiting for snmpget to output something on STDOUT.
  This simple fix from s2156945 for this is to read STDERR before STDOUT.
  cmd_run_array from utils_cmd.c is also used by plugins/check_by_ssh 
  and plugins/negate but you're likely to get lots of errors or lots 
  of output, not both at the same time.
  The real fix is probably to do a select() and read from both as 
  they come in.
  https://github.com/monitoring-plugins/monitoring-plugins/issues/1706
- added monitoring-plugins-2.3.1-check_dhcp_-_detect_rogue_dhcp_servers.patch 
  feature enhancement from Patrick Cervicek for check_dhcp, which allows 
  to detect rogue DHCP servers. Use it with the "-x" flag, example:

OBS-URL: https://build.opensuse.org/request/show/933139
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/monitoring-plugins?expand=0&rev=23
This commit is contained in:
Dominique Leuenberger
2021-11-23 21:10:33 +00:00
committed by Git OBS Bridge
parent 38403e13c5 35ea43154e
commit d1b04a5866
10 changed files with 1397 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
monitoring-plugins-1.4.6-no_chown.patch → monitoring-plugins-1.4.6-Makefile_-_no_chown.patch
View File

0
monitoring-plugins-2.1.1-check_logfile.patch → monitoring-plugins-2.1.1-check_log_-_quoting.patch
View File

320
monitoring-plugins-2.3.1-check_dhcp_-_detect_rogue_dhcp_servers.patch Normal file
View File

@@ -0,0 +1,320 @@
Index: monitoring-plugins-2.3.1/plugins-root/check_dhcp.c
===================================================================
--- monitoring-plugins-2.3.1.orig/plugins-root/check_dhcp.c
+++ monitoring-plugins-2.3.1/plugins-root/check_dhcp.c
@@ -156,6 +156,7 @@ typedef struct dhcp_offer_struct{
u_int32_t lease_time; /* lease time in seconds */
u_int32_t renewal_time; /* renewal time in seconds */
u_int32_t rebinding_time; /* rebinding time in seconds */
+ u_int8_t desired; /* is this offer desired (necessary in exclusive mode) */
struct dhcp_offer_struct *next;
}dhcp_offer;
@@ -199,6 +200,7 @@ typedef struct requested_server_struct{
#define ETHERNET_HARDWARE_ADDRESS_LENGTH 6 /* length of Ethernet hardware addresses */
u_int8_t unicast = 0; /* unicast mode: mimic a DHCP relay */
+u_int8_t exclusive = 0; /* exclusive mode aka "rogue DHCP server detection" */
struct in_addr my_ip; /* our address (required for relay) */
struct in_addr dhcp_ip; /* server to query (if in unicast mode) */
unsigned char client_hardware_address[MAX_DHCP_CHADDR_LENGTH]="";
@@ -229,7 +231,7 @@ struct in_addr requested_address;
int process_arguments(int, char **);
int call_getopt(int, char **);
-int validate_arguments(int, int);
+int validate_arguments(void);
void print_usage(void);
void print_help(void);
@@ -323,8 +325,7 @@ int get_hardware_address(int sock,char *
#elif defined(__bsd__)
/* King 2004 see ACKNOWLEDGEMENTS */
- size_t len;
- int mib[6];
+ int mib[6], len;
char *buf;
unsigned char *ptr;
struct if_msghdr *ifm;
@@ -464,9 +465,10 @@ int send_dhcp_discover(int sock){
discover_packet.hlen=ETHERNET_HARDWARE_ADDRESS_LENGTH;
/*
- * transaction ID is supposed to be random.
+ * transaction ID is supposed to be random. We won't use the address so
+ * we don't care about high entropy here. time(2) is good enough.
*/
- srand(time(NULL)^getpid());
+ srand(time(NULL));
packet_xid=random();
discover_packet.xid=htonl(packet_xid);
@@ -692,11 +694,17 @@ int receive_dhcp_packet(void *buffer, in
}
else{
+
+ /* why do we need to peek first? i don't know, its a hack. without it, the source address of the first packet received was
+ not being interpreted correctly. sigh... */
bzero(&source_address,sizeof(source_address));
address_size=sizeof(source_address);
+ recv_result=recvfrom(sock,(char *)buffer,buffer_size,MSG_PEEK,(struct sockaddr *)&source_address,&address_size);
+ if(verbose)
+ printf("recv_result_1: %d\n",recv_result);
recv_result=recvfrom(sock,(char *)buffer,buffer_size,0,(struct sockaddr *)&source_address,&address_size);
if(verbose)
- printf("recv_result: %d\n",recv_result);
+ printf("recv_result_2: %d\n",recv_result);
if(recv_result==-1){
if(verbose){
@@ -904,6 +912,7 @@ int add_dhcp_offer(struct in_addr source
new_offer->lease_time=dhcp_lease_time;
new_offer->renewal_time=dhcp_renewal_time;
new_offer->rebinding_time=dhcp_rebinding_time;
+ new_offer->desired=FALSE; /* exclusive mode: we'll check that in get_results */
if(verbose){
@@ -949,7 +958,7 @@ int free_requested_server_list(void){
/* gets state and plugin output to return */
int get_results(void){
- dhcp_offer *temp_offer;
+ dhcp_offer *temp_offer, *undesired_offer=NULL;
requested_server *temp_server;
int result;
u_int32_t max_lease_time=0;
@@ -980,16 +989,24 @@ int get_results(void){
if(temp_server->answered)
printf(_(" (duplicate)"));
printf(_("\n"));
- }
+ }
if(temp_server->answered == FALSE){
requested_responses++;
temp_server->answered=TRUE;
- }
- }
- }
- }
-
- }
+ temp_offer->desired=TRUE;
+ }
+ }
+ }
+ }
+
+ /* exclusive mode: check for undesired offers */
+ for(temp_offer=dhcp_offer_list;temp_offer!=NULL;temp_offer=temp_offer->next) {
+ if (temp_offer->desired == FALSE) {
+ undesired_offer=temp_offer; /* Checks only for the first undesired offer */
+ break; /* no further checks needed */
+ }
+ }
+ }
/* else check and see if we got our requested address from any server */
else{
@@ -1003,8 +1020,8 @@ int get_results(void){
/* see if we got the address we requested */
if(!memcmp(&requested_address,&temp_offer->offered_address,sizeof(requested_address)))
received_requested_address=TRUE;
- }
- }
+ }
+ }
result=STATE_OK;
if(valid_responses==0)
@@ -1016,6 +1033,9 @@ int get_results(void){
else if(request_specific_address==TRUE && received_requested_address==FALSE)
result=STATE_WARNING;
+ if(exclusive && undesired_offer)
+ result=STATE_CRITICAL;
+
if(result==0) /* garrett honeycutt 2005 */
printf("OK: ");
else if(result==1)
@@ -1033,6 +1053,13 @@ int get_results(void){
printf(_("Received %d DHCPOFFER(s)"),valid_responses);
+
+ if(exclusive && undesired_offer){
+ printf(_(", Rogue DHCP Server detected! Server %s"),inet_ntoa(undesired_offer->server_address));
+ printf(_(" offered %s \n"),inet_ntoa(undesired_offer->offered_address));
+ return result;
+ }
+
if(requested_servers>0)
printf(_(", %s%d of %d requested servers responded"),((requested_responses<requested_servers) && requested_responses>0)?"only ":"",requested_responses,requested_servers);
@@ -1053,19 +1080,29 @@ int get_results(void){
/* process command-line arguments */
int process_arguments(int argc, char **argv){
- int arg_index;
+ int c;
if(argc<1)
return ERROR;
- arg_index = call_getopt(argc,argv);
- return validate_arguments(argc,arg_index);
+ c=0;
+ while((c+=(call_getopt(argc-c,&argv[c])))<argc){
+
+ /*
+ if(is_option(argv[c]))
+ continue;
+ */
+ }
+
+ return validate_arguments();
}
int call_getopt(int argc, char **argv){
- extern int optind;
+ int c=0;
+ int i=0;
+
int option_index = 0;
static struct option long_options[] =
{
@@ -1075,6 +1112,7 @@ int call_getopt(int argc, char **argv){
{"interface", required_argument,0,'i'},
{"mac", required_argument,0,'m'},
{"unicast", no_argument, 0,'u'},
+ {"exclusive", no_argument, 0,'x'},
{"verbose", no_argument, 0,'v'},
{"version", no_argument, 0,'V'},
{"help", no_argument, 0,'h'},
@@ -1082,14 +1120,25 @@ int call_getopt(int argc, char **argv){
};
while(1){
- int c=0;
+ c=getopt_long(argc,argv,"+hVvxt:s:r:t:i:m:u",long_options,&option_index);
- c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index);
+ i++;
if(c==-1||c==EOF||c==1)
break;
switch(c){
+ case 'w':
+ case 'r':
+ case 't':
+ case 'i':
+ i++;
+ break;
+ default:
+ break;
+ }
+
+ switch(c){
case 's': /* DHCP server address */
resolve_host(optarg,&dhcp_ip);
@@ -1133,6 +1182,9 @@ int call_getopt(int argc, char **argv){
case 'u': /* unicast testing */
unicast=1;
break;
+ case 'x': /* exclusive testing aka "rogue DHCP server detection" */
+ exclusive=1;
+ break;
case 'V': /* version */
print_revision(progname, NP_VERSION);
@@ -1146,22 +1198,16 @@ int call_getopt(int argc, char **argv){
verbose=1;
break;
- case '?': /* help */
- usage5 ();
- break;
-
default:
break;
}
}
- return optind;
- }
+ return i;
+ }
-int validate_arguments(int argc, int arg_index){
- if(argc-optind > 0)
- usage(_("Got unexpected non-option argument"));
+int validate_arguments(void){
return OK;
}
@@ -1361,7 +1407,7 @@ void print_help(void){
printf("%s\n", _("This plugin tests the availability of DHCP servers on a network."));
- printf ("\n\n");
+ printf ("\n\n");
print_usage();
@@ -1371,19 +1417,21 @@ void print_help(void){
printf (UT_VERBOSE);
printf (" %s\n", "-s, --serverip=IPADDRESS");
- printf (" %s\n", _("IP address of DHCP server that we must hear from"));
- printf (" %s\n", "-r, --requestedip=IPADDRESS");
- printf (" %s\n", _("IP address that should be offered by at least one DHCP server"));
- printf (" %s\n", "-t, --timeout=INTEGER");
- printf (" %s\n", _("Seconds to wait for DHCPOFFER before timeout occurs"));
- printf (" %s\n", "-i, --interface=STRING");
- printf (" %s\n", _("Interface to to use for listening (i.e. eth0)"));
- printf (" %s\n", "-m, --mac=STRING");
- printf (" %s\n", _("MAC address to use in the DHCP request"));
- printf (" %s\n", "-u, --unicast");
- printf (" %s\n", _("Unicast testing: mimic a DHCP relay, requires -s"));
+ printf (" %s\n", _("IP address of DHCP server that we must hear from"));
+ printf (" %s\n", "-r, --requestedip=IPADDRESS");
+ printf (" %s\n", _("IP address that should be offered by at least one DHCP server"));
+ printf (" %s\n", "-t, --timeout=INTEGER");
+ printf (" %s\n", _("Seconds to wait for DHCPOFFER before timeout occurs"));
+ printf (" %s\n", "-i, --interface=STRING");
+ printf (" %s\n", _("Interface to to use for listening (i.e. eth0)"));
+ printf (" %s\n", "-m, --mac=STRING");
+ printf (" %s\n", _("MAC address to use in the DHCP request"));
+ printf (" %s\n", "-u, --unicast");
+ printf (" %s\n", _("Unicast testing: mimic a DHCP relay, requires -s"));
+ printf (" %s\n", "-x, --exclusive");
+ printf (" %s\n", _("Only requested DHCP server may response (rogue DHCP server detection), requires -s"));
- printf (UT_SUPPORT);
+ printf (UT_SUPPORT);
return;
}
@@ -1391,12 +1439,10 @@ void print_help(void){
void
print_usage(void){
- printf ("%s\n", _("Usage:"));
- printf (" %s [-v] [-u] [-s serverip] [-r requestedip] [-t timeout]\n",progname);
- printf (" [-i interface] [-m mac]\n");
+ printf ("%s\n", _("Usage:"));
+ printf (" %s [-v] [-u] [-x] [-s serverip] [-r requestedip] [-t timeout]\n",progname);
+ printf (" [-i interface] [-m mac]\n");
return;
}
-
-

17
monitoring-plugins-2.3.1-check_snmp_hang_on_STDERR_workaround.patch Normal file
View File

@@ -0,0 +1,17 @@
Index: monitoring-plugins-2.3.1/lib/utils_cmd.c
===================================================================
--- monitoring-plugins-2.3.1.orig/lib/utils_cmd.c
+++ monitoring-plugins-2.3.1/lib/utils_cmd.c
@@ -355,10 +355,10 @@ cmd_run_array (char *const *argv, output
if ((fd = _cmd_open (argv, pfd_out, pfd_err)) == -1)
die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), argv[0]);
- if (out)
- out->lines = _cmd_fetch_output (pfd_out[0], out, flags);
if (err)
err->lines = _cmd_fetch_output (pfd_err[0], err, flags);
+ if (out)
+ out->lines = _cmd_fetch_output (pfd_out[0], out, flags);
return _cmd_close (fd);
}

13
monitoring-plugins-2.3.1-check_snmp_segfaults.patch Normal file
View File

@@ -0,0 +1,13 @@
Index: monitoring-plugins-2.3.1/plugins/check_snmp.c
===================================================================
--- monitoring-plugins-2.3.1.orig/plugins/check_snmp.c
+++ monitoring-plugins-2.3.1/plugins/check_snmp.c
@@ -375,7 +375,7 @@ main (int argc, char **argv)
}
}
- for (line=0, i=0; line < chld_out.lines; line++, i++) {
+ for (line=0, i=0; line < chld_out.lines && i < numoids; line++, i++) {
if(calculate_rate)
conv = "%.10g";
else

246
monitoring-plugins-2.3.1-check_ssh.patch Normal file
View File

@@ -0,0 +1,246 @@
From e56255ee2f2887551e15aba2410138238efab030 Mon Sep 17 00:00:00 2001
From: Anton Lofgren <alofgren@op5.com>
Date: Mon, 21 Oct 2013 08:18:30 +0200
Subject: [PATCH 1/4] check_ssh: properly parse a delayed version control
string
This resolves an issue with SSH servers which do not respond with their
version control string as the first thing in the SSH protocol version
exchange phase after connection establishment.
This patch also makes sure that we disregard a potential comment in the
version exchange string to avoid nonsense mismatches. In the future, we
might want to add the capability to match against a user specified comment.
In addition, the patch largely improves the communication towards the
server, which adds better protocol adherence.
Of course, new test cases are added to support the trigger and guard
against regressions of the bugs solved by this patch.
This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
---
plugins/check_ssh.c | 122 +++++++++++++++++++++++++++++-------------
plugins/t/check_ssh.t | 97 ++++++++++++++++++++++++++-------
2 files changed, 164 insertions(+), 55 deletions(-)
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index 3658965e5..fc2ceb78b 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -215,8 +215,13 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol
{
int sd;
int result;
+ int len = 0;
+ ssize_t byte_offset = 0;
+ ssize_t recv_ret = 0;
+ char *version_control_string = NULL;
char *output = NULL;
char *buffer = NULL;
+ char *tmp= NULL, *saveptr = NULL;
char *ssh_proto = NULL;
char *ssh_server = NULL;
static char *rev_no = VERSION;
@@ -231,51 +236,94 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol
return result;
output = (char *) malloc (BUFF_SZ + 1);
- memset (output, 0, BUFF_SZ + 1);
- recv (sd, output, BUFF_SZ, 0);
- if (strncmp (output, "SSH", 3)) {
- printf (_("Server answer: %s"), output);
- close(sd);
+ memset(output, 0, BUFF_SZ+1);
+ while (!version_control_string && (recv_ret = recv(sd, output+byte_offset, BUFF_SZ - byte_offset, 0)) > 0) {
+ if (strchr(output, '\n')) { /* we've got at least one full line, start parsing*/
+ byte_offset = 0;
+ while (strchr(output+byte_offset, '\n') != NULL) {
+ /*Partition the buffer so that this line is a separate string,
+ * by replacing the newline with NUL*/
+ output[(strchr(output+byte_offset, '\n')-output)]= '\0';
+ len = strlen(output+byte_offset);
+ if (len >= 4) {
+ /*if the string starts with SSH-, this _should_ be a valid version control string*/
+ if (strncmp (output+byte_offset, "SSH-", 4) == 0) {
+ version_control_string = output+byte_offset;
+ break;
+ }
+ }
+
+ /*the start of the next line (if one exists) will be after the current one (+ NUL)*/
+ byte_offset+=len+1;
+ }
+ if(!version_control_string) {
+ /* move unconsumed data to beginning of buffer, null rest */
+ memmove((void *)output, (void *)output+byte_offset+1, BUFF_SZ - len+1);
+ memset(output+byte_offset+1, 0, BUFF_SZ-byte_offset+1);
+
+ /*start reading from end of current line chunk on next recv*/
+ byte_offset = strlen(output);
+ }
+ }
+ else {
+ byte_offset += recv_ret;
+ }
+ }
+ tmp = NULL;
+ if (recv_ret < 0) {
+ printf("SSH CRITICAL - %s", strerror(errno));
+ exit(STATE_CRITICAL);
+ }
+ if (!version_control_string) {
+ printf("SSH CRITICAL - No version control string received");
+ exit(STATE_CRITICAL);
+ }
+ strip (version_control_string);
+ if (verbose)
+ printf ("%s\n", version_control_string);
+ ssh_proto = version_control_string + 4;
+ ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789.");
+
+ /* If there's a space in the version string, whatever's after the space is a comment
+ * (which is NOT part of the server name/version)*/
+ tmp = strchr(ssh_server, ' ');
+ if (tmp) {
+ ssh_server[tmp - ssh_server] = '\0';
+ }
+ if (strlen(ssh_proto) == 0 || strlen(ssh_server) == 0) {
+ printf(_("SSH CRITICAL - Invalid protocol version control string %s\n"), version_control_string);
exit (STATE_CRITICAL);
}
- else {
- strip (output);
- if (verbose)
- printf ("%s\n", output);
- ssh_proto = output + 4;
- ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789. ");
- ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
-
- xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
- send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
- if (verbose)
- printf ("%s\n", buffer);
-
- if (remote_version && strcmp(remote_version, ssh_server)) {
- printf
- (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
- ssh_server, ssh_proto, remote_version);
- close(sd);
- exit (STATE_CRITICAL);
- }
+ ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
- if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
- printf
- (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
- ssh_server, ssh_proto, remote_protocol);
- close(sd);
- exit (STATE_CRITICAL);
- }
+ xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
+ send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
+ if (verbose)
+ printf ("%s\n", buffer);
- elapsed_time = (double)deltime(tv) / 1.0e6;
+ if (remote_version && strcmp(remote_version, ssh_server)) {
+ printf
+ (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
+ ssh_server, ssh_proto, remote_version);
+ close(sd);
+ exit (STATE_CRITICAL);
+ }
+ if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
printf
- (_("SSH OK - %s (protocol %s) | %s\n"),
- ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
- FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
+ (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
+ ssh_server, ssh_proto, remote_protocol);
close(sd);
- exit (STATE_OK);
+ exit (STATE_CRITICAL);
}
+ elapsed_time = (double)deltime(tv) / 1.0e6;
+
+ printf
+ (_("SSH OK - %s (protocol %s) | %s\n"),
+ ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
+ FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
+ close(sd);
+ exit (STATE_OK);
}
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index fc2ceb78b..7b576895f 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -278,11 +278,35 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol
printf("SSH CRITICAL - No version control string received");
exit(STATE_CRITICAL);
}
+ /*
+ * "When the connection has been established, both sides MUST send an
+ * identification string. This identification string MUST be
+ *
+ * SSH-protoversion-softwareversion SP comments CR LF"
+ * - RFC 4253:4.2
+ */
strip (version_control_string);
if (verbose)
printf ("%s\n", version_control_string);
ssh_proto = version_control_string + 4;
- ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789.");
+
+ /*
+ * We assume the protoversion is of the form Major.Minor, although
+ * this is not _strictly_ required. See
+ *
+ * "Both the 'protoversion' and 'softwareversion' strings MUST consist of
+ * printable US-ASCII characters, with the exception of whitespace
+ * characters and the minus sign (-)"
+ * - RFC 4253:4.2
+ * and,
+ *
+ * "As stated earlier, the 'protoversion' specified for this protocol is
+ * "2.0". Earlier versions of this protocol have not been formally
+ * documented, but it is widely known that they use 'protoversion' of
+ * "1.x" (e.g., "1.5" or "1.3")."
+ * - RFC 4253:5
+ */
+ ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */
/* If there's a space in the version string, whatever's after the space is a comment
* (which is NOT part of the server name/version)*/
From 59bed139e84fd6342d4203ebebca28bf2f4dcc82 Mon Sep 17 00:00:00 2001
From: Anton Lofgren <alofgren@op5.com>
Date: Fri, 30 Jan 2015 10:52:20 +0100
Subject: [PATCH 4/4] check_ssh: Fix a typo in "remote-protocol parameter
remote-protcol -> remote-protocol
Signed-off-by: Anton Lofgren <alofgren@op5.com>
---
plugins/check_ssh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index 7b576895f..f12f34051 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -106,7 +106,7 @@ process_arguments (int argc, char **argv)
{"timeout", required_argument, 0, 't'},
{"verbose", no_argument, 0, 'v'},
{"remote-version", required_argument, 0, 'r'},
- {"remote-protcol", required_argument, 0, 'P'},
+ {"remote-protocol", required_argument, 0, 'P'},
{0, 0, 0, 0}
};

140
monitoring-plugins-2.3.1-check_ssh.t_-_improve_testing.patch Normal file
View File

@@ -0,0 +1,140 @@
Index: monitoring-plugins-2.3.1/plugins/t/check_ssh.t
===================================================================
--- monitoring-plugins-2.3.1.orig/plugins/t/check_ssh.t
+++ monitoring-plugins-2.3.1/plugins/t/check_ssh.t
@@ -8,34 +8,105 @@ use strict;
use Test::More;
use NPTest;
-# Required parameters
-my $ssh_host = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
-my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" );
-my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" );
-
-
-plan skip_all => "SSH_HOST must be defined" unless $ssh_host;
-plan tests => 6;
-
-
-my $result = NPTest->testCmd(
- "./check_ssh -H $ssh_host"
- );
-cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
-like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
-
-
-$result = NPTest->testCmd(
- "./check_ssh -H $host_nonresponsive -t 2"
- );
-cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
-like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
-
-
-
-$result = NPTest->testCmd(
- "./check_ssh -H $hostname_invalid -t 2"
- );
-cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
-like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
+my $res;
+# Required parameters
+my $ssh_host = getTestParameter("NP_SSH_HOST",
+ "A host providing SSH service",
+ "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
+ "The hostname of system not responsive to network requests",
+ "10.0.0.1" );
+my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID",
+ "An invalid (not known to DNS) hostname",
+ "nosuchhost" );
+
+plan tests => 14 + 6;
+
+SKIP: {
+ skip "SSH_HOST must be defined", 6 unless $ssh_host;
+ my $result = NPTest->testCmd(
+ "./check_ssh -H $ssh_host"
+ );
+ cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
+ like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
+
+ $result = NPTest->testCmd(
+ "./check_ssh -H $host_nonresponsive -t 2"
+ );
+ cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
+ like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
+
+ $result = NPTest->testCmd(
+ "./check_ssh -H $hostname_invalid -t 2"
+ );
+ cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
+ like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
+}
+
+SKIP: {
+ skip "No netcat available", 12 unless (system("which nc > /dev/null") == 0);
+
+ my $nc_flags = "-l 5003 -i 1";
+ #A valid protocol version control string has the form
+ # SSH-protoversion-softwareversion SP comments CR LF
+ #
+ # where `comments` is optional, protoversion is the SSH protocol version and
+ # softwareversion is an arbitrary string representing the server software version
+ open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
+ like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
+ close NC;
+
+ open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string");
+ like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string");
+ close NC;
+
+ open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
+ cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
+ like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
+ close NC;
+
+ open(NC, "echo 'SSH-' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
+ like( $res->output, '/^SSH CRITICAL/', "Output OK");
+ close NC;
+
+ open(NC, "echo '' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 2, "No version control string received");
+ like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
+ close NC;
+
+ open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 2, "No version control string received");
+ like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
+ close NC;
+
+ #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
+ open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 1;
+ echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 1;
+ echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 1;
+ echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 1;
+ printf 'EEEEEEEEEEEEEEEEEE'; sleep 1;
+ printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 1;
+ echo 'Some\nPrepended\nData\nLines\n'; sleep 1;
+ echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|");
+ sleep 1;
+ $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
+ cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
+ like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
+ close NC;
+

588
monitoring-plugins-2.3.1-fixing-shellcheck.patch Normal file
View File

@@ -0,0 +1,588 @@
From 439b93049ddcfa28d7d3b8dd8085770c613aabc3 Mon Sep 17 00:00:00 2001
From: Jan Wagner <waja@cyconet.org>
Date: Fri, 6 Jan 2017 16:54:29 +0100
Subject: [PATCH 1/6] Fixing shellcheck SC2006
---
3 files changed, 41 insertions(+), 41 deletions(-)
Index: monitoring-plugins-2.3.1/plugins-scripts/check_oracle.sh
===================================================================
--- monitoring-plugins-2.3.1.orig/plugins-scripts/check_oracle.sh
+++ monitoring-plugins-2.3.1/plugins-scripts/check_oracle.sh
@@ -8,11 +8,11 @@
PATH="@TRUSTED_PATH@"
export PATH
-PROGNAME=`basename $0`
-PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
+PROGNAME=$(basename "$0")
+PROGPATH=$(echo "$0" | sed -e 's,[\\/][^\\/][^\\/]*$,,')
REVISION="@NP_VERSION@"
-. $PROGPATH/utils.sh
+. "$PROGPATH"/utils.sh
print_usage() {
@@ -29,7 +29,7 @@ print_usage() {
}
print_help() {
- print_revision $PROGNAME $REVISION
+ print_revision "$PROGNAME" "$REVISION"
echo ""
print_usage
echo ""
@@ -87,47 +87,47 @@ esac
case "$cmd" in
--help)
print_help
- exit $STATE_OK
+ exit "$STATE_OK"
;;
-h)
print_help
- exit $STATE_OK
+ exit "$STATE_OK"
;;
--version)
- print_revision $PROGNAME $REVISION
- exit $STATE_OK
+ print_revision "$PROGNAME" "$REVISION"
+ exit "$STATE_OK"
;;
-V)
- print_revision $PROGNAME $REVISION
- exit $STATE_OK
+ print_revision "$PROGNAME" "$REVISION"
+ exit "$STATE_OK"
;;
esac
# Hunt down a reasonable ORACLE_HOME
if [ -z "$ORACLE_HOME" ] ; then
- # Adjust to taste
- for oratab in /var/opt/oracle/oratab /etc/oratab
- do
- [ ! -f $oratab ] && continue
- ORACLE_HOME=`IFS=:
- while read SID ORACLE_HOME junk;
- do
- if [ "$SID" = "$2" -o "$SID" = "*" ] ; then
- echo $ORACLE_HOME;
- exit;
- fi;
- done < $oratab`
- [ -n "$ORACLE_HOME" ] && break
- done
+ # Adjust to taste
+ for oratab in /var/opt/oracle/oratab /etc/oratab
+ do
+ [ ! -f $oratab ] && continue
+ ORACLE_HOME=`IFS=:
+ while read -r SID ORACLE_HOME junk;
+ do
+ if [ "$SID" = "$2" ] || [ "$SID" = "*" ] ; then
+ echo "$ORACLE_HOME";
+ exit;
+ fi;
+ done < $oratab`
+ [ -n "$ORACLE_HOME" ] && break
+ done
fi
# Last resort
-[ -z "$ORACLE_HOME" -a -d $PROGPATH/oracle ] && ORACLE_HOME=$PROGPATH/oracle
+[ -z "$ORACLE_HOME" ] && [ -d "$PROGPATH"/oracle ] && ORACLE_HOME=$PROGPATH/oracle
if [ "$cmd" != "--db" ]; then
- if [ -z "$ORACLE_HOME" -o ! -d "$ORACLE_HOME" ] ; then
- echo "Cannot determine ORACLE_HOME for sid $2"
- exit $STATE_UNKNOWN
- fi
+ if [ -z "$ORACLE_HOME" ] || [ ! -d "$ORACLE_HOME" ] ; then
+ echo "Cannot determine ORACLE_HOME for sid $2"
+ exit "$STATE_UNKNOWN"
+ fi
fi
PATH=$PATH:$ORACLE_HOME/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
@@ -135,81 +135,81 @@ export ORACLE_HOME PATH LD_LIBRARY_PATH
case "$cmd" in
--tns)
- tnschk=` tnsping $2`
- tnschk2=` echo $tnschk | grep -c OK`
- if [ ${tnschk2} -eq 1 ] ; then
- tnschk3=${tnschk##*(}; tnschk3=${tnschk3%)*}
- echo "OK - reply time ${tnschk3} from $2"
- exit $STATE_OK
+ tnschk=$(tnsping "$2")
+ tnschk2=$(echo "$tnschk" | grep -c OK)
+ if [ "${tnschk2}" -eq 1 ] ; then
+ tnschk3=${tnschk##*(}; tnschk3=${tnschk3%)*}
+ echo "OK - reply time ${tnschk3} from $2"
+ exit "$STATE_OK"
else
- echo "No TNS Listener on $2"
- exit $STATE_CRITICAL
+ echo "No TNS Listener on $2"
+ exit "$STATE_CRITICAL"
fi
;;
--oranames)
- namesctl status $2 | awk '
+ namesctl status "$2" | awk '
/Server has been running for:/ {
- msg = "OK: Up"
- for (i = 6; i <= NF; i++) {
- msg = msg " " $i
- }
- status = '$STATE_OK'
+ msg = "OK: Up"
+ for (i = 6; i <= NF; i++) {
+ msg = msg " " $i
+ }
+ status = '"$STATE_OK"'
}
/error/ {
- msg = "CRITICAL: " $0
- status = '$STATE_CRITICAL'
+ msg = "CRITICAL: " $0
+ status = '"$STATE_CRITICAL"'
}
END {
- print msg
- exit status
+ print msg
+ exit status
}'
;;
--db)
- pmonchk=`ps -ef | grep -v grep | grep -E -c "(asm|ora)_pmon_${2}$"`
- if [ ${pmonchk} -ge 1 ] ; then
- echo "${2} OK - ${pmonchk} PMON process(es) running"
- exit $STATE_OK
+ pmonchk=$(pgrep -f "(asm|ora)_pmon_${2}$")
+ if [ "${pmonchk}" -ge 1 ] ; then
+ echo "${2} OK - ${pmonchk} PMON process(es) running"
+ exit "$STATE_OK"
#if [ -f $ORACLE_HOME/dbs/sga*${2}* ] ; then
- #if [ ${pmonchk} -eq 1 ] ; then
+ #if [ ${pmonchk} -eq 1 ] ; then
#utime=`ls -la $ORACLE_HOME/dbs/sga*$2* | cut -c 43-55`
- #echo "${2} OK - running since ${utime}"
- #exit $STATE_OK
- #fi
+ #echo "${2} OK - running since ${utime}"
+ #exit $STATE_OK
+ #fi
else
- echo "${2} Database is DOWN"
- exit $STATE_CRITICAL
+ echo "${2} Database is DOWN"
+ exit "$STATE_CRITICAL"
fi
;;
--login)
- loginchk=`sqlplus dummy/user@$2 < /dev/null`
- loginchk2=` echo $loginchk | grep -c ORA-01017`
- if [ ${loginchk2} -eq 1 ] ; then
- echo "OK - dummy login connected"
- exit $STATE_OK
+ loginchk=$(sqlplus dummy/user@"$2" < /dev/null)
+ loginchk2=$(echo "$loginchk" | grep -c ORA-01017)
+ if [ "${loginchk2}" -eq 1 ] ; then
+ echo "OK - dummy login connected"
+ exit "$STATE_OK"
else
- loginchk3=` echo "$loginchk" | grep "ORA-" | head -1`
- echo "CRITICAL - $loginchk3"
- exit $STATE_CRITICAL
+ loginchk3=$(echo "$loginchk" | grep "ORA-" | head -1)
+ echo "CRITICAL - $loginchk3"
+ exit "$STATE_CRITICAL"
fi
;;
--connect)
- connectchk=`sqlplus $2 < /dev/null`
- connectchk2=` echo $connectchk | grep -c ORA-`
- if [ ${connectchk2} -eq 0 ] ; then
- echo "OK - login successful"
- exit $STATE_OK
+ connectchk=$(sqlplus "$2" < /dev/null)
+ connectchk2=$(echo "$connectchk" | grep -c ORA-)
+ if [ "${connectchk2}" -eq 0 ] ; then
+ echo "OK - login successful"
+ exit "$STATE_OK"
else
- connectchk3=` echo "$connectchk" | grep "ORA-" | head -1`
- echo "CRITICAL - $connectchk3"
- exit $STATE_CRITICAL
+ connectchk3=$(echo "$connectchk" | grep "ORA-" | head -1)
+ echo "CRITICAL - $connectchk3"
+ exit "$STATE_CRITICAL"
fi
;;
--cache)
- if [ ${5} -gt ${6} ] ; then
- echo "UNKNOWN - Warning level is less then Crit"
- exit $STATE_UNKNOWN
+ if [ "${5}" -gt "${6}" ] ; then
+ echo "UNKNOWN - Warning level is less then Crit"
+ exit "$STATE_UNKNOWN"
fi
- result=`sqlplus -s ${3}/${4}@${2} << EOF
+ result=`sqlplus -s "${3}"/"${4}"@"${2}" << EOF
set pagesize 0
set numf '9999999.99'
select (1-(pr.value/(dbg.value+cg.value)))*100
@@ -219,48 +219,48 @@ and dbg.name='db block gets'
and cg.name='consistent gets';
EOF`
- if [ -n "`echo $result | grep ORA-`" ] ; then
- error=` echo "$result" | grep "ORA-" | head -1`
- echo "CRITICAL - $error"
- exit $STATE_CRITICAL
+ if echo "$result" | grep -q 'ORA-' ; then
+ error=$(echo "$result" | grep "ORA-" | head -1)
+ echo "CRITICAL - $error"
+ exit "$STATE_CRITICAL"
fi
- buf_hr=`echo "$result" | awk '/^[0-9\. \t]+$/ {print int($1)}'`
- buf_hrx=`echo "$result" | awk '/^[0-9\. \t]+$/ {print $1}'`
- result=`sqlplus -s ${3}/${4}@${2} << EOF
+ buf_hr=$(echo "$result" | awk '/^[0-9\. \t]+$/ {print int($1)}')
+ buf_hrx=$(echo "$result" | awk '/^[0-9\. \t]+$/ {print $1}')
+ result=`sqlplus -s "${3}"/"${4}"@"${2}" << EOF
set pagesize 0
set numf '9999999.99'
select sum(lc.pins)/(sum(lc.pins)+sum(lc.reloads))*100
from v\\$librarycache lc;
EOF`
-
- if [ -n "`echo $result | grep ORA-`" ] ; then
- error=` echo "$result" | grep "ORA-" | head -1`
- echo "CRITICAL - $error"
- exit $STATE_CRITICAL
- fi
-
- lib_hr=`echo "$result" | awk '/^[0-9\. \t]+$/ {print int($1)}'`
- lib_hrx=`echo "$result" | awk '/^[0-9\. \t]+$/ {print $1}'`
-
- if [ $buf_hr -le ${5} -o $lib_hr -le ${5} ] ; then
- echo "${2} CRITICAL - Cache Hit Rates: $lib_hrx% Lib -- $buf_hrx% Buff|lib=$lib_hrx%;${6};${5};0;100 buffer=$buf_hrx%;${6};${5};0;100"
- exit $STATE_CRITICAL
- fi
- if [ $buf_hr -le ${6} -o $lib_hr -le ${6} ] ; then
- echo "${2} WARNING - Cache Hit Rates: $lib_hrx% Lib -- $buf_hrx% Buff|lib=$lib_hrx%;${6};${5};0;100 buffer=$buf_hrx%;${6};${5};0;100"
- exit $STATE_WARNING
+
+ if echo "$result" | grep -q 'ORA-' ; then
+ error=$(echo "$result" | grep "ORA-" | head -1)
+ echo "CRITICAL - $error"
+ exit "$STATE_CRITICAL"
+ fi
+
+ lib_hr=$(echo "$result" | awk '/^[0-9\. \t]+$/ {print int($1)}')
+ lib_hrx=$(echo "$result" | awk '/^[0-9\. \t]+$/ {print $1}')
+
+ if [ "$buf_hr" -le "${5}" ] || [ "$lib_hr" -le "${5}" ] ; then
+ echo "${2} CRITICAL - Cache Hit Rates: $lib_hrx% Lib -- $buf_hrx% Buff|lib=$lib_hrx%;${6};${5};0;100 buffer=$buf_hrx%;${6};${5};0;100"
+ exit "$STATE_CRITICAL"
+ fi
+ if [ "$buf_hr" -le "${6}" ] || [ "$lib_hr" -le "${6}" ] ; then
+ echo "${2} WARNING - Cache Hit Rates: $lib_hrx% Lib -- $buf_hrx% Buff|lib=$lib_hrx%;${6};${5};0;100 buffer=$buf_hrx%;${6};${5};0;100"
+ exit "$STATE_WARNING"
fi
echo "${2} OK - Cache Hit Rates: $lib_hrx% Lib -- $buf_hrx% Buff|lib=$lib_hrx%;${6};${5};0;100 buffer=$buf_hrx%;${6};${5};0;100"
- exit $STATE_OK
+ exit "$STATE_OK"
;;
--tablespace)
- if [ ${6} -lt ${7} ] ; then
- echo "UNKNOWN - Warning level is more then Crit"
- exit $STATE_UNKNOWN
+ if [ "${6}" -lt "${7}" ] ; then
+ echo "UNKNOWN - Warning level is more then Crit"
+ exit "$STATE_UNKNOWN"
fi
- result=`sqlplus -s ${3}/${4}@${2} << EOF
+ result=`sqlplus -s "${3}"/"${4}"@"${2}" << EOF
set pagesize 0
set numf '9999999.99'
select NVL(b.free,0.0),a.total,100 - trunc(NVL(b.free,0.0)/a.total * 1000) / 10 prc
@@ -273,32 +273,32 @@ from dba_free_space group by tablespace_
ON a.tablespace_name=b.tablespace_name WHERE a.tablespace_name='${5}';
EOF`
- if [ -n "`echo $result | grep ORA-`" ] ; then
- error=` echo "$result" | grep "ORA-" | head -1`
- echo "CRITICAL - $error"
- exit $STATE_CRITICAL
+ if echo "$result" | grep -q 'ORA-' ; then
+ error=$(echo "$result" | grep "ORA-" | head -1)
+ echo "CRITICAL - $error"
+ exit "$STATE_CRITICAL"
fi
- ts_free=`echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print int($1)}'`
- ts_total=`echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print int($2)}'`
- ts_pct=`echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print int($3)}'`
- ts_pctx=`echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print $3}'`
- if [ "$ts_free" -eq 0 -a "$ts_total" -eq 0 -a "$ts_pct" -eq 0 ] ; then
+ ts_free=$(echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print int($1)}')
+ ts_total=$(echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print int($2)}')
+ ts_pct=$(echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print int($3)}')
+ ts_pctx=$(echo "$result" | awk '/^[ 0-9\.\t ]+$/ {print $3}')
+ if [ "$ts_free" -eq 0 ] && [ "$ts_total" -eq 0 ] && [ "$ts_pct" -eq 0 ] ; then
echo "No data returned by Oracle - tablespace $5 not found?"
- exit $STATE_UNKNOWN
+ exit "$STATE_UNKNOWN"
fi
- if [ "$ts_pct" -ge ${6} ] ; then
- echo "${2} : ${5} CRITICAL - $ts_pctx% used [ $ts_free / $ts_total MB available ]|${5}=$ts_pctx%;${7};${6};0;100"
- exit $STATE_CRITICAL
- fi
- if [ "$ts_pct" -ge ${7} ] ; then
- echo "${2} : ${5} WARNING - $ts_pctx% used [ $ts_free / $ts_total MB available ]|${5}=$ts_pctx%;${7};${6};0;100"
- exit $STATE_WARNING
+ if [ "$ts_pct" -ge "${6}" ] ; then
+ echo "${2} : ${5} CRITICAL - $ts_pctx% used [ $ts_free / $ts_total MB available ]|${5}=$ts_pctx%;${7};${6};0;100"
+ exit "$STATE_CRITICAL"
+ fi
+ if [ "$ts_pct" -ge "${7}" ] ; then
+ echo "${2} : ${5} WARNING - $ts_pctx% used [ $ts_free / $ts_total MB available ]|${5}=$ts_pctx%;${7};${6};0;100"
+ exit "$STATE_WARNING"
fi
echo "${2} : ${5} OK - $ts_pctx% used [ $ts_free / $ts_total MB available ]|${5}=$ts_pctx%;${7};${6};0;100"
- exit $STATE_OK
+ exit "$STATE_OK"
;;
*)
print_usage
- exit $STATE_UNKNOWN
+ exit "$STATE_UNKNOWN"
esac
Index: monitoring-plugins-2.3.1/plugins-scripts/check_sensors.sh
===================================================================
--- monitoring-plugins-2.3.1.orig/plugins-scripts/check_sensors.sh
+++ monitoring-plugins-2.3.1/plugins-scripts/check_sensors.sh
@@ -2,46 +2,46 @@
PATH="@TRUSTED_PATH@"
export PATH
-PROGNAME=`basename $0`
-PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
+PROGNAME=$(basename "$0")
+PROGPATH=$(echo "$0" | sed -e 's,[\\/][^\\/][^\\/]*$,,')
REVISION="@NP_VERSION@"
-. $PROGPATH/utils.sh
+. "$PROGPATH"/utils.sh
print_usage() {
echo "Usage: $PROGNAME" [--ignore-fault]
}
print_help() {
- print_revision $PROGNAME $REVISION
+ print_revision "$PROGNAME" "$REVISION"
echo ""
print_usage
echo ""
echo "This plugin checks hardware status using the lm_sensors package."
echo ""
support
- exit $STATE_OK
+ exit "$STATE_OK"
}
case "$1" in
--help)
print_help
- exit $STATE_OK
+ exit "$STATE_OK"
;;
-h)
print_help
- exit $STATE_OK
+ exit "$STATE_OK"
;;
--version)
- print_revision $PROGNAME $REVISION
- exit $STATE_OK
+ print_revision "$PROGNAME" "$REVISION"
+ exit "$STATE_OK"
;;
-V)
- print_revision $PROGNAME $REVISION
- exit $STATE_OK
+ print_revision "$PROGNAME" "$REVISION"
+ exit "$STATE_OK"
;;
*)
- sensordata=`sensors 2>&1`
+ sensordata=$(sensors 2>&1)
status=$?
if test ${status} -eq 127; then
text="SENSORS UNKNOWN - command not found (did you install lmsensors?)"
@@ -49,10 +49,10 @@ case "$1" in
elif test ${status} -ne 0; then
text="WARNING - sensors returned state $status"
exit=$STATE_WARNING
- elif echo ${sensordata} | egrep ALARM > /dev/null; then
+ elif echo "${sensordata}" | egrep ALARM > /dev/null; then
text="SENSOR CRITICAL - Sensor alarm detected!"
exit=$STATE_CRITICAL
- elif echo ${sensordata} | egrep FAULT > /dev/null \
+ elif echo "${sensordata}" | egrep FAULT > /dev/null \
&& test "$1" != "-i" -a "$1" != "--ignore-fault"; then
text="SENSOR UNKNOWN - Sensor reported fault"
exit=$STATE_UNKNOWN
@@ -63,8 +63,8 @@ case "$1" in
echo "$text"
if test "$1" = "-v" -o "$1" = "--verbose"; then
- echo ${sensordata}
+ echo "${sensordata}"
fi
- exit $exit
+ exit "$exit"
;;
esac
Index: monitoring-plugins-2.3.1/plugins-scripts/check_log.sh
===================================================================
--- monitoring-plugins-2.3.1.orig/plugins-scripts/check_log.sh
+++ monitoring-plugins-2.3.1/plugins-scripts/check_log.sh
@@ -60,11 +60,11 @@
PATH="@TRUSTED_PATH@"
export PATH
-PROGNAME=`basename $0`
-PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
+PROGNAME=$(basename $0)
+PROGPATH=$(echo "$0" | sed -e 's,[\\/][^\\/][^\\/]*$,,')
REVISION="@NP_VERSION@"
-. $PROGPATH/utils.sh
+. "$PROGPATH"/utils.sh
print_usage() {
echo "Usage: $PROGNAME -F logfile -O oldlog -q query"
@@ -73,7 +73,7 @@ print_usage() {
}
print_help() {
- print_revision $PROGNAME $REVISION
+ print_revision "$PROGNAME" "$REVISION"
echo ""
print_usage
echo ""
@@ -87,7 +87,7 @@ print_help() {
if [ $# -lt 1 ]; then
print_usage
- exit $STATE_UNKNOWN
+ exit "$STATE_UNKNOWN"
fi
# Grab the command line arguments
@@ -100,19 +100,19 @@ while test -n "$1"; do
case "$1" in
--help)
print_help
- exit $STATE_OK
+ exit "$STATE_OK"
;;
-h)
print_help
- exit $STATE_OK
+ exit "$STATE_OK"
;;
--version)
- print_revision $PROGNAME $REVISION
- exit $STATE_OK
+ print_revision "$PROGNAME" "$REVISION"
+ exit "$STATE_OK"
;;
-V)
- print_revision $PROGNAME $REVISION
- exit $STATE_OK
+ print_revision "$PROGNAME" "$REVISION"
+ exit "$STATE_OK"
;;
--filename)
logfile="$2"
@@ -149,7 +149,7 @@ while test -n "$1"; do
*)
echo "Unknown argument: $1"
print_usage
- exit $STATE_UNKNOWN
+ exit "$STATE_UNKNOWN"
;;
esac
shift
@@ -159,10 +159,10 @@ done
if [ ! -e "$logfile" ]; then
echo "Log check error: Log file $logfile does not exist!"
- exit $STATE_UNKNOWN
+ exit "$STATE_UNKNOWN"
elif [ ! -r "$logfile" ] ; then
echo "Log check error: Log file $logfile is not readable!"
- exit $STATE_UNKNOWN
+ exit "$STATE_UNKNOWN"
fi
# If the old log file doesn't exist, this must be the first time
@@ -172,7 +172,7 @@ fi
if [ ! -e "$oldlog" ]; then
cat "$logfile" > "$oldlog"
echo "Log check data initialized..."
- exit $STATE_OK
+ exit "$STATE_OK"
fi
# The old log file exists, so compare it to the original log now
@@ -180,9 +180,9 @@ fi
# The temporary file that the script should use while
# processing the log file.
if [ -x /bin/mktemp ]; then
- tempdiff=`/bin/mktemp /tmp/check_log.XXXXXXXXXX`
+ tempdiff=$(/bin/mktemp /tmp/check_log.XXXXXXXXXX)
else
- tempdiff=`/bin/date '+%H%M%S'`
+ tempdiff=$(/bin/date '+%H%M%S')
tempdiff="/tmp/check_log.${tempdiff}"
touch "$tempdiff"
chmod 600 "$tempdiff"
@@ -191,20 +191,20 @@ fi
diff "$logfile" "$oldlog" | grep -v "^>" > "$tempdiff"
# Count the number of matching log entries we have
-count=`grep -c "$query" "$tempdiff"`
+count=$(grep -c "$query" "$tempdiff")
# Get the last matching entry in the diff file
-lastentry=`grep "$query" "$tempdiff" | tail -1`
+lastentry=$(grep "$query" "$tempdiff" | tail -1)
rm -f "$tempdiff"
cat "$logfile" > "$oldlog"
if [ "$count" = "0" ]; then # no matches, exit with no error
echo "Log check ok - 0 pattern matches found"
- exitstatus=$STATE_OK
+ exitstatus="$STATE_OK"
else # Print total matche count and the last entry we found
echo "($count) $lastentry"
- exitstatus=$STATE_CRITICAL
+ exitstatus="$STATE_CRITICAL"
fi
-exit $exitstatus
+exit "$exitstatus"

51
monitoring-plugins.changes
View File

@@ -1,3 +1,52 @@
-------------------------------------------------------------------
Fri Nov 19 09:35:19 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de>
- recommend syslog for monitoring-plugins-log, as people probably
want to analize logs generated by (r)syslog or journald
Renamed patches:
- renamed monitoring-plugins-1.4.6-no_chown.patch to
monitoring-plugins-1.4.6-Makefile_-_no_chown.patch to make it
easier to detect the patched file
- renamed monitoring-plugins-2.1.1-check_logfile.patch to
monitoring-plugins-2.1.1-check_log_-_quoting.patch to make it
easier to detect the patched file and reason for the patch
New patches:
- added monitoring-plugins-2.3.1-check_snmp_segfaults.patch
check_snmp will segfaults at line 489 if number of lines returned
by SNMPD is greater than number of defined thresholds
-> https://github.com/monitoring-plugins/monitoring-plugins/pull/1589
- added monitoring-plugins-2.3.1-check_snmp_hang_on_STDERR_workaround.patch
When the MIBs are not quite right, snmpget outputs lots of errors on
STDERR before getting down to business.
If this is enough to fill the pipe buffer, snmpget hangs waiting for
it to be cleared, which it never will be because check_snmp is
waiting for snmpget to output something on STDOUT.
This simple fix from s2156945 for this is to read STDERR before STDOUT.
cmd_run_array from utils_cmd.c is also used by plugins/check_by_ssh
and plugins/negate but you're likely to get lots of errors or lots
of output, not both at the same time.
The real fix is probably to do a select() and read from both as
they come in.
https://github.com/monitoring-plugins/monitoring-plugins/issues/1706
- added monitoring-plugins-2.3.1-check_dhcp_-_detect_rogue_dhcp_servers.patch
feature enhancement from Patrick Cervicek for check_dhcp, which allows
to detect rogue DHCP servers. Use it with the "-x" flag, example:
./check_dhcp -s 192.168.1.1 -x
CRITICAL: Rogue DHCP Server detected! Server 192.168.1.205 offered 192.168.1.239
- added monitoring-plugins-2.3.1-check_ssh.patch , which includes patches
provided by op5, mainly around RFC 4253:4.2 and 4253:5
+ fixing a few typos
+ properly parse a (delayed) version control string
+ Handle non-alpha software versions reported by the checked service
- added monitoring-plugins-2.3.1-check_ssh.t_-_improve_testing.patch
which improves the testing of check_ssh - including the patches mentioned in
monitoring-plugins-2.3.1-check_ssh.patch
- added monitoring-plugins-2.3.1-fixing-shellcheck.patch , which fixes
some complains from shellcheck(.net):
+ quoting and parenthesis in check_log.sh, check_oracle.sh, check_sensors.sh
-------------------------------------------------------------------
Thu Sep 23 16:41:53 UTC 2021 - Franck Bui <fbui@suse.com>
@@ -6,7 +55,7 @@ Thu Sep 23 16:41:53 UTC 2021 - Franck Bui <fbui@suse.com>
-------------------------------------------------------------------
Mon Jul 26 04:05:51 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
- Remove unneeded BuildRequires on python-devel.
- Remove unneeded BuildRequires on python-devel (bsc#1191011)
-------------------------------------------------------------------
Thu Jul 1 08:34:54 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>

26
monitoring-plugins.spec
View File

@@ -62,9 +62,9 @@ Source58: nrpe-check_zombie_procs
Source59: nrpe-check_mysql
Source60: nrpe-check_ups
# PATCH-FIX-UPSTREAM Quote the options comming in from users (path names might contain whitespaces)
Patch1: %{name}-2.1.1-check_logfile.patch
# PATCH-FIX-UPSTREAM Allow to ping IPv4 with check_ping again for dual stack hosts: https://github.com/monitoring-plugins/monitoring-plugins/issues/1550
Patch6: %{name}-1.4.6-no_chown.patch
Patch1: %{name}-2.1.1-check_log_-_quoting.patch
# PATH-FIX-openSUSE - do not use/run chown in Makefile: we use RPM for this
Patch6: %{name}-1.4.6-Makefile_-_no_chown.patch
# PATCH-FIX-UPSTREAM Use correct pointer
Patch11: %{name}.check_snmp.arrayaddress.patch
# PATCH-FIX-UPSTREAM print out all arguments out a Group if in verbose mode
@@ -75,7 +75,19 @@ Patch118: %{name}.check_hpjd.c-64bit-portability-issue.patch
Patch119: monitoring-plugins-2.2-mariadb_102_build_fix.patch
# PATCH-FIX-UPSTREAM see https://bugzilla.redhat.com/512559
Patch121: %{name}-wrong_return_in_check_swap.patch
# PATCH-FIX-UPSTREAM - return ntp offset absolute (as positive value) in performance data since warn and crit are also positive values
Patch122: monitoring-plugins-2.3-check_ntp_perf_absolute.patch
# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/pull/1589
Patch123: monitoring-plugins-2.3.1-check_snmp_segfaults.patch
# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/pull/1459
Patch124: monitoring-plugins-2.3.1-fixing-shellcheck.patch
# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/pull/1322
Patch125: monitoring-plugins-2.3.1-check_ssh.patch
Patch126: monitoring-plugins-2.3.1-check_ssh.t_-_improve_testing.patch
# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/issues/1375
Patch127: monitoring-plugins-2.3.1-check_dhcp_-_detect_rogue_dhcp_servers.patch
# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/issues/1706
Patch128: monitoring-plugins-2.3.1-check_snmp_hang_on_STDERR_workaround.patch
BuildRequires: bind-utils
BuildRequires: dhcp-devel
BuildRequires: fping
@@ -683,6 +695,7 @@ Group: System/Monitoring
Requires: %{name}-common = %{version}
Provides: nagios-plugins-log = %{version}
Obsoletes: nagios-plugins-log <= 1.5
Recommends: syslog
%description log
This plugin provides a log file pattern detector - excluding old
@@ -1122,6 +1135,13 @@ done
%patch119 -p1
%patch121 -p1
%patch122 -p1
# Github patches
%patch123 -p1
%patch124 -p1
%patch125 -p1
%patch126 -p1
%patch127 -p1
%patch128 -p1
find -type f -exec chmod 644 {} +
%build