summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Eble <psychotrahe@gmx.de>2009-06-11 01:17:58 +0200
committerMatthias Eble <psychotrahe@gmx.de>2009-06-11 01:17:58 +0200
commit5195074095cac48dd15d857bce69c1aa909ec2b2 (patch)
tree6ebdfa3f9472c678e6a9df183f260205986b6860
parentaff6140989777cbf128e9e4d6e35531372c284c1 (diff)
downloadmonitoring-plugins-5195074095cac48dd15d857bce69c1aa909ec2b2.tar.gz
Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
check_ifoperstatus didn't function correctly with SNMPv3. This is fixed now. Created argument-hash for SNMP session creation. This removes redundant code. Session creation was moved out of process_arguments() and now takes place after setting the timeout handler. Additionally the -x argument was added to specify the privprotocol.
-rw-r--r--NEWS1
-rwxr-xr-xplugins-scripts/check_ifoperstatus.pl110
2 files changed, 40 insertions, 71 deletions
diff --git a/NEWS b/NEWS
index ecfd67e2..768a1cc3 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,7 @@ This file documents the major additions and syntax changes between releases.
39 Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675) 39 Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675)
40 check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds 40 check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds
41 check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster) 41 check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster)
42 Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
42 43
431.4.13 25th Sept 2008 441.4.13 25th Sept 2008
44 Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) 45 Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen)
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl
index d0a1655a..503f1e41 100755
--- a/plugins-scripts/check_ifoperstatus.pl
+++ b/plugins-scripts/check_ifoperstatus.pl
@@ -61,7 +61,7 @@ my $answer = "";
61my $snmpkey = 0; 61my $snmpkey = 0;
62my $community = "public"; 62my $community = "public";
63my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 63my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
64my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); 64my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
65my $port = 161; 65my $port = 161;
66my @snmpoids; 66my @snmpoids;
67my $sysUptime = '1.3.6.1.2.1.1.3.0'; 67my $sysUptime = '1.3.6.1.2.1.1.3.0';
@@ -89,12 +89,14 @@ my $lastc;
89my $dormantWarn; 89my $dormantWarn;
90my $adminWarn; 90my $adminWarn;
91my $name; 91my $name;
92my %session_opts;
92 93
93### Validate Arguments 94### Validate Arguments
94 95
95$status = process_arguments(); 96$status = process_arguments();
96 97
97 98
99use Data::Dumper;
98# Just in case of problems, let's not hang Nagios 100# Just in case of problems, let's not hang Nagios
99$SIG{'ALRM'} = sub { 101$SIG{'ALRM'} = sub {
100 print ("ERROR: No snmp response from $hostname (alarm)\n"); 102 print ("ERROR: No snmp response from $hostname (alarm)\n");
@@ -103,6 +105,16 @@ $SIG{'ALRM'} = sub {
103 105
104alarm($timeout); 106alarm($timeout);
105 107
108print Dumper(\%session_opts);
109($session, $error) = Net::SNMP->session(%session_opts);
110
111
112if (!defined($session)) {
113 $state='UNKNOWN';
114 $answer=$error;
115 print ("$state: $answer\n");
116 exit $ERRORS{$state};
117}
106 118
107## map ifdescr to ifindex - should look at being able to cache this value 119## map ifdescr to ifindex - should look at being able to cache this value
108 120
@@ -293,6 +305,7 @@ sub print_help() {
293 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; 305 printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
294 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; 306 printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
295 printf " privacy password and authEngineID\n"; 307 printf " privacy password and authEngineID\n";
308 printf " -x (--privproto) privacy protocol (DES or AES; default: DES)\n";
296 printf " -k (--key) SNMP IfIndex value\n"; 309 printf " -k (--key) SNMP IfIndex value\n";
297 printf " -d (--descr) SNMP ifDescr value\n"; 310 printf " -d (--descr) SNMP ifDescr value\n";
298 printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; 311 printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
@@ -327,6 +340,7 @@ sub process_arguments() {
327 "U=s" => \$secname, "secname=s" => \$secname, 340 "U=s" => \$secname, "secname=s" => \$secname,
328 "A=s" => \$authpass, "authpass=s" => \$authpass, 341 "A=s" => \$authpass, "authpass=s" => \$authpass,
329 "X=s" => \$privpass, "privpass=s" => \$privpass, 342 "X=s" => \$privpass, "privpass=s" => \$privpass,
343 "x=s" => \$privproto, "privproto=s" => \$privproto,
330 "c=s" => \$context, "context=s" => \$context, 344 "c=s" => \$context, "context=s" => \$context,
331 "k=i" => \$snmpkey, "key=i",\$snmpkey, 345 "k=i" => \$snmpkey, "key=i",\$snmpkey,
332 "d=s" => \$ifdescr, "descr=s" => \$ifdescr, 346 "d=s" => \$ifdescr, "descr=s" => \$ifdescr,
@@ -387,10 +401,27 @@ sub process_arguments() {
387 $timeout = $TIMEOUT; 401 $timeout = $TIMEOUT;
388 } 402 }
389 403
404
405 if ($snmp_version !~ /[123]/){
406 $state='UNKNOWN';
407 print ("$state: No support for SNMP v$snmp_version yet\n");
408 exit $ERRORS{$state};
409 }
410
411 %session_opts = (
412 -hostname => $hostname,
413 -port => $port,
414 -version => $snmp_version,
415 -maxmsgsize => $maxmsgsize
416 );
417
418 $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
419
390 if ($snmp_version =~ /3/ ) { 420 if ($snmp_version =~ /3/ ) {
391 # Must define a security level even though default is noAuthNoPriv 421 # Must define a security level even though default is noAuthNoPriv
392 # v3 requires a security username 422 # v3 requires a security username
393 if (defined $seclevel && defined $secname) { 423 if (defined $seclevel && defined $secname) {
424 $session_opts{'-username'} = $secname;
394 425
395 # Must define a security level even though defualt is noAuthNoPriv 426 # Must define a security level even though defualt is noAuthNoPriv
396 unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { 427 unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
@@ -400,23 +431,22 @@ sub process_arguments() {
400 431
401 # Authentication wanted 432 # Authentication wanted
402 if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { 433 if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
403
404 unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { 434 unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) {
405 usage(); 435 usage();
406 exit $ERRORS{"UNKNOWN"}; 436 exit $ERRORS{"UNKNOWN"};
407 } 437 }
438 $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
408 439
409 if ( !defined $authpass) { 440 if ( !defined $authpass) {
410 usage(); 441 usage();
411 exit $ERRORS{"UNKNOWN"}; 442 exit $ERRORS{"UNKNOWN"};
412 }else{ 443 }else{
413 if ($authpass =~ /^0x/ ) { 444 if ($authpass =~ /^0x/ ) {
414 $auth = "-authkey => $authpass" ; 445 $session_opts{'-authkey'} = $authpass ;
415 }else{ 446 }else{
416 $auth = "-authpassword => $authpass"; 447 $session_opts{'-authpassword'} = $authpass ;
417 } 448 }
418 } 449 }
419
420 } 450 }
421 451
422 # Privacy (DES encryption) wanted 452 # Privacy (DES encryption) wanted
@@ -426,21 +456,20 @@ sub process_arguments() {
426 exit $ERRORS{"UNKNOWN"}; 456 exit $ERRORS{"UNKNOWN"};
427 }else{ 457 }else{
428 if ($privpass =~ /^0x/){ 458 if ($privpass =~ /^0x/){
429 $priv = "-privkey => $privpass"; 459 $session_opts{'-privkey'} = $privpass;
430 }else{ 460 }else{
431 $priv = "-privpassword => $privpass"; 461 $session_opts{'-privpassword'} = $privpass;
432 } 462 }
433 } 463 }
464
465 $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
434 } 466 }
435 467
436 # Context name defined or default 468 # Context name defined or default
437
438 unless ( defined $context) { 469 unless ( defined $context) {
439 $context = ""; 470 $context = "";
440 } 471 }
441 472
442
443
444 }else { 473 }else {
445 usage(); 474 usage();
446 exit $ERRORS{'UNKNOWN'}; ; 475 exit $ERRORS{'UNKNOWN'}; ;
@@ -448,67 +477,6 @@ sub process_arguments() {
448 } # end snmpv3 477 } # end snmpv3
449 478
450 479
451 if ( $snmp_version =~ /[12]/ ) {
452 ($session, $error) = Net::SNMP->session(
453 -hostname => $hostname,
454 -community => $community,
455 -port => $port,
456 -version => $snmp_version,
457 -maxmsgsize => $maxmsgsize
458 );
459
460 if (!defined($session)) {
461 $state='UNKNOWN';
462 $answer=$error;
463 print ("$state: $answer\n");
464 exit $ERRORS{$state};
465 }
466
467 }elsif ( $snmp_version =~ /3/ ) {
468
469 if ($seclevel eq 'noAuthNoPriv') {
470 ($session, $error) = Net::SNMP->session(
471 -hostname => $hostname,
472 -port => $port,
473 -version => $snmp_version,
474 -username => $secname,
475 );
476
477 }elsif ( $seclevel eq 'authNoPriv' ) {
478 ($session, $error) = Net::SNMP->session(
479 -hostname => $hostname,
480 -port => $port,
481 -version => $snmp_version,
482 -username => $secname,
483 $auth,
484 -authprotocol => $authproto,
485 );
486 }elsif ($seclevel eq 'authPriv' ) {
487 ($session, $error) = Net::SNMP->session(
488 -hostname => $hostname,
489 -port => $port,
490 -version => $snmp_version,
491 -username => $secname,
492 $auth,
493 -authprotocol => $authproto,
494 $priv
495 );
496 }
497
498
499 if (!defined($session)) {
500 $state='UNKNOWN';
501 $answer=$error;
502 print ("$state: $answer\n");
503 exit $ERRORS{$state};
504 }
505
506 }else{
507 $state='UNKNOWN';
508 print ("$state: No support for SNMP v$snmp_version yet\n");
509 exit $ERRORS{$state};
510 }
511
512} 480}
513## End validation 481## End validation
514 482