upstream/monitoring-plugins
1
0
Fork 0
mirror of https://github.com/monitoring-plugins/monitoring-plugins.git synced 2026-04-22 14:46:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed SNMPv3 behaviour of check_ifstatus. Added -P to define privprotocol (#2343438 - Robin Schroeder)

Browse source 
check_ifstatus didn't function correctly with SNMPv3. This is fixed now.
Created argument-hash for SNMP session creation. This removes redundant code.
Session creation was moved out of process_arguments() and now takes place
after setting the timeout handler.

Additionally the -P argument was added to specify the privprotocol.
This commit is contained in:
Matthias Eble 2009-06-11 17:20:55 +02:00
parent e16b35b2ca
commit edda2536e5
3 changed files with 137 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -39,8 +39,8 @@ This file documents the major additions and syntax changes between releases.
Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675)
check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds
check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster)
Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
check_ifoperstatus is now more userfriendly in case of missing arguments
Fixed SNMPv3 behaviour of check_ifoperstatus and check_ifstatus. Added -x/-P to define privprotocol (#2343438 - Robin Schroeder)
check_ifoperstatus and check_ifstatus are now more user-friendly in case of missing arguments
1.4.13 25th Sept 2008
Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen)

180
plugins-scripts/check_ifstatus.pl
View file

@ -42,7 +42,8 @@ Getopt::Long::Configure('bundling');
my $PROGNAME = "check_ifstatus";
sub print_help ();
sub usage ();
sub usage ($);
sub print_usage ();
sub process_arguments ();
@ -63,7 +64,7 @@ my $snmpoid=0;
my $key=0;
my $community = "public";
my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context);
my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
my $port = 161;
my @snmpoids;
my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7';
@ -92,6 +93,7 @@ my $opt_u;
my $opt_x ;
my %excluded ;
my @unused_ports ;
my %session_opts;
@ -115,6 +117,15 @@ if ($status != 0)
alarm($timeout);
($session, $error) = Net::SNMP->session(%session_opts);
if (!defined($session)) {
$state='UNKNOWN';
$answer=$error;
print ("$state: $answer\n");
exit $ERRORS{$state};
}
push(@snmpoids,$snmpIfOperStatus);
push(@snmpoids,$snmpIfAdminStatus);
@ -209,19 +220,25 @@ my $perfdata = sprintf("up=%d,down=%d,dormant=%d,excluded=%d,unused=%d",$ifup,$i
print ("$state: $answer |$perfdata\n");
exit $ERRORS{$state};
sub usage (){
printf "\nMissing arguments!\n";
printf "\n";
printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n";
printf "Copyright (C) 2000 Christoph Kron\n";
printf "Updates 5/2002 Subhendu Ghosh\n";
printf "\n\n";
support();
sub usage($) {
print "$_[0]\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}
sub print_help (){
sub print_usage() {
printf "\n";
printf "usage: \n";
printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n";
printf "Copyright (C) 2000 Christoph Kron\n";
printf "Updates 5/2002 Subhendu Ghosh\n";
support();
printf "\n\n";
}
sub print_help() {
print_revision($PROGNAME, '@NP_VERSION@');
print_usage();
printf "check_ifstatus plugin for Nagios monitors operational \n";
printf "status of each network interface on the target host\n";
printf "\nUsage:\n";
@ -242,14 +259,15 @@ sub print_help (){
printf " See the IANAifType-MIB for a list of interface types.\n";
printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n";
printf " -U (--secname) username for SNMPv3 context\n";
printf " -c (--context) SNMPv3 context name (default is empty string)";
printf " -c (--context) SNMPv3 context name (default is empty string)\n";
printf " -A (--authpass) authentication password (cleartext ascii or localized key\n";
printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " auth password and authEngineID\n";
printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n";
printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n";
printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " privacy password and authEngineID\n";
printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n";
printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n";
printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n";
printf " -V (--version) Plugin version\n";
@ -269,6 +287,7 @@ sub process_arguments() {
"U=s" => \$secname, "secname=s" => \$secname,
"A=s" => \$authpass, "authpass=s" => \$authpass,
"X=s" => \$privpass, "privpass=s" => \$privpass,
"P=s" => \$privproto, "privproto=s" => \$privproto,
"c=s" => \$context, "context=s" => \$context,
"p=i" =>\$port, "port=i" => \$port,
"H=s" => \$hostname, "hostname=s" => \$hostname,
@ -280,9 +299,10 @@ sub process_arguments() {
);
if ($status == 0){
print_help() ;
print_help();
exit $ERRORS{'OK'};
}
if ($opt_V) {
print_revision($PROGNAME,'@NP_VERSION@');
exit $ERRORS{'OK'};
@ -297,68 +317,75 @@ sub process_arguments() {
$timeout = $TIMEOUT;
}
if ($snmp_version !~ /[123]/){
$state='UNKNOWN';
print ("$state: No support for SNMP v$snmp_version yet\n");
exit $ERRORS{$state};
}
%session_opts = (
-hostname => $hostname,
-port => $port,
-version => $snmp_version,
-maxmsgsize => $maxmsgsize
);
$session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
if ($snmp_version =~ /3/ ) {
# Must define a security level even though default is noAuthNoPriv
# v3 requires a security username
if (defined $seclevel && defined $secname) {
if (defined $seclevel && defined $secname) {
$session_opts{'-username'} = $secname;
# Must define a security level even though defualt is noAuthNoPriv
unless ($seclevel eq ('noAuthNoPriv' || 'authNoPriv' || 'authPriv' ) ) {
usage();
exit $ERRORS{"UNKNOWN"};
unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
usage("Must define a valid security level even though default is noAuthNoPriv");
}
# Authentication wanted
if ($seclevel eq ('authNoPriv' || 'authPriv') ) {
unless ($authproto eq ('MD5' || 'SHA1') ) {
usage();
exit $ERRORS{"UNKNOWN"};
if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') {
usage("Auth protocol can be either MD5 or SHA1");
}
$session_opts{'-authprotocol'} = $authproto if(defined $authproto);
if ( !defined $authpass) {
usage();
exit $ERRORS{"UNKNOWN"};
usage("Auth password/key is not defined");
}else{
if ($authpass =~ /^0x/ ) {
$auth = "-authkey => $authpass" ;
$session_opts{'-authkey'} = $authpass ;
}else{
$auth = "-authpassword => $authpass";
$session_opts{'-authpassword'} = $authpass ;
}
}
}
# Privacy (DES encryption) wanted
if ($seclevel eq 'authPriv' ) {
if ($seclevel eq 'authPriv' ) {
if (! defined $privpass) {
usage();
exit $ERRORS{"UNKNOWN"};
usage("Privacy passphrase/key is not defined");
}else{
if ($privpass =~ /^0x/){
$priv = "-privkey => $privpass";
$session_opts{'-privkey'} = $privpass;
}else{
$priv = "-privpassword => $privpass";
$session_opts{'-privpassword'} = $privpass;
}
}
$session_opts{'-privprotocol'} = $privproto if(defined $privproto);
}
# Context name defined or default
unless ( defined $context) {
$context = "";
}
}else {
usage();
exit $ERRORS{'UNKNOWN'}; ;
usage("Security level or name is not defined");
}
} # end snmpv3
# for snmp v1 & v2c we default to community = "public"
# Excluded interfaces types (ifType) (backup interfaces, dial-on demand interfaces, PPP interfaces
if (defined $opt_x) {
my @x = split(/,/, $opt_x);
@ -380,79 +407,16 @@ sub process_arguments() {
}
if (! utils::is_hostname($hostname)){
usage();
usage("Hostname invalid or not given");
exit $ERRORS{"UNKNOWN"};
}
# create SNMP session handle based on options passed.
if ( ! $snmp_version ) {
$snmp_version =1 ;
}else{
if ( $snmp_version =~ /[12]/ ) {
($session, $error) = Net::SNMP->session(
-hostname => $hostname,
-community => $community,
-port => $port,
-version => $snmp_version,
-maxmsgsize => $maxmsgsize
);
if (!defined($session)) {
$state='UNKNOWN';
$answer=$error;
print ("$state: $answer");
exit $ERRORS{$state};
}
}elsif ( $snmp_version =~ /3/ ) {
if ($seclevel eq 'noAuthNoPriv') {
($session, $error) = Net::SNMP->session(
-hostname => $hostname,
-port => $port,
-version => $snmp_version,
-username => $secname,
);
}elsif ( $seclevel eq 'authNoPriv' ) {
($session, $error) = Net::SNMP->session(
-hostname => $hostname,
-port => $port,
-version => $snmp_version,
-username => $secname,
-authprotocol => $authproto,
$auth
);
}elsif ($seclevel eq 'authPriv' ) {
($session, $error) = Net::SNMP->session(
-hostname => $hostname,
-port => $port,
-version => $snmp_version,
-username => $secname,
-authprotocol => $authproto,
$auth,
$priv
);
}
if (!defined($session)) {
$state='UNKNOWN';
$answer=$error;
print ("$state: $answer");
exit $ERRORS{$state};
}
}else{
if ($snmp_version !~ /[123]/) {
$state='UNKNOWN';
print ("$state: No support for SNMP v$snmp_version yet\n");
exit $ERRORS{$state};
}
}
return $ERRORS{"OK"};
}

63
plugins-scripts/t/check_ifstatus.t Normal file
View file

@ -0,0 +1,63 @@
#! /usr/bin/perl -w -I ..
#
# SNMP Test via check_ifoperstatus
#
#
use strict;
use Test::More;
use NPTest;
my $tests = 9;
plan tests => $tests;
my $res;
my $plugin = "check_ifstatus";
SKIP: {
skip "$plugin is not created", $tests if ( ! -x $plugin );
my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost",
"A host providing an SNMP Service");
my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public",
"The SNMP Community string for SNMP Testing (assumes snmp v1)" );
my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
"The hostname of system not responsive to network requests" );
my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
"An invalid (not known to DNS) hostname" );
$res = NPTest->testCmd( "./$plugin" );
is( $res->return_code, 3, "No arguments" );
like( $res->output, '/usage/', "Output contains usage" );
$res = NPTest->testCmd( "./$plugin -H fakehost -v 3 --seclevel rubbish --secname foobar" );
is( $res->return_code, 3, "invalid seclevel" );
like( $res->output, "/Must define a valid security level/", "Output contains 'Must define a valid security level'" );
SKIP: {
skip "no snmp host defined", 2 if ( ! $host_snmp );
$res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community ");
like($res->output, '/^.*host.*interfaces up/', "String contains host.*interfaces up");
$res = NPTest->testCmd( "./$plugin -H $host_snmp -C rubbish");
cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL for community 'rubbish'" );
}
SKIP: {
skip "no non responsive host defined", 1 if ( ! $host_nonresponsive );
$res = NPTest->testCmd( "./$plugin -H $host_nonresponsive -C $snmp_community");
cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
}
SKIP: {
skip "no invalid host defined", 2 if ( ! $hostname_invalid );
$res = NPTest->testCmd( "./$plugin -H $hostname_invalid -C $snmp_community");
cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with invalid host" );
like($res->output, "/Unable to resolve.*$hostname_invalid/", "String matches unable to resolve.*$hostname_invalid");
}
}