using check_curl on a probably embedded device responding as 'Server: GoAhead-Webs'
%> check_curl -H ... -S -vvv
> GET / HTTP/1.1
Host: ...
User-Agent: check_curl/v2.4.0 (monitoring-plugins 2.4.0, libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0)
Accept: */*
Connection: close
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 302 Redirect
< Server: GoAhead-Webs
< Date: Tue Mar 26 17:57:16 2019
< Cache-Control: no-cache, no-store, must-revalidate,private
< Pragma: no-cache
< Expires: 0
< Content-Type: text/html
< X-Frame-Options: sameorigin
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Location: https://...
<
* OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
* Closing connection 0
reading the discussion on https://github.com/openssl/openssl/discussions/22690 suggest to set the option SSL_OP_IGNORE_UNEXPECTED_EOF
which makes check_curl behave like check_http at this point.
Since this is a rather new flag, fencing it in ifdefs.
And since there can only be one ssl ctx function, we need to move both tasks into one function.
Variables only used in that specific translation unit should be static
to actually communicate that fact.
Also allows the compiler to detect unused (global) variables.
Previous to this commit, `elapsed_time` was only set after being read,
which was quite likely wrong and a bug.
This commit actually set the value before it is being read again.
Previously the --state-regex option accepted only "critical" and
"warning" as values.
This commit changes the strcmp there to strcasecmp to be more tolerant
regarding the input.
The help output of `check-curl` contained a typo,
the real option is `state-regex` and not `regex-state` as
the help suggests.
Also added the two possible options to avoid confusion.
From the mere help output for -C / --certificate, I was confused about
what its two integer parameters do. Unfortunately, I also missed out on
the explaining examples later. Since I like to have basic documentation
for each flag, I tried to make the arguments as short as possible.
The other fix was one hyphen too many for the --cookie-jar option.
Having a webserver respond with a relative redirect as for ex. in `Location: /path/to.html`
check_curl would use the wrong standard http/https port instead
of crafting the absolute url using the given scheme/hostname and port.
Adding a new test case for this for check_http and check_curl. check_http did
it correct already, so no fix necessary there.
before:
%>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv
**** HEADER ****
HTTP/1.1 302 Found
...
Location: /redirect2
...
* Seen redirect location /redirect2
** scheme: (null)
** host: (null)
** port: (null)
** path: /redirect2
Redirection to http://127.0.0.1:80/redirect2
fixed:
%>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv
**** HEADER ****
HTTP/1.1 302 Found
...
Location: /redirect2
...
* Seen redirect location /redirect2
** scheme: (null)
** host: (null)
** port: (null)
** path: /redirect2
Redirection to http://127.0.0.1:50493/redirect2
Signed-off-by: Sven Nierlein <sven@nierlein.de>
adaugherity noticed in issue #1965, that HAVE_PROC_LOADAVG is never
defined since the symbol was removed from configure quite some time ago.
This commit removes the dead code which would be used when the symbol
would have been defined.
* check_disk: Fail on missing arguments for --warning and --critical
* Add new test function for percentage expressions and use it in check_disk
* Add error abort in tests if they fail to parse output
* Fix typo in test which probably broke the test since forever :-(
* check_ssh: properly parse a delayed version control string
This resolves an issue with SSH servers which do not respond with their
version control string as the first thing in the SSH protocol version
exchange phase after connection establishment.
This patch also makes sure that we disregard a potential comment in the
version exchange string to avoid nonsense mismatches. In the future, we
might want to add the capability to match against a user specified comment.
In addition, the patch largely improves the communication towards the
server, which adds better protocol adherence.
Of course, new test cases are added to support the trigger and guard
against regressions of the bugs solved by this patch.
This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* check_ssh.t: Fix a few typos
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* check_ssh: Handle non-alpha software versions
This patch fixes a bug where we would reject version control strings
that do not contain letters, because the assumption is made that they
always do. This is not required by the RFC however, and there exist
implementations that do not contain letters.
I've also added a few references to the RFC to make the process of
parsing the control string more apparent.
This fixes op5#8716 (https://bugs.op5.com/view.php?id=8716)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* check_ssh: Fix a typo in "remote-protocol parameter
remote-protcol -> remote-protocol
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* Remove unused variable
* Formating fixes
* Update translations
* Remove merge conflict artefact from previous merge
* Set fixed include paths
* Improve code style to be slightly more readable
* Update test cases for different netcat behaviour and reduce sleep time
---------
Signed-off-by: Anton Lofgren <alofgren@op5.com>
Co-authored-by: Anton Lofgren <alofgren@op5.com>
* check_swap: Change another fake boolen to a real one
* check_swap: Rename type since *_t is reserved for C standard types
* check_swap: Update copyright
* check_nwstat: adds percentage used space
This adds the new VPU parameter to the check_nwstat plugin.
This parameter returns the percentage used space on a Netware volume.
Now you can monitor your Netware volumes easy. We use it with a warning
85% and critical 90%.
eg: check_nwstat -H your.netware.host -v VPUvol1 -c 85 -w 90 returns
324653 MB (95%) used on volume vol1 - total 340212 MB|Used space in percent
on vol1=95;90;80;0;100.
* check_nwstat: Fixing whitespaces and tabs
* Update translation files
* check_nwstat: Use C99 booleans also with the patch
* Some formatting
---------
Co-authored-by: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
* check_disk increase alert precision
Free disk percentage value was rounded to a full integer meaning it alerted about ~1% percent too early. This is about 10GB on a 1TB disk.
The warning and critical thresholds already support float values, so just the percentage calculation needs to be improved.
old:
./check_disk -w 35% -c 20% -p / -f -vvv
Thresholds(pct) for / warn: 35.000000 crit 20.000000
calling stat on /
For /, used_pct=65 free_pct=35 used_units=286451 free_units=156651 total_units=443102 used_inodes_pct=11 free_inodes_pct=89 fsp.fsu_blocksize=4096 mult=1048576
Freespace_units result=0
Freespace% result=1
Usedspace_units result=0
Usedspace_percent result=0
Usedinodes_percent result=0
Freeinodes_percent result=0
DISK WARNING - free space: WARNING [ / 156651MiB (35% inode=89%)];| /=300365643776B;302006979788;371700898201;0;464626122752
new:
./check_disk -w 35% -c 20% -p / -f -vvv
Thresholds(pct) for / warn: 35.000000 crit 20.000000
calling stat on /
For /, used_pct=64.649722 free_pct=35.350278 used_units=286464 free_units=156637 total_units=443102 used_inodes_pct=10.016183 free_inodes_pct=89.983817 fsp.fsu_blocksize=4096 mult=1048576
Freespace_units result=0
Freespace% result=0
Usedspace_units result=0
Usedspace_percent result=0
Usedinodes_percent result=0
Freeinodes_percent result=0
DISK OK - free space: / 156637MiB (35.4% inode=90%);| /=300379275264B;302006979788;371700898201;0;464626122752
* check_disk: adjust test case to support float precision
On systems with higher core counts check_procs will occasionally see
its own "ps" child process with a high CPU percentage and raise a
false alarm.
Ignoring the child processes of check_procs prevents this from happening.
Using --ignore-missing together with regex matching and ignore option lead
to a wrong error message.
./check_disk -n -w 10% -c 5% -W 10% -r /dummy -i /dummy2
DISK UNKNOWN: Paths need to be selected before using -i/-I. Use -A to select all paths explicitly
The use case here is a cluster with fail-over mounts. So it is a valid situation that
the regex match does not find anything in addtition with a ignore which also does not exist.
After this patch:
./check_disk -n -w 10% -c 5% -W 10% -r /dummy -i /dummy2
DISK OK - No disks were found for provided parameters|
autoupdate tells me, that since C89 I can safely assume RETSIGTYPE
is void.
Therefore to simplify things I removed the corresponding configure.ac
line and replaced all mentions of RETSIGTYPE with void.
Otherwise -s/--ssl would overwrite a port given with -p if it comes
after it, e. g.
check_smtp -H mailhost.example.com -p 4465 --ssl
Found-By: Lorenz Kästle
Prefer systemd-logind over utmp to get the number of logged in users.
utmp is not reliable for this (e.g. some terminals create utmp entries,
other not) and utmp is not Y2038 safe with glibc on Linux.
This enables checks of SMTP servers that expect the haproxy
PROXY protocol: -o smtpd_upstream_proxy_protocol=haproxy.
Backported from nagios-plugins:
3246efe923
* lib/utils_base.c
* plugins/check_curl.c
* plugins-root/check_dhcp.c
Removed a line which theoretically can not do anything, but there was
comment which indicated something else. Still trying this though.
