4 files changed, 273 insertions, 0 deletions

diff --git a/.github/NPTest.cache b/.github/NPTest.cache
new file mode 100644
index 0000000..232305a
--- /dev/null
+++ b/.github/NPTest.cache
@@ -0,0 +1,54 @@
+{
+  'NP_ALLOW_SUDO' => 'yes',
+  'NP_DNS_SERVER' => '8.8.8.8',
+  'NP_GOOD_NTP_SERVICE' => '',
+  'NP_HOST_DHCP_RESPONSIVE' => '',
+  'NP_HOST_HPJD_PORT_INVALID' => '161',
+  'NP_HOST_HPJD_PORT_VALID' => '',
+  'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30',
+  'NP_HOSTNAME_INVALID' => 'nosuchhost',
+  'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30',
+  'NP_HOSTNAME_VALID_IP' => '130.133.8.40',
+  'NP_HOSTNAME_VALID' => 'monitoring-plugins.org',
+  'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.',
+  'NP_HOST_NONRESPONSIVE' => '192.168.1.2',
+  'NP_HOST_RESPONSIVE' => 'localhost',
+  'NP_HOST_SMB' => '',
+  'NP_HOST_SNMP' => '',
+  'NP_HOST_TCP_FTP' => '',
+  'NP_HOST_TCP_HPJD' => '',
+  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
+  'NP_HOST_TCP_HTTP' => 'localhost',
+  'NP_HOST_TCP_IMAP' => 'imap.web.de',
+  'NP_HOST_TCP_JABBER' => 'jabber.org',
+  'NP_HOST_TCP_LDAP' => 'localhost',
+  'NP_HOST_TCP_POP' => 'pop.web.de',
+  'NP_HOST_TCP_PROXY' => 'localhost',
+  'NP_HOST_TCP_SMTP' => 'localhost',
+  'NP_HOST_TCP_SMTP_NOTLS' => '',
+  'NP_HOST_TCP_SMTP_TLS' => '',
+  'NP_HOST_TLS_CERT' => 'localhost',
+  'NP_HOST_TLS_HTTP' => 'localhost',
+  'NP_HOST_UDP_TIME' => 'none',
+  'NP_INTERNET_ACCESS' => 'yes',
+  'NP_LDAP_BASE_DN' => 'dc=nodomain',
+  'NP_MOUNTPOINT2_VALID' => '/media/ramdisk1',
+  'NP_MOUNTPOINT_VALID' => '/',
+  'NP_MYSQL_LOGIN_DETAILS' => '-u root -d test',
+  'NP_MYSQL_SERVER' => 'localhost',
+  'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock',
+  'NP_MYSQL_WITH_SLAVE' => '',
+  'NP_MYSQL_WITH_SLAVE_LOGIN' => '',
+  'NP_NO_NTP_SERVICE' => 'localhost',
+  'NP_PORT_TCP_PROXY' => '3128',
+  'NP_SMB_SHARE' => '',
+  'NP_SMB_SHARE_DENY' => '',
+  'NP_SMB_SHARE_SPC' => '',
+  'NP_SMB_VALID_USER' => '',
+  'NP_SMB_VALID_USER_PASS' => '',
+  'NP_SNMP_COMMUNITY' => '',
+  'NP_SNMP_USER' => '',
+  'NP_SSH_CONFIGFILE' => '~/.ssh/config',
+  'NP_SSH_HOST' => 'localhost',
+  'NP_SSH_IDENTITY' => '~/.ssh/id_rsa'
+}
diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh
new file mode 100755
index 0000000..4021c10
--- /dev/null
+++ b/.github/prepare_debian.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+
+set -x
+set -e
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+apt-get -y install software-properties-common
+if [ $(lsb_release -is) = "Debian" ]; then
+  apt-add-repository non-free
+  apt-get update
+fi
+apt-get -y install perl autotools-dev libdbi-dev libldap2-dev libpq-dev libradcli-dev libnet-snmp-perl procps
+apt-get -y install libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd
+apt-get -y install fping snmp netcat-openbsd smbclient vsftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl
+apt-get -y install libdbd-sybase-perl libnet-dns-perl
+apt-get -y install slapd ldap-utils
+apt-get -y install gcc make autoconf automake gettext
+apt-get -y install faketime
+apt-get -y install libmonitoring-plugin-perl
+apt-get -y install libcurl4-openssl-dev
+apt-get -y install liburiparser-dev
+apt-get -y install squid
+apt-get -y install openssh-server
+apt-get -y install mariadb-server mariadb-client libmariadb-dev
+apt-get -y install cron iputils-ping
+apt-get -y install iproute2
+
+# remove ipv6 interface from hosts
+if [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ]; then
+    sed '/^::1/d' /etc/hosts > /tmp/hosts
+    cp -f /tmp/hosts /etc/hosts
+fi
+
+ip addr show
+
+cat /etc/hosts
+
+
+# apache
+a2enmod ssl
+a2ensite default-ssl
+# replace snakeoil certs with openssl generated ones as the make-ssl-cert ones
+# seems to cause problems with our plugins
+rm /etc/ssl/certs/ssl-cert-snakeoil.pem
+rm /etc/ssl/private/ssl-cert-snakeoil.key
+openssl req -nodes -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=$(hostname)"
+service apache2 restart
+
+# squid
+cp tools/squid.conf /etc/squid/squid.conf
+service squid start
+
+# mariadb
+service mariadb start
+mysql -e "create database IF NOT EXISTS test;" -uroot
+
+# ldap
+sed -e 's/cn=admin,dc=nodomain/'$(/usr/sbin/slapcat|grep ^dn:|awk '{print $2}')'/' -i .github/NPTest.cache
+service slapd start
+
+# sshd
+ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
+cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
+service ssh start
+sleep 1
+ssh-keyscan localhost >> ~/.ssh/known_hosts
+touch ~/.ssh/config
+
+# start one login session, required for check_users
+ssh -tt localhost </dev/null >/dev/null 2>/dev/null &
+disown %1
+
+# snmpd
+for DIR in /usr/share/snmp/mibs /usr/share/mibs; do
+    rm -f $DIR/ietf/SNMPv2-PDU \
+          $DIR/ietf/IPSEC-SPD-MIB \
+          $DIR/ietf/IPATM-IPMC-MIB \
+          $DIR/iana/IANA-IPPM-METRICS-REGISTRY-MIB
+done
+mkdir -p /var/lib/snmp/mib_indexes
+sed -e 's/^agentaddress.*/agentaddress 127.0.0.1/' -i /etc/snmp/snmpd.conf
+service snmpd start
+
+# start cron, will be used by check_nagios
+cron
+
+# start postfix
+service postfix start
+
+# start ftpd
+service vsftpd start
+
+# hostname
+sed "/NP_HOST_TLS_CERT/s/.*/'NP_HOST_TLS_CERT' => '$(hostname)',/" -i /src/.github/NPTest.cache
+
+# create some test files to lower inodes
+for i in $(seq 10); do
+    touch /media/ramdisk2/test.$1
+done
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..9de367e
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '15 18 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    - name: Install packages
+      run: |
+        sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential
+        sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \
+                                                        libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \
+                                                        libdbd-sqlite3 libssl-dev libcurl4-openssl-dev liburiparser-dev
+
+    - name: Configure build
+      run: |
+        ./tools/setup
+        ./configure --enable-libtap
+    
+    - name: Build
+      run: |
+        make
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..0f93930
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,47 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+
+jobs:
+#  macos:
+#    ...
+  linux:
+    runs-on: ubuntu-latest
+    name: Running tests on ${{ matrix.distro }}
+    strategy:
+      fail-fast: false
+      matrix:
+        distro:
+          - 'debian:testing'
+          #...
+        include:
+          - distro: 'debian:testing'
+            prepare: .github/prepare_debian.sh
+          #...
+    steps:
+      - name: Git clone repository
+        uses: actions/checkout@v2
+      #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate
+      #  uses: mxschmitt/action-tmate@v3
+      - name: Run the tests on ${{ matrix.distro }}
+        run: |
+          docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 tmp-vol
+          docker run \
+              -e NPTEST_ACCEPTDEFAULT=1 \
+              -e NPTEST_CACHE="/src/.github/NPTest.cache" \
+              -w /src -v ${PWD}:/src \
+              --tmpfs /media/ramdisk1 \
+              -v /var/run/utmp:/var/run/utmp \
+              --mount source=tmp-vol,destination=/src,target=/media/ramdisk2 \
+              ${{ matrix.distro }} \
+              /bin/sh -c '${{ matrix.prepare }} && \
+                tools/setup && \
+                ./configure --enable-libtap --with-ipv6=no && \
+                make && \
+                make test'
+          docker container prune -f
+          docker volume prune -f