| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
check_by_ssh no longer returns UNKNOWN if ssh(1) returns data on stderr.
But it can be enforced again by the new "--unknown-on-stderr" option.
---
The default logic of check_by_ssh results in an UNKNOWN state if the
ssh(1) process produces output on stderr. Using the "--skip-stderr=[n]"
option allows ignoring a certain amount of lines or disabling this check
altogether. Furthermore, passing the "--warn-on-stderr" option reduces
the exit code to WARNING.
The "--help" output does not document this behavior, only states that
"--warn-on-stderr" will result in the WARNING, but does not mention the
UNKNOWN by default.
The man page of ssh(1) mentions that debug information is logged to
stderr. This conflicts with the described logic, resulting in
check_by_ssh to go UNKNOWN, unless additional options are set.
Starting with OpenSSH version 10.1, ssh(1) will report warnings to
stderr if the opposite server does not support post-quantum
cryptography, <https://www.openssh.com/pq.html>.
This change, slowly being rolled out throughout the next months/years,
might result in mass-breakages of check_by_ssh.
By introducing a new "--unknown-on-stderr" option, enforcing the prior
default logic of an UNKNOWN state for data on stderr, and ignoring
output on stderr by default, check_by_ssh will continue to work. One
might even argue that this change converges actual implementation and
the documented behavior, as argued above.
---
$ ssh example '/usr/lib/nagios/plugins/check_dummy 0 demo'
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
OK: demo
$ echo $?
0
$ ./check_by_ssh -H example -C '/usr/lib/nagios/plugins/check_dummy 0 demo'
OK: demo
$ echo $?
0
$ ./check_by_ssh -H example -C '/usr/lib/nagios/plugins/check_dummy 0 demo' --warn-on-stderr
Remote command execution failed: ** WARNING: connection is not using a post-quantum key exchange algorithm.
$ echo $?
1
$ ./check_by_ssh -H example -C '/usr/lib/nagios/plugins/check_dummy 0 demo' --unknown-on-stderr
Remote command execution failed: ** WARNING: connection is not using a post-quantum key exchange algorithm.
$ echo $?
3
---
Fixes #2147.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This causes a 255 exit value from ssh(1), which indicates a connection failure,
to return UNKNOWN instead of CRITICAL; similar to check_nrpe's "-u" flag.
|
|
check_by_ssh: added option to exit with an warning, if there is output on STDERR
|
|
|
|
right now it is not possible to print the command output of ssh. check_by_ssh
only prints the command itself. This patchs adds printing the output too. This
makes it possible to use ssh with verbose logging which helps debuging any
connection, key or other ssh problems.
Note: you must use -E,--skip-stderr=<high number>, otherwise check_by_ssh would
always exit with unknown state.
Example:
./check_by_ssh -H localhost -o LogLevel=DEBUG3 -C "sleep 1" -E 999 -v
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
|
|
just like the guidelines and the help already suggests.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
|
|
.c file changes for misleading timeout messages in help functions. Solution to pull request #1209 tracker by awiddersheim.
Files: plugins/check_apt.c, plugins/check_by_ssh.c, plugins/check_dbi.c, plugins/check_dig.c, plugins/check_disk.c, plugins/check_dns.c, plugins/check_game.c, plugins/check_http.c, plugins/check_ldap.c, plugins/check_ntp.c, plugins/check_ntp_peer.c, plugins/check_ntp_time.c, plugins/check_nwstat.c, plugins/check_overcr.c, plugins/check_pgsql.c, plugins/check_ping.c, plugins/check_procs.c, plugins/check_radius.c, plugins/check_real.c, plugins/check_smtp.c, plugins/check_snmp.c, plugins/check_ssh.c, plugins/check_tcp.c, plugins/check_time.c, plugins/check_ups.c, plugins/negate.c
|
|
|
|
This is an initial take at renaming the project to Monitoring Plugins.
It's not expected to be fully complete, and it is expected to break
things (The perl module for instance). More testing will be required
before this goes mainline.
|
|
Fixes many instances of
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
|
|
|
|
|
|
|
Bug #2832884 reported problem with translations outputting pot file
headers. This is caused by "" matching the header of the translation
files.
This patch moves gettext macros inside utils macros and update some
french translations.
|
|
|
|
For contrib/, full tags have been imported from subversion
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2091 f882894a-f735-0410-b71e-b25c423dba1c
|
|
is executed (Alain Dewit - 1852198)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2002 f882894a-f735-0410-b71e-b25c423dba1c
|
|
Also:
- On non-skipped stderr, check_by_ssh now returns UNKNOWN or worse (result from command) instead of always UNKNOWN.
- Fixed passive tests and make is always run the specified number of tests (using fail if there's nothing to test).
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1997 f882894a-f735-0410-b71e-b25c423dba1c
|
|
configure --help)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1991 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1984 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1916 f882894a-f735-0410-b71e-b25c423dba1c
|
|
(#1769653)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1792 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1738 f882894a-f735-0410-b71e-b25c423dba1c
|
|
"-E/--skip-stderr" and "-S/--skip-stdout". Both of them support
omitting the number of lines to skip, in which case all output on the
respective file descriptor is skipped. "--skip" is kept as an alias for
"--skip-stdout" for backwards compatibility with recent releases.
Also, print a message if no (non-skipped) stdout/stderr output is
available. This fixes a segfault if the remote command prints no
output.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1692 f882894a-f735-0410-b71e-b25c423dba1c
|
|
lines written to stderr. With revision 1.36 and newer, "-S" skipped the
specified number of lines written to stdout. Now, "-S" skips the
specified number of lines written to stderr; and if the number specified
via "-S" minus the number of lines written to stderr is larger than 0,
the difference is used as the number of lines written to stdout to skip.
Also, the "--help" output was fixed. (Hector - 1675286)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1685 f882894a-f735-0410-b71e-b25c423dba1c
|
|
command line option was used, as this leads to a segfault on some
systems. The unknown option will be printed by getopt(3) anyway. So,
simply call print_usage() and exit UNKNOWN via the new usage5() instead.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1590 f882894a-f735-0410-b71e-b25c423dba1c
|
|
"-q,--quiet" which tells ssh(1) to suppress warnings (Gerhard Lausser - 1472491)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1574 f882894a-f735-0410-b71e-b25c423dba1c
|
|
first pass at making all the headre be the same licence, plugin, etc...
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1499 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1425 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1341 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1260 f882894a-f735-0410-b71e-b25c423dba1c
|
|
internationalization fixes of check_ssh
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1058 f882894a-f735-0410-b71e-b25c423dba1c
|
|
minor internationalization fixes
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1013 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1002 f882894a-f735-0410-b71e-b25c423dba1c
|
|
bugfixes
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1001 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@998 f882894a-f735-0410-b71e-b25c423dba1c
|
|
this was not a good idea ;-)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@994 f882894a-f735-0410-b71e-b25c423dba1c
|
