Monitoring Plugins https://www.monitoring-plugins.org/repositories/monitoring-plugins/atom?h=3.0.0-rc3 2026-04-08T16:06:29Z 2026-04-08T16:06:29Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2026-04-08T16:06:29Z urn:sha1:3a6f9292f147de29b21dafa4cf9b7efce3e4cbfd net-snmp uses the same pre processor name "USE_OPENSSL" as we do. To avoid the conflict, this commit renames it on our side to "MOPL_USE_OPENSSL". "MOPL" (better "MoPl"?) stands for Monitoring Plugins. 2026-02-16T10:22:39Z Dirk Mueller dmueller@suse.com 2026-02-16T10:22:39Z urn:sha1:07a249a5d74a980ca78cead569de5351963cc561 2026-02-06T11:59:58Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2026-02-06T11:59:58Z urn:sha1:0f0865c910096c95594ac09929708e84934e46df This commits removes the detection of IPv6 availability. The IPv6 code in the plugins is used unconditionally now. 2026-02-06T11:58:38Z Alvar post@0x21.biz 2026-02-06T11:58:38Z urn:sha1:cef40299a93233f043f5b0821a9ad2c69dd612f7 OpenBSD's pledge(2) system call allows the current process to self-restrict itself, being reduced to promised pledges. For example, unless a process says it wants to write to files, it is not allowed to do so any longer. This change starts by calling pledge(2) in some network-facing checks, removing the more dangerous privileges, such as executing other files. My initial motivation came from check_icmp, being installed as a setuid binary and (temporarily) running with root privileges. There, the pledge(2) calls result in check_icmp to only being allowed to interact with the network and to setuid(2) to the calling user later on. Afterwards, I went through my most commonly used monitoring plugins directly interacting with the network. Thus, I continued with pledge(2)-ing check_curl - having a huge codebase and all -, check_ntp_time, check_smtp, check_ssh, and check_tcp. For most of those, the changes were quite similar: start with network-friendly promises, parse the configuration, give up file access, and proceed with the actual check. 2025-12-11T20:05:49Z Alvar Penning post@0x21.biz 2025-12-10T20:03:40Z urn:sha1:ca5c2b3a5fb4e3c2d8024c23a9566f64572c0882 This library is glibc-only and not necessary at this point. The getopt_long function is provided by "getopt.h", included via "common.h". Similar to #2159. 2025-11-09T10:46:36Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2025-11-09T10:46:36Z urn:sha1:bc2720abddf8e379c4e1f23ed25f7702ef29ad08 This is a breaking change. Testing whether a TLS certificate is still valid (expiration wise) is now the default in check_smtp. The reasoning is, that in most scenarios an expired certificate will effectively mean that the service is not working anymore due to the refusal of other software to talk to it. There is a new cli parameter though to explicitly ignore that. 2025-11-09T10:32:43Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2025-11-09T10:32:43Z urn:sha1:62035adf6c8199eba54755f23e8affe97e645300 2025-11-07T23:19:25Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2025-11-07T23:19:25Z urn:sha1:6bc9e518b247e85a39479a0ac6685e68c3a61b40 2025-09-15T10:59:37Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2025-09-15T10:59:37Z urn:sha1:802e46f8ea36c344f112d7e1dd8d64d17a4cc939 2025-03-10T20:27:50Z Lorenz Kästle 12514511+RincewindsHat@users.noreply.github.com 2025-03-10T20:27:50Z urn:sha1:6cd097921f0c5016fcae60b38dfb88c412e4bb20