From dimmumeister at gmail.com Sun Mar 1 22:54:59 2009 From: dimmumeister at gmail.com (hamouda) Date: Sun, 1 Mar 2009 22:54:59 +0100 Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris In-Reply-To: <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> References: <8b1d85200902280012h69f75e4cv1fd52a9a0d83b27a@mail.gmail.com> <8b1d85200902281509k53d97693x2e5d9b82863c33ea@mail.gmail.com> <8b1d85200902282353w147efc73ye5a75cb244e8ea8c@mail.gmail.com> <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> Message-ID: <8b1d85200903011354y34ccaf1dqc1fdea8529253171@mail.gmail.com> I think that developping a plugin to setup iptables through nagios can't be done because : first : nagios runs as the user nagios which has not a root privileges to modify iptables second : the nagios plugins returns a significant code between 0 and 3 wich indicates the state of the service third : nagios is meant to be for monitoring and nothing else. any other ideas ? Am I mistaken?? thx 4 replying > 2009/3/1 hamouda : >> Thx 4 answering. >> If I manage developping any plugin I'll tell you about it :) >> >> 2009/3/1 Ovidiu Marcu : >>> Hi, >>> >>> You can do a lot with nagios. >>> For example : I'm monitoring if the time is synchronized on ?servers, and if it is not, nagios automatically restarts ntpd on the server that is not in sync. >>> I've learned how to do script by looking at other scripts made in perl, and by learning perl by myself. >>> You can find plugins on the internet for almost everything. >>> >>> >>> Viele Gr??e, >>> >>> ServiceDesk_TDN >>> Ovidiu Marcu >>> >>> -----Original Message----- >>> From: hamouda [mailto:dimmumeister at gmail.com] >>> Sent: Sunday, March 01, 2009 1:10 AM >>> To: Ovidiu Marcu >>> Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >>> >>> I know that it is used for monitoring stuff but I'm wondering if I can >>> use it for administration by developping my own scripts. >>> any idea?? >>> >>> 2009/2/28 Ovidiu Marcu : >>>> Hi, >>>> >>>> Nagios is used for monitoring stuff :) >>>> I usually monitor the logs, or if there are changes in the configurations. >>>> To check small configuration changes, I usually make my own scripts in perl. >>>> >>>> Viele Gr??e, >>>> >>>> ServiceDesk_TDN >>>> Ovidiu Marcu >>>> >>>> >>>> -----Original Message----- >>>> From: hamouda [mailto:dimmumeister at gmail.com] >>>> Sent: Saturday, February 28, 2009 10:13 AM >>>> To: nagiosplug-devel at lists.sourceforge.net >>>> Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >>>> >>>> Hi everyone, I am a newbie in the nagios world and I'm trying to >>>> develop plugins for nagios to administrate >>>> iptables,snort,acid,clamav,nessus and osiris. >>>> Have anyone already tried doing this or have anyone any idea if what >>>> I'm trying to do is doable?? >>>> Any tutorials for plugin developping ?? >>>> Thx for answering :) >>>> -- >>>> being selfish won't help you progressing, learn & share that's the >>>> point. Give a hand in the forums to help the others & urself; >>>> http://www.fedora-tunisia.org/ >>>> http://forums.fedora-fr.org/ >>>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >>>> >>>> ------------------------------------------------------------------------------ >>>> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >>>> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >>>> -Strategies to boost innovation and cut costs with open source participation >>>> -Receive a $600 discount off the registration fee with the source code: SFAD >>>> http://p.sf.net/sfu/XcvMzF8H >>>> _______________________________________________________ >>>> Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net >>>> Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel >>>> ::: Please include plugins version (-v) and OS when reporting any issue. >>>> ::: Messages without supporting info will risk being sent to /dev/null >>>> >>> >>> >>> >>> -- >>> being selfish won't help you progressing, learn & share that's the >>> point. Give a hand in the forums to help the others & urself; >>> http://www.fedora-tunisia.org/ >>> http://forums.fedora-fr.org/ >>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >>> >> >> >> >> -- >> being selfish won't help you progressing, learn & share that's the >> point. Give a hand in the forums to help the others & urself; >> http://www.fedora-tunisia.org/ >> http://forums.fedora-fr.org/ >> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >> > > > > -- > being selfish won't help you progressing, learn & share that's the > point. Give a hand in the forums to help the others & urself; > http://www.fedora-tunisia.org/ > http://forums.fedora-fr.org/ > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > -- being selfish won't help you progressing, learn & share that's the point. Give a hand in the forums to help the others & urself; http://www.fedora-tunisia.org/ http://forums.fedora-fr.org/ http://fedora.kiewel-online.de/repoview/linux/releases/7/ From dimmumeister at gmail.com Sun Mar 1 22:53:19 2009 From: dimmumeister at gmail.com (hamouda) Date: Sun, 1 Mar 2009 22:53:19 +0100 Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris In-Reply-To: <8b1d85200902282353w147efc73ye5a75cb244e8ea8c@mail.gmail.com> References: <8b1d85200902280012h69f75e4cv1fd52a9a0d83b27a@mail.gmail.com> <8b1d85200902281509k53d97693x2e5d9b82863c33ea@mail.gmail.com> <8b1d85200902282353w147efc73ye5a75cb244e8ea8c@mail.gmail.com> Message-ID: <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> I think that developping a plugin to setup iptables through nagios can't be done because : first : nagios runs as the user nagios which has not a root privileges to modify iptables second : the nagios plugins returns a significant code between 0 and 3 wich indicates the state of the service third : nagios is meant to be for monitoring and nothing else. any other ideas ? Am I mistaken?? thx 4 replying 2009/3/1 hamouda : > Thx 4 answering. > If I manage developping any plugin I'll tell you about it :) > > 2009/3/1 Ovidiu Marcu : >> Hi, >> >> You can do a lot with nagios. >> For example : I'm monitoring if the time is synchronized on ?servers, and if it is not, nagios automatically restarts ntpd on the server that is not in sync. >> I've learned how to do script by looking at other scripts made in perl, and by learning perl by myself. >> You can find plugins on the internet for almost everything. >> >> >> Viele Gr??e, >> >> ServiceDesk_TDN >> Ovidiu Marcu >> >> -----Original Message----- >> From: hamouda [mailto:dimmumeister at gmail.com] >> Sent: Sunday, March 01, 2009 1:10 AM >> To: Ovidiu Marcu >> Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >> >> I know that it is used for monitoring stuff but I'm wondering if I can >> use it for administration by developping my own scripts. >> any idea?? >> >> 2009/2/28 Ovidiu Marcu : >>> Hi, >>> >>> Nagios is used for monitoring stuff :) >>> I usually monitor the logs, or if there are changes in the configurations. >>> To check small configuration changes, I usually make my own scripts in perl. >>> >>> Viele Gr??e, >>> >>> ServiceDesk_TDN >>> Ovidiu Marcu >>> >>> >>> -----Original Message----- >>> From: hamouda [mailto:dimmumeister at gmail.com] >>> Sent: Saturday, February 28, 2009 10:13 AM >>> To: nagiosplug-devel at lists.sourceforge.net >>> Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >>> >>> Hi everyone, I am a newbie in the nagios world and I'm trying to >>> develop plugins for nagios to administrate >>> iptables,snort,acid,clamav,nessus and osiris. >>> Have anyone already tried doing this or have anyone any idea if what >>> I'm trying to do is doable?? >>> Any tutorials for plugin developping ?? >>> Thx for answering :) >>> -- >>> being selfish won't help you progressing, learn & share that's the >>> point. Give a hand in the forums to help the others & urself; >>> http://www.fedora-tunisia.org/ >>> http://forums.fedora-fr.org/ >>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >>> >>> ------------------------------------------------------------------------------ >>> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >>> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >>> -Strategies to boost innovation and cut costs with open source participation >>> -Receive a $600 discount off the registration fee with the source code: SFAD >>> http://p.sf.net/sfu/XcvMzF8H >>> _______________________________________________________ >>> Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net >>> Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel >>> ::: Please include plugins version (-v) and OS when reporting any issue. >>> ::: Messages without supporting info will risk being sent to /dev/null >>> >> >> >> >> -- >> being selfish won't help you progressing, learn & share that's the >> point. Give a hand in the forums to help the others & urself; >> http://www.fedora-tunisia.org/ >> http://forums.fedora-fr.org/ >> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >> > > > > -- > being selfish won't help you progressing, learn & share that's the > point. Give a hand in the forums to help the others & urself; > http://www.fedora-tunisia.org/ > http://forums.fedora-fr.org/ > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > -- being selfish won't help you progressing, learn & share that's the point. Give a hand in the forums to help the others & urself; http://www.fedora-tunisia.org/ http://forums.fedora-fr.org/ http://fedora.kiewel-online.de/repoview/linux/releases/7/ From Ovidiu.Marcu at tdn.de Mon Mar 2 09:25:40 2009 From: Ovidiu.Marcu at tdn.de (Ovidiu Marcu) Date: Mon, 2 Mar 2009 09:25:40 +0100 Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris In-Reply-To: <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> References: <8b1d85200902280012h69f75e4cv1fd52a9a0d83b27a@mail.gmail.com> <8b1d85200902281509k53d97693x2e5d9b82863c33ea@mail.gmail.com> <8b1d85200902282353w147efc73ye5a75cb244e8ea8c@mail.gmail.com> <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> Message-ID: Hi, You can give rights to user nagios from /etc/sudoers so you can do anything with nagios ;) Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu -----Original Message----- From: hamouda [mailto:dimmumeister at gmail.com] Sent: Sunday, March 01, 2009 11:53 PM To: Ovidiu Marcu; nagiosplug-devel at lists.sourceforge.net Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris I think that developping a plugin to setup iptables through nagios can't be done because : first : nagios runs as the user nagios which has not a root privileges to modify iptables second : the nagios plugins returns a significant code between 0 and 3 wich indicates the state of the service third : nagios is meant to be for monitoring and nothing else. any other ideas ? Am I mistaken?? thx 4 replying 2009/3/1 hamouda : > Thx 4 answering. > If I manage developping any plugin I'll tell you about it :) > > 2009/3/1 Ovidiu Marcu : >> Hi, >> >> You can do a lot with nagios. >> For example : I'm monitoring if the time is synchronized on ?servers, and if it is not, nagios automatically restarts ntpd on the server that is not in sync. >> I've learned how to do script by looking at other scripts made in perl, and by learning perl by myself. >> You can find plugins on the internet for almost everything. >> >> >> Viele Gr??e, >> >> ServiceDesk_TDN >> Ovidiu Marcu >> >> -----Original Message----- >> From: hamouda [mailto:dimmumeister at gmail.com] >> Sent: Sunday, March 01, 2009 1:10 AM >> To: Ovidiu Marcu >> Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >> >> I know that it is used for monitoring stuff but I'm wondering if I can >> use it for administration by developping my own scripts. >> any idea?? >> >> 2009/2/28 Ovidiu Marcu : >>> Hi, >>> >>> Nagios is used for monitoring stuff :) >>> I usually monitor the logs, or if there are changes in the configurations. >>> To check small configuration changes, I usually make my own scripts in perl. >>> >>> Viele Gr??e, >>> >>> ServiceDesk_TDN >>> Ovidiu Marcu >>> >>> >>> -----Original Message----- >>> From: hamouda [mailto:dimmumeister at gmail.com] >>> Sent: Saturday, February 28, 2009 10:13 AM >>> To: nagiosplug-devel at lists.sourceforge.net >>> Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >>> >>> Hi everyone, I am a newbie in the nagios world and I'm trying to >>> develop plugins for nagios to administrate >>> iptables,snort,acid,clamav,nessus and osiris. >>> Have anyone already tried doing this or have anyone any idea if what >>> I'm trying to do is doable?? >>> Any tutorials for plugin developping ?? >>> Thx for answering :) >>> -- >>> being selfish won't help you progressing, learn & share that's the >>> point. Give a hand in the forums to help the others & urself; >>> http://www.fedora-tunisia.org/ >>> http://forums.fedora-fr.org/ >>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >>> >>> ------------------------------------------------------------------------------ >>> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >>> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >>> -Strategies to boost innovation and cut costs with open source participation >>> -Receive a $600 discount off the registration fee with the source code: SFAD >>> http://p.sf.net/sfu/XcvMzF8H >>> _______________________________________________________ >>> Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net >>> Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel >>> ::: Please include plugins version (-v) and OS when reporting any issue. >>> ::: Messages without supporting info will risk being sent to /dev/null >>> >> >> >> >> -- >> being selfish won't help you progressing, learn & share that's the >> point. Give a hand in the forums to help the others & urself; >> http://www.fedora-tunisia.org/ >> http://forums.fedora-fr.org/ >> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >> > > > > -- > being selfish won't help you progressing, learn & share that's the > point. Give a hand in the forums to help the others & urself; > http://www.fedora-tunisia.org/ > http://forums.fedora-fr.org/ > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > -- being selfish won't help you progressing, learn & share that's the point. Give a hand in the forums to help the others & urself; http://www.fedora-tunisia.org/ http://forums.fedora-fr.org/ http://fedora.kiewel-online.de/repoview/linux/releases/7/ From dimmumeister at gmail.com Mon Mar 2 11:07:00 2009 From: dimmumeister at gmail.com (hamouda) Date: Mon, 2 Mar 2009 11:07:00 +0100 Subject: [Nagiosplug-devel] Re : Iptables,snort,acid,clamav,nessus,osiris In-Reply-To: References: <8b1d85200902280012h69f75e4cv1fd52a9a0d83b27a@mail.gmail.com> <8b1d85200902281509k53d97693x2e5d9b82863c33ea@mail.gmail.com> <8b1d85200902282353w147efc73ye5a75cb244e8ea8c@mail.gmail.com> <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> Message-ID: <8b1d85200903020207u7b72813cyccad25c9dba1595@mail.gmail.com> yes I know about that but I'm trying to make it more secure and put the nagios user in a "jail" but I don't know how to do it. can u please tell me more about developping plugin for nagios to administrate iptables because I just found a check_iptables plugin to know the status of iptbales on a remote host. Right I'm going to develop a perl script to manipulate the iptables rules from the shell, then host the cgi script by an apache server to test it. And then I look forward to add it as a plugin to nagios. Is it doable?? Thx :) Looking forward to your answer :) 2009/3/2, Ovidiu Marcu : > Hi, > > You can give rights to user nagios from /etc/sudoers so you can do anything > with nagios ;) > > > Viele Gr??e, > > ServiceDesk_TDN > Ovidiu Marcu > > > -----Original Message----- > From: hamouda [mailto:dimmumeister at gmail.com] > Sent: Sunday, March 01, 2009 11:53 PM > To: Ovidiu Marcu; nagiosplug-devel at lists.sourceforge.net > Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris > > I think that developping a plugin to setup iptables through nagios > can't be done because : > first : nagios runs as the user nagios which has not a root > privileges to modify iptables > second : the nagios plugins returns a significant code between 0 and 3 > wich indicates the state of the service > third : nagios is meant to be for monitoring and nothing else. > any other ideas ? > Am I mistaken?? > thx 4 replying > > 2009/3/1 hamouda : >> Thx 4 answering. >> If I manage developping any plugin I'll tell you about it :) >> >> 2009/3/1 Ovidiu Marcu : >>> Hi, >>> >>> You can do a lot with nagios. >>> For example : I'm monitoring if the time is synchronized on ?servers, and >>> if it is not, nagios automatically restarts ntpd on the server that is >>> not in sync. >>> I've learned how to do script by looking at other scripts made in perl, >>> and by learning perl by myself. >>> You can find plugins on the internet for almost everything. >>> >>> >>> Viele Gr??e, >>> >>> ServiceDesk_TDN >>> Ovidiu Marcu >>> >>> -----Original Message----- >>> From: hamouda [mailto:dimmumeister at gmail.com] >>> Sent: Sunday, March 01, 2009 1:10 AM >>> To: Ovidiu Marcu >>> Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >>> >>> I know that it is used for monitoring stuff but I'm wondering if I can >>> use it for administration by developping my own scripts. >>> any idea?? >>> >>> 2009/2/28 Ovidiu Marcu : >>>> Hi, >>>> >>>> Nagios is used for monitoring stuff :) >>>> I usually monitor the logs, or if there are changes in the >>>> configurations. >>>> To check small configuration changes, I usually make my own scripts in >>>> perl. >>>> >>>> Viele Gr??e, >>>> >>>> ServiceDesk_TDN >>>> Ovidiu Marcu >>>> >>>> >>>> -----Original Message----- >>>> From: hamouda [mailto:dimmumeister at gmail.com] >>>> Sent: Saturday, February 28, 2009 10:13 AM >>>> To: nagiosplug-devel at lists.sourceforge.net >>>> Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris >>>> >>>> Hi everyone, I am a newbie in the nagios world and I'm trying to >>>> develop plugins for nagios to administrate >>>> iptables,snort,acid,clamav,nessus and osiris. >>>> Have anyone already tried doing this or have anyone any idea if what >>>> I'm trying to do is doable?? >>>> Any tutorials for plugin developping ?? >>>> Thx for answering :) >>>> -- >>>> being selfish won't help you progressing, learn & share that's the >>>> point. Give a hand in the forums to help the others & urself; >>>> http://www.fedora-tunisia.org/ >>>> http://forums.fedora-fr.org/ >>>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >>>> >>>> ------------------------------------------------------------------------------ >>>> Open Source Business Conference (OSBC), March 24-25, 2009, San >>>> Francisco, CA >>>> -OSBC tackles the biggest issue in open source: Open Sourcing the >>>> Enterprise >>>> -Strategies to boost innovation and cut costs with open source >>>> participation >>>> -Receive a $600 discount off the registration fee with the source code: >>>> SFAD >>>> http://p.sf.net/sfu/XcvMzF8H >>>> _______________________________________________________ >>>> Nagios Plugin Development Mailing List >>>> Nagiosplug-devel at lists.sourceforge.net >>>> Unsubscribe at >>>> https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel >>>> ::: Please include plugins version (-v) and OS when reporting any issue. >>>> ::: Messages without supporting info will risk being sent to /dev/null >>>> >>> >>> >>> >>> -- >>> being selfish won't help you progressing, learn & share that's the >>> point. Give a hand in the forums to help the others & urself; >>> http://www.fedora-tunisia.org/ >>> http://forums.fedora-fr.org/ >>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >>> >> >> >> >> -- >> being selfish won't help you progressing, learn & share that's the >> point. Give a hand in the forums to help the others & urself; >> http://www.fedora-tunisia.org/ >> http://forums.fedora-fr.org/ >> http://fedora.kiewel-online.de/repoview/linux/releases/7/ >> > > > > -- > being selfish won't help you progressing, learn & share that's the > point. Give a hand in the forums to help the others & urself; > http://www.fedora-tunisia.org/ > http://forums.fedora-fr.org/ > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > -- being selfish won't help you progressing, learn & share that's the point. Give a hand in the forums to help the others & urself; http://www.fedora-tunisia.org/ http://forums.fedora-fr.org/ http://fedora.kiewel-online.de/repoview/linux/releases/7/ From Ovidiu.Marcu at tdn.de Mon Mar 2 12:31:06 2009 From: Ovidiu.Marcu at tdn.de (Ovidiu Marcu) Date: Mon, 2 Mar 2009 12:31:06 +0100 Subject: [Nagiosplug-devel] loading environment variables to nagios Message-ID: Hello, Is there a way to load environment variables to nagios? I have set up check_oracle_health in my nagios but it does not work: Nagios gives me the following message: CRITICAL - cannot connect to nagios. ORA-12154: TNS:could not resolve the connect identifier specified (DBD ERROR: OCIServerAttach) Which means that nagios cannot find the environment variable TNS_ADMIN which I have defined in /etc/profiles If I try manually as user nagios I get: [nagios at nagios root]$ /usr/local/nagios/plugins/check_oracle_health --connect=nagios --user=nagios --password=pass --mode=tnsping OK - connection established to nagios. The TNS_ADMIN env seems to be ok: [nagios at nagios root]$ echo $TNS_ADMIN /usr/lib/oracle/11.1/client64/bin/network/admin Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at newio.org Mon Mar 2 14:05:57 2009 From: jason at newio.org (Jason Reynolds) Date: Mon, 2 Mar 2009 07:05:57 -0600 Subject: [Nagiosplug-devel] Re : Iptables, snort, acid, clamav, nessus, osiris In-Reply-To: <8b1d85200903020207u7b72813cyccad25c9dba1595@mail.gmail.com> References: <8b1d85200902280012h69f75e4cv1fd52a9a0d83b27a@mail.gmail.com> <8b1d85200902281509k53d97693x2e5d9b82863c33ea@mail.gmail.com> <8b1d85200902282353w147efc73ye5a75cb244e8ea8c@mail.gmail.com> <8b1d85200903011353m32147cf3y9f487a111990a9c5@mail.gmail.com> <8b1d85200903020207u7b72813cyccad25c9dba1595@mail.gmail.com> Message-ID: <530aaeb70903020505o4a593f0dy1afb594fb5e4177e@mail.gmail.com> You can jail the nagios user the same way you can jail any other username. If you're going to run a jailed system, then apache and your other services should also be jailed. On Mon, Mar 2, 2009 at 4:07 AM, hamouda wrote: > yes I know about that but I'm trying to make it more secure and put > the nagios user in a "jail" but I don't know how to do it. > can u please tell me more about developping plugin for nagios to > administrate iptables because I just found a check_iptables plugin to > know the status of iptbales on a remote host. > Right I'm going to develop a perl script to manipulate the iptables > rules from the shell, then host the cgi script by an apache server to > test it. And then I look forward to add it as a plugin to nagios. > Is it doable?? > Thx :) > Looking forward to your answer :) > > 2009/3/2, Ovidiu Marcu : > > Hi, > > > > You can give rights to user nagios from /etc/sudoers so you can do > anything > > with nagios ;) > > > > > > Viele Gr??e, > > > > ServiceDesk_TDN > > Ovidiu Marcu > > > > > > -----Original Message----- > > From: hamouda [mailto:dimmumeister at gmail.com] > > Sent: Sunday, March 01, 2009 11:53 PM > > To: Ovidiu Marcu; nagiosplug-devel at lists.sourceforge.net > > Subject: Re: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris > > > > I think that developping a plugin to setup iptables through nagios > > can't be done because : > > first : nagios runs as the user nagios which has not a root > > privileges to modify iptables > > second : the nagios plugins returns a significant code between 0 and 3 > > wich indicates the state of the service > > third : nagios is meant to be for monitoring and nothing else. > > any other ideas ? > > Am I mistaken?? > > thx 4 replying > > > > 2009/3/1 hamouda : > >> Thx 4 answering. > >> If I manage developping any plugin I'll tell you about it :) > >> > >> 2009/3/1 Ovidiu Marcu : > >>> Hi, > >>> > >>> You can do a lot with nagios. > >>> For example : I'm monitoring if the time is synchronized on servers, > and > >>> if it is not, nagios automatically restarts ntpd on the server that is > >>> not in sync. > >>> I've learned how to do script by looking at other scripts made in perl, > >>> and by learning perl by myself. > >>> You can find plugins on the internet for almost everything. > >>> > >>> > >>> Viele Gr??e, > >>> > >>> ServiceDesk_TDN > >>> Ovidiu Marcu > >>> > >>> -----Original Message----- > >>> From: hamouda [mailto:dimmumeister at gmail.com] > >>> Sent: Sunday, March 01, 2009 1:10 AM > >>> To: Ovidiu Marcu > >>> Subject: Re: [Nagiosplug-devel] > Iptables,snort,acid,clamav,nessus,osiris > >>> > >>> I know that it is used for monitoring stuff but I'm wondering if I can > >>> use it for administration by developping my own scripts. > >>> any idea?? > >>> > >>> 2009/2/28 Ovidiu Marcu : > >>>> Hi, > >>>> > >>>> Nagios is used for monitoring stuff :) > >>>> I usually monitor the logs, or if there are changes in the > >>>> configurations. > >>>> To check small configuration changes, I usually make my own scripts in > >>>> perl. > >>>> > >>>> Viele Gr??e, > >>>> > >>>> ServiceDesk_TDN > >>>> Ovidiu Marcu > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: hamouda [mailto:dimmumeister at gmail.com] > >>>> Sent: Saturday, February 28, 2009 10:13 AM > >>>> To: nagiosplug-devel at lists.sourceforge.net > >>>> Subject: [Nagiosplug-devel] Iptables,snort,acid,clamav,nessus,osiris > >>>> > >>>> Hi everyone, I am a newbie in the nagios world and I'm trying to > >>>> develop plugins for nagios to administrate > >>>> iptables,snort,acid,clamav,nessus and osiris. > >>>> Have anyone already tried doing this or have anyone any idea if what > >>>> I'm trying to do is doable?? > >>>> Any tutorials for plugin developping ?? > >>>> Thx for answering :) > >>>> -- > >>>> being selfish won't help you progressing, learn & share that's the > >>>> point. Give a hand in the forums to help the others & urself; > >>>> http://www.fedora-tunisia.org/ > >>>> http://forums.fedora-fr.org/ > >>>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ > >>>> > >>>> > ------------------------------------------------------------------------------ > >>>> Open Source Business Conference (OSBC), March 24-25, 2009, San > >>>> Francisco, CA > >>>> -OSBC tackles the biggest issue in open source: Open Sourcing the > >>>> Enterprise > >>>> -Strategies to boost innovation and cut costs with open source > >>>> participation > >>>> -Receive a $600 discount off the registration fee with the source > code: > >>>> SFAD > >>>> http://p.sf.net/sfu/XcvMzF8H > >>>> _______________________________________________________ > >>>> Nagios Plugin Development Mailing List > >>>> Nagiosplug-devel at lists.sourceforge.net > >>>> Unsubscribe at > >>>> https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > >>>> ::: Please include plugins version (-v) and OS when reporting any > issue. > >>>> ::: Messages without supporting info will risk being sent to /dev/null > >>>> > >>> > >>> > >>> > >>> -- > >>> being selfish won't help you progressing, learn & share that's the > >>> point. Give a hand in the forums to help the others & urself; > >>> http://www.fedora-tunisia.org/ > >>> http://forums.fedora-fr.org/ > >>> http://fedora.kiewel-online.de/repoview/linux/releases/7/ > >>> > >> > >> > >> > >> -- > >> being selfish won't help you progressing, learn & share that's the > >> point. Give a hand in the forums to help the others & urself; > >> http://www.fedora-tunisia.org/ > >> http://forums.fedora-fr.org/ > >> http://fedora.kiewel-online.de/repoview/linux/releases/7/ > >> > > > > > > > > -- > > being selfish won't help you progressing, learn & share that's the > > point. Give a hand in the forums to help the others & urself; > > http://www.fedora-tunisia.org/ > > http://forums.fedora-fr.org/ > > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > > > > > -- > being selfish won't help you progressing, learn & share that's the > point. Give a hand in the forums to help the others & urself; > http://www.fedora-tunisia.org/ > http://forums.fedora-fr.org/ > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, > CA > -OSBC tackles the biggest issue in open source: Open Sourcing the > Enterprise > -Strategies to boost innovation and cut costs with open source > participation > -Receive a $600 discount off the registration fee with the source code: > SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________________ > Nagios Plugin Development Mailing List > Nagiosplug-devel at lists.sourceforge.net > Unsubscribe at > https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > ::: Please include plugins version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > -------------- next part -------------- An HTML attachment was scrubbed... URL: From noreply at sourceforge.net Mon Mar 2 12:44:26 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 02 Mar 2009 11:44:26 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-2654308 ] check_mrtgtraf Perf data incorrect Message-ID: Bugs item #2654308, was opened at 2009-03-02 11:44 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2654308&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Gavin Williams (fatmcgav88) Assigned to: Nobody/Anonymous (nobody) Summary: check_mrtgtraf Perf data incorrect Initial Comment: When using check_mrtgtraf, the performance data returned is incorrectly tagging both sets of data as the in data. Line 202 should read: fperfdata("out", adjusted_outgoing_rate, outgoing_speed_rating, Changed on local source and recompiled and confirmed working. Plugin Version (-V output): check_mrtgtraf v1991 (nagios-plugins 1.4.12) Plugin Name: check_mrtgtraf Plugin Commandline showing issues: Operating System: CentOs 5.2 Architecture: x86_64 Compiler: gcc ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2654308&group_id=29880 From mlitwin at stubhub.com Mon Mar 2 19:07:41 2009 From: mlitwin at stubhub.com (Matthew Litwin) Date: Mon, 02 Mar 2009 10:07:41 -0800 Subject: [Nagiosplug-devel] loading environment variables to nagios In-Reply-To: Message-ID: The easiest solution would be to have your nagios user load the profile of your Oracle user. On my system, both the oracle and nagios user have bash for their shell, so I copy oracle?s .bashrc to nagios? home dir. If you are executing your commands via nrpe, you need to precede each of your oracle plugin commands with . ~nagios/.bashrc; in order for all those Oracle related environment variables to be properly set. Also, you might need to add the nagios user to whatever group your oracle user account is in in order for the nagios user to be able to read Oracle?s logs and files. On 3/2/09 3:31 AM, "Ovidiu Marcu" wrote: > Hello, > > Is there a way to load environment variables to nagios? > > I have set up check_oracle_health in my nagios but it does not work: > Nagios gives me the following message: > CRITICAL - cannot connect to nagios. ORA-12154: TNS:could not resolve the > connect identifier specified (DBD ERROR: OCIServerAttach) > Which means that nagios cannot find the environment variable TNS_ADMIN which I > have defined in /etc/profiles > > If I try manually as user nagios I get: > [nagios at nagios root]$ /usr/local/nagios/plugins/check_oracle_health > --connect=nagios --user=nagios --password=pass --mode=tnsping > OK - connection established to nagios. > > The TNS_ADMIN env seems to be ok: > [nagios at nagios root]$ echo $TNS_ADMIN > /usr/lib/oracle/11.1/client64/bin/network/admin > > > Viele Gr??e, > > ServiceDesk_TDN > Ovidiu Marcu > > > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > > _______________________________________________________ > Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net > Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > ::: Please include plugins version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null -------------- next part -------------- An HTML attachment was scrubbed... URL: From Ovidiu.Marcu at tdn.de Tue Mar 3 09:25:21 2009 From: Ovidiu.Marcu at tdn.de (Ovidiu Marcu) Date: Tue, 3 Mar 2009 09:25:21 +0100 Subject: [Nagiosplug-devel] loading environment variables to nagios In-Reply-To: References: Message-ID: Hi, The user nagios loads the environment variable automatically from /etc/profile . The plugin is executed on the nagios server and it connects to the oracle directly on port 1512 Can you give me example on how to execute the command if I add the /.bashrc file in nagios home dir. Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu From: Matthew Litwin [mailto:mlitwin at stubhub.com] Sent: Monday, March 02, 2009 8:08 PM To: Nagios Plugin Development Mailing List Subject: Re: [Nagiosplug-devel] loading environment variables to nagios The easiest solution would be to have your nagios user load the profile of your Oracle user. On my system, both the oracle and nagios user have bash for their shell, so I copy oracle's .bashrc to nagios' home dir. If you are executing your commands via nrpe, you need to precede each of your oracle plugin commands with . ~nagios/.bashrc; in order for all those Oracle related environment variables to be properly set. Also, you might need to add the nagios user to whatever group your oracle user account is in in order for the nagios user to be able to read Oracle's logs and files. On 3/2/09 3:31 AM, "Ovidiu Marcu" wrote: Hello, Is there a way to load environment variables to nagios? I have set up check_oracle_health in my nagios but it does not work: Nagios gives me the following message: CRITICAL - cannot connect to nagios. ORA-12154: TNS:could not resolve the connect identifier specified (DBD ERROR: OCIServerAttach) Which means that nagios cannot find the environment variable TNS_ADMIN which I have defined in /etc/profiles If I try manually as user nagios I get: [nagios at nagios root]$ /usr/local/nagios/plugins/check_oracle_health --connect=nagios --user=nagios --password=pass --mode=tnsping OK - connection established to nagios. The TNS_ADMIN env seems to be ok: [nagios at nagios root]$ echo $TNS_ADMIN /usr/lib/oracle/11.1/client64/bin/network/admin Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu ________________________________ ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ________________________________ _______________________________________________________ Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel ::: Please include plugins version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -------------- next part -------------- An HTML attachment was scrubbed... URL: From Ovidiu.Marcu at tdn.de Tue Mar 3 10:12:25 2009 From: Ovidiu.Marcu at tdn.de (Ovidiu Marcu) Date: Tue, 3 Mar 2009 10:12:25 +0100 Subject: [Nagiosplug-devel] loading environment variables to nagios In-Reply-To: References: Message-ID: I have solved my problem by modifying the script. I have added the need environments in the script. Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu From: Ovidiu Marcu Sent: Tuesday, March 03, 2009 10:25 AM To: Nagios Plugin Development Mailing List Subject: RE: [Nagiosplug-devel] loading environment variables to nagios Hi, The user nagios loads the environment variable automatically from /etc/profile . The plugin is executed on the nagios server and it connects to the oracle directly on port 1512 Can you give me example on how to execute the command if I add the /.bashrc file in nagios home dir. Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu From: Matthew Litwin [mailto:mlitwin at stubhub.com] Sent: Monday, March 02, 2009 8:08 PM To: Nagios Plugin Development Mailing List Subject: Re: [Nagiosplug-devel] loading environment variables to nagios The easiest solution would be to have your nagios user load the profile of your Oracle user. On my system, both the oracle and nagios user have bash for their shell, so I copy oracle's .bashrc to nagios' home dir. If you are executing your commands via nrpe, you need to precede each of your oracle plugin commands with . ~nagios/.bashrc; in order for all those Oracle related environment variables to be properly set. Also, you might need to add the nagios user to whatever group your oracle user account is in in order for the nagios user to be able to read Oracle's logs and files. On 3/2/09 3:31 AM, "Ovidiu Marcu" wrote: Hello, Is there a way to load environment variables to nagios? I have set up check_oracle_health in my nagios but it does not work: Nagios gives me the following message: CRITICAL - cannot connect to nagios. ORA-12154: TNS:could not resolve the connect identifier specified (DBD ERROR: OCIServerAttach) Which means that nagios cannot find the environment variable TNS_ADMIN which I have defined in /etc/profiles If I try manually as user nagios I get: [nagios at nagios root]$ /usr/local/nagios/plugins/check_oracle_health --connect=nagios --user=nagios --password=pass --mode=tnsping OK - connection established to nagios. The TNS_ADMIN env seems to be ok: [nagios at nagios root]$ echo $TNS_ADMIN /usr/lib/oracle/11.1/client64/bin/network/admin Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu ________________________________ ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ________________________________ _______________________________________________________ Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel ::: Please include plugins version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -------------- next part -------------- An HTML attachment was scrubbed... URL: From kyleodonnell at gmail.com Tue Mar 3 21:09:52 2009 From: kyleodonnell at gmail.com (Kyle O'Donnell) Date: Tue, 3 Mar 2009 15:09:52 -0500 Subject: [Nagiosplug-devel] AIX 5.3 np 1.4.13 check_procs Message-ID: <2274b9c30903031209t3411b319m6ae224c7f3622662@mail.gmail.com> Hi, It appears the the default ps command for AIX does not include the rss and etime output. I have not been able to formulate a proper /usr/bin/ps command to obtain all of the required ps fields for check procs. However, I have been able to use /usr/sysv/bin/ps which can be used in the following way: --with-ps-command=/usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm args' --with-ps-format=%s %d %d %d %d %d %f %s %s %n --with-ps-cols=10 --with-ps-varlist=procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procetime,procprog,&pos Here is the default compiled check_procs /opt/nagios/libexec/check_procs -w 1 -c 1 -m RSS -C init -vv CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' RSS OK: 1 process with command name 'init' /opt/nagios/libexec/check_procs -w 420 -c 420 -m RSS -C init -vv CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' RSS OK: 1 process with command name 'init' Here is the one I compiled with the options above: ./plugins/check_procs -w 1 -c 1 -m RSS -C init -vv CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm args' Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A etime=209-02:58:19 prog=init args=/etc/init RSS CRITICAL: 1 crit, 0 warn out of 1 process with command name 'init' [init] ./plugins/check_procs -w 420 -c 420 -m RSS -C init -vv CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm args' Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A etime=209-03:00:03 prog=init args=/etc/init RSS OK: 1 process with command name 'init' I'll continue working on the /usr/bin/ps syntax, but here is a work around. From ton.voon at opsera.com Wed Mar 4 00:21:13 2009 From: ton.voon at opsera.com (Ton Voon) Date: Tue, 3 Mar 2009 23:21:13 +0000 Subject: [Nagiosplug-devel] AIX 5.3 np 1.4.13 check_procs In-Reply-To: <2274b9c30903031209t3411b319m6ae224c7f3622662@mail.gmail.com> References: <2274b9c30903031209t3411b319m6ae224c7f3622662@mail.gmail.com> Message-ID: <8C856B70-E983-477F-B764-EAE07D7210E3@opsera.com> Hi Kyle, On 3 Mar 2009, at 20:09, Kyle O'Donnell wrote: > It appears the the default ps command for AIX does not include the rss > and etime output. I have not been able to formulate a proper > /usr/bin/ps command to obtain all of the required ps fields for check > procs. However, I have been able to use /usr/sysv/bin/ps which can be > used in the following way: > > --with-ps-command=/usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu > etime comm args' --with-ps-format=%s %d %d %d %d %d %f %s %s %n > --with-ps-cols=10 > --with-ps- > varlist > = > procstat > ,&procuid > ,&procpid > ,&procppid,&procvsz,&procrss,&procpcpu,procetime,procprog,&pos > > Here is the default compiled check_procs > /opt/nagios/libexec/check_procs -w 1 -c 1 -m RSS -C init -vv > CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' > RSS OK: 1 process with command name 'init' > > /opt/nagios/libexec/check_procs -w 420 -c 420 -m RSS -C init -vv > CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' > RSS OK: 1 process with command name 'init' > > > Here is the one I compiled with the options above: > ./plugins/check_procs -w 1 -c 1 -m RSS -C init -vv > CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm > args' > Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A > etime=209-02:58:19 prog=init args=/etc/init > RSS CRITICAL: 1 crit, 0 warn out of 1 process with command name > 'init' [init] > > ./plugins/check_procs -w 420 -c 420 -m RSS -C init -vv > CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm > args' > Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A > etime=209-03:00:03 prog=init args=/etc/init > RSS OK: 1 process with command name 'init' > > > I'll continue working on the /usr/bin/ps syntax, but here is a work > around. That's an interesting workaround. Can you send me a complete ps output for that sysv ps (with any sensitive data scrubbed) as I want to create a test case for this. I'm always a little bit wary of putting changes to the configure script for the ps syntax checking, especially if we can't see the impact it has made on other OSes. Also, would you be interested in donating a tinderbox build server: http://tinderbox.opsera.com/nagiosplug/status.html . This helps us see what is building and what is failing on your favourite OS. Instructions here: http://nagiosplugins.opsera.com/tinderbox Ton From kyleodonnell at gmail.com Wed Mar 4 00:57:03 2009 From: kyleodonnell at gmail.com (Kyle O'Donnell) Date: Tue, 3 Mar 2009 18:57:03 -0500 Subject: [Nagiosplug-devel] AIX 5.3 np 1.4.13 check_procs In-Reply-To: <8C856B70-E983-477F-B764-EAE07D7210E3@opsera.com> References: <2274b9c30903031209t3411b319m6ae224c7f3622662@mail.gmail.com> <8C856B70-E983-477F-B764-EAE07D7210E3@opsera.com> Message-ID: <2274b9c30903031557x50cd3701t68cbb581a8bfa8b0@mail.gmail.com> I'll send the output when I get back to the office tomorrow. I have also asked our AIX guru about the general availability of /usr/sysv/bin/ps binary. When you read the man page both versions of ps are covered so I imagine it is part of the base OS, but I will confirm. I have still yet to find the proper syntax of /usr/bin/ps. It seems printing all the required fields in one command is not possible (stat, uid, pid, ppid, vsz, rss, pcpu, etime, comm, args). I'd love to donate to tinderbox, but I don't think my employer would allow it, that and our network is fairly restricted. Our shop has pretty much everything (aix 5.2 5.3 6.1 sol 8,9,10, hpux 10.20,11.00, 11.11, 11.23, linux*), so if there is anything I can do to assist, let me know. FYI I just tested the exact same ps options on solaris 8 (using /usr/bin/ps instead) and it fixed my etime issue. I believe my currently compiled check_procs on solaris10 is working, but I think i modified the ps command during compile time as well (this was a build against 1.4.11) I started trying to figure out pst3 but it appears that /usr/ucb/ps does not behave the same as /usr/bin/ps and some of the fields are named differently. I need to get a better understand of the /proc structure in solaris. --kyleo On Tue, Mar 3, 2009 at 6:21 PM, Ton Voon wrote: > Hi Kyle, > > On 3 Mar 2009, at 20:09, Kyle O'Donnell wrote: > > > It appears the the default ps command for AIX does not include the rss > > and etime output. I have not been able to formulate a proper > > /usr/bin/ps command to obtain all of the required ps fields for check > > procs. However, I have been able to use /usr/sysv/bin/ps which can be > > used in the following way: > > > > --with-ps-command=/usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu > > etime comm args' --with-ps-format=%s %d %d %d %d %d %f %s %s %n > > --with-ps-cols=10 > > --with-ps- > > varlist > > = > > procstat > > ,&procuid > > ,&procpid > > ,&procppid,&procvsz,&procrss,&procpcpu,procetime,procprog,&pos > > > > Here is the default compiled check_procs > > /opt/nagios/libexec/check_procs -w 1 -c 1 -m RSS -C init -vv > > CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' > > RSS OK: 1 process with command name 'init' > > > > /opt/nagios/libexec/check_procs -w 420 -c 420 -m RSS -C init -vv > > CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' > > RSS OK: 1 process with command name 'init' > > > > > > Here is the one I compiled with the options above: > > ./plugins/check_procs -w 1 -c 1 -m RSS -C init -vv > > CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm > > args' > > Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A > > etime=209-02:58:19 prog=init args=/etc/init > > RSS CRITICAL: 1 crit, 0 warn out of 1 process with command name > > 'init' [init] > > > > ./plugins/check_procs -w 420 -c 420 -m RSS -C init -vv > > CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm > > args' > > Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A > > etime=209-03:00:03 prog=init args=/etc/init > > RSS OK: 1 process with command name 'init' > > > > > > I'll continue working on the /usr/bin/ps syntax, but here is a work > > around. > > That's an interesting workaround. > > Can you send me a complete ps output for that sysv ps (with any > sensitive data scrubbed) as I want to create a test case for this. > > I'm always a little bit wary of putting changes to the configure > script for the ps syntax checking, especially if we can't see the > impact it has made on other OSes. > > Also, would you be interested in donating a tinderbox build server: > http://tinderbox.opsera.com/nagiosplug/status.html > . This helps us see what is building and what is failing on your > favourite OS. Instructions here: http://nagiosplugins.opsera.com/tinderbox > > Ton > > > > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, > CA > -OSBC tackles the biggest issue in open source: Open Sourcing the > Enterprise > -Strategies to boost innovation and cut costs with open source > participation > -Receive a $600 discount off the registration fee with the source code: > SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________________ > Nagios Plugin Development Mailing List > Nagiosplug-devel at lists.sourceforge.net > Unsubscribe at > https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > ::: Please include plugins version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > -------------- next part -------------- An HTML attachment was scrubbed... URL: From noreply at sourceforge.net Wed Mar 4 15:34:06 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 04 Mar 2009 14:34:06 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2661823 ] nrpe - negative command line params Message-ID: Patches item #2661823, was opened at 2009-03-04 15:34 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2661823&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Peter Meszaros (meszarosp) Assigned to: Nobody/Anonymous (nobody) Summary: nrpe - negative command line params Initial Comment: In case of negative param values check_nrpe takes them as command line switches. Version: 2.12 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2661823&group_id=29880 From kyleodonnell at gmail.com Wed Mar 4 18:43:42 2009 From: kyleodonnell at gmail.com (Kyle O'Donnell) Date: Wed, 4 Mar 2009 12:43:42 -0500 Subject: [Nagiosplug-devel] AIX 5.3 np 1.4.13 check_procs In-Reply-To: <2274b9c30903031557x50cd3701t68cbb581a8bfa8b0@mail.gmail.com> References: <2274b9c30903031209t3411b319m6ae224c7f3622662@mail.gmail.com> <8C856B70-E983-477F-B764-EAE07D7210E3@opsera.com> <2274b9c30903031557x50cd3701t68cbb581a8bfa8b0@mail.gmail.com> Message-ID: <2274b9c30903040943ofebffd6r9055d181abbb74bd@mail.gmail.com> I have been unable to formulate the syntax using the /usr/bin/ps command (using ibm or berkeley options) Our AIX admin says using the sysv binary is fine. Here are the outputs you requested: compiled defaults ps output: $ /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' S UID PID PPID VSZ %CPU COMMAND COMMAND A 0 1 0 588 0.0 init /etc/init A 1500 77844 1 524 0.0 nrpe /opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg -d -n A 0 82042 1 468 0.0 syncd /usr/sbin/syncd 60 A 0 94378 1 128 0.0 shlap64 /usr/ccs/bin/shlap64 A 0 98398 1 652 0.0 errdemon /usr/lib/errdemon A 0 151552 221196 312 0.0 syslogd /usr/sbin/syslogd -r A 0 155690 221196 288 0.0 rpc.lockd /usr/sbin/rpc.lockd -d 0 A 0 163908 1 560 0.0 sshd2 /usr/local/sbin/sshd2 A 0 168012 221196 1628 0.0 rpc.mountd /usr/sbin/rpc.mountd A 0 172206 233594 164 0.0 auditstream /usr/sbin/auditstream A 0 176214 221196 424 0.0 inetd /usr/sbin/inetd A 1 184364 221196 1404 0.0 rpc.statd /usr/sbin/rpc.statd -d 0 -t 50 A 0 188594 221196 1400 0.0 IBM.DRMd /usr/sbin/rsct/bin/IBM.DRMd A 0 192520 221196 948 0.0 portmap /usr/sbin/portmap A 0 209082 221196 408 0.0 xntpd /usr/sbin/xntpd A 0 221196 1 680 0.0 srcmstr /usr/sbin/srcmstr A 0 233594 1 188 0.0 alog alog -f /audit/audit.log -s 200000000 A 0 237720 221196 148 0.0 biod /usr/sbin/biod 6 A 0 241804 221196 2344 0.0 rmcd /usr/sbin/rsct/bin/rmcd -a IBM.LPCommands -r A 0 245912 1 388 0.0 cron /usr/sbin/cron A 0 258192 233594 548 0.0 auditpr auditpr -v A 0 262324 1 504 0.0 getty /usr/sbin/getty /dev/console A 0 266378 221196 184 0.0 nfsd /usr/sbin/nfsd 3891 A 0 270498 221196 1440 0.0 IBM.ServiceRMd /usr/sbin/rsct/bin/IBM.ServiceRMd A 0 282766 221196 2620 0.0 IBM.CSMAgentRMd /usr/sbin/rsct/bin/IBM.CSMAgentRMd A 0 295002 1 1516 0.0 dsmc dsmc schedule A 847782414 344200 380974 552 0.0 ps /usr/bin/ps -eo stat uid pid ppid vsz pcpu comm args A 847782414 380974 454832 536 0.0 ksh -ksh A 0 454832 163908 1008 0.0 sshd2 /usr/local/sbin/sshd2 the output of the sysv ps binary: $ /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm args' S UID PID PPID VSZ RSS %CPU ELAPSED COMMAND COMMAND A 0 1 0 616 636 0.0 19-04:17:44 init /etc/init A 1500 77844 1 584 588 0.0 19-02:51:36 nrpe /opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg -d -n A 0 82042 1 468 472 0.0 19-04:17:34 syncd /usr/sbin/syncd 60 A 0 94378 1 160 168 0.0 19-04:17:33 shlap64 /usr/ccs/bin/shlap64 A 0 98398 1 708 736 0.0 19-04:17:34 errdemon /usr/lib/errdemon A 0 151552 221196 332 348 0.0 19-04:17:02 syslogd /usr/sbin/syslogd -r A 0 155690 221196 288 288 0.0 19-04:16:55 rpc.lockd /usr/sbin/rpc.lockd -d 0 A 0 163908 1 1948 1116 0.0 19-04:17:04 sshd2 /usr/local/sbin/sshd2 A 0 168012 221196 1660 1696 0.0 19-04:16:57 rpc.mountd /usr/sbin/rpc.mountd A 0 172206 233594 168 176 0.0 19-04:16:54 auditstream /usr/sbin/auditstream A 0 176214 221196 448 464 0.0 19-04:17:02 inetd /usr/sbin/inetd A 1 184364 221196 1448 1468 0.0 19-04:16:55 rpc.statd /usr/sbin/rpc.statd -d 0 -t 50 A 0 188594 221196 1488 1516 0.0 19-04:16:42 IBM.DRMd /usr/sbin/rsct/bin/IBM.DRMd A 0 192520 221196 980 996 0.0 19-04:17:01 portmap /usr/sbin/portmap A 0 209082 221196 596 644 0.0 19-04:16:57 xntpd /usr/sbin/xntpd A 0 221196 1 716 732 0.0 19-04:17:11 srcmstr /usr/sbin/srcmstr A 847782414 225512 380974 312 332 0.0 00:00 ps /usr/sysv/bin/ps -eo s uid pid ppid vsz rss pcpu etime comm args A 0 233594 1 208 220 0.0 19-04:16:54 alog alog -f /audit/audit.log -s 200000000 A 0 237720 221196 148 148 0.0 19-04:16:57 biod /usr/sbin/biod 6 A 0 241804 221196 2868 2984 0.0 19-04:16:50 rmcd /usr/sbin/rsct/bin/rmcd -a IBM.LPCommands -r A 0 245912 1 424 444 0.0 19-04:16:55 cron /usr/sbin/cron A 0 258192 233594 568 584 0.0 19-04:16:54 auditpr auditpr -v A 0 262324 1 548 576 0.0 19-04:14:51 getty /usr/sbin/getty /dev/console A 0 266378 221196 192 184 0.0 19-04:16:57 nfsd /usr/sbin/nfsd 3891 A 0 270498 221196 1704 1632 0.0 19-04:16:48 IBM.ServiceRMd /usr/sbin/rsct/bin/IBM.ServiceRMd A 0 282766 221196 3444 3288 0.0 19-04:16:47 IBM.CSMAgentRMd /usr/sbin/rsct/bin/IBM.CSMAgentRMd A 0 295002 1 4468 2760 0.0 15-02:19:21 dsmc dsmc schedule A 847782414 380974 454832 732 768 0.0 00:39 ksh -ksh A 0 454832 163908 2396 1564 0.0 00:43 sshd2 /usr/local/sbin/sshd2 On 3/3/09, Kyle O'Donnell wrote: > I'll send the output when I get back to the office tomorrow. I have also > asked our AIX guru about the general availability of /usr/sysv/bin/ps > binary. When you read the man page both versions of ps are covered so I > imagine it is part of the base OS, but I will confirm. > > I have still yet to find the proper syntax of /usr/bin/ps. It seems > printing all the required fields in one command is not possible (stat, uid, > pid, ppid, vsz, rss, pcpu, etime, comm, args). > > > I'd love to donate to tinderbox, but I don't think my employer would allow > it, that and our network is fairly restricted. > > Our shop has pretty much everything (aix 5.2 5.3 6.1 sol 8,9,10, hpux > 10.20,11.00, 11.11, 11.23, linux*), so if there is anything I can do to > assist, let me know. > > FYI > > I just tested the exact same ps options on solaris 8 (using /usr/bin/ps > instead) and it fixed my etime issue. I believe my currently compiled > check_procs on solaris10 is working, but I think i modified the ps command > during compile time as well (this was a build against 1.4.11) > > I started trying to figure out pst3 but it appears that /usr/ucb/ps does > not > behave the same as /usr/bin/ps and some of the fields are named > differently. I need to get a better understand of the /proc structure in > solaris. > > --kyleo > > On Tue, Mar 3, 2009 at 6:21 PM, Ton Voon wrote: > >> Hi Kyle, >> >> On 3 Mar 2009, at 20:09, Kyle O'Donnell wrote: >> >> > It appears the the default ps command for AIX does not include the rss >> > and etime output. I have not been able to formulate a proper >> > /usr/bin/ps command to obtain all of the required ps fields for check >> > procs. However, I have been able to use /usr/sysv/bin/ps which can be >> > used in the following way: >> > >> > --with-ps-command=/usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu >> > etime comm args' --with-ps-format=%s %d %d %d %d %d %f %s %s %n >> > --with-ps-cols=10 >> > --with-ps- >> > varlist >> > = >> > procstat >> > ,&procuid >> > ,&procpid >> > ,&procppid,&procvsz,&procrss,&procpcpu,procetime,procprog,&pos >> > >> > Here is the default compiled check_procs >> > /opt/nagios/libexec/check_procs -w 1 -c 1 -m RSS -C init -vv >> > CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' >> > RSS OK: 1 process with command name 'init' >> > >> > /opt/nagios/libexec/check_procs -w 420 -c 420 -m RSS -C init -vv >> > CMD: /usr/bin/ps -eo 'stat uid pid ppid vsz pcpu comm args' >> > RSS OK: 1 process with command name 'init' >> > >> > >> > Here is the one I compiled with the options above: >> > ./plugins/check_procs -w 1 -c 1 -m RSS -C init -vv >> > CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm >> > args' >> > Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A >> > etime=209-02:58:19 prog=init args=/etc/init >> > RSS CRITICAL: 1 crit, 0 warn out of 1 process with command name >> > 'init' [init] >> > >> > ./plugins/check_procs -w 420 -c 420 -m RSS -C init -vv >> > CMD: /usr/sysv/bin/ps -eo 's uid pid ppid vsz rss pcpu etime comm >> > args' >> > Matched: uid=0 vsz=636 rss=420 pid=1 ppid=0 pcpu=0.00 stat=A >> > etime=209-03:00:03 prog=init args=/etc/init >> > RSS OK: 1 process with command name 'init' >> > >> > >> > I'll continue working on the /usr/bin/ps syntax, but here is a work >> > around. >> >> That's an interesting workaround. >> >> Can you send me a complete ps output for that sysv ps (with any >> sensitive data scrubbed) as I want to create a test case for this. >> >> I'm always a little bit wary of putting changes to the configure >> script for the ps syntax checking, especially if we can't see the >> impact it has made on other OSes. >> >> Also, would you be interested in donating a tinderbox build server: >> http://tinderbox.opsera.com/nagiosplug/status.html >> . This helps us see what is building and what is failing on your >> favourite OS. Instructions here: >> http://nagiosplugins.opsera.com/tinderbox >> >> Ton >> >> >> >> >> ------------------------------------------------------------------------------ >> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, >> CA >> -OSBC tackles the biggest issue in open source: Open Sourcing the >> Enterprise >> -Strategies to boost innovation and cut costs with open source >> participation >> -Receive a $600 discount off the registration fee with the source code: >> SFAD >> http://p.sf.net/sfu/XcvMzF8H >> _______________________________________________________ >> Nagios Plugin Development Mailing List >> Nagiosplug-devel at lists.sourceforge.net >> Unsubscribe at >> https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel >> ::: Please include plugins version (-v) and OS when reporting any issue. >> ::: Messages without supporting info will risk being sent to /dev/null >> > From ton.voon at opsera.com Thu Mar 5 09:35:41 2009 From: ton.voon at opsera.com (Ton Voon) Date: Thu, 5 Mar 2009 08:35:41 +0000 Subject: [Nagiosplug-devel] AIX 5.3 np 1.4.13 check_procs In-Reply-To: <2274b9c30903040943ofebffd6r9055d181abbb74bd@mail.gmail.com> References: <2274b9c30903031209t3411b319m6ae224c7f3622662@mail.gmail.com> <8C856B70-E983-477F-B764-EAE07D7210E3@opsera.com> <2274b9c30903031557x50cd3701t68cbb581a8bfa8b0@mail.gmail.com> <2274b9c30903040943ofebffd6r9055d181abbb74bd@mail.gmail.com> Message-ID: <9DC79558-9249-452B-871A-20675E0F5E4D@opsera.com> On 4 Mar 2009, at 17:43, Kyle O'Donnell wrote: > I have been unable to formulate the syntax using the /usr/bin/ps > command (using ibm or berkeley options) > > Our AIX admin says using the sysv binary is fine. OK. I guess this can come before the other ps options for AIX, so if it will fall back if it doesn't exist. > > > Here are the outputs you requested: Can I have this as an attachment as formatting can be lost if I cut and paste. Ton From noreply at sourceforge.net Thu Mar 5 12:01:00 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 05 Mar 2009 11:01:00 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-10 01:56 Message generated for change (Comment added) made by guillomovitch You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Nobody/Anonymous (nobody) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 12:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Fri Mar 6 14:09:58 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 06 Mar 2009 13:09:58 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Feature Requests-2458521 ] Add performance data to check_procs plugin Message-ID: Feature Requests item #2458521, was opened at 2008-12-22 14:10 Message generated for change (Comment added) made by greenrover You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397600&aid=2458521&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Priority: 5 Private: No Submitted By: Jan Ondrej (ondrejj) Assigned to: Nobody/Anonymous (nobody) Summary: Add performance data to check_procs plugin Initial Comment: check_procs plugin has no performance data. It can be nice to display performance data for number of processes or zombie processes. I have my own perfdata wrapper until this will be a part of nagios-plugins, but my wrapper has very limited functionality. You only need to display this at end of line from check_plugin: |procs=NUMBER_OF_PROCS;WARN_PROC_COUNT;CRITICAL_PROC_COUNT;0 Attaching my wrapper, which does this, but it's not a right way. :) ---------------------------------------------------------------------- Comment By: GreenRover (greenrover) Date: 2009-03-06 14:09 Message: Her as the original check_procs.c /root/nagios-plugins-1.4.13/plugins/check_procs.c row 308 befor " printf ("\n");" add: printf (" | "); printf (ngettext ("process=%d", "processes=%d", (unsigned long) procs), procs); printf (";%d;%d", wmax, cmax); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397600&aid=2458521&group_id=29880 From Ovidiu.Marcu at tdn.de Fri Mar 6 23:10:50 2009 From: Ovidiu.Marcu at tdn.de (Ovidiu Marcu) Date: Fri, 6 Mar 2009 23:10:50 +0100 Subject: [Nagiosplug-devel] how to find the services that are on disable notifications Message-ID: Hello all, I'm trying to find a way to see all the hosts and services that have disable notifications set. I have 5000 service_checks on my server and it is very hard to click on Service Detail and then scroll down to find them. This is a problem because we often do maintenance and then we forget the service_checks with disable notifications on . And yes I know we should use schedule downtime :) Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu -------------- next part -------------- An HTML attachment was scrubbed... URL: From marc at ena.com Fri Mar 6 23:32:54 2009 From: marc at ena.com (Marc Powell) Date: Fri, 6 Mar 2009 16:32:54 -0600 Subject: [Nagiosplug-devel] how to find the services that are on disable notifications In-Reply-To: References: Message-ID: <6157BE9B-C3D3-4005-ADAE-D4E8E7534E16@ena.com> On Mar 6, 2009, at 4:10 PM, Ovidiu Marcu wrote: > Hello all, > > I?m trying to find a way to see all the hosts and services that have > disable notifications set. I expect this will get you a good way toward your goal -- egrep 'host_name|service_description|notifications_enabled' /usr/local/ nagios/var/status.dat | grep -B2 '=0' | grep -v '=1' -- Marc From dermoth at aei.ca Sat Mar 7 00:57:40 2009 From: dermoth at aei.ca (Thomas Guyot-Sionnest) Date: Fri, 06 Mar 2009 18:57:40 -0500 Subject: [Nagiosplug-devel] how to find the services that are on disable notifications In-Reply-To: References: Message-ID: <49B1B874.3070706@aei.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/03/09 05:10 PM, Ovidiu Marcu wrote: > Hello all, > > > > I?m trying to find a way to see all the hosts and services that have > disable notifications set. I have 5000 service_checks on my server and > it is very hard to click on Service Detail and then scroll down to find > them. This is a problem because we often do maintenance and then we > forget the service_checks with disable notifications on . And yes I know > we should use schedule downtime J I use the following URLs for disabled services and hosts respectively (excludes all problem hosts/services). http:///nagios/cgi-bin/status.cgi?host=all&servicestatustypes=2&serviceprops=4096 http:///nagios/cgi-bin/status.cgi?hostgroup=all&style=hostdetail&hoststatustypes=2&hostprops=4096 You may want to add the hoststatustype=2 to the services url too is you want to avoid down hosts too. - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJsbh06dZ+Kt5BchYRApBZAJoCKidI99JitxMfPgVG429fGMW+ugCfTqBS FtkY6Rbbpb0d0yGSjZNAo/0= =tXjc -----END PGP SIGNATURE----- From Ovidiu.Marcu at tdn.de Sat Mar 7 07:37:20 2009 From: Ovidiu.Marcu at tdn.de (Ovidiu Marcu) Date: Sat, 7 Mar 2009 07:37:20 +0100 Subject: [Nagiosplug-devel] how to find the services that are on disable notifications In-Reply-To: <49B1B874.3070706@aei.ca> References: <49B1B874.3070706@aei.ca> Message-ID: Thank you Marc, thank you Thomas. Both Solutions work great. Viele Gr??e, ServiceDesk_TDN Ovidiu Marcu -----Original Message----- From: Thomas Guyot-Sionnest [mailto:dermoth at aei.ca] Sent: Saturday, March 07, 2009 1:58 AM To: Nagios Plugin Development Mailing List Subject: Re: [Nagiosplug-devel] how to find the services that are on disable notifications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/03/09 05:10 PM, Ovidiu Marcu wrote: > Hello all, > > > > I?m trying to find a way to see all the hosts and services that have > disable notifications set. I have 5000 service_checks on my server and > it is very hard to click on Service Detail and then scroll down to find > them. This is a problem because we often do maintenance and then we > forget the service_checks with disable notifications on . And yes I know > we should use schedule downtime J I use the following URLs for disabled services and hosts respectively (excludes all problem hosts/services). http:///nagios/cgi-bin/status.cgi?host=all&servicestatustypes=2&serviceprops=4096 http:///nagios/cgi-bin/status.cgi?hostgroup=all&style=hostdetail&hoststatustypes=2&hostprops=4096 You may want to add the hoststatustype=2 to the services url too is you want to avoid down hosts too. - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJsbh06dZ+Kt5BchYRApBZAJoCKidI99JitxMfPgVG429fGMW+ugCfTqBS FtkY6Rbbpb0d0yGSjZNAo/0= =tXjc -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________________ Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel ::: Please include plugins version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null From dimmumeister at gmail.com Mon Mar 9 13:46:44 2009 From: dimmumeister at gmail.com (hamouda) Date: Mon, 9 Mar 2009 13:46:44 +0100 Subject: [Nagiosplug-devel] adding element in the nagios web interface Message-ID: <8b1d85200903090546q24d5b34sa4fd0862afb3f726@mail.gmail.com> Hi, I was trying to add an entry in the nagios web interface and I didn't know how. Can u please tell me how to do it?? -- being selfish won't help you progressing, learn & share that's the point. Give a hand in the forums to help the others & urself; http://www.fedora-tunisia.org/ http://forums.fedora-fr.org/ http://fedora.kiewel-online.de/repoview/linux/releases/7/ From jhmartin at toger.us Mon Mar 9 14:48:12 2009 From: jhmartin at toger.us (Jason Martin) Date: Mon, 9 Mar 2009 06:48:12 -0700 Subject: [Nagiosplug-devel] adding element in the nagios web interface In-Reply-To: <8b1d85200903090546q24d5b34sa4fd0862afb3f726@mail.gmail.com> References: <8b1d85200903090546q24d5b34sa4fd0862afb3f726@mail.gmail.com> Message-ID: <20090309134812.GB20391@mal.toger.us> On Mon, Mar 09, 2009 at 01:46:44PM +0100, hamouda wrote: > Hi, > I was trying to add an entry in the nagios web interface and I didn't know how. > Can u please tell me how to do it?? What do you mean my 'adding an entry? -Jason Martin -- This message is PGP/MIME signed. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 219 bytes Desc: not available URL: From Tiberiu.Padurean at tdn.de Mon Mar 9 15:47:43 2009 From: Tiberiu.Padurean at tdn.de (Tiberiu Padurean) Date: Mon, 9 Mar 2009 15:47:43 +0100 Subject: [Nagiosplug-devel] one graph file for several checks Message-ID: Hello, I have several checks that verify different databases. All the services that define this kind of checks have this service_description: oracle_tablespace_usage for database_name The database_name is all that differs in all the checks. For these checks I want to add the graphs, too. I define a graph file (check_database.ncfg) like this: define ngraph{ service_name oracle_tablespace_usage for database_name ...... } Can I use regular expressions when I define the service_name in the definition of the graphs? Because I want to use only one check_database.ncfg file and generate graphs for all the checks that verify those databases. Thank you Viele Gr??e, ServiceDesk_TDN Tiberiu Padurean -------------- next part -------------- An HTML attachment was scrubbed... URL: From holger at CIS.FU-Berlin.DE Tue Mar 10 13:30:24 2009 From: holger at CIS.FU-Berlin.DE (Holger Weiss) Date: Tue, 10 Mar 2009 13:30:24 +0100 Subject: [Nagiosplug-devel] one graph file for several checks In-Reply-To: References: Message-ID: <20090310123024.GT25694516@CIS.FU-Berlin.DE> This list is meant for Nagios plugin development issues. As you seem to be talking about NagiosGrapher, please use the "nagiosgrapher-users" list next time: https://lists.sourceforge.net/lists/listinfo/nagiosgrapher-users * Tiberiu Padurean [2009-03-09 15:47]: > Can I use regular expressions when I define the service_name in the > definition of the graphs? Yes, that's a regular expression. See doc/CONFIG: | - service_name | With the help of this regexp/part NagiosGRapher will identify the individual | services. eg. "lx-procs" will match on "lx-procs", "lx-procs samba", | "all lx-procs", ... Holger From noreply at sourceforge.net Wed Mar 11 21:34:27 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 11 Mar 2009 20:34:27 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 01:46 Message generated for change (Comment added) made by jbarbuto You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 13:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-19 16:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Wed Mar 11 22:24:04 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 11 Mar 2009 21:24:04 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 03:46 Message generated for change (Comment added) made by mechanyx You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 16:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 15:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-19 19:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Thu Mar 12 12:18:24 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 12 Mar 2009 11:18:24 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 09:46 Message generated for change (Comment added) made by tonvoon You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: Ton Voon (tonvoon) Date: 2009-03-12 11:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 21:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 20:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-20 00:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From dimmumeister at gmail.com Thu Mar 12 13:53:31 2009 From: dimmumeister at gmail.com (hamouda) Date: Thu, 12 Mar 2009 13:53:31 +0100 Subject: [Nagiosplug-devel] Nagiosplug-devel Digest, Vol 34, Issue 6 In-Reply-To: References: Message-ID: <8b1d85200903120553h7e40b4e3m5547d919e7fbbdf1@mail.gmail.com> I mean by adding an entry in the web interface, to add a section like the monitoring or home in the web interface so I can access my plugins through this web interface. sorry for the inconvenience and thx for answering. 2009/3/12, nagiosplug-devel-request at lists.sourceforge.net : > Send Nagiosplug-devel mailing list submissions to > nagiosplug-devel at lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > or, via email, send a message with subject or body 'help' to > nagiosplug-devel-request at lists.sourceforge.net > > You can reach the person managing the list at > nagiosplug-devel-owner at lists.sourceforge.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Nagiosplug-devel digest..." > > > Today's Topics: > > 1. adding element in the nagios web interface (hamouda) > 2. Re: adding element in the nagios web interface (Jason Martin) > 3. one graph file for several checks (Tiberiu Padurean) > 4. Re: one graph file for several checks (Holger Weiss) > 5. [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars > in cmdline (SourceForge.net) > 6. [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars > in cmdline (SourceForge.net) > 7. [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars > in cmdline (SourceForge.net) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 9 Mar 2009 13:46:44 +0100 > From: hamouda > Subject: [Nagiosplug-devel] adding element in the nagios web interface > To: "nagiosplug-devel at lists.sourceforge.net" > > Message-ID: > <8b1d85200903090546q24d5b34sa4fd0862afb3f726 at mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > I was trying to add an entry in the nagios web interface and I didn't know > how. > Can u please tell me how to do it?? > > -- > being selfish won't help you progressing, learn & share that's the > point. Give a hand in the forums to help the others & urself; > http://www.fedora-tunisia.org/ > http://forums.fedora-fr.org/ > http://fedora.kiewel-online.de/repoview/linux/releases/7/ > > > > ------------------------------ > > Message: 2 > Date: Mon, 9 Mar 2009 06:48:12 -0700 > From: Jason Martin > Subject: Re: [Nagiosplug-devel] adding element in the nagios web > interface > To: Nagios Plugin Development Mailing List > > Message-ID: <20090309134812.GB20391 at mal.toger.us> > Content-Type: text/plain; charset="us-ascii" > > On Mon, Mar 09, 2009 at 01:46:44PM +0100, hamouda wrote: >> Hi, >> I was trying to add an entry in the nagios web interface and I didn't know >> how. >> Can u please tell me how to do it?? > What do you mean my 'adding an entry? > > -Jason Martin > > -- > This message is PGP/MIME signed. > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 219 bytes > Desc: not available > > ------------------------------ > > Message: 3 > Date: Mon, 9 Mar 2009 15:47:43 +0100 > From: Tiberiu Padurean > Subject: [Nagiosplug-devel] one graph file for several checks > To: "nagiosplug-devel at lists.sourceforge.net" > > Message-ID: > > Content-Type: text/plain; charset="iso-8859-1" > > Hello, > > I have several checks that verify different databases. > All the services that define this kind of checks have this > service_description: oracle_tablespace_usage for database_name > The database_name is all that differs in all the checks. For these checks I > want to add the graphs, too. > I define a graph file (check_database.ncfg) like this: > > define ngraph{ > service_name oracle_tablespace_usage > for database_name > ...... > } > > Can I use regular expressions when I define the service_name in the > definition of the graphs? > Because I want to use only one check_database.ncfg file and generate graphs > for all the checks that verify those databases. > > Thank you > > > Viele Gr??e, > > ServiceDesk_TDN > Tiberiu Padurean > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 4 > Date: Tue, 10 Mar 2009 13:30:24 +0100 > From: Holger Weiss > Subject: Re: [Nagiosplug-devel] one graph file for several checks > To: Nagios Plugins Development > > Message-ID: <20090310123024.GT25694516 at CIS.FU-Berlin.DE> > Content-Type: text/plain; charset=us-ascii > > This list is meant for Nagios plugin development issues. As you seem to > be talking about NagiosGrapher, please use the "nagiosgrapher-users" > list next time: > > https://lists.sourceforge.net/lists/listinfo/nagiosgrapher-users > > * Tiberiu Padurean [2009-03-09 15:47]: >> Can I use regular expressions when I define the service_name in the >> definition of the graphs? > > Yes, that's a regular expression. See doc/CONFIG: > > | - service_name > | With the help of this regexp/part NagiosGRapher will identify the > individual > | services. eg. "lx-procs" will match on "lx-procs", "lx-procs samba", > | "all lx-procs", ... > > Holger > > > > ------------------------------ > > Message: 5 > Date: Wed, 11 Mar 2009 20:34:27 +0000 > From: "SourceForge.net" > Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp > does not allow " chars in cmdline > To: noreply at sourceforge.net > Message-ID: > Content-Type: text/plain; charset="UTF-8" > > Bugs item #1985230, was opened at 2008-06-05 01:46 > Message generated for change (Comment added) made by jbarbuto > You can respond by visiting: > https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 > > Please note that this message will contain a full copy of the comment > thread, > including the initial issue submission, for this request, > not just the latest update. > Category: Argument proccessing > Group: CVS > Status: Open > Resolution: None > Priority: 7 > Private: No > Submitted By: Jan Wagner (cyco_dd) > Assigned to: Nobody/Anonymous (nobody) > Summary: check_snmp does not allow " chars in cmdline > > Initial Comment: > The following Bugreport we got against our debian package: > > snmpd can be queried for customized "extend"s. > A configured extend like > extend avail_mem /usr/local/bin/check_avail_mem.pl > can be queried as > snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' > NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 > > If you try to query this with check_snmp like > check_snmp -H $HOSTADDRESS$ -C public -o > 'nsExtendOutput1Line."syslog-idletime"' > this results into > Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public > ds9:161 nsExtendOutput1Line."syslog-idletime" > > Unfortuantely, check_snmp contains code in popen.c that does not allow any " > chars in > the command line and bails out with above error. > > I fixed this by commenting out the follwing block: > > --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 > +++ popen.c 2008-01-12 14:16:54.000000000 +0100 > @@ -133,8 +133,10 @@ > strcpy (cmd, cmdstring); > > /* This is not a shell, so we don't handle "???" */ > +/* > if (strstr (cmdstring, "\"")) > return NULL; > +*/ > > /* allow single quotes, but only if non-whitesapce doesn't occur on > both sides */ > if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) > > You can track the bugreport via > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 > > Thanks and kind regards, Jan. > > ---------------------------------------------------------------------- > > Comment By: John A. Barbuto (jbarbuto) > Date: 2009-03-11 13:34 > > Message: > I looked into writing a patch using the runcmd library, but I don't see > this function you're referring to. > np_runcmd_open() looks pretty similar to spopen(), with the same double > quotes restriction. > > The old exec method of running external commands is deprecated, so I'd > really like to get extend working. > > ---------------------------------------------------------------------- > > Comment By: Ton Voon (tonvoon) > Date: 2009-02-19 16:11 > > Message: > I don't think this is a valid fix. Preferably check_snmp should be switched > to use the runcmd library instead, which has a function to pass a varg list > for the command to run, thereby avoiding shell quotation. > > ---------------------------------------------------------------------- > > You can respond by visiting: > https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 > > > > ------------------------------ > > Message: 6 > Date: Wed, 11 Mar 2009 21:24:04 +0000 > From: "SourceForge.net" > Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp > does not allow " chars in cmdline > To: noreply at sourceforge.net > Message-ID: > Content-Type: text/plain; charset="UTF-8" > > Bugs item #1985230, was opened at 2008-06-05 03:46 > Message generated for change (Comment added) made by mechanyx > You can respond by visiting: > https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 > > Please note that this message will contain a full copy of the comment > thread, > including the initial issue submission, for this request, > not just the latest update. > Category: Argument proccessing > Group: CVS > Status: Open > Resolution: None > Priority: 7 > Private: No > Submitted By: Jan Wagner (cyco_dd) > Assigned to: Nobody/Anonymous (nobody) > Summary: check_snmp does not allow " chars in cmdline > > Initial Comment: > The following Bugreport we got against our debian package: > > snmpd can be queried for customized "extend"s. > A configured extend like > extend avail_mem /usr/local/bin/check_avail_mem.pl > can be queried as > snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' > NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 > > If you try to query this with check_snmp like > check_snmp -H $HOSTADDRESS$ -C public -o > 'nsExtendOutput1Line."syslog-idletime"' > this results into > Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public > ds9:161 nsExtendOutput1Line."syslog-idletime" > > Unfortuantely, check_snmp contains code in popen.c that does not allow any " > chars in > the command line and bails out with above error. > > I fixed this by commenting out the follwing block: > > --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 > +++ popen.c 2008-01-12 14:16:54.000000000 +0100 > @@ -133,8 +133,10 @@ > strcpy (cmd, cmdstring); > > /* This is not a shell, so we don't handle "???" */ > +/* > if (strstr (cmdstring, "\"")) > return NULL; > +*/ > > /* allow single quotes, but only if non-whitesapce doesn't occur on > both sides */ > if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) > > You can track the bugreport via > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 > > Thanks and kind regards, Jan. > > ---------------------------------------------------------------------- > > Comment By: Richard Edward Horner (mechanyx) > Date: 2009-03-11 16:24 > > Message: > I'm not sure if this is related or not, but I had a similar problem with > check_snmp where the community string on a network device contained a > dollar sign ($). I was unable to get the check to run with that community > string. I apologize as I do not remember exactly what Nagios output when I > tried various methods of quoting or escaping it. I ended up changing the > community string on the device. > > Thanks, Rich(ard) > > ---------------------------------------------------------------------- > > Comment By: John A. Barbuto (jbarbuto) > Date: 2009-03-11 15:34 > > Message: > I looked into writing a patch using the runcmd library, but I don't see > this function you're referring to. > np_runcmd_open() looks pretty similar to spopen(), with the same double > quotes restriction. > > The old exec method of running external commands is deprecated, so I'd > really like to get extend working. > > ---------------------------------------------------------------------- > > Comment By: Ton Voon (tonvoon) > Date: 2009-02-19 19:11 > > Message: > I don't think this is a valid fix. Preferably check_snmp should be switched > to use the runcmd library instead, which has a function to pass a varg list > for the command to run, thereby avoiding shell quotation. > > ---------------------------------------------------------------------- > > You can respond by visiting: > https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 > > > > ------------------------------ > > Message: 7 > Date: Thu, 12 Mar 2009 11:18:24 +0000 > From: "SourceForge.net" > Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp > does not allow " chars in cmdline > To: noreply at sourceforge.net > Message-ID: > Content-Type: text/plain; charset="UTF-8" > > Bugs item #1985230, was opened at 2008-06-05 09:46 > Message generated for change (Comment added) made by tonvoon > You can respond by visiting: > https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 > > Please note that this message will contain a full copy of the comment > thread, > including the initial issue submission, for this request, > not just the latest update. > Category: Argument proccessing > Group: CVS > Status: Open > Resolution: None > Priority: 7 > Private: No > Submitted By: Jan Wagner (cyco_dd) > Assigned to: Nobody/Anonymous (nobody) > Summary: check_snmp does not allow " chars in cmdline > > Initial Comment: > The following Bugreport we got against our debian package: > > snmpd can be queried for customized "extend"s. > A configured extend like > extend avail_mem /usr/local/bin/check_avail_mem.pl > can be queried as > snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' > NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 > > If you try to query this with check_snmp like > check_snmp -H $HOSTADDRESS$ -C public -o > 'nsExtendOutput1Line."syslog-idletime"' > this results into > Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public > ds9:161 nsExtendOutput1Line."syslog-idletime" > > Unfortuantely, check_snmp contains code in popen.c that does not allow any " > chars in > the command line and bails out with above error. > > I fixed this by commenting out the follwing block: > > --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 > +++ popen.c 2008-01-12 14:16:54.000000000 +0100 > @@ -133,8 +133,10 @@ > strcpy (cmd, cmdstring); > > /* This is not a shell, so we don't handle "???" */ > +/* > if (strstr (cmdstring, "\"")) > return NULL; > +*/ > > /* allow single quotes, but only if non-whitesapce doesn't occur on > both sides */ > if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) > > You can track the bugreport via > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 > > Thanks and kind regards, Jan. > > ---------------------------------------------------------------------- > >>Comment By: Ton Voon (tonvoon) > Date: 2009-03-12 11:18 > > Message: > jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? > This is also used in negate.c. The idea is that if you pass an array of > arguments, there will not be any shell expansion. > > mechanyx: There may be quoting that is required at Nagios. If you use $ in > a command argument, you need to escape it with $$. > > ---------------------------------------------------------------------- > > Comment By: Richard Edward Horner (mechanyx) > Date: 2009-03-11 21:24 > > Message: > I'm not sure if this is related or not, but I had a similar problem with > check_snmp where the community string on a network device contained a > dollar sign ($). I was unable to get the check to run with that community > string. I apologize as I do not remember exactly what Nagios output when I > tried various methods of quoting or escaping it. I ended up changing the > community string on the device. > > Thanks, Rich(ard) > > ---------------------------------------------------------------------- > > Comment By: John A. Barbuto (jbarbuto) > Date: 2009-03-11 20:34 > > Message: > I looked into writing a patch using the runcmd library, but I don't see > this function you're referring to. > np_runcmd_open() looks pretty similar to spopen(), with the same double > quotes restriction. > > The old exec method of running external commands is deprecated, so I'd > really like to get extend working. > > ---------------------------------------------------------------------- > > Comment By: Ton Voon (tonvoon) > Date: 2009-02-20 00:11 > > Message: > I don't think this is a valid fix. Preferably check_snmp should be switched > to use the runcmd library instead, which has a function to pass a varg list > for the command to run, thereby avoiding shell quotation. > > ---------------------------------------------------------------------- > > You can respond by visiting: > https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 > > > > ------------------------------ > > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > > ------------------------------ > > _______________________________________________________ > Nagios Plugin Development Mailing List > Nagiosplug-devel at lists.sourceforge.net > Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > > > End of Nagiosplug-devel Digest, Vol 34, Issue 6 > *********************************************** > -- being selfish won't help you progressing, learn & share that's the point. Give a hand in the forums to help the others & urself; http://www.fedora-tunisia.org/ http://forums.fedora-fr.org/ http://fedora.kiewel-online.de/repoview/linux/releases/7/ From noreply at sourceforge.net Thu Mar 12 14:23:02 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 12 Mar 2009 13:23:02 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-2632995 ] check_procs fails on Solaris Message-ID: Bugs item #2632995, was opened at 2009-02-24 10:08 Message generated for change (Comment added) made by forsbring You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2632995&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Werner (forsbring) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_procs fails on Solaris Initial Comment: Hi, check_procs v2019 (nagios-plugins 1.4.13) exits with "Unable to read output" on most of our Solaris8 and Solaris 10 servers (I do not have access to any Solaris9 servers). 1.4.11 works just fine. I've attached the truss output. - Werner ---------------------------------------------------------------------- >Comment By: Werner (forsbring) Date: 2009-03-12 14:23 Message: Nope, not trying to run from source repository. But after looking into the buildlogs I guess I found the problem. You assume we use gcc, and the compiler option -m64 is used for pst3, which is not working with cc from older SunStudio. Why do pst3 have to be setuid root when /usr/bin/ps and /usr/ucp/ps don't? And regarding the 64-bit requirement, why? Almost no other binaries on Solaris is 64-bit. The pst3-thing seems like a ugly hack to me, sorry. :) - Werner ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-02-24 10:29 Message: Thanks for the debug output. Nagios-plugins now use pst3 to get the process list and this program needs to be installed and setuid root (I think old versions of nagios-plugins used it too, so you may have it already on some servers). It looks like you're trying to run from the source repository. Be sure to install the plugins, or at least hand-install pst3 (in plugins-root/ directory, don't forget to setuit root). If you still have issues I'll be able to help you is you can send the truss output again with the option to follow forks (-f). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2632995&group_id=29880 From rich at richhorner.com Thu Mar 12 15:13:29 2009 From: rich at richhorner.com (Richard Edward Horner) Date: Thu, 12 Mar 2009 14:13:29 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline In-Reply-To: References: Message-ID: <7a65a83a0903120713g1e6b0409h3eb521aade475747@mail.gmail.com> > mechanyx: There may be quoting that is required at Nagios. If you use $ in > a command argument, you need to escape it with $$. I had read this in the documentation somewhere when I was trying to get this working and it didn't work although I think what you're saying is a tad different than what I read. I believe I escaped the $ with a $ so I had $$ but it sounds like you're saying escape with $$ which would result in $$$. Yes? If so, I do not recall trying triple dollar sign. Thanks, Rich(ard) -- Richard Edward Horner Engineer / Composer / Electric Guitar Virtuoso richhorner.com | rhosts.net | sabayonlinux.org From ton.voon at opsera.com Thu Mar 12 15:55:07 2009 From: ton.voon at opsera.com (Ton Voon) Date: Thu, 12 Mar 2009 14:55:07 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline In-Reply-To: <7a65a83a0903120713g1e6b0409h3eb521aade475747@mail.gmail.com> References: <7a65a83a0903120713g1e6b0409h3eb521aade475747@mail.gmail.com> Message-ID: <20BA6598-222E-41D4-9480-F78321444A9D@opsera.com> On 12 Mar 2009, at 14:13, Richard Edward Horner wrote: >> mechanyx: There may be quoting that is required at Nagios. If you >> use $ in >> a command argument, you need to escape it with $$. > > I had read this in the documentation somewhere when I was trying to > get this working and it didn't work although I think what you're > saying is a tad different than what I read. I believe I escaped the $ > with a $ so I had $$ but it sounds like you're saying escape with $$ > which would result in $$$. Yes? If so, I do not recall trying triple > dollar sign. Actually, $$ is fine. $$$ would probably get evaluated to $ (the first escaped, the second removed due to an invalid macro). You then have to consider the shell, so sticking single quotes around it will stop the shell from evaluating the ${sometext} as a variable. This is all before it even reaches the plugin.... Ton From noreply at sourceforge.net Fri Mar 13 16:26:17 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 13 Mar 2009 15:26:17 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985246 ] ssh_disk dont interpret -C with single quotes correct Message-ID: Bugs item #1985246, was opened at 2008-06-05 11:16 Message generated for change (Comment added) made by wpreston You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985246&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: ssh_disk dont interpret -C with single quotes correct Initial Comment: The following Bugreport we got against our debian package: By default, the ssh_disk configuration has the following command line... /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$' This creates the following error when trying to check a remote system... [1179694002] SERVICE ALERT: tagboard;/dev/hda1 Free Space;UNKNOWN;SOFT;1;Could not open pipe: /usr/bin/ssh 172.24.32.1 '/usr/lib/nagios/plugins/check_disk -w 5% -c 3% -p "/dev/hda1"' Changing the single quotes to be double quotes in the config resolves this problem. You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425312 Thanks and kind regards, Jan. ---------------------------------------------------------------------- Comment By: Will Preston (wpreston) Date: 2009-03-13 16:26 Message: There's a patch 2268675 (fix for quoting in check_by_ssh) in the queue which would fix this. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985246&group_id=29880 From noreply at sourceforge.net Fri Mar 13 22:14:22 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 13 Mar 2009 21:14:22 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 01:46 Message generated for change (Comment added) made by jbarbuto You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 14:14 Message: tonvoon: I see, I thought you were referring to plugins/runcmd.c. I've attached a patch against the SVN trunk that changes check_snmp to use lib/utils_cmd.c. It's passed all the tests I've thrown at it, including extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so please modify as necessary. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-12 04:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 14:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 13:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-19 16:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Fri Mar 13 23:04:50 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 13 Mar 2009 22:04:50 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 09:46 Message generated for change (Comment added) made by tonvoon You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: Ton Voon (tonvoon) Date: 2009-03-13 22:04 Message: Thanks John! I look through this now. Out of interest, what tests did you run? Will add them into our test scripts ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 21:14 Message: tonvoon: I see, I thought you were referring to plugins/runcmd.c. I've attached a patch against the SVN trunk that changes check_snmp to use lib/utils_cmd.c. It's passed all the tests I've thrown at it, including extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so please modify as necessary. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-12 11:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 21:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 20:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-20 00:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Sat Mar 14 00:56:05 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 13 Mar 2009 23:56:05 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 01:46 Message generated for change (Comment added) made by jbarbuto You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 16:56 Message: I just used the tests in t/check_snmp.t plus a few others more specific to our environment. Almost all of my extra tests, like the extend tests, wouldn't necessarily work elsewhere. About the only test you'd find useful to add is one of multiple OIDs: $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize and hrSystemProcesses"); like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize and hrSystemProcesses"); ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-13 15:04 Message: Thanks John! I look through this now. Out of interest, what tests did you run? Will add them into our test scripts ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 14:14 Message: tonvoon: I see, I thought you were referring to plugins/runcmd.c. I've attached a patch against the SVN trunk that changes check_snmp to use lib/utils_cmd.c. It's passed all the tests I've thrown at it, including extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so please modify as necessary. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-12 04:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 14:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 13:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-19 16:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Sat Mar 14 02:27:05 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 14 Mar 2009 01:27:05 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1670261 ] SNMP: general child_process = spopen (command_line); problem Message-ID: Bugs item #1670261, was opened at 2007-02-27 19:03 Message generated for change (Settings changed) made by tonvoon You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1670261&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Pending Resolution: None Priority: 5 Private: No Submitted By: Alex Peeters (zxr750) >Assigned to: Ton Voon (tonvoon) Summary: SNMP: general child_process = spopen (command_line); problem Initial Comment: SNMP problem - No data received from host check_snmp.c for testing purpose i did replace - child_process = spopen (command_line); with - child_process = spopen ("/usr/bin/ldd /opt/changed_root/bin/snmpget"); and then you can see the problem manual test: export LD_LIBRARY_PATH=/opt/changed_root/lib:/opt/changed_root/ssl/lib ldd /opt/changed_root/bin/snmpget libnetsnmp.so.15 => /opt/changed_root/lib/libnetsnmp.so.15 libgen.so.1 => /usr/lib/libgen.so.1 libcrypto.so.0.9.8 => /opt/changed_root/ssl/lib/libcrypto.so.0.9.8 libkstat.so.1 => /usr/lib/libkstat.so.1 libelf.so.1 => /usr/lib/libelf.so.1 libm.so.1 => /usr/lib/libm.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libadm.so.1 => /usr/lib/libadm.so.1 libc.so.1 => /usr/lib/libc.so.1 libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 where the generated command from check_snmp.c works fine /opt/changed_root/bin/snmpget -t 1 -r 5 -m '' -v 2c -c gn1r0t1n0m at notsoc1 10.1.100.50:8196 .1.3.6.1.4.1.140 ./check_snmp -P 2c -C gn1r0t1n0m at notsoc1 -H 10.1.100.50 -p 8196 -o .1.3.6.1.4.1.140 -v /opt/changed_root/bin/snmpget -t 1 -r 5 -m '' -v 2c -c gn1r0t1n0m at notsoc1 10.1.100.50:8196 .1.3.6.1.4.1.140 libnetsnmp.so.15 => (file not found) must be /opt/changed_root/lib libgen.so.1 => /usr/lib/libgen.so.1 libkstat.so.1 => /usr/lib/libkstat.so.1 libelf.so.1 => /usr/lib/libelf.so.1 libm.so.1 => /usr/lib/libm.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libadm.so.1 => /usr/lib/libadm.so.1 libcrypto.so.0.9.8 => (file not found) must be /opt/changed_root/ssl/lib libc.so.1 => /usr/lib/libc.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 ---------------------------------------------------------------------- >Comment By: Ton Voon (tonvoon) Date: 2009-03-14 01:27 Message: Alex, I think this is more a problem with your snmpget executable. You can use crle on Solaris if you want to force /opt/changed_root/ssl/lib to be in the LD_LIBRARY_PATH. check_snmp has been converted so it uses a different command run library so stderr messages will be captured better. Marking this call in pending, so will auto close in 7 days if there is no response. Ton ---------------------------------------------------------------------- Comment By: Alex Peeters (zxr750) Date: 2007-02-27 20:17 Message: Logged In: YES user_id=590764 Originator: YES Solution added: Is it possible change the code so that ./configure has a parrameter LD_LIBRARY_PATH that then is passed in popen.c please Ohterwise we need everytime change again your code. Thanks in advance popen.c FILE * spopen (const char *cmdstring) { - char *env[2]; + char *env[3]; env[0] = strdup("LC_ALL=C"); - env[1] = '\0'; + env[1] = strdup("LD_LIBRARY_PATH=/opt/changed_root/lib:/opt/changed_root/ssl/lib:/usr/local/lib"); + env[2] = '\0'; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1670261&group_id=29880 From noreply at sourceforge.net Sat Mar 14 02:29:41 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 14 Mar 2009 01:29:41 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 09:46 Message generated for change (Comment added) made by tonvoon You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS >Status: Closed Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) >Assigned to: Ton Voon (tonvoon) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: Ton Voon (tonvoon) Date: 2009-03-14 01:29 Message: Applied in git. Manually tested for an OID containing a double quote and works as expected. Thanks for John for his patch. ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 23:56 Message: I just used the tests in t/check_snmp.t plus a few others more specific to our environment. Almost all of my extra tests, like the extend tests, wouldn't necessarily work elsewhere. About the only test you'd find useful to add is one of multiple OIDs: $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize and hrSystemProcesses"); like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize and hrSystemProcesses"); ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-13 22:04 Message: Thanks John! I look through this now. Out of interest, what tests did you run? Will add them into our test scripts ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 21:14 Message: tonvoon: I see, I thought you were referring to plugins/runcmd.c. I've attached a patch against the SVN trunk that changes check_snmp to use lib/utils_cmd.c. It's passed all the tests I've thrown at it, including extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so please modify as necessary. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-12 11:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 21:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 20:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-20 00:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Tue Mar 17 05:56:00 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 04:56:00 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985246 ] ssh_disk dont interpret -C with single quotes correct Message-ID: Bugs item #1985246, was opened at 2008-06-05 05:16 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985246&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Nobody/Anonymous (nobody) Summary: ssh_disk dont interpret -C with single quotes correct Initial Comment: The following Bugreport we got against our debian package: By default, the ssh_disk configuration has the following command line... /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$' This creates the following error when trying to check a remote system... [1179694002] SERVICE ALERT: tagboard;/dev/hda1 Free Space;UNKNOWN;SOFT;1;Could not open pipe: /usr/bin/ssh 172.24.32.1 '/usr/lib/nagios/plugins/check_disk -w 5% -c 3% -p "/dev/hda1"' Changing the single quotes to be double quotes in the config resolves this problem. You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425312 Thanks and kind regards, Jan. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 00:55 Message: Thanks, wpreston, for the patch. It looks very nice, though I have some questions/comments about it... By going over ssh the remote end normally spawns a shell when it feels it's required. Are there any possible interaction with your patch and fancy/quirky check commands to work around them? Backwards-compatibility is an important issue there, though I guess it wouldn't be too hard to allow it with a conditional switch if required. It would be very nice if you could include code comments about the new functions. It seems like there are bug fixes along with new features (i.e. you seem to alter functions/unrelated parts of the code). It would be nice if you could make separate patches for them and apply the new features on top of the fixed code. Any reason for strcpy'ing the arguments when you can simply pass pointers around? This avoids the need to free them afterwards. I wouldn't modify the process_arguments function, as we may one day write a C library that will take care of thet (among other). Any reason **newargv and **opts are not global like the rest? Somewhere in np_runcmd_open_argv you have this, and I can't see these variables anywhere else in the patch...: + int master,slave; Why not using MAXARGS for detecting a full array? C++ comments (//) break on some architectures (just FYI) Does it apply on latest development code? Thanks ---------------------------------------------------------------------- Comment By: Will Preston (wpreston) Date: 2009-03-13 11:26 Message: There's a patch 2268675 (fix for quoting in check_by_ssh) in the queue which would fix this. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985246&group_id=29880 From noreply at sourceforge.net Tue Mar 17 05:56:24 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 04:56:24 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985246 ] ssh_disk dont interpret -C with single quotes correct Message-ID: Bugs item #1985246, was opened at 2008-06-05 05:16 Message generated for change (Settings changed) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985246&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) >Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: ssh_disk dont interpret -C with single quotes correct Initial Comment: The following Bugreport we got against our debian package: By default, the ssh_disk configuration has the following command line... /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$' This creates the following error when trying to check a remote system... [1179694002] SERVICE ALERT: tagboard;/dev/hda1 Free Space;UNKNOWN;SOFT;1;Could not open pipe: /usr/bin/ssh 172.24.32.1 '/usr/lib/nagios/plugins/check_disk -w 5% -c 3% -p "/dev/hda1"' Changing the single quotes to be double quotes in the config resolves this problem. You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425312 Thanks and kind regards, Jan. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 00:55 Message: Thanks, wpreston, for the patch. It looks very nice, though I have some questions/comments about it... By going over ssh the remote end normally spawns a shell when it feels it's required. Are there any possible interaction with your patch and fancy/quirky check commands to work around them? Backwards-compatibility is an important issue there, though I guess it wouldn't be too hard to allow it with a conditional switch if required. It would be very nice if you could include code comments about the new functions. It seems like there are bug fixes along with new features (i.e. you seem to alter functions/unrelated parts of the code). It would be nice if you could make separate patches for them and apply the new features on top of the fixed code. Any reason for strcpy'ing the arguments when you can simply pass pointers around? This avoids the need to free them afterwards. I wouldn't modify the process_arguments function, as we may one day write a C library that will take care of thet (among other). Any reason **newargv and **opts are not global like the rest? Somewhere in np_runcmd_open_argv you have this, and I can't see these variables anywhere else in the patch...: + int master,slave; Why not using MAXARGS for detecting a full array? C++ comments (//) break on some architectures (just FYI) Does it apply on latest development code? Thanks ---------------------------------------------------------------------- Comment By: Will Preston (wpreston) Date: 2009-03-13 11:26 Message: There's a patch 2268675 (fix for quoting in check_by_ssh) in the queue which would fix this. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985246&group_id=29880 From noreply at sourceforge.net Tue Mar 17 05:56:42 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 04:56:42 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2268675 ] fix for quoting in check_by_ssh Message-ID: Patches item #2268675, was opened at 2008-11-12 05:32 Message generated for change (Settings changed) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2268675&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Will Preston (wpreston) >Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: fix for quoting in check_by_ssh Initial Comment: check_by_ssh builds its check into a single string and passes it to the np_runcmd() function to execute ssh. This function parses the command line back into ssh options and calls execve. Unfortunately the conversion causes various problems with quoted strings. The patch bypasses this conversion and passes the option string directly to execve. This should ensure that ssh checks and local checks are identical. Example: > /bin/sh -c "echo '"'$PATH'"'" $PATH > /bin/sh -c 'echo "a b"' a b > Unpatched: > check_by_ssh -H localhost -C "echo '"'$PATH'"'" /usr/local/bin:/usr/bin/:/bin > check_by_ssh -H localhost -C 'echo "a b"' Could not open pipe: /usr/bin/ssh localhost 'echo "a b"' > Patched: > check_by_ssh -H localhost -C "echo '"'$PATH'"'" $PATH > check_by_ssh -H localhost -C 'echo "a b"' a b > ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2268675&group_id=29880 From noreply at sourceforge.net Tue Mar 17 08:42:03 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 07:42:03 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-2632995 ] check_procs fails on Solaris Message-ID: Bugs item #2632995, was opened at 2009-02-24 04:08 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2632995&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Werner (forsbring) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_procs fails on Solaris Initial Comment: Hi, check_procs v2019 (nagios-plugins 1.4.13) exits with "Unable to read output" on most of our Solaris8 and Solaris 10 servers (I do not have access to any Solaris9 servers). 1.4.11 works just fine. I've attached the truss output. - Werner ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 03:42 Message: Sorry for the late reply... According pst3 header comment (I have no idea how it compares to "ps" though): * This executable works by reading process address structures, so needs * to be executed as root Regarding 64bits, I might be wrong but IIRC that's needed to get data about 64bit processes. Maybe that's somehow related to the root requisite as well, since it's probably a different way than "ps". I will have to look for a way to support cleanly both compilers, probably using autoconf. I'll look further into this when I can. Thanks ---------------------------------------------------------------------- Comment By: Werner (forsbring) Date: 2009-03-12 09:23 Message: Nope, not trying to run from source repository. But after looking into the buildlogs I guess I found the problem. You assume we use gcc, and the compiler option -m64 is used for pst3, which is not working with cc from older SunStudio. Why do pst3 have to be setuid root when /usr/bin/ps and /usr/ucp/ps don't? And regarding the 64-bit requirement, why? Almost no other binaries on Solaris is 64-bit. The pst3-thing seems like a ugly hack to me, sorry. :) - Werner ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-02-24 04:29 Message: Thanks for the debug output. Nagios-plugins now use pst3 to get the process list and this program needs to be installed and setuid root (I think old versions of nagios-plugins used it too, so you may have it already on some servers). It looks like you're trying to run from the source repository. Be sure to install the plugins, or at least hand-install pst3 (in plugins-root/ directory, don't forget to setuit root). If you still have issues I'll be able to help you is you can send the truss output again with the option to follow forks (-f). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2632995&group_id=29880 From noreply at sourceforge.net Tue Mar 17 09:02:16 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 08:02:16 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-09 19:56 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) >Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 06:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Tue Mar 17 09:03:09 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 08:03:09 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1864404 ] check_smtp/check_http miscalculate timezones in cert expiry Message-ID: Bugs item #1864404, was opened at 2008-01-05 04:46 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: Release (specify) Status: Open Resolution: None Priority: 7 Private: No Submitted By: David Miller (justdave72) >Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_smtp/check_http miscalculate timezones in cert expiry Initial Comment: check_smtp (nagios-plugins 1.4.9) 1.59 When running check_smtp with --starttls or -S, the certificate expiration time retrieved from the certificate is always expressed in GMT, but check_smtp compares it to the local timezone instead of GMT. For example, I'm in -0800 and my certificate expired a couple hours ago, but check_smtp claims "WARNING - Certificate expires today (01/05/2008 05:40)." instead of a CRITICAL that it's already expired. Time on the server is Sat Jan 5 01:44:42 PST 2008 (which is 09:44 GMT, past the expiration time) openssl s_client tells me: Verify return code: 10 (certificate has expired) ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:03 Message: The following tracker has a patch for this: https://sourceforge.net/support/tracker.php?aid=1939022 ---------------------------------------------------------------------- Comment By: David Miller (justdave72) Date: 2008-05-04 01:42 Message: Logged In: YES user_id=648592 Originator: YES The check_http plugin apparently makes this same error in its certificate checking code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 From noreply at sourceforge.net Tue Mar 17 09:04:38 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 08:04:38 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-2638765 ] check_http has wrong HTTP version when using "Host:" Message-ID: Bugs item #2638765, was opened at 2009-02-25 17:24 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2638765&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: v1.4.14 >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Thiago Figueiro (thiagocsf) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_http has wrong HTTP version when using "Host:" Initial Comment: The "Host" header does not exist in HTTP 1.0, but in HTTP 1.1 (see RFC for HTTP 1.0 http://www.faqs.org/rfcs/rfc2616.html and HTTP 1.1 http://www.faqs.org/rfcs/rfc1945.html) The 1.4.13 (latest release) version of check_http issues requests like: GET /myurl HTTP/1.0 User-Agent: check_http/v2053 (nagios-plugins 1.4.13) Connection: close Host: mydomain.com This will cause web servers and load balancers to ignore the "Host: mydomain.com" header because the request was specified as HTTP/1.0. The correct request is (notice "GET" line): GET /myurl HTTP/1.1 User-Agent: check_http/v2053 (nagios-plugins 1.4.13) Connection: close Host: mydomain.com A quick-and-dirty patch to fix this issue is below. --- plugins-orig/check_http.c 2009-02-26 09:11:55.000000000 +1100 +++ plugins/check_http.c 2009-02-26 09:07:46.000000000 +1100 @@ -783,7 +783,11 @@ } #endif /* HAVE_SSL */ + if (host_name) { + asprintf (&buf, "%s %s HTTP/1.1\r\n%s\r\n", http_method, server_url, user_agent); + } else { asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent); + } /* tell HTTP/1.1 servers not to keep the connection alive */ asprintf (&buf, "%sConnection: close\r\n", buf); Best regards, Thiago. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:04 Message: This problem is now fixed in Git. Thank you for your report. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-02-26 06:37 Message: Thanks for your patch. This is actually something that was fixed long time ago, but I reverted it because it was removing the :port part of the host header. I proposed a new patch but the follow-up was never done. There have been many changes since then so I doubt it will apply; I'll look very soon and re-apply it. See this thread for more details: http://archive.netbsd.se/?ml=nagiosplug-devel&a=2008-08&m=8377448 Related commits: 31efea1b490a12a64ce0359c2d847a381d2efb7b (2050) 0378f34d85e4fa2d83bae745c44649ccfb9744bb (2030) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2638765&group_id=29880 From noreply at sourceforge.net Tue Mar 17 09:06:20 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 08:06:20 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1478287 ] check_dns fails with CNAMEs Message-ID: Bugs item #1478287, was opened at 2006-04-28 05:43 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1478287&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed Resolution: Works For Me Priority: 5 Private: No Submitted By: James (jfidell) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_dns fails with CNAMEs Initial Comment: check_dns gives an error if the hostname being checked is a CNAME instead of an A record: DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no address This patch may be sub-optimal, but corrects the problem for me: --- check_dns.c~ Fri Apr 28 10:35:45 2006 +++ check_dns.c Fri Apr 28 10:35:52 2006 @@ -136,6 +136,13 @@ non_authoritative = TRUE; } + else if ( strstr ( chld_out.line[i], query_address ) && !address ) { + if (( temp_buffer = strstr ( chld_out.line[i] + strlen ( query_address ), + _("canonical name = ")))) { + address = strdup ( temp_buffer ); + } + } + result = error_scan (chld_out.line[i]); if (result != STATE_OK) { msg = strchr (chld_out.line[i], ':'); James ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:06 Message: This bug apparently did not close itself after a week - closing now. Feel free to reopen if it's still an issue. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-02-24 04:19 Message: Works for me, even if the server does not return an address (CNAME only) If you still have issues, please post the full verbose output (-vvv) of check_dns from the latest release (or even better latest source tarball). I'll mark this as pending for now - this bug will close itself in a week. ---------------------------------------------------------------------- Comment By: James (jfidell) Date: 2007-06-11 05:05 Message: Logged In: YES user_id=1510516 Originator: YES OS is FreeBSD 6.0. Not sure about the nslookup version as it seems to defy my attempts to find out. IIRC correctly (as this was some time ago), the problem is not specifically that the format of output of nslookup is different, but that in same circumstances check_dns mis-handles the output. I *think* the problem is that for some configurations (could be where the CNAME is in a different domain, or where it is served by a different nameserver, or perhaps just depending on the nameserver implementation), nslookup may not return a "Name:" or "Address:" line at all, even though the nameserver being queried can and does answer properly that the queried hostname is a canonical name. ---------------------------------------------------------------------- Comment By: Matthias Eble (psychotrahe) Date: 2007-06-11 04:17 Message: Logged In: YES user_id=1694341 Originator: NO Announced pending state by sending emails to the participants. ---------------------------------------------------------------------- Comment By: Matthias Eble (psychotrahe) Date: 2007-06-04 12:00 Message: Logged In: YES user_id=1694341 Originator: NO Which OS version/nslookup version are you running? On Ubuntu Linux (6.06) everything is fine with cnames, too. nslookup output looks like this: ... foo.de.tld canonical name = bar.tld. Name: bar.tld Address: x.x.x.x Could you post your output, too? Thanks Matthias ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1478287&group_id=29880 From noreply at sourceforge.net Tue Mar 17 23:34:13 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 17 Mar 2009 22:34:13 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 01:46 Message generated for change (Comment added) made by jbarbuto You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Closed Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Ton Voon (tonvoon) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-17 15:34 Message: I found a flaw in my patch: the MAX_OIDS limit was no longer being enforced, allowing for a potential buffer overflow. I've attached a patch against the git master to fix this. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-13 18:29 Message: Applied in git. Manually tested for an OID containing a double quote and works as expected. Thanks for John for his patch. ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 16:56 Message: I just used the tests in t/check_snmp.t plus a few others more specific to our environment. Almost all of my extra tests, like the extend tests, wouldn't necessarily work elsewhere. About the only test you'd find useful to add is one of multiple OIDs: $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize and hrSystemProcesses"); like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize and hrSystemProcesses"); ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-13 15:04 Message: Thanks John! I look through this now. Out of interest, what tests did you run? Will add them into our test scripts ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 14:14 Message: tonvoon: I see, I thought you were referring to plugins/runcmd.c. I've attached a patch against the SVN trunk that changes check_snmp to use lib/utils_cmd.c. It's passed all the tests I've thrown at it, including extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so please modify as necessary. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-12 04:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 14:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 13:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-19 16:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From noreply at sourceforge.net Wed Mar 18 12:58:51 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 18 Mar 2009 11:58:51 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline Message-ID: Bugs item #1985230, was opened at 2008-06-05 04:46 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Argument proccessing Group: CVS Status: Closed Resolution: None Priority: 7 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Ton Voon (tonvoon) Summary: check_snmp does not allow " chars in cmdline Initial Comment: The following Bugreport we got against our debian package: snmpd can be queried for customized "extend"s. A configured extend like extend avail_mem /usr/local/bin/check_avail_mem.pl can be queried as snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"' NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764 If you try to query this with check_snmp like check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"' this results into Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime" Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in the command line and bails out with above error. I fixed this by commenting out the follwing block: --- popen.c.old 2008-01-12 14:16:39.000000000 +0100 +++ popen.c 2008-01-12 14:16:54.000000000 +0100 @@ -133,8 +133,10 @@ strcpy (cmd, cmdstring); /* This is not a shell, so we don't handle "???" */ +/* if (strstr (cmdstring, "\"")) return NULL; +*/ /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */ if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''")) You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405 Thanks and kind regards, Jan. ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-18 07:58 Message: Thanks John. I applied your latest patch. ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-17 18:34 Message: I found a flaw in my patch: the MAX_OIDS limit was no longer being enforced, allowing for a potential buffer overflow. I've attached a patch against the git master to fix this. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-13 21:29 Message: Applied in git. Manually tested for an OID containing a double quote and works as expected. Thanks for John for his patch. ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 19:56 Message: I just used the tests in t/check_snmp.t plus a few others more specific to our environment. Almost all of my extra tests, like the extend tests, wouldn't necessarily work elsewhere. About the only test you'd find useful to add is one of multiple OIDs: $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize and hrSystemProcesses"); like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize and hrSystemProcesses"); ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-13 18:04 Message: Thanks John! I look through this now. Out of interest, what tests did you run? Will add them into our test scripts ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-13 17:14 Message: tonvoon: I see, I thought you were referring to plugins/runcmd.c. I've attached a patch against the SVN trunk that changes check_snmp to use lib/utils_cmd.c. It's passed all the tests I've thrown at it, including extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so please modify as necessary. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-12 07:18 Message: jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c? This is also used in negate.c. The idea is that if you pass an array of arguments, there will not be any shell expansion. mechanyx: There may be quoting that is required at Nagios. If you use $ in a command argument, you need to escape it with $$. ---------------------------------------------------------------------- Comment By: Richard Edward Horner (mechanyx) Date: 2009-03-11 17:24 Message: I'm not sure if this is related or not, but I had a similar problem with check_snmp where the community string on a network device contained a dollar sign ($). I was unable to get the check to run with that community string. I apologize as I do not remember exactly what Nagios output when I tried various methods of quoting or escaping it. I ended up changing the community string on the device. Thanks, Rich(ard) ---------------------------------------------------------------------- Comment By: John A. Barbuto (jbarbuto) Date: 2009-03-11 16:34 Message: I looked into writing a patch using the runcmd library, but I don't see this function you're referring to. np_runcmd_open() looks pretty similar to spopen(), with the same double quotes restriction. The old exec method of running external commands is deprecated, so I'd really like to get extend working. ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-19 19:11 Message: I don't think this is a valid fix. Preferably check_snmp should be switched to use the runcmd library instead, which has a function to pass a varg list for the command to run, thereby avoiding shell quotation. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880 From tanitxan at hotmail.com Wed Mar 18 13:50:45 2009 From: tanitxan at hotmail.com (Tania Monreal Barbarin) Date: Wed, 18 Mar 2009 13:50:45 +0100 Subject: [Nagiosplug-devel] FW: Problem with check_uptime_remote Message-ID: Hello, I have a problem with the plugin check_uptime_remote. I am usin Nagios 3 with the frontend Groundwork so i have change in the script the path of the library for /usr/local/groundwork/nagios/libexec However i never arrive to utilize the plugin because apparently i don't write the right command This is what i write: /usr/local/groundwork/nagios/libexec/check_uptime_remote -e /bin/bash -H SIELRER04 And the output is always the same: Usage: check_uptime_remote -e -H [-w ] [-c ] [-t] [-v verbose] I am quite sure that the problem is when i write the shell but i dont what is the problem. I have the tunnel ssh working properly and other plugins work perfectly. Thank you for any help. Tania Charlas m?s divertidas con el nuevo Windows Live Messenger _________________________________________________________________ Ll?vate Messenger en el m?vil a todas partes ?Con?ctate! http://www.microsoft.com/spain/windowsmobile/messenger/default.mspx -------------- next part -------------- An HTML attachment was scrubbed... URL: From noreply at sourceforge.net Wed Mar 18 19:56:09 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 18 Mar 2009 18:56:09 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1867736 ] check_http: allow simultaneous use size and content checks Message-ID: Patches item #1867736, was opened at 2008-01-09 15:22 Message generated for change (Comment added) made by sf-robot You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1867736&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None >Status: Closed Resolution: None Priority: 5 Private: No Submitted By: svenx (svenx) Assigned to: Ton Voon (tonvoon) Summary: check_http: allow simultaneous use size and content checks Initial Comment: Patch against Plugin Version: check_http v1892 (nagios-plugins 1.4.11) Plugin Name: check_http Example Plugin Commandline: ./check_http -H www.example.net -p 80 -f follow -m 700:750 -s 'reserved' Tested on operating system: Ubuntu 7.10 Tested on architecture: i686 Tested with compiler: gcc 4.1.3 This patch enables the user to perform both page size checking together with string or regex content checking. Previously, the string/regex test ignored the page size check. Sven Ulland ---------------------------------------------------------------------- >Comment By: SourceForge Robot (sf-robot) Date: 2009-03-18 18:56 Message: This Tracker item was closed automatically by the system. It was previously set to a Pending status, and the original submitter did not respond within 14 days (the time period specified by the administrator of this Tracker). ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-02-20 00:44 Message: Sven, Can you please try the latest snapshot? http://nagiosplug.sourceforge.net/snapshot/. I believe this has been fixed already. I'm marking this call in pending - if it still doesn't work, please update this call. Ton ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1867736&group_id=29880 From dlittle at toyatech.net Wed Mar 18 23:02:18 2009 From: dlittle at toyatech.net (Dustin Little) Date: Wed, 18 Mar 2009 17:02:18 -0500 Subject: [Nagiosplug-devel] error: redeclaration of enumerator 'OK' Message-ID: <49C16F6A.9000709@toyatech.net> Hello, I began a rewriting the third party check_sap plugins several months ago to use the new RFC libraries from SAP as well as other improvements. I got bogged down after running into a conflict with the enumeration 'OK' in common.h. The SAP library also declares an enumeration 'OK' which results in an "error: redeclaration of enumerator 'OK'" when I compile. I've attempted several work arounds such as wrapping the common.h functionality or undefining OK before I reference the SAP header, neither have resulted in much success. Wouldn't a better practice in a language without namespaces be to use a prefix like 'NAGIOS_OK' to avoid conflict? Has anyone encounter a similar conflict and found a resolution. Thanks, Dusty From dermoth at aei.ca Thu Mar 19 02:15:45 2009 From: dermoth at aei.ca (Thomas Guyot-Sionnest) Date: Wed, 18 Mar 2009 21:15:45 -0400 Subject: [Nagiosplug-devel] FW: Problem with check_uptime_remote In-Reply-To: References: Message-ID: <49C19CC1.1000909@aei.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/03/09 08:50 AM, Tania Monreal Barbarin wrote: > > > Hello, > I have a problem with the plugin check_uptime_remote. I am usin Nagios 3 > with the frontend Groundwork so i have change in the script the path of > the library for /usr/local/groundwork/nagios/libexec > However i never arrive to utilize the plugin because apparently i don't > write the right command > This is what i write: > /usr/local/groundwork/nagios/libexec/check_uptime_remote -e /bin/bash -H > SIELRER04 > And the output is always the same: Usage: check_uptime_remote -e > -H [-w ] [-c ] [-t] [-v verbose] > I am quite sure that the problem is when i write the shell but i dont > what is the problem. > I have the tunnel ssh working properly and other plugins work perfectly. > Thank you for any help. I don't know about this plugin. This is the Nagios-plugins development mailing list and the plugin you're talking about is not part of Nagios-plugins. - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJwZzA6dZ+Kt5BchYRAue7AJ9VxwTSAnh0CIrZjexRKIxbGgF3iACdG0lb oqQRotrGcUXS5+BzC48MMjc= =4PVb -----END PGP SIGNATURE----- From noreply at sourceforge.net Thu Mar 19 03:35:08 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 02:35:08 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1864404 ] check_smtp/check_http miscalculate timezones in cert expiry Message-ID: Bugs item #1864404, was opened at 2008-01-05 04:46 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: Release (specify) Status: Open Resolution: None Priority: 7 Private: No Submitted By: David Miller (justdave72) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_smtp/check_http miscalculate timezones in cert expiry Initial Comment: check_smtp (nagios-plugins 1.4.9) 1.59 When running check_smtp with --starttls or -S, the certificate expiration time retrieved from the certificate is always expressed in GMT, but check_smtp compares it to the local timezone instead of GMT. For example, I'm in -0800 and my certificate expired a couple hours ago, but check_smtp claims "WARNING - Certificate expires today (01/05/2008 05:40)." instead of a CRITICAL that it's already expired. Time on the server is Sat Jan 5 01:44:42 PST 2008 (which is 09:44 GMT, past the expiration time) openssl s_client tells me: Verify return code: 10 (certificate has expired) ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-18 22:35 Message: nevermind - It only add timestamps in the output. I will see what I can do. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:03 Message: The following tracker has a patch for this: https://sourceforge.net/support/tracker.php?aid=1939022 ---------------------------------------------------------------------- Comment By: David Miller (justdave72) Date: 2008-05-04 01:42 Message: Logged In: YES user_id=648592 Originator: YES The check_http plugin apparently makes this same error in its certificate checking code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 From noreply at sourceforge.net Thu Mar 19 06:13:43 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 05:13:43 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1864404 ] check_smtp/check_http miscalculate timezones in cert expiry Message-ID: Bugs item #1864404, was opened at 2008-01-05 04:46 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: Release (specify) >Status: Pending >Resolution: Fixed Priority: 7 Private: No Submitted By: David Miller (justdave72) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_smtp/check_http miscalculate timezones in cert expiry Initial Comment: check_smtp (nagios-plugins 1.4.9) 1.59 When running check_smtp with --starttls or -S, the certificate expiration time retrieved from the certificate is always expressed in GMT, but check_smtp compares it to the local timezone instead of GMT. For example, I'm in -0800 and my certificate expired a couple hours ago, but check_smtp claims "WARNING - Certificate expires today (01/05/2008 05:40)." instead of a CRITICAL that it's already expired. Time on the server is Sat Jan 5 01:44:42 PST 2008 (which is 09:44 GMT, past the expiration time) openssl s_client tells me: Verify return code: 10 (certificate has expired) ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:13 Message: Ok, I should sleep more at night... So the problem you're describing is not caused by the timestamp, but rather by a bug in the way time is compared. The current code in Git should fix your problem. I'm marking the bug as Pending. It will close itself in a week if you don't follow up. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-18 22:35 Message: nevermind - It only add timestamps in the output. I will see what I can do. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:03 Message: The following tracker has a patch for this: https://sourceforge.net/support/tracker.php?aid=1939022 ---------------------------------------------------------------------- Comment By: David Miller (justdave72) Date: 2008-05-04 01:42 Message: Logged In: YES user_id=648592 Originator: YES The check_http plugin apparently makes this same error in its certificate checking code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 From noreply at sourceforge.net Thu Mar 19 06:16:46 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 05:16:46 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-09 19:56 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 06:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Thu Mar 19 06:40:30 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 05:40:30 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1864404 ] check_smtp/check_http miscalculate timezones in cert expiry Message-ID: Bugs item #1864404, was opened at 2008-01-05 04:46 Message generated for change (Comment added) made by justdave72 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: Release (specify) >Status: Open Resolution: Fixed Priority: 7 Private: No Submitted By: David Miller (justdave72) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_smtp/check_http miscalculate timezones in cert expiry Initial Comment: check_smtp (nagios-plugins 1.4.9) 1.59 When running check_smtp with --starttls or -S, the certificate expiration time retrieved from the certificate is always expressed in GMT, but check_smtp compares it to the local timezone instead of GMT. For example, I'm in -0800 and my certificate expired a couple hours ago, but check_smtp claims "WARNING - Certificate expires today (01/05/2008 05:40)." instead of a CRITICAL that it's already expired. Time on the server is Sat Jan 5 01:44:42 PST 2008 (which is 09:44 GMT, past the expiration time) openssl s_client tells me: Verify return code: 10 (certificate has expired) ---------------------------------------------------------------------- >Comment By: David Miller (justdave72) Date: 2009-03-19 01:40 Message: Cool, thanks! Out of curiosity, when will that code in Git hit a released version? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:13 Message: Ok, I should sleep more at night... So the problem you're describing is not caused by the timestamp, but rather by a bug in the way time is compared. The current code in Git should fix your problem. I'm marking the bug as Pending. It will close itself in a week if you don't follow up. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-18 22:35 Message: nevermind - It only add timestamps in the output. I will see what I can do. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:03 Message: The following tracker has a patch for this: https://sourceforge.net/support/tracker.php?aid=1939022 ---------------------------------------------------------------------- Comment By: David Miller (justdave72) Date: 2008-05-04 01:42 Message: Logged In: YES user_id=648592 Originator: YES The check_http plugin apparently makes this same error in its certificate checking code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 From noreply at sourceforge.net Thu Mar 19 13:18:17 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 12:18:17 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1864404 ] check_smtp/check_http miscalculate timezones in cert expiry Message-ID: Bugs item #1864404, was opened at 2008-01-05 04:46 Message generated for change (Settings changed) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: Release (specify) >Status: Closed Resolution: Fixed Priority: 7 Private: No Submitted By: David Miller (justdave72) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_smtp/check_http miscalculate timezones in cert expiry Initial Comment: check_smtp (nagios-plugins 1.4.9) 1.59 When running check_smtp with --starttls or -S, the certificate expiration time retrieved from the certificate is always expressed in GMT, but check_smtp compares it to the local timezone instead of GMT. For example, I'm in -0800 and my certificate expired a couple hours ago, but check_smtp claims "WARNING - Certificate expires today (01/05/2008 05:40)." instead of a CRITICAL that it's already expired. Time on the server is Sat Jan 5 01:44:42 PST 2008 (which is 09:44 GMT, past the expiration time) openssl s_client tells me: Verify return code: 10 (certificate has expired) ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 08:18 Message: Very, very soon! :) You can also get a snapshot here: http://nagiosplug.sourceforge.net/snapshot/ ---------------------------------------------------------------------- Comment By: David Miller (justdave72) Date: 2009-03-19 01:40 Message: Cool, thanks! Out of curiosity, when will that code in Git hit a released version? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:13 Message: Ok, I should sleep more at night... So the problem you're describing is not caused by the timestamp, but rather by a bug in the way time is compared. The current code in Git should fix your problem. I'm marking the bug as Pending. It will close itself in a week if you don't follow up. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-18 22:35 Message: nevermind - It only add timestamps in the output. I will see what I can do. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:03 Message: The following tracker has a patch for this: https://sourceforge.net/support/tracker.php?aid=1939022 ---------------------------------------------------------------------- Comment By: David Miller (justdave72) Date: 2008-05-04 01:42 Message: Logged In: YES user_id=648592 Originator: YES The check_http plugin apparently makes this same error in its certificate checking code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1864404&group_id=29880 From noreply at sourceforge.net Fri Mar 20 00:03:03 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 23:03:03 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-10 01:56 Message generated for change (Comment added) made by guillomovitch You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 06:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 09:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 12:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Fri Mar 20 00:06:14 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 19 Mar 2009 23:06:14 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-10 01:56 Message generated for change (Comment added) made by guillomovitch You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:06 Message: diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-19 23:54:12.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_smtp.c nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c --- nagios-plugins-1.4.13/plugins/check_smtp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c 2009-03-19 23:55:38.000000000 +0100 @@ -236,7 +236,7 @@ smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_tcp.c nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c --- nagios-plugins-1.4.13/plugins/check_tcp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c 2009-03-19 23:55:21.000000000 +0100 @@ -236,7 +236,7 @@ #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); if(result != STATE_OK) { diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-19 23:57:45.000000000 +0100 @@ -94,7 +94,7 @@ /* SSL-Related functionality */ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ -int np_net_ssl_init(int sd); +int np_net_ssl_init(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-20 00:01:58.000000000 +0100 @@ -38,7 +38,7 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd, char *host_name){ if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +51,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +72,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 06:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 09:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 12:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Fri Mar 20 03:06:27 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 20 Mar 2009 02:06:27 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-09 19:56 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 22:06 Message: Sorry, it's not about old openssl (I assumed that without really reading the error message). I realized it yesterday after sending the comment, though it was a coincidence: I was reading about timezone stuff and read somewhere that tm.tm_zone is a gnu extension. I can commit it without the timezone stuff though (isn't the timezone always GMT?? I couldn't find any good documentation on the OpenSSL functions used in sslutil...). Please attach it as a file though. What you paste in comments it totally unusable for patch. Also, do you have anything to test with? Would there be any way to integrate this in the unit tests too (they use HTTP::Daemon::SSL for emulating a web server) ? Thanks ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-19 19:06 Message: diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-19 23:54:12.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_smtp.c nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c --- nagios-plugins-1.4.13/plugins/check_smtp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c 2009-03-19 23:55:38.000000000 +0100 @@ -236,7 +236,7 @@ smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_tcp.c nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c --- nagios-plugins-1.4.13/plugins/check_tcp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c 2009-03-19 23:55:21.000000000 +0100 @@ -236,7 +236,7 @@ #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); if(result != STATE_OK) { diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-19 23:57:45.000000000 +0100 @@ -94,7 +94,7 @@ /* SSL-Related functionality */ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ -int np_net_ssl_init(int sd); +int np_net_ssl_init(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-20 00:01:58.000000000 +0100 @@ -38,7 +38,7 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd, char *host_name){ if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +51,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +72,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-19 19:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 06:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Fri Mar 20 09:21:30 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 20 Mar 2009 08:21:30 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2696823 ] check_mysql.c: Negative value in array Message-ID: Patches item #2696823, was opened at 2009-03-20 09:21 Message generated for change (Tracker Item Submitted) made by oskara67 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Oskar Ahner (oskara67) Assigned to: Nobody/Anonymous (nobody) Summary: check_mysql.c: Negative value in array Initial Comment: Version: nagios-plugins-1.4.13, file check_mysql.c, version '2034. Cause: For mysql-server verson 4.0.29 the column 'Seconds_Behind_Master' does not exist. This causes a segmentation fault when executing. Description: In main() the int 'seconds_behind_field' has the value -1 when accessed in the following statement: if ((seconds_behind_field != -1) && (strcmp (row[seconds_behind_field], "NULL") != 0)) { double value = atof(row[seconds_behind_field]); Here is a simple patch: --- nagios-plugins-1.4.13/plugins/check_mysql.c 2008-08-16 06:47:32.000000000 +0200 +++ nagios-plugins-1.4.13.oskar/plugins/check_mysql.c 2009-03-19 16:50:18.000000000 +0100 @@ -181,13 +181,14 @@ continue; } } + if ((slave_io_field < 0) || (slave_sql_field < 0) || (num_fields == 0)) { mysql_free_result (res); mysql_close (&mysql); die (STATE_CRITICAL, "Slave status unavailable\n"); } - snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); + snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], seconds_behind_field!=-1?row[seconds_behind_field]:"Unknown"); if (strcmp (row[slave_io_field], "Yes") != 0 || strcmp (row[slave_sql_field], "Yes") != 0) { mysql_free_result (res); mysql_close (&mysql); Regards, Oskar ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 From noreply at sourceforge.net Fri Mar 20 09:25:52 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Fri, 20 Mar 2009 08:25:52 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2696823 ] check_mysql.c: Negative value in array Message-ID: Patches item #2696823, was opened at 2009-03-20 09:21 Message generated for change (Comment added) made by oskara67 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Oskar Ahner (oskara67) Assigned to: Nobody/Anonymous (nobody) Summary: check_mysql.c: Negative value in array Initial Comment: Version: nagios-plugins-1.4.13, file check_mysql.c, version '2034. Cause: For mysql-server verson 4.0.29 the column 'Seconds_Behind_Master' does not exist. This causes a segmentation fault when executing. Description: In main() the int 'seconds_behind_field' has the value -1 when accessed in the following statement: if ((seconds_behind_field != -1) && (strcmp (row[seconds_behind_field], "NULL") != 0)) { double value = atof(row[seconds_behind_field]); Here is a simple patch: --- nagios-plugins-1.4.13/plugins/check_mysql.c 2008-08-16 06:47:32.000000000 +0200 +++ nagios-plugins-1.4.13.oskar/plugins/check_mysql.c 2009-03-19 16:50:18.000000000 +0100 @@ -181,13 +181,14 @@ continue; } } + if ((slave_io_field < 0) || (slave_sql_field < 0) || (num_fields == 0)) { mysql_free_result (res); mysql_close (&mysql); die (STATE_CRITICAL, "Slave status unavailable\n"); } - snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); + snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], seconds_behind_field!=-1?row[seconds_behind_field]:"Unknown"); if (strcmp (row[slave_io_field], "Yes") != 0 || strcmp (row[slave_sql_field], "Yes") != 0) { mysql_free_result (res); mysql_close (&mysql); Regards, Oskar ---------------------------------------------------------------------- >Comment By: Oskar Ahner (oskara67) Date: 2009-03-20 09:25 Message: Sorry, I wrote wrong line, it core dumps when this line is executed, because 'seconds_behind_value" is -1. The patch is correct however. snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", r ow[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 From eva.keane at tradeweb.com Fri Mar 20 13:53:35 2009 From: eva.keane at tradeweb.com (eva.keane at tradeweb.com) Date: Fri, 20 Mar 2009 08:53:35 -0400 Subject: [Nagiosplug-devel] nagios plugin 1.4.13 - solaris Message-ID: <4D65ACEF6EFDFB48A8F9B57B7D17B9BF035902E5@tfusnjpscmbx03.ERF.THOMSON.COM> Hello, I have run into a problem for solaris 7 and 8 when installing the nagios plugin I am using the: nagios-plugins-1.4.13... I saw that this issue was fixed ... but I still experience this bug... I am getting: source='pst3.c' object='pst3-pst3.o' libtool=no \ DEPDIR=.deps depmode=gcc /bin/bash ../build-aux/depcomp \ gcc -DLOCALEDIR=\"/usr/local/nagios/share/locale\" -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../lib -I../gl -I../intl -I../plugins -m64 -g -O2 -c -o pst3-pst3.o `test -f 'pst3.c' || echo './'`pst3.c cc1: -m64 is not supported by this configuration pst3.c: In function `main': pst3.c:82: warning: assignment makes pointer from integer without a cast pst3.c:129: parse error before `*' pst3.c:165: warning: assignment makes pointer from integer without a cast pst3.c:166: warning: assignment makes pointer from integer without a cast pst3.c:168: warning: assignment makes pointer from integer without a cast pst3.c:193: `args_count' undeclared (first use this function) pst3.c:193: (Each undeclared identifier is reported only once pst3.c:193: for each function it appears in.) pst3.c:194: `args_vecs' undeclared (first use this function) make[2]: *** [pst3-pst3.o] Error 1 make[2]: Leaving directory `/home/autex/nagios/nagios-plugins-1.4.13/plugins-root' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/autex/nagios/nagios-plugins-1.4.13' make: *** [all] Error 2 # If I comment out the -m64 part in the configure... I still getting an error: gcc -g -O2 -o check_icmp check_icmp.o ../plugins/netutils.o ../plugins/utils.o -L/home/autex/nagios/nagios-plugins-1.4.13/plugins-root ../lib/libnagiosplug.a ../gl/libgnu.a -lresolv -lnsl -lsocket -l dl source='pst3.c' object='pst3-pst3.o' libtool=no \ DEPDIR=.deps depmode=gcc /bin/bash ../build-aux/depcomp \ gcc -DLOCALEDIR=\"/usr/local/nagios/share/locale\" -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../lib -I../gl -I../intl -I../plugins -g -O2 -c -o pst3-pst3.o `test -f 'pst3.c' || echo './'`pst3.c pst3.c: In function `main': pst3.c:82: warning: assignment makes pointer from integer without a cast pst3.c:129: parse error before `*' pst3.c:165: warning: assignment makes pointer from integer without a cast pst3.c:166: warning: assignment makes pointer from integer without a cast pst3.c:168: warning: assignment makes pointer from integer without a cast pst3.c:193: `args_count' undeclared (first use this function) pst3.c:193: (Each undeclared identifier is reported only once pst3.c:193: for each function it appears in.) pst3.c:194: `args_vecs' undeclared (first use this function) make[2]: *** [pst3-pst3.o] Error 1 make[2]: Leaving directory `/home/autex/nagios/nagios-plugins-1.4.13/plugins-root' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/autex/nagios/nagios-plugins-1.4.13' make: *** [all] Error 2 # Any thoughts? Thanks, Eva -------------- next part -------------- An HTML attachment was scrubbed... URL: From noreply at sourceforge.net Sat Mar 21 07:49:56 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 21 Mar 2009 06:49:56 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-09 19:56 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-21 02:49 Message: Actually I prefer the other method. I stripped the timezone stuff, cleared the host on cleanup and added the call to check_http to set the hostname only if needed. Does it works for you? It would be really kind if you could send me an url to test with. Thanks. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 22:06 Message: Sorry, it's not about old openssl (I assumed that without really reading the error message). I realized it yesterday after sending the comment, though it was a coincidence: I was reading about timezone stuff and read somewhere that tm.tm_zone is a gnu extension. I can commit it without the timezone stuff though (isn't the timezone always GMT?? I couldn't find any good documentation on the OpenSSL functions used in sslutil...). Please attach it as a file though. What you paste in comments it totally unusable for patch. Also, do you have anything to test with? Would there be any way to integrate this in the unit tests too (they use HTTP::Daemon::SSL for emulating a web server) ? Thanks ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-19 19:06 Message: diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-19 23:54:12.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_smtp.c nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c --- nagios-plugins-1.4.13/plugins/check_smtp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c 2009-03-19 23:55:38.000000000 +0100 @@ -236,7 +236,7 @@ smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_tcp.c nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c --- nagios-plugins-1.4.13/plugins/check_tcp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c 2009-03-19 23:55:21.000000000 +0100 @@ -236,7 +236,7 @@ #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); if(result != STATE_OK) { diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-19 23:57:45.000000000 +0100 @@ -94,7 +94,7 @@ /* SSL-Related functionality */ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ -int np_net_ssl_init(int sd); +int np_net_ssl_init(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-20 00:01:58.000000000 +0100 @@ -38,7 +38,7 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd, char *host_name){ if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +51,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +72,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-19 19:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 06:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From noreply at sourceforge.net Sat Mar 21 08:03:11 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 21 Mar 2009 07:03:11 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-2550208 ] Patch to check_http redirect behaviour Message-ID: Bugs item #2550208, was opened at 2009-01-30 15:36 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2550208&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General plugin execution Group: Release (specify) Status: Closed Resolution: Fixed Priority: 5 Private: No Submitted By: Jan Wagner (cyco_dd) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: Patch to check_http redirect behaviour Initial Comment: The following Bugreport we got against our debian package: If told to follow redirects, check_http follows exactly disregarding any supplied IP address. Of course this might be what you want. The included patch adds another option to the -f|--on-redirect switch which will follow but still connect to the same host. It might be considered a bug that even if an IP address is NOT given, the same host will be connected to. --- check_http.c~ 2008-05-07 11:02:42.000000000 +0100 +++ check_http.c 2008-10-17 09:45:38.000000000 +0100 @@ -110,6 +110,7 @@ char **http_opt_headers; int http_opt_headers_count = 0; int onredirect = STATE_OK; +int follow_same_ip = FALSE; int use_ssl = FALSE; int verbose = FALSE; int sd; @@ -302,6 +303,11 @@ server_port = HTTPS_PORT; break; case 'f': /* onredirect */ + if (!strcmp (optarg, "follow-same-ip")) + { + onredirect = STATE_DEPENDENT; + follow_same_ip = TRUE; + } if (!strcmp (optarg, "follow")) onredirect = STATE_DEPENDENT; if (!strcmp (optarg, "unknown")) @@ -1151,8 +1158,11 @@ free (host_name); host_name = strdup (addr); - free (server_address); - server_address = strdup (addr); + if (!follow_same_ip) + { + free (server_address); + server_address = strdup (addr); + } free (server_url); if ((url[0] == '/')) @@ -1169,8 +1179,12 @@ display_html ? "" : ""); if (verbose) - printf (_("Redirection to %s://%s:%d%s\n"), server_type, - host_name ? host_name : server_address, server_port, server_url); + { + printf (_("Redirection to %s://%s:%d%s\n"), server_type, + host_name ? host_name : server_address, server_port, server_url); + if (!host_name) + printf (_("Connecting to %s.\n"), server_address); + } check_http (); } @@ -1292,7 +1306,7 @@ printf (" %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers")); printf (" %s\n", "-L, --link"); printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); - printf (" %s\n", "-f, --onredirect="); + printf (" %s\n", "-f, --onredirect="); printf (" %s\n", _("How to handle redirected pages")); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); @@ -1346,7 +1360,7 @@ printf (_("Usage:")); printf (" %s -H | -I [-u ] [-p ]\n",progname); printf (" [-w ] [-c ] [-t ] [-L]\n"); - printf (" [-a auth] [-f ] [-e ]\n"); + printf (" [-a auth] [-f ] [-e ]\n"); printf (" [-s string] [-l] [-r | -R ] [-P string]\n"); printf (" [-m :] [-4|-6] [-N] [-M ] [-A string]\n"); printf (" [-k string] [-S] [-C ] [-T ]\n"); You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502529 ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-21 03:03 Message: FYI, I added stickyport as well - with servers that return full redirection URLs, a custom port (common behind load balancers) will not be followed. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-02-05 06:52 Message: Oh, sorry for not updating the patch. It's fixed already. You can try the latest snapshots. The syntax is "--onredirect=sticky" ---------------------------------------------------------------------- Comment By: Jan Wagner (cyco_dd) Date: 2009-02-05 03:16 Message: Hi Thomas, if you looked in the debian bug report, you can see it's also just a copy&paste patch there. I know that copy&waste usualy breaks the patch ... so ... if I have patch(-files), I'll attach them. :) Cheers, Jan. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-02-04 23:31 Message: Thanks for your report. I just realized my onredirects indeed end up on the wrong ip :) You should always attach the patch, otherwise formating is lost and it can't be applied. It looks like your patch is not totally complete neither. Don't worry though, I'll rather implement it trough --onredirect=sticky ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2550208&group_id=29880 From noreply at sourceforge.net Mon Mar 23 13:09:36 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 23 Mar 2009 12:09:36 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2696823 ] check_mysql.c: Negative value in array Message-ID: Patches item #2696823, was opened at 2009-03-20 04:21 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix >Group: release-1.4.14 Status: Open >Resolution: Accepted Priority: 5 Private: No Submitted By: Oskar Ahner (oskara67) >Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_mysql.c: Negative value in array Initial Comment: Version: nagios-plugins-1.4.13, file check_mysql.c, version '2034. Cause: For mysql-server verson 4.0.29 the column 'Seconds_Behind_Master' does not exist. This causes a segmentation fault when executing. Description: In main() the int 'seconds_behind_field' has the value -1 when accessed in the following statement: if ((seconds_behind_field != -1) && (strcmp (row[seconds_behind_field], "NULL") != 0)) { double value = atof(row[seconds_behind_field]); Here is a simple patch: --- nagios-plugins-1.4.13/plugins/check_mysql.c 2008-08-16 06:47:32.000000000 +0200 +++ nagios-plugins-1.4.13.oskar/plugins/check_mysql.c 2009-03-19 16:50:18.000000000 +0100 @@ -181,13 +181,14 @@ continue; } } + if ((slave_io_field < 0) || (slave_sql_field < 0) || (num_fields == 0)) { mysql_free_result (res); mysql_close (&mysql); die (STATE_CRITICAL, "Slave status unavailable\n"); } - snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); + snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], seconds_behind_field!=-1?row[seconds_behind_field]:"Unknown"); if (strcmp (row[slave_io_field], "Yes") != 0 || strcmp (row[slave_sql_field], "Yes") != 0) { mysql_free_result (res); mysql_close (&mysql); Regards, Oskar ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-23 08:09 Message: Thanks! Since I don't have old slaves to test with, I tested by commenting out the code block that look for said line. I will commit it tonight or tomorrow. ---------------------------------------------------------------------- Comment By: Oskar Ahner (oskara67) Date: 2009-03-20 04:25 Message: Sorry, I wrote wrong line, it core dumps when this line is executed, because 'seconds_behind_value" is -1. The patch is correct however. snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", r ow[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 From noreply at sourceforge.net Tue Mar 24 06:48:31 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 24 Mar 2009 05:48:31 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2708481 ] check_file_age - Add option (-m) to allow for missing file Message-ID: Patches item #2708481, was opened at 2009-03-24 00:48 Message generated for change (Tracker Item Submitted) made by r33d You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2708481&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Reed Loden (r33d) Assigned to: Nobody/Anonymous (nobody) Summary: check_file_age - Add option (-m) to allow for missing file Initial Comment: I'm using check_file_age to monitor for stale lock files, which means it's ok for such a file to not exist. The attached patch adds support for an -m (missing) option to make the check return OK if the file is missing rather than CRITICAL. Patch against Plugin Version (-V output): check_file_age v1750 (nagios-plugins 1.4.13) Plugin Name: check_file_age Example Plugin Commandline: /usr/lib/nagios/plugins/check_file_age -m -f /tmp/blah.lock Tested on operating system: RHEL5 Tested on architecture: i686 Tested with compiler: N/A ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2708481&group_id=29880 From noreply at sourceforge.net Tue Mar 24 07:04:36 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 24 Mar 2009 06:04:36 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2696823 ] check_mysql.c: Negative value in array Message-ID: Patches item #2696823, was opened at 2009-03-20 04:21 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: release-1.4.14 >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Oskar Ahner (oskara67) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: check_mysql.c: Negative value in array Initial Comment: Version: nagios-plugins-1.4.13, file check_mysql.c, version '2034. Cause: For mysql-server verson 4.0.29 the column 'Seconds_Behind_Master' does not exist. This causes a segmentation fault when executing. Description: In main() the int 'seconds_behind_field' has the value -1 when accessed in the following statement: if ((seconds_behind_field != -1) && (strcmp (row[seconds_behind_field], "NULL") != 0)) { double value = atof(row[seconds_behind_field]); Here is a simple patch: --- nagios-plugins-1.4.13/plugins/check_mysql.c 2008-08-16 06:47:32.000000000 +0200 +++ nagios-plugins-1.4.13.oskar/plugins/check_mysql.c 2009-03-19 16:50:18.000000000 +0100 @@ -181,13 +181,14 @@ continue; } } + if ((slave_io_field < 0) || (slave_sql_field < 0) || (num_fields == 0)) { mysql_free_result (res); mysql_close (&mysql); die (STATE_CRITICAL, "Slave status unavailable\n"); } - snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); + snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], seconds_behind_field!=-1?row[seconds_behind_field]:"Unknown"); if (strcmp (row[slave_io_field], "Yes") != 0 || strcmp (row[slave_sql_field], "Yes") != 0) { mysql_free_result (res); mysql_close (&mysql); Regards, Oskar ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-24 02:04 Message: This problem is now fixed in Git. Thank you for your report. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-23 08:09 Message: Thanks! Since I don't have old slaves to test with, I tested by commenting out the code block that look for said line. I will commit it tonight or tomorrow. ---------------------------------------------------------------------- Comment By: Oskar Ahner (oskara67) Date: 2009-03-20 04:25 Message: Sorry, I wrote wrong line, it core dumps when this line is executed, because 'seconds_behind_value" is -1. The patch is correct however. snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", r ow[slave_io_field], row[slave_sql_field], row[seconds_behind_field]); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2696823&group_id=29880 From tonvoon at mac.com Tue Mar 24 22:18:24 2009 From: tonvoon at mac.com (Ton Voon) Date: Tue, 24 Mar 2009 21:18:24 +0000 Subject: [Nagiosplug-devel] Incorrect MIB type? References: Message-ID: Hi! I received this email offlist about the nagiosmib. However, I'm not fluent with SNMP MIBs, so does anyone else have an opinion if this is a safe change to make? Ton Begin forwarded message: > From: Dirk Fieldhouse > > As identified by Jan-Terje, the author of this message >, there is an inconsistency in the MIB module NAGIOS-NOTIFY-MIB. > Unfortunately smilint, used for the package test, isn't able to > detect this problem, because the inconsistent types are both integer > types. > > At line 230 > nHostNotifyType NotifyType, > nHostNotifyNum Integer32, > > At line 255 > nHostNotifyNum OBJECT-TYPE > SYNTAX NotifyType > > Obviously NotifyType, an enumeration, is meant to be the syntax for > nHostNotifyType and not for nHostNotifyNum. > > Also from the description for the nHostNotifyNum OBJECT-TYPE ... > > "This identifies the current notification number for the service or > host. > The notification number increases by one (1) each time a new > notification > is sent out for a host or service (except for > acknowledgements). The > notification number is reset to 0 when the host or service > recovers > (after the recovery notification has gone out). > Acknowledgements do not > cause the notification number to increase." > > ... it's clear that Integer32 (signed integer) isn't the right type > for nHostNotifyNum, and it should be an unsigned type, Gauge32. Or > perhaps Unsigned32, but Gauge32 has the benefit of specifying the > behaviour in the vanishly unlikely case of overflowing 32 bits > (doesn't wrap). > > For consistency nSvcNotifyNum needs the same change. > > I've attached a Unix diff file corresponding to these changes. > > Am I right in thinking that nothing in Nagios or nagiosplugins > actually implements this MIB (say a trap-forwarder) and that it's > purely to be used as a convention by event-handlers that send Nagios > events as traps? > > Please feel free to redirect this to an appropriate discussion group. > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: NAGIOS-NOTIFY-MIB.diff Type: application/octet-stream Size: 421 bytes Desc: not available URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From noreply at sourceforge.net Tue Mar 24 22:46:25 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 24 Mar 2009 21:46:25 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-10 01:56 Message generated for change (Comment added) made by guillomovitch You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-24 22:46 Message: You can test with https://sympa.msr-inria.inria.fr and https://www.msr-inria.inria.fr, both of them are different virtual hosts running on the same physical hosts, using different certificates. I didn't found the time to test the patch myself yet. To include the test in an automated test suite, however, you'll need a SNI-enabled web server, and I don't think does it. BTW, your message about "clearing the host on cleanup" sound like you used the original patch supplied. The one I submitted myself avoid this by using a local variable instead of a global one :P ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-21 07:49 Message: Actually I prefer the other method. I stripped the timezone stuff, cleared the host on cleanup and added the call to check_http to set the hostname only if needed. Does it works for you? It would be really kind if you could send me an url to test with. Thanks. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-20 03:06 Message: Sorry, it's not about old openssl (I assumed that without really reading the error message). I realized it yesterday after sending the comment, though it was a coincidence: I was reading about timezone stuff and read somewhere that tm.tm_zone is a gnu extension. I can commit it without the timezone stuff though (isn't the timezone always GMT?? I couldn't find any good documentation on the OpenSSL functions used in sslutil...). Please attach it as a file though. What you paste in comments it totally unusable for patch. Also, do you have anything to test with? Would there be any way to integrate this in the unit tests too (they use HTTP::Daemon::SSL for emulating a web server) ? Thanks ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:06 Message: diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-19 23:54:12.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_smtp.c nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c --- nagios-plugins-1.4.13/plugins/check_smtp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c 2009-03-19 23:55:38.000000000 +0100 @@ -236,7 +236,7 @@ smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_tcp.c nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c --- nagios-plugins-1.4.13/plugins/check_tcp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c 2009-03-19 23:55:21.000000000 +0100 @@ -236,7 +236,7 @@ #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); if(result != STATE_OK) { diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-19 23:57:45.000000000 +0100 @@ -94,7 +94,7 @@ /* SSL-Related functionality */ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ -int np_net_ssl_init(int sd); +int np_net_ssl_init(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-20 00:01:58.000000000 +0100 @@ -38,7 +38,7 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd, char *host_name){ if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +51,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +72,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 06:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 09:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 12:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From perldork at webwizarddesign.com Tue Mar 24 22:55:17 2009 From: perldork at webwizarddesign.com (Max) Date: Tue, 24 Mar 2009 17:55:17 -0400 Subject: [Nagiosplug-devel] Incorrect MIB type? In-Reply-To: References: Message-ID: On Tue, Mar 24, 2009 at 5:18 PM, Ton Voon wrote: > Hi! > I received this email offlist about the nagiosmib. However, I'm not fluent > with SNMP MIBs, so does anyone else have an opinion if this is a safe change > to make? Sweet, looks reasonable to me :). we use this MIB as our standard internally for forwarding traps from nagios to MOMs and for receiving traps from hosts (hope to be releasing a perl wrapper script my colleague wrote that will use Net::SNMP, the Net-SNMP binaries, or SysEdge to send the trap so that users can just call the script with host/service statuses and have it pick the correct transport). Gauge32 is fine, although this isn't a pollable OID so i do not think it matters too much; if it isn't pollable, counter wrap behavior doesn't matter in my opinion. - Max From ae at op5.se Wed Mar 25 11:29:33 2009 From: ae at op5.se (Andreas Ericsson) Date: Wed, 25 Mar 2009 11:29:33 +0100 Subject: [Nagiosplug-devel] Incorrect MIB type? In-Reply-To: References: Message-ID: <49CA078D.4040407@op5.se> Ton Voon wrote: > Hi! > > I received this email offlist about the nagiosmib. However, I'm not fluent with > SNMP MIBs, so does anyone else have an opinion if this is a safe change to make? > >> Also from the description for the nHostNotifyNum OBJECT-TYPE ... >> >> "This identifies the current notification number for the service or host. >> The notification number increases by one (1) each time a new notification >> is sent out for a host or service (except for acknowledgements). The >> notification number is reset to 0 when the host or service recovers >> (after the recovery notification has gone out). Acknowledgements do not >> cause the notification number to increase." >> >> ... it's clear that Integer32 (signed integer) isn't the right type for >> nHostNotifyNum, and it should be an unsigned type, Gauge32. Or perhaps >> Unsigned32, but Gauge32 has the benefit of specifying the behaviour in the >> vanishly unlikely case of overflowing 32 bits (doesn't wrap). It depends. Nagios uses unsigned long to determine the notification id. Using Gauge32 is broken, since Nagios doesn't handle wrap-arounds (and with 4.3 billion ID's, I doubt anyone will get the same ID twice so close to each other they'll react to it). One problem is that unsigned long is different bitwidth on 64-bit and 32-bit systems, but it should be safe to ignore that and just mask off the bottom 32 bits. Making it Unsigned32 and masking with (id & 0xffffffff) is almost certainly the correct way to go about it. If the processes surrounding mib updates is overly tricky, it should be safe to leave it as-is and just use (id & 0x7fffffff). That means we have to live with "only" having 2.1 billion notification id's before overflowing though. I don't think it will matter either way for any practical purposes though. -- Andreas Ericsson andreas.ericsson at op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. From noreply at sourceforge.net Wed Mar 25 22:13:20 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 25 Mar 2009 21:13:20 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-10 01:56 Message generated for change (Comment added) made by guillomovitch You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-25 22:13 Message: Here is a new version of my own patch, keeping original API intact to reduce impact (sorry, it seems only original reporter can attach files). I just tested it, it works OK. diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-25 21:43:57.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init_with_hostname(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-25 21:31:29.000000000 +0100 @@ -95,6 +95,7 @@ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ int np_net_ssl_init(int sd); +int np_net_ssl_init_with_hostname(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-25 21:31:14.000000000 +0100 @@ -38,7 +38,11 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd) { + return np_net_ssl_init_with_hostname(sd, NULL); +} + +int np_net_ssl_init_with_hostname (int sd, char *host_name) { if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +55,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +76,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-24 22:46 Message: You can test with https://sympa.msr-inria.inria.fr and https://www.msr-inria.inria.fr, both of them are different virtual hosts running on the same physical hosts, using different certificates. I didn't found the time to test the patch myself yet. To include the test in an automated test suite, however, you'll need a SNI-enabled web server, and I don't think does it. BTW, your message about "clearing the host on cleanup" sound like you used the original patch supplied. The one I submitted myself avoid this by using a local variable instead of a global one :P ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-21 07:49 Message: Actually I prefer the other method. I stripped the timezone stuff, cleared the host on cleanup and added the call to check_http to set the hostname only if needed. Does it works for you? It would be really kind if you could send me an url to test with. Thanks. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-20 03:06 Message: Sorry, it's not about old openssl (I assumed that without really reading the error message). I realized it yesterday after sending the comment, though it was a coincidence: I was reading about timezone stuff and read somewhere that tm.tm_zone is a gnu extension. I can commit it without the timezone stuff though (isn't the timezone always GMT?? I couldn't find any good documentation on the OpenSSL functions used in sslutil...). Please attach it as a file though. What you paste in comments it totally unusable for patch. Also, do you have anything to test with? Would there be any way to integrate this in the unit tests too (they use HTTP::Daemon::SSL for emulating a web server) ? Thanks ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:06 Message: diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-19 23:54:12.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_smtp.c nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c --- nagios-plugins-1.4.13/plugins/check_smtp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c 2009-03-19 23:55:38.000000000 +0100 @@ -236,7 +236,7 @@ smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_tcp.c nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c --- nagios-plugins-1.4.13/plugins/check_tcp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c 2009-03-19 23:55:21.000000000 +0100 @@ -236,7 +236,7 @@ #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); if(result != STATE_OK) { diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-19 23:57:45.000000000 +0100 @@ -94,7 +94,7 @@ /* SSL-Related functionality */ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ -int np_net_ssl_init(int sd); +int np_net_ssl_init(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-20 00:01:58.000000000 +0100 @@ -38,7 +38,7 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd, char *host_name){ if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +51,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +72,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-20 00:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 06:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 09:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 12:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From ppb at usc.edu Wed Mar 25 23:05:55 2009 From: ppb at usc.edu (Philip Brown) Date: Wed, 25 Mar 2009 15:05:55 -0700 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris Message-ID: <49CAAAC3.4010606@usc.edu> I've been compiling nagios-plugins version 1.4.13 on solaris. I noticed with distaste the "pst3" hack. which requires being installed as ROOT?? I find this nasty, since /bin/ps itself does not require root. So I've been attempting to get the pluging to work "the old fashioned way", calling ps. it SEEMS like it should work. looking at debug output, etc, etc. /usr/bin/ps -Ao 's uid pid ppid vsz rss pcpu comm args' seems to give all the information needed. sample output: S 0 15175 1 11304 6832 0.4 /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc HOWEVER: the -vvv output from check_procs, parses this as CMD: /usr/bin/ps -Ao 's uid pid ppid vsz rss pcpu comm args' .... proc#=0 uid=0 vsz=11304 rss=6832 pid=15175 ppid=1 pcpu=0.30 stat= S etime= prog=krb5kdc args= /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc (note how "prog" gets inexplicably truncated to `basename`, instead of full path?!!) This is particularly troublesome, since we have previously been checking if prog is running with check_procs -C /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc Why is chgeck_procs truncating the prog path like that, when the raw PS command is clearly NOT truncating?! From noreply at sourceforge.net Thu Mar 26 01:16:32 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 26 Mar 2009 00:16:32 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-1939022 ] SSL/TLS hostname extension support (SNI) Message-ID: Patches item #1939022, was opened at 2008-04-09 19:56 Message generated for change (Settings changed) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Enhancement >Group: release-1.4.14 Status: Open >Resolution: Accepted Priority: 5 Private: No Submitted By: Joe Presbrey (presbrey) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: SSL/TLS hostname extension support (SNI) Initial Comment: Patch against Plugin Version (-V output): SVN trunk Plugin Name: sslutils/check_http Example Plugin Commandline: check_http -H wildcard.scripts.mit.edu -S -C 14 Tested on operating system: debian/4.0 Tested on architecture: i686 Tested with compiler: gcc-4.1.2-20061115 A TLS extension called "Server Name Indication" allows name-based HTTPS virtual hosting. (From Gentoo: http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL). This is especially common when serving HTTPS requests with a wildcard certificate (*.domain.tld). This patch adds a call to SSL_set_tlsext_host_name (OpenSSL 0.9.8f and higher) in the certificate check section of sslutils to allow certificate verification of HTTPS virtual-host domains. This patch also corrects the expiration check to escalate to 'critical' when the certificate is expired but for less than 1 day (currently emits 'warning') and displays the time-zone with the expiration time. Joe Presbrey ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-25 20:16 Message: Thanks. I haven't replied earlier but that's exactly why I preferred the first patch. I'll apply it soon. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-25 17:13 Message: Here is a new version of my own patch, keeping original API intact to reduce impact (sorry, it seems only original reporter can attach files). I just tested it, it works OK. diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-25 21:43:57.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init_with_hostname(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-25 21:31:29.000000000 +0100 @@ -95,6 +95,7 @@ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ int np_net_ssl_init(int sd); +int np_net_ssl_init_with_hostname(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-25 21:31:14.000000000 +0100 @@ -38,7 +38,11 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd) { + return np_net_ssl_init_with_hostname(sd, NULL); +} + +int np_net_ssl_init_with_hostname (int sd, char *host_name) { if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +55,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +76,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-24 17:46 Message: You can test with https://sympa.msr-inria.inria.fr and https://www.msr-inria.inria.fr, both of them are different virtual hosts running on the same physical hosts, using different certificates. I didn't found the time to test the patch myself yet. To include the test in an automated test suite, however, you'll need a SNI-enabled web server, and I don't think does it. BTW, your message about "clearing the host on cleanup" sound like you used the original patch supplied. The one I submitted myself avoid this by using a local variable instead of a global one :P ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-21 02:49 Message: Actually I prefer the other method. I stripped the timezone stuff, cleared the host on cleanup and added the call to check_http to set the hostname only if needed. Does it works for you? It would be really kind if you could send me an url to test with. Thanks. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 22:06 Message: Sorry, it's not about old openssl (I assumed that without really reading the error message). I realized it yesterday after sending the comment, though it was a coincidence: I was reading about timezone stuff and read somewhere that tm.tm_zone is a gnu extension. I can commit it without the timezone stuff though (isn't the timezone always GMT?? I couldn't find any good documentation on the OpenSSL functions used in sslutil...). Please attach it as a file though. What you paste in comments it totally unusable for patch. Also, do you have anything to test with? Would there be any way to integrate this in the unit tests too (they use HTTP::Daemon::SSL for emulating a web server) ? Thanks ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-19 19:06 Message: diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_http.c nagios-plugins-1.4.13-sni-support/plugins/check_http.c --- nagios-plugins-1.4.13/plugins/check_http.c 2008-09-02 13:26:31.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_http.c 2009-03-19 23:54:12.000000000 +0100 @@ -773,7 +773,7 @@ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init(sd, host_name); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_smtp.c nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c --- nagios-plugins-1.4.13/plugins/check_smtp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_smtp.c 2009-03-19 23:55:38.000000000 +0100 @@ -236,7 +236,7 @@ smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/check_tcp.c nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c --- nagios-plugins-1.4.13/plugins/check_tcp.c 2008-05-07 12:02:42.000000000 +0200 +++ nagios-plugins-1.4.13-sni-support/plugins/check_tcp.c 2009-03-19 23:55:21.000000000 +0100 @@ -236,7 +236,7 @@ #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init(sd, NULL); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); if(result != STATE_OK) { diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/netutils.h nagios-plugins-1.4.13-sni-support/plugins/netutils.h --- nagios-plugins-1.4.13/plugins/netutils.h 2008-01-31 12:45:28.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/netutils.h 2009-03-19 23:57:45.000000000 +0100 @@ -94,7 +94,7 @@ /* SSL-Related functionality */ #ifdef HAVE_SSL /* maybe this could be merged with the above np_net_connect, via some flags */ -int np_net_ssl_init(int sd); +int np_net_ssl_init(int sd, char *host_name); void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); diff -Naur --exclude '*~' nagios-plugins-1.4.13/plugins/sslutils.c nagios-plugins-1.4.13-sni-support/plugins/sslutils.c --- nagios-plugins-1.4.13/plugins/sslutils.c 2008-01-31 12:27:22.000000000 +0100 +++ nagios-plugins-1.4.13-sni-support/plugins/sslutils.c 2009-03-20 00:01:58.000000000 +0100 @@ -38,7 +38,7 @@ static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd, char *host_name){ if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -51,6 +51,10 @@ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -68,6 +72,9 @@ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-19 19:03 Message: Here is a slightly different version, changing np_net_ssl_init() prototype to pass host name, rather than using a global variable. This adress your question 1). However, I don't understand the issue with old openssl versions, the patch already does use #idfef block to only use this function if available ? ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-19 01:16 Message: Moreover this seems to break old OpsnSSL's (at least on my Solaris tinderbox) I rolled it back (except the timestamp fix). I will apply an updated version if you add the proper ifdef's to keep backwards compatibility. Thanks ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-17 04:02 Message: Thanks for your report I have two questions: 1. This patch does not alter check_http to use the new function to set host name. Did you expect us to make this change, or do you have a complete patch around? 2. Regarding printing the timezone, AFAIK is can be longer than three characters, unless if certificates have a strict standars. This command will list all timezones in /usr/share/zoneinfo: $ find /usr/share/zoneinfo/ -type f -exec zdump {} \;|sed 's/^.* 2009 \(.*\)$/\1/'|sort|uniq If you add "wc -L" this gives you a max length of 6 characters. The current code will apparently cut it to three characters. ---------------------------------------------------------------------- Comment By: Guillaume Rousse (guillomovitch) Date: 2009-03-05 06:01 Message: This is really useful, I'd like to have it merged too... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1939022&group_id=29880 From ae at op5.se Thu Mar 26 09:28:19 2009 From: ae at op5.se (Andreas Ericsson) Date: Thu, 26 Mar 2009 09:28:19 +0100 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CAAAC3.4010606@usc.edu> References: <49CAAAC3.4010606@usc.edu> Message-ID: <49CB3CA3.7030202@op5.se> Philip Brown wrote: > I've been compiling nagios-plugins version 1.4.13 on solaris. > > I noticed with distaste the "pst3" hack. which requires being installed as > ROOT?? > > I find this nasty, since /bin/ps itself does not require root. > So I've been attempting to get the pluging to work "the old fashioned way", > calling ps. > > it SEEMS like it should work. > looking at debug output, etc, etc. > > /usr/bin/ps -Ao 's uid pid ppid vsz rss pcpu comm args' > > seems to give all the information needed. > sample output: > > S 0 15175 1 11304 6832 0.4 /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc > /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc > > > HOWEVER: the -vvv output from check_procs, parses this as > > > CMD: /usr/bin/ps -Ao 's uid pid ppid vsz rss pcpu comm args' > .... > proc#=0 uid=0 vsz=11304 rss=6832 pid=15175 ppid=1 pcpu=0.30 stat= > S etime= prog=krb5kdc args= > /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc > > (note how "prog" gets inexplicably truncated to `basename`, instead of full > path?!!) > -vvv is debugging output. It shows variables important for the developer to know about, so if you want to make sense of them (or see if it actually uses the truncated path), you will have to browse the source. > This is particularly troublesome, since we have previously been checking if > prog is running with > > check_procs -C /usr/lsd/kerberos/5-1.4.1/sbin/krb5kdc > > Why is chgeck_procs truncating the prog path like that, when the raw PS > command is clearly NOT truncating?! > Again, it may not. Copy-paste the code snippets where it truncates the variables and then again where it actually uses the truncated variable. Then we can talk, although preferrably with fewer exclamation marks. -- Andreas Ericsson andreas.ericsson at op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. From Duncan.Ferguson at opsera.com Thu Mar 26 11:46:55 2009 From: Duncan.Ferguson at opsera.com (Duncan Ferguson) Date: Thu, 26 Mar 2009 10:46:55 +0000 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CAAAC3.4010606@usc.edu> References: <49CAAAC3.4010606@usc.edu> Message-ID: <4B5A67AF-C7CF-492A-A44C-8E8A3B67443E@opsera.com> On 25 Mar 2009, at 22:05, Philip Brown wrote: > I've been compiling nagios-plugins version 1.4.13 on solaris. > > I noticed with distaste the "pst3" hack. which requires being > installed as > ROOT?? > > I find this nasty, since /bin/ps itself does not require root. > So I've been attempting to get the pluging to work "the old > fashioned way", > calling ps. > /usr/bin/ps truncates the argument field to (iirc) 64 character so you cannot search on the whole argument string when matching some command strings. This is a compile time setting taken from the system include files provided by Sun and hence is in the kernel.. /usr/ucb/ps does provide the full argument string BUT merges some of the numerical columns together when the values are too high - i.e. you cannot tell where SZ finished and RSS starts. There are no options to allow for amending the column separators. pst3 was written to get around both of these problems. The current version of pst3 attempts to run the same way as /usr/ucb/ ps and it can be run as non-root but then it only fetches details for the current user rather than all users. If you want pst3 to not require root then this is the area you can work on. If I can find some tuit's I may have a look sometime next week. Duncs -- Duncan Ferguson Senior Developer -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 749 bytes Desc: not available URL: -------------- next part -------------- Opsera Limited | Unit 69 Suttons Business Park Reading | Berkshire | RG6 1AZ | UK Phone: +44 (0) 845 057 7887 Mobile: +44 (0) 7968 148 748 Skype: duncan_j_ferguson Email: duncan.ferguson at opsera.com www.opsera.com Opsera Limited is registered in the UK under Company Number 5396532. Our registered office is Gorse View, Horsell Rise, Woking, Surrey, GU21 4RB. From ppb at usc.edu Thu Mar 26 18:51:19 2009 From: ppb at usc.edu (Philip Brown) Date: Thu, 26 Mar 2009 10:51:19 -0700 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <4B5A67AF-C7CF-492A-A44C-8E8A3B67443E@opsera.com> References: <49CAAAC3.4010606@usc.edu> <4B5A67AF-C7CF-492A-A44C-8E8A3B67443E@opsera.com> Message-ID: <49CBC097.701@usc.edu> Duncan Ferguson wrote: > > > /usr/bin/ps truncates the argument field to (iirc) 64 character so you > cannot search on the whole argument string when matching some command > strings. This is a compile time setting taken from the system include > files provided by Sun and hence is in the kernel.. i'm aware of that..... but 64 chars is long enough for our purposes here. > The current version of pst3 attempts to run the same way as /usr/ucb/ps > and it can be run as non-root but then it only fetches details for the > current user rather than all users. If you want pst3 to not require > root then this is the area you can work on. > > If I can find some tuit's I may have a look sometime next week. > Please note that, while solaris 8 /bin/ps eventually calls a setuid root binary, solaris 9 and later does not. Ple also note that we dont like installing setuid binaries from 3rd parties, even if we compile it ourselves. So it would be nice to have a --without-pst3 option, for configure. As mentioned, the 64chars is plenty long enough for our purposes. From ppb at usc.edu Thu Mar 26 19:24:30 2009 From: ppb at usc.edu (Philip Brown) Date: Thu, 26 Mar 2009 11:24:30 -0700 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CBC097.701@usc.edu> References: <49CAAAC3.4010606@usc.edu> <4B5A67AF-C7CF-492A-A44C-8E8A3B67443E@opsera.com> <49CBC097.701@usc.edu> Message-ID: <49CBC85E.1070009@usc.edu> BTW, there is a bug in the pst3 configuration: if test `isainfo -b` = 64 ; then PST3CFLAGS="-m64" is inappropriate. -m64 is a compiler-specific flag. I just did some browsing through the libtool docs. I'm stunned that with all the OTHER flags it has, there is no "bittedness" flag yet. SO i guess you should do a check for CC=gcc vs CC=cc there and select appropriate 64bit flag? From ppb at usc.edu Thu Mar 26 19:35:20 2009 From: ppb at usc.edu (Philip Brown) Date: Thu, 26 Mar 2009 11:35:20 -0700 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CB3CA3.7030202@op5.se> References: <49CAAAC3.4010606@usc.edu> <49CB3CA3.7030202@op5.se> Message-ID: <49CBCAE8.7080608@usc.edu> Andreas Ericsson wrote: > Philip Brown wrote: >> >> Why is check_procs truncating the prog path like that, when the raw PS >> command is clearly NOT truncating?! >> > > Again, it may not. Comparisons: $ ./check_procs -C /usr/lsd/nagios/nrpe/default/sbin/nrpe PROCS OK: 0 processes with command name '/usr/lsd/nagios/nrpe/default/sbin/nrpe' $ ./check_procs -C nrpe PROCS OK: 1 process with command name 'nrpe' And just for grins as a comparison: $ ./check_procs -a /usr/lsd/nagios/nrpe/default/sbin/nrpe PROCS OK: 1 process with args '/usr/lsd/nagios/nrpe/default/sbin/nrpe' As mentioned before, the raw ps output, as shown by check_procs -vvv, clearly shows that the ps output is valid. When I run it by hand myself, i get S 84965 7985 1 4096 1432 0.0 /usr/lsd/nagios/nrpe/default/sbin/nrpe /usr/lsd/nagios/nrpe/default/sbin/nrpe -c /usr/lsd/nagios/nrpe/default/etc/nrpe And "check_procs -vvv |grep nrpe" also shows S 84965 7985 1 4096 1432 0.0 /usr/lsd/nagios/nrpe/default/sbin/nrpe /usr/lsd/nagios/nrpe/default/sbin/nrpe -c /usr/lsd/nagios/nrpe/default/etc/nrpe (CMD: /usr/bin/ps -Ao 's uid pid ppid vsz rss pcpu comm args') So the fault is clearly not in ps or the arguments thereof. From config.h, the auto-detected configs are: #define PS_COLS 9 #define PS_COMMAND "/usr/bin/ps -Ao 's uid pid ppid vsz rss pcpu comm args'" #define PS_FORMAT "%s %d %d %d %d %d %f %s%n" #define PS_VARLIST procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procprog,&pos From ppb at usc.edu Thu Mar 26 20:06:59 2009 From: ppb at usc.edu (Philip Brown) Date: Thu, 26 Mar 2009 12:06:59 -0700 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CB3CA3.7030202@op5.se> References: <49CAAAC3.4010606@usc.edu> <49CB3CA3.7030202@op5.se> Message-ID: <49CBD253.1080205@usc.edu> Andreas Ericsson wrote: > >> Why is chgeck_procs truncating the prog path like that, when the raw PS >> command is clearly NOT truncating?! >> > > Again, it may not. Copy-paste the code snippets where it truncates the > variables and then again where it actually uses the truncated variable. it "may not"?? i finally looked at the code. It truncates. and its even commented that it truncates. "check_procs.c" line 196 /* Some ps return full pathname for command. This removes path */ strcpy(procprog, base_name(procprog)); Older versions (1.3.1 specifically ) do not do this truncating. It is sensible behaviour to check for the full path of an executable. Particularly for security reasons, since args can be falsified I believe(?), the one and only way to check for full path of an executable, is in that field. The field that currently has the information thrown away. From dermoth at aei.ca Fri Mar 27 02:53:53 2009 From: dermoth at aei.ca (Thomas Guyot-Sionnest) Date: Thu, 26 Mar 2009 21:53:53 -0400 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CBC85E.1070009@usc.edu> References: <49CAAAC3.4010606@usc.edu> <4B5A67AF-C7CF-492A-A44C-8E8A3B67443E@opsera.com> <49CBC097.701@usc.edu> <49CBC85E.1070009@usc.edu> Message-ID: <49CC31B1.9080009@aei.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/03/09 02:24 PM, Philip Brown wrote: > BTW, there is a bug in the pst3 configuration: > > if test `isainfo -b` = 64 ; then > PST3CFLAGS="-m64" > > is inappropriate. -m64 is a compiler-specific flag. > I just did some browsing through the libtool docs. I'm stunned that with all > the OTHER flags it has, there is no "bittedness" flag yet. > > SO i guess you should do a check for CC=gcc vs CC=cc there and select > appropriate 64bit flag? I know; there's a bug for it in the trackers. I just haven't got time to figure out how to do it cleanly with autoconf/automake. Thanks for reporting it though :) http://sourceforge.net/tracker2/?func=detail&atid=397597&aid=2632995&group_id=29880 - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJzDGx6dZ+Kt5BchYRAjrFAKCBvthmAQSRrC2rn3+/esxmIdz2GgCfe8N7 gZGE0y/i1I9toOT1LhpdDKk= =6Mg+ -----END PGP SIGNATURE----- From mox87 at mail.ru Fri Mar 27 13:25:54 2009 From: mox87 at mail.ru (=?koi8-r?Q?=F0=C1=D7=C5=CC_=F4=C9=CD=CF=C6=C5=C5=D7?=) Date: Fri, 27 Mar 2009 15:25:54 +0300 Subject: [Nagiosplug-devel] =?koi8-r?b?TmFnaW9zIGZyZWVCU0QgcHJvYmxlbQ==?= In-Reply-To: <903304bb0902230623t14816bf1xd2f95fd213576255@mail.gmail.com> References: <903304bb0902230623t14816bf1xd2f95fd213576255@mail.gmail.com> Message-ID: Are you install plugins from ports or sources? if you install from sources see /usr/ports/net-mgmt/nagios-plugins/files/patch-lib__utils_base.c -----Original Message----- From: bouhlel ridha To: nagiosplug-devel Date: Mon, 23 Feb 2009 15:23:34 +0100 Subject: [Nagiosplug-devel] Nagios freeBSD problem > Dear Sir, > > I found a problem with the plagin check_disk of nagios with -p option, there > is a segmentation fault : > > > > (gdb) r -w 1% -c %1 -vvv -p /usr > Starting program: > /usr/generation_package/Test_compil_Ridha/packaging/GSUP/dist/exec/applis/superv/CE_nagios-plugins/current/bin/check_disk > -w 1% -c %1 -vvv -p /usr > calling stat on /usr > calling stat on /usr > For /usr, total=3102260, available=1095634, available_to_root=1343814, > used=1758446, fsp.fsu_files=824318, fsp.fsu_ffree=569400 > For /usr, used_pct=62 free_pct=38 used_units=3434 free_units=2139 > total_units=6059 used_inodes_pct=31 free_inodes_pct=69 > fsp.fsu_blocksize=2048 mult=1048576 > Freespace_units result=0 > Freespace% result=0 > Usedspace_units result=0 > Usedspace_percent result=0 > Usedinodes_percent result=0 > > Program received signal SIGSEGV, Segmentation fault. > check_range (value=69, my_range=0x424d) at utils_base.c: 168 > 168 if (my_range->alert_on == INSIDE) { > (gdb) bt > #0 check_range (value=69, my_range=0x424d) at utils_base.c:168 > #1 0x0804cf83 in get_status (value=69, my_thresholds=0x2820a09c) at > utils_base.c:201 > #2 0x0804b425 in main (argc=Error accessing memory address 0x0: Bad > address. > ) at check_disk.c:359 > (gdb) > > > Could yuo please help me resolving this problem ! > > Thank you > Ridha Bouhlel > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________________ > Nagios Plugin Development Mailing List Nagiosplug-devel at lists.sourceforge.net > Unsubscribe at https://lists.sourceforge.net/lists/listinfo/nagiosplug-devel > ::: Please include plugins version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > From noreply at sourceforge.net Sat Mar 28 03:21:12 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 28 Mar 2009 02:21:12 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Bugs-1670261 ] SNMP: general child_process = spopen (command_line); problem Message-ID: Bugs item #1670261, was opened at 2007-02-27 19:03 Message generated for change (Comment added) made by sf-robot You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1670261&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed Resolution: None Priority: 5 Private: No Submitted By: Alex Peeters (zxr750) Assigned to: Ton Voon (tonvoon) Summary: SNMP: general child_process = spopen (command_line); problem Initial Comment: SNMP problem - No data received from host check_snmp.c for testing purpose i did replace - child_process = spopen (command_line); with - child_process = spopen ("/usr/bin/ldd /opt/changed_root/bin/snmpget"); and then you can see the problem manual test: export LD_LIBRARY_PATH=/opt/changed_root/lib:/opt/changed_root/ssl/lib ldd /opt/changed_root/bin/snmpget libnetsnmp.so.15 => /opt/changed_root/lib/libnetsnmp.so.15 libgen.so.1 => /usr/lib/libgen.so.1 libcrypto.so.0.9.8 => /opt/changed_root/ssl/lib/libcrypto.so.0.9.8 libkstat.so.1 => /usr/lib/libkstat.so.1 libelf.so.1 => /usr/lib/libelf.so.1 libm.so.1 => /usr/lib/libm.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libadm.so.1 => /usr/lib/libadm.so.1 libc.so.1 => /usr/lib/libc.so.1 libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 where the generated command from check_snmp.c works fine /opt/changed_root/bin/snmpget -t 1 -r 5 -m '' -v 2c -c gn1r0t1n0m at notsoc1 10.1.100.50:8196 .1.3.6.1.4.1.140 ./check_snmp -P 2c -C gn1r0t1n0m at notsoc1 -H 10.1.100.50 -p 8196 -o .1.3.6.1.4.1.140 -v /opt/changed_root/bin/snmpget -t 1 -r 5 -m '' -v 2c -c gn1r0t1n0m at notsoc1 10.1.100.50:8196 .1.3.6.1.4.1.140 libnetsnmp.so.15 => (file not found) must be /opt/changed_root/lib libgen.so.1 => /usr/lib/libgen.so.1 libkstat.so.1 => /usr/lib/libkstat.so.1 libelf.so.1 => /usr/lib/libelf.so.1 libm.so.1 => /usr/lib/libm.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libadm.so.1 => /usr/lib/libadm.so.1 libcrypto.so.0.9.8 => (file not found) must be /opt/changed_root/ssl/lib libc.so.1 => /usr/lib/libc.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 ---------------------------------------------------------------------- >Comment By: SourceForge Robot (sf-robot) Date: 2009-03-28 02:21 Message: This Tracker item was closed automatically by the system. It was previously set to a Pending status, and the original submitter did not respond within 14 days (the time period specified by the administrator of this Tracker). ---------------------------------------------------------------------- Comment By: Ton Voon (tonvoon) Date: 2009-03-14 01:27 Message: Alex, I think this is more a problem with your snmpget executable. You can use crle on Solaris if you want to force /opt/changed_root/ssl/lib to be in the LD_LIBRARY_PATH. check_snmp has been converted so it uses a different command run library so stderr messages will be captured better. Marking this call in pending, so will auto close in 7 days if there is no response. Ton ---------------------------------------------------------------------- Comment By: Alex Peeters (zxr750) Date: 2007-02-27 20:17 Message: Logged In: YES user_id=590764 Originator: YES Solution added: Is it possible change the code so that ./configure has a parrameter LD_LIBRARY_PATH that then is passed in popen.c please Ohterwise we need everytime change again your code. Thanks in advance popen.c FILE * spopen (const char *cmdstring) { - char *env[2]; + char *env[3]; env[0] = strdup("LC_ALL=C"); - env[1] = '\0'; + env[1] = strdup("LD_LIBRARY_PATH=/opt/changed_root/lib:/opt/changed_root/ssl/lib:/usr/local/lib"); + env[2] = '\0'; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1670261&group_id=29880 From ae at op5.se Mon Mar 30 12:53:29 2009 From: ae at op5.se (Andreas Ericsson) Date: Mon, 30 Mar 2009 12:53:29 +0200 Subject: [Nagiosplug-devel] oddity about check_procs plugin and solaris In-Reply-To: <49CBD253.1080205@usc.edu> References: <49CAAAC3.4010606@usc.edu> <49CB3CA3.7030202@op5.se> <49CBD253.1080205@usc.edu> Message-ID: <49D0A4A9.1030108@op5.se> Philip Brown wrote: > Andreas Ericsson wrote: >>> Why is chgeck_procs truncating the prog path like that, when the raw PS >>> command is clearly NOT truncating?! >>> >> Again, it may not. Copy-paste the code snippets where it truncates the >> variables and then again where it actually uses the truncated variable. > > it "may not"?? > Well, it's not my problem, so I certainly won't waste 30-40 minutes going through the source-code (which you clearly hadn't). Now you have, and I happen to have some time to kill. > i finally looked at the code. It truncates. and its even commented that it > truncates. > > > "check_procs.c" line 196 > > /* Some ps return full pathname for command. This removes path */ > strcpy(procprog, base_name(procprog)); > > Older versions (1.3.1 specifically ) do not do this truncating. > Sounds like you could get away with just removing that truncation then. > It is sensible behaviour to check for the full path of an executable. > Particularly for security reasons, since args can be falsified I believe(?), Yes. A program can, on most systems, rename itself to whatever it wants in the process table (including the path), so as a means of checking for trojans running on the system, using the full path and then feeling safe because of that is stupid in the extreme. > the one and only way to check for full path of an executable, is in that field. > The field that currently has the information thrown away. > So remove the truncation. I agree that it's rather stupid to on purpose modify arguments given by the user, and a patch removing such behaviour would get my support so long as it doesn't break anything else. Please send the diff as a unified diff file against the latest git head. I'll review it when it lands. Thanks. -- Andreas Ericsson andreas.ericsson at op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. From noreply at sourceforge.net Tue Mar 31 06:01:03 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 31 Mar 2009 04:01:03 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2722832 ] awk subst.in/subst script path error Message-ID: Patches item #2722832, was opened at 2009-03-31 15:01 Message generated for change (Tracker Item Submitted) made by martinfoster You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2722832&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Martin Foster (martinfoster) Assigned to: Nobody/Anonymous (nobody) Summary: awk subst.in/subst script path error Initial Comment: the plugins-scripts/subst.in awk script's last stage is to replace references to fully qualified commands with whatever is returned from the path subroutine. This can trap the path derived by led() to update the "use lib " statement at the top of scripts. eg: use lib "/usr/lib/nagios/plugins"; gets updated to: use lib "nagios/plugins"; the second isn't valid. I perceive the command line substitution as a cosmetic optimization, there's nothing wrong with calling commands explicitly. They should be properly discovered by the configure stage for a given platform/distribution anyways. patch knocks out the substitution. May be more elegant ways to accomplish the same goal. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2722832&group_id=29880 From sp at tdchosting.dk Tue Mar 31 10:43:51 2009 From: sp at tdchosting.dk (Steffen Poulsen) Date: Tue, 31 Mar 2009 10:43:51 +0200 Subject: [Nagiosplug-devel] check_http and possible thresholds for DNS lookup timings Message-ID: <995380CA30455549A6B8C57CE5A47AE512794EEF38@TDCHEXBE01.int.tdch.dk> Hi, Following up on a recent thread in Nagios Plugin Help: http://news.gmane.org/find-root.php?message_id=%3c995380CA30455549A6B8C57CE5A47AE512794EEEF1%40TDCHEXBE01.int.tdch.dk%3e I am curious to whether it would be possible to make a separate threshold/performance data report for the DNS part of the check? In the case of primary name server outage the plugin behavior is currently affected / challenging to control as is Related: Could it be that there is perhaps an alternative plugin available, which offers this functionality? Best regards, Steffen Poulsen -------------- next part -------------- An HTML attachment was scrubbed... URL: From dermoth at aei.ca Tue Mar 31 12:43:07 2009 From: dermoth at aei.ca (Thomas Guyot-Sionnest) Date: Tue, 31 Mar 2009 06:43:07 -0400 Subject: [Nagiosplug-devel] check_http and possible thresholds for DNS lookup timings In-Reply-To: <995380CA30455549A6B8C57CE5A47AE512794EEF38@TDCHEXBE01.int.tdch.dk> References: <995380CA30455549A6B8C57CE5A47AE512794EEF38@TDCHEXBE01.int.tdch.dk> Message-ID: <49D1F3BB.1080305@aei.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 31/03/09 04:43 AM, Steffen Poulsen wrote: > Hi, Hi, > Following up on a recent thread in Nagios Plugin Help: > > > > http://news.gmane.org/find-root.php?message_id=%3c995380CA30455549A6B8C57CE5A47AE512794EEEF1%40TDCHEXBE01.int.tdch.dk%3e > > > > I am curious to whether it would be possible to make a separate > threshold/performance data report for the DNS part of the check? > > > > In the case of primary name server outage the plugin behavior is > currently affected / challenging to control as is This is exactly why you should use IP whenever possible. You can use service dependencies to suppress notifications when DNS fails. See also my reply in the other thread about using a local cache. - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ0fO76dZ+Kt5BchYRAlEIAKC0oAGeISiT4NLyyK+GuUkUTvIO6gCcDCWo Y/Cjq24yjsaz7wvXYoIPiHg= =nbZX -----END PGP SIGNATURE----- From noreply at sourceforge.net Tue Mar 31 12:52:43 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 31 Mar 2009 10:52:43 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2722832 ] awk subst.in/subst script path error Message-ID: Patches item #2722832, was opened at 2009-03-31 00:01 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2722832&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Martin Foster (martinfoster) >Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: awk subst.in/subst script path error Initial Comment: the plugins-scripts/subst.in awk script's last stage is to replace references to fully qualified commands with whatever is returned from the path subroutine. This can trap the path derived by led() to update the "use lib " statement at the top of scripts. eg: use lib "/usr/lib/nagios/plugins"; gets updated to: use lib "nagios/plugins"; the second isn't valid. I perceive the command line substitution as a cosmetic optimization, there's nothing wrong with calling commands explicitly. They should be properly discovered by the configure stage for a given platform/distribution anyways. patch knocks out the substitution. May be more elegant ways to accomplish the same goal. ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-31 06:52 Message: Thanks for reporting this, though your patch is wrong. These substitutions are required for non-standard paths. What configure options did you use, so I can try to reproduce it? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2722832&group_id=29880 From noreply at sourceforge.net Tue Mar 31 13:03:49 2009 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 31 Mar 2009 11:03:49 +0000 Subject: [Nagiosplug-devel] [ nagiosplug-Patches-2722832 ] awk subst.in/subst script path error Message-ID: Patches item #2722832, was opened at 2009-03-31 00:01 Message generated for change (Comment added) made by dermoth You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2722832&group_id=29880 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Bugfix Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Martin Foster (martinfoster) Assigned to: Thomas Guyot-Sionnest (dermoth) Summary: awk subst.in/subst script path error Initial Comment: the plugins-scripts/subst.in awk script's last stage is to replace references to fully qualified commands with whatever is returned from the path subroutine. This can trap the path derived by led() to update the "use lib " statement at the top of scripts. eg: use lib "/usr/lib/nagios/plugins"; gets updated to: use lib "nagios/plugins"; the second isn't valid. I perceive the command line substitution as a cosmetic optimization, there's nothing wrong with calling commands explicitly. They should be properly discovered by the configure stage for a given platform/distribution anyways. patch knocks out the substitution. May be more elegant ways to accomplish the same goal. ---------------------------------------------------------------------- >Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-31 07:03 Message: Uhg sorry I might have been too wuick on the trigger. Looks like this is a "automatic configuration" thingy - i.e. instead of detecting commands in configure it does it at the make phase using this script. What it you move that up in the script, so that this substition happens before the lib expansion? A better way of doing it is making an explicit keyword in the paths, and matching the keyword in that block. I.e. substituting "NP_AUTO_PATH/echo" to the result of `which echo` That would require finding all paths modified by running the said part of the script and comparing source plugins with generated files. ---------------------------------------------------------------------- Comment By: Thomas Guyot-Sionnest (dermoth) Date: 2009-03-31 06:52 Message: Thanks for reporting this, though your patch is wrong. These substitutions are required for non-standard paths. What configure options did you use, so I can try to reproduce it? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=397599&aid=2722832&group_id=29880