summaryrefslogtreecommitdiffstats
path: root/plugins
AgeCommit message (Collapse)AuthorFilesLines
2025-09-15check_by_ssh: Ignore output on stderr by defaultAlvar Penning2-8/+17
check_by_ssh no longer returns UNKNOWN if ssh(1) returns data on stderr. But it can be enforced again by the new "--unknown-on-stderr" option. --- The default logic of check_by_ssh results in an UNKNOWN state if the ssh(1) process produces output on stderr. Using the "--skip-stderr=[n]" option allows ignoring a certain amount of lines or disabling this check altogether. Furthermore, passing the "--warn-on-stderr" option reduces the exit code to WARNING. The "--help" output does not document this behavior, only states that "--warn-on-stderr" will result in the WARNING, but does not mention the UNKNOWN by default. The man page of ssh(1) mentions that debug information is logged to stderr. This conflicts with the described logic, resulting in check_by_ssh to go UNKNOWN, unless additional options are set. Starting with OpenSSH version 10.1, ssh(1) will report warnings to stderr if the opposite server does not support post-quantum cryptography, <https://www.openssh.com/pq.html>. This change, slowly being rolled out throughout the next months/years, might result in mass-breakages of check_by_ssh. By introducing a new "--unknown-on-stderr" option, enforcing the prior default logic of an UNKNOWN state for data on stderr, and ignoring output on stderr by default, check_by_ssh will continue to work. One might even argue that this change converges actual implementation and the documented behavior, as argued above. --- $ ssh example '/usr/lib/nagios/plugins/check_dummy 0 demo' ** WARNING: connection is not using a post-quantum key exchange algorithm. ** This session may be vulnerable to "store now, decrypt later" attacks. ** The server may need to be upgraded. See https://openssh.com/pq.html OK: demo $ echo $? 0 $ ./check_by_ssh -H example -C '/usr/lib/nagios/plugins/check_dummy 0 demo' OK: demo $ echo $? 0 $ ./check_by_ssh -H example -C '/usr/lib/nagios/plugins/check_dummy 0 demo' --warn-on-stderr Remote command execution failed: ** WARNING: connection is not using a post-quantum key exchange algorithm. $ echo $? 1 $ ./check_by_ssh -H example -C '/usr/lib/nagios/plugins/check_dummy 0 demo' --unknown-on-stderr Remote command execution failed: ** WARNING: connection is not using a post-quantum key exchange algorithm. $ echo $? 3 --- Fixes #2147.
2025-09-15Merge branch 'master' into refactor/check_aptLorenz Kästle55-1681/+2484
2025-09-15Fix types in check_aptLorenz Kästle1-4/+4
2025-09-15More refactoringLorenz Kästle3-123/+137
2025-09-15Run clang-format againLorenz Kästle53-1560/+2349
2025-09-15check_apt: implement new outputLorenz Kästle2-72/+172
2025-09-15check_apt: improve some variable types to make the linter happyLorenz Kästle2-12/+12
2025-09-15Add output formatting optionLorenz Kästle3-1/+26
2025-09-15fix number of testsLorenz Kästle1-1/+1
2025-09-15Adapt test to new error messageLorenz Kästle1-1/+1
2025-09-15Fix typo in error messageLorenz Kästle1-1/+1
2025-09-15Fix typosLorenz Kästle1-4/+4
2025-09-15Fix/adapt testsLorenz Kästle2-18/+29
2025-09-15check_curl: use new cert check functionLorenz Kästle1-3/+5
2025-09-15Add new cert check functionLorenz Kästle3-2/+139
2025-09-15check_curl: fix perfdata labelLorenz Kästle1-1/+1
2025-09-15check_curl: finish after cert without continue paramLorenz Kästle1-1/+1
2025-09-15Fix regex matchingLorenz Kästle1-5/+11
2025-09-15Improve error messageLorenz Kästle1-3/+2
2025-09-13check_curl: test adaption and output adaptionLorenz Kästle3-63/+69
2025-09-13check_curl: remove display-html optionLorenz Kästle3-26/+11
2025-09-12check_curl: implement new output mechanismLorenz Kästle4-398/+443
2025-09-12check_curl: fix default redirect settingLorenz Kästle1-1/+1
2025-09-12Fix struct accessLorenz Kästle2-2/+2
2025-09-12check_curl: create outsourced helpers in extra filesLorenz Kästle5-1335/+1397
2025-09-11check_curl: http3 is only available with libcurl 7.66 or laterLorenz Kästle1-1/+4
2025-09-11check_curl: refactoring to modularize codeLorenz Kästle2-539/+594
2025-09-11check_curl: improve option handling a bitLorenz Kästle2-9/+14
2025-09-11check_curl: fix function signatureLorenz Kästle1-1/+2
2025-09-11check_curl: less global stateLorenz Kästle1-31/+41
2025-09-10sslutils: some refactoring to improve readabilityLorenz Kästle1-36/+28
2025-09-10plugins-netutils: return proper state from test functionsLorenz Kästle2-2/+3
2025-09-10netutils.h: clang-formatLorenz Kästle1-66/+65
2025-09-10sslutils.c: clang-formatLorenz Kästle1-24/+41
2025-09-10check_curl: remove the other gotosLorenz Kästle1-5/+16
2025-09-10check_curl: remove goto logicLorenz Kästle1-122/+138
2025-09-10check_curl: set http port to 80 by defaultLorenz Kästle1-1/+1
2025-09-10check_curl: pre compile regex for string matchingLorenz Kästle2-3/+12
2025-09-10check_curl: remove another global variableLorenz Kästle1-4/+2
2025-09-10Merge branch 'master' into refactor/check_curlLorenz Kästle1-1767/+1822
2025-09-09check_http: formatting + no-brainer linter fixesLorenz Kästle1-1767/+1822
2025-09-09check_curl: more refactoringLorenz Kästle2-366/+469
2025-09-09Fix some include pathsLorenz Kästle1-3/+3
2025-09-09Merge branch 'master' into refactor/check_curlLorenz Kästle18-1299/+2659
2025-09-09Adjust number of testsLorenz Kästle1-1/+1
2025-09-09Add break statement to switch pathLorenz Kästle1-0/+1
2025-09-08Little adaptions for old compilersLorenz Kästle1-4/+3
2025-09-08Fix spelling ...Lorenz Kästle1-1/+1
2025-09-08check_snmp: refactoring + fixesLorenz Kästle9-537/+1623
This commit moves the state retention logic to check_snmp as it is only used there and I do not want it to be used at all, so it doesn't get a place in the lib. Otherwise this adapts tests and fixes the rate computing in the refactored version of check_snmp. Also fixes some bugs detected with the tests
2025-09-08snmp: fix complaint of snmpd about pathsLorenz Kästle1-1/+1