From s.roissard at gmail.com Tue May 3 17:23:58 2016 From: s.roissard at gmail.com (Stefan Roissard) Date: Tue, 3 May 2016 17:23:58 +0200 Subject: check_http - Options -J and -K improvement suggestion Message-ID: Hello, I am using check_http 2.1.2 with Nagios to check a remote URL, that requires a client certificate. I have been trying to use options -J and -K with no luck, because the remote server seems to refuse my certificate, with error : CRITICAL - Cannot make SSL connection. error:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1259:SSL alert number 48. >From what I understand, This error happens because I don't have a way to provide the certificate chain also. So, I have searched a while, and found out that if I call SSL_CTX_use_certificate_chain_file() instead of SSL_CTX_use_certificate_file() in plugins/sslutils.c (line 92), my problem is solved, since I am now able to provide a full chain with option -J (PEM file with client certificate followed by the certificate chain). Is this the good way to solve my issue ? If yes, could you take this change into account in future releases ? Best regards, Stefan -------------- next part -------------- An HTML attachment was scrubbed... URL: From herbszt at gmx.de Wed May 4 00:06:16 2016 From: herbszt at gmx.de (Sebastian Herbszt) Date: Wed, 4 May 2016 00:06:16 +0200 Subject: [PATCH] check_disk: remove unused variables Message-ID: <20160504000616.00005b2f@localhost> Remove unused variables. Signed-off-by: Sebastian Herbszt --- plugins/check_disk.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 874a0ee..e73a008 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -58,9 +58,6 @@ const char *email = "devel at monitoring-plugins.org"; # define ERROR -1 #endif -/* If nonzero, show inode information. */ -static int inode_format = 1; - /* If nonzero, show even filesystems with zero size or uninteresting types. */ static int show_all_fs = 1; @@ -178,7 +175,7 @@ main (int argc, char **argv) int temp_result; struct mount_entry *me; - struct fs_usage fsp, tmpfsp; + struct fs_usage fsp; struct parameter_list *temp_list, *path; #ifdef __CYGWIN__ @@ -423,9 +420,7 @@ process_arguments (int argc, char **argv) int c, err; struct parameter_list *se; struct parameter_list *temp_list = NULL, *previous = NULL; - struct parameter_list *temp_path_select_list = NULL; - struct mount_entry *me, *temp_me; - int result = OK; + struct mount_entry *me; regex_t re; int cflags = REG_NOSUB | REG_EXTENDED; int default_cflags = cflags; -- 2.7.3 From herbszt at gmx.de Wed May 4 00:08:20 2016 From: herbszt at gmx.de (Sebastian Herbszt) Date: Wed, 4 May 2016 00:08:20 +0200 Subject: [PATCH] check_dns: remove dead code Message-ID: <20160504000820.000059d5@localhost> Remove code dead since commit 4efa917. Signed-off-by: Sebastian Herbszt --- plugins/check_dns.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/plugins/check_dns.c b/plugins/check_dns.c index d6bd2c0..6d09a5e 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -81,7 +81,6 @@ main (int argc, char **argv) double elapsed_time; long microsec; struct timeval tv; - int multi_address; int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; @@ -249,11 +248,6 @@ main (int argc, char **argv) elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (strchr (address, ',') == NULL) - multi_address = FALSE; - else - multi_address = TRUE; - result = get_status(elapsed_time, time_thresholds); if (result == STATE_OK) { printf ("DNS %s: ", _("OK")); -- 2.7.3 From herbszt at gmx.de Wed May 4 00:09:47 2016 From: herbszt at gmx.de (Sebastian Herbszt) Date: Wed, 4 May 2016 00:09:47 +0200 Subject: [PATCH] check_load: remove superfluous argument to printf Message-ID: <20160504000947.000017b0@localhost> The format string expects only one argument. Signed-off-by: Sebastian Herbszt --- plugins/check_load.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/check_load.c b/plugins/check_load.c index a96435f..5fb8fb7 100644 --- a/plugins/check_load.c +++ b/plugins/check_load.c @@ -160,7 +160,7 @@ main (int argc, char **argv) sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15); } else { - printf (_("could not parse load from uptime: %s\n"), result, PATH_TO_UPTIME); + printf (_("could not parse load from uptime: %s\n"), PATH_TO_UPTIME); return STATE_UNKNOWN; } -- 2.7.3 From herbszt at gmx.de Wed May 4 00:11:05 2016 From: herbszt at gmx.de (Sebastian Herbszt) Date: Wed, 4 May 2016 00:11:05 +0200 Subject: [PATCH] check_ntp: remove unused variables Message-ID: <20160504001105.000071b7@localhost> Remove unused variables. Signed-off-by: Sebastian Herbszt --- plugins/check_ntp.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 75efc28..5ac6c65 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -297,7 +297,7 @@ void setup_request(ntp_message *p){ * this is done by filtering servers based on stratum, dispersion, and * finally round-trip delay. */ int best_offset_server(const ntp_server_results *slist, int nservers){ - int i=0, cserver=0, best_server=-1; + int cserver=0, best_server=-1; /* for each server */ for(cserver=0; cserver Remove unused variables. Signed-off-by: Sebastian Herbszt --- plugins/check_ntp_time.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c index 295f86f..1cc8cbf 100644 --- a/plugins/check_ntp_time.c +++ b/plugins/check_ntp_time.c @@ -244,7 +244,7 @@ void setup_request(ntp_message *p){ * this is done by filtering servers based on stratum, dispersion, and * finally round-trip delay. */ int best_offset_server(const ntp_server_results *slist, int nservers){ - int i=0, cserver=0, best_server=-1; + int cserver=0, best_server=-1; /* for each server */ for(cserver=0; cserver Remove unused variables. Signed-off-by: Sebastian Herbszt --- plugins/negate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/negate.c b/plugins/negate.c index beaed1e..b320e35 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -59,8 +59,8 @@ static int state[4] = { int main (int argc, char **argv) { - int found = 0, result = STATE_UNKNOWN; - char *buf, *sub; + int result = STATE_UNKNOWN; + char *sub; char **command_line; output chld_out, chld_err; int i; -- 2.7.3 From herbszt at gmx.de Wed May 4 00:15:38 2016 From: herbszt at gmx.de (Sebastian Herbszt) Date: Wed, 4 May 2016 00:15:38 +0200 Subject: [PATCH] check_ide_smart: remove unused function Message-ID: <20160504001538.00003ad4@localhost> Remove function unused since commit b5cc292. Signed-off-by: Sebastian Herbszt --- plugins/check_ide_smart.c | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 8d540ca..4662131 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -166,7 +166,6 @@ enum SmartCommand char *get_offline_text (int); int smart_read_values (int, values_t *); -int values_not_passed (values_t *, thresholds_t *); int nagios (values_t *, thresholds_t *); void print_value (value_t *, threshold_t *); void print_values (values_t *, thresholds_t *); @@ -340,31 +339,6 @@ smart_read_values (int fd, values_t * values) int -values_not_passed (values_t * p, thresholds_t * t) -{ - value_t * value = p->values; - threshold_t * threshold = t->thresholds; - int failed = 0; - int passed = 0; - int i; - for (i = 0; i < NR_ATTRIBUTES; i++) { - if (value->id && threshold->id && value->id == threshold->id) { - if (value->value < threshold->threshold) { - ++failed; - } - else { - ++passed; - } - } - ++value; - ++threshold; - } - return (passed ? -failed : 2); -} - - - -int nagios (values_t * p, thresholds_t * t) { value_t * value = p->values; -- 2.7.3 From lists at nerdbynature.de Fri May 6 19:12:33 2016 From: lists at nerdbynature.de (Christian Kujau) Date: Fri, 6 May 2016 10:12:33 -0700 Subject: [PATCH] check_dig: use +retry instead of +tries Message-ID: [re-sent, now that I'm subscribed to the list] After upgrading from an Ubuntu/15.10 installation to 16.04, I noticed that check_dig is always returning a WARNING: $ /usr/lib/nagios/plugins/check_dig -l localhost -v /usr/bin/dig -p 53 @127.0.0.1 localhost A +tries=3 +time=6 Looking for: 'localhost' DNS WARNING - 0.008 seconds response time (dig returned an error status)|time=0.008274s;;;0.000000 The older Ubuntu installation got its check_dig from the nagios-plugins-standard package[0] which did not include the +tries option. The current Ubuntu version provides its check_dig from the monitoring-plugins-standard package[1], which _does_ use the +tries option that was introduced with df53473[2]. On my system, it so happens that /usr/bin/dig is provided not by the (BIND) dnsutils package but by knot-dnsutils[3] from the Knot DNS project. The Knot dig(1) command doesn't support the +tries option[4] but does support +retry (which is also supported[5] by the BIND dig(1) command). One way to fix that would be for me to install the BIND dnsutils package. But I did not want to do that: it's so much larger in size and pulls in much more dependencies than the knot-dnsutils package. The patch below changes check_dig to use +retry instead of +tries. Both options are similar, but not the same: +retry - Sets the number of times to retry UDP queries to server to T instead of the default, 2. Unlike +tries, this does not include the initial query As number_tries seems to be hard coded to 3, I've lowered DEFAULT_TRIES to 2 so check_dig should behave as before (with +tries=3). Thanks, Christian. [0] http://packages.ubuntu.com/wily/nagios-plugins-standard [1] http://packages.ubuntu.com/xenial/monitoring-plugins-standard [2] https://github.com/monitoring-plugins/monitoring-plugins/commit/df53473 [3] http://packages.ubuntu.com/xenial/knot-dnsutils [4] https://www.knot-dns.cz/docs/2.x/html/man_kdig.html#notes [5] https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/man.dig.html Signed-off-by: Christian Kujau diff --git a/plugins/check_dig.c b/plugins/check_dig.c index 473d4b9..da4f0de 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -48,7 +48,7 @@ void print_usage (void); #define UNDEFINED 0 #define DEFAULT_PORT 53 -#define DEFAULT_TRIES 3 +#define DEFAULT_TRIES 2 char *query_address = NULL; char *record_type = "A"; @@ -94,7 +94,7 @@ main (int argc, char **argv) timeout_interval_dig = timeout_interval / number_tries + number_tries; /* get the command to run */ - xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d", + xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +retry=%d +time=%d", PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig); alarm (timeout_interval); -- BOFH excuse #383: Your processor has taken a ride to Heaven's Gate on the UFO behind Hale-Bopp's comet. From notifications at github.com Fri May 20 16:15:36 2016 From: notifications at github.com (Peter Pramberger) Date: Fri, 20 May 2016 07:15:36 -0700 Subject: [monitoring-plugins/monitoring-plugins] check_http and EPIPE with HAProxy + SSL (#1419) Message-ID: Using check_http to monitor [HAProxy](http://www.haproxy.org/) via SSL on an URL configured via monitor-uri (that is, [HAProxy](http://www.haproxy.org/) is handling the HTTP request itself without forwarding it to the backend) is currently not possible, as check_http dies with an `EPIPE` before returning any output: write(3, "\25\3\1\0 \256\235\31\353\0\276\347\361\367e\221\323:3\336\302I\257\2232\270\307c\256\357\270\346"..., 37) = -1 EPIPE (Broken pipe) --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=16924, si_uid=57000} --- +++ killed by SIGPIPE +++ This is due to the fact that [HAProxy](http://www.haproxy.org/) immediately closes the monitoring connection after the response, without waiting for any SSL shutdown. Unfortunately (in this case) `SSL_shutdown()` tries to send a SSL shutdown message on a connection which does not exist anymore, triggering the EPIPE. The only workaround for that issue so far is disabling `SIGPIPE` before `SSL_shutdown()`, as I found no way to check the socket state without writing to it: --- monitoring-plugins-2.1.2/plugins/sslutils.c.orig 2015-10-16 11:06:18.000000000 +0200 +++ monitoring-plugins-2.1.2/plugins/sslutils.c 2016-05-20 15:55:39.915793381 +0200 @@ -127,7 +127,10 @@ void np_net_ssl_cleanup() { #ifdef SSL_set_tlsext_host_name SSL_set_tlsext_host_name(s, NULL); #endif + /* XXX: Ignore SIGPIPE or SSL_shutdown() will EPIPE on dropped connections */ + (void) signal (SIGPIPE, SIG_IGN); SSL_shutdown(s); + (void) signal (SIGPIPE, SIG_DFL); SSL_free(s); if (c) { SSL_CTX_free(c); Please consider this fix for inclusion. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/issues/1419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at nerdbynature.de Thu May 5 20:16:31 2016 From: lists at nerdbynature.de (Christian Kujau) Date: Thu, 05 May 2016 18:16:31 -0000 Subject: [PATCH] check_dig: use +retry instead of +tries Message-ID: After upgrading from an Ubuntu/15.10 to 16.04 installation, I noticed that check_dig is always returning a WARNING: $ /usr/lib/nagios/plugins/check_dig -l localhost -v /usr/bin/dig -p 53 @127.0.0.1 localhost A +tries=3 +time=6 Looking for: 'localhost' DNS WARNING - 0.008 seconds response time (dig returned an error status)|time=0.008274s;;;0.000000 The older Ubuntu installation got its check_dig from the nagios-plugins-standard package[0] which did not include the +tries option. The current Ubuntu version provides its check_dig from the monitoring-plugins-standard package[1], which _does_ use the +tries option that was introduced with df53473[2]. On my system, it so happens that /usr/bin/dig is provided not by the (BIND) dnsutils package but by knot-dnsutils[3] from the Knot DNS project. The Knot dig(1) command doesn't support the +tries option[4] but does support +retry (which is also supported[5] by the BIND dig(1) command). One way to fix that would be for me to install the BIND dnsutils package. But I did not want to do that: it's so much larger in size and pulls in much more dependencies than the knot-dnsutils package. The patch below changes check_dig to use +retry instead of +tries. Both options are similar, but not the same: +retry - Sets the number of times to retry UDP queries to server to T instead of the default, 2. Unlike +tries, this does not include the initial query As number_tries seems to be hard coded to 3, I've lowered DEFAULT_TRIES to 2 so check_dig should behave as before (with +tries=3). Thanks, Christian. [0] http://packages.ubuntu.com/wily/nagios-plugins-standard [1] http://packages.ubuntu.com/xenial/monitoring-plugins-standard [2] https://github.com/monitoring-plugins/monitoring-plugins/commit/df53473 [3] http://packages.ubuntu.com/xenial/knot-dnsutils [4] https://www.knot-dns.cz/docs/2.x/html/man_kdig.html#notes [5] https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/man.dig.html Signed-off-by: Christian Kujau diff --git a/plugins/check_dig.c b/plugins/check_dig.c index 473d4b9..da4f0de 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -48,7 +48,7 @@ void print_usage (void); #define UNDEFINED 0 #define DEFAULT_PORT 53 -#define DEFAULT_TRIES 3 +#define DEFAULT_TRIES 2 char *query_address = NULL; char *record_type = "A"; @@ -94,7 +94,7 @@ main (int argc, char **argv) timeout_interval_dig = timeout_interval / number_tries + number_tries; /* get the command to run */ - xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d", + xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +retry=%d +time=%d", PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig); alarm (timeout_interval); -- BOFH excuse #383: Your processor has taken a ride to Heaven's Gate on the UFO behind Hale-Bopp's comet.