diff options
author | Jan Wagner <waja@cyconet.org> | 2013-10-01 14:50:04 +0200 |
---|---|---|
committer | Jan Wagner <waja@cyconet.org> | 2013-10-01 14:50:04 +0200 |
commit | 97349ae13d65ea91abbe6fd93c34aba28817493e (patch) | |
tree | 45891d6902204bbe9943018a7bbca795576b9c6a | |
parent | c188965c3c2f437c18a78ac47ed59099e2ecf05b (diff) | |
download | monitoring-plugins-97349ae13d65ea91abbe6fd93c34aba28817493e.tar.gz |
check_ssh: check protocol
It would be useful to be able to detect the protocols supported by the remote
ssh server to locate any using the insecure ssh v1 protocol. This patch
attempts to match against the protocol string in the ssh response.
Example:
check_ssh -H my.host.com -P 2.0
--
Just turning attached patch of github issue #780 into a push request.
(Closes #780)
-rw-r--r-- | plugins/check_ssh.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 6e8a5fc5..6842c4cf 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c | |||
@@ -46,6 +46,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
46 | int port = -1; | 46 | int port = -1; |
47 | char *server_name = NULL; | 47 | char *server_name = NULL; |
48 | char *remote_version = NULL; | 48 | char *remote_version = NULL; |
49 | char *remote_protocol = NULL; | ||
49 | int verbose = FALSE; | 50 | int verbose = FALSE; |
50 | 51 | ||
51 | int process_arguments (int, char **); | 52 | int process_arguments (int, char **); |
@@ -53,7 +54,7 @@ int validate_arguments (void); | |||
53 | void print_help (void); | 54 | void print_help (void); |
54 | void print_usage (void); | 55 | void print_usage (void); |
55 | 56 | ||
56 | int ssh_connect (char *haddr, int hport, char *remote_version); | 57 | int ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol); |
57 | 58 | ||
58 | 59 | ||
59 | 60 | ||
@@ -78,7 +79,7 @@ main (int argc, char **argv) | |||
78 | alarm (socket_timeout); | 79 | alarm (socket_timeout); |
79 | 80 | ||
80 | /* ssh_connect exits if error is found */ | 81 | /* ssh_connect exits if error is found */ |
81 | result = ssh_connect (server_name, port, remote_version); | 82 | result = ssh_connect (server_name, port, remote_version, remote_protocol); |
82 | 83 | ||
83 | alarm (0); | 84 | alarm (0); |
84 | 85 | ||
@@ -105,6 +106,7 @@ process_arguments (int argc, char **argv) | |||
105 | {"timeout", required_argument, 0, 't'}, | 106 | {"timeout", required_argument, 0, 't'}, |
106 | {"verbose", no_argument, 0, 'v'}, | 107 | {"verbose", no_argument, 0, 'v'}, |
107 | {"remote-version", required_argument, 0, 'r'}, | 108 | {"remote-version", required_argument, 0, 'r'}, |
109 | {"remote-protcol", required_argument, 0, 'P'}, | ||
108 | {0, 0, 0, 0} | 110 | {0, 0, 0, 0} |
109 | }; | 111 | }; |
110 | 112 | ||
@@ -116,7 +118,7 @@ process_arguments (int argc, char **argv) | |||
116 | strcpy (argv[c], "-t"); | 118 | strcpy (argv[c], "-t"); |
117 | 119 | ||
118 | while (1) { | 120 | while (1) { |
119 | c = getopt_long (argc, argv, "+Vhv46t:r:H:p:", longopts, &option); | 121 | c = getopt_long (argc, argv, "+Vhv46t:r:H:p:P:", longopts, &option); |
120 | 122 | ||
121 | if (c == -1 || c == EOF) | 123 | if (c == -1 || c == EOF) |
122 | break; | 124 | break; |
@@ -152,6 +154,9 @@ process_arguments (int argc, char **argv) | |||
152 | case 'r': /* remote version */ | 154 | case 'r': /* remote version */ |
153 | remote_version = optarg; | 155 | remote_version = optarg; |
154 | break; | 156 | break; |
157 | case 'P': /* remote version */ | ||
158 | remote_protocol = optarg; | ||
159 | break; | ||
155 | case 'H': /* host */ | 160 | case 'H': /* host */ |
156 | if (is_host (optarg) == FALSE) | 161 | if (is_host (optarg) == FALSE) |
157 | usage2 (_("Invalid hostname/address"), optarg); | 162 | usage2 (_("Invalid hostname/address"), optarg); |
@@ -206,7 +211,7 @@ validate_arguments (void) | |||
206 | 211 | ||
207 | 212 | ||
208 | int | 213 | int |
209 | ssh_connect (char *haddr, int hport, char *remote_version) | 214 | ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol) |
210 | { | 215 | { |
211 | int sd; | 216 | int sd; |
212 | int result; | 217 | int result; |
@@ -254,6 +259,14 @@ ssh_connect (char *haddr, int hport, char *remote_version) | |||
254 | exit (STATE_WARNING); | 259 | exit (STATE_WARNING); |
255 | } | 260 | } |
256 | 261 | ||
262 | if (remote_protocol && strcmp(remote_protocol, ssh_proto)) { | ||
263 | printf | ||
264 | (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"), | ||
265 | ssh_server, ssh_proto, remote_protocol); | ||
266 | close(sd); | ||
267 | exit (STATE_WARNING); | ||
268 | } | ||
269 | |||
257 | elapsed_time = (double)deltime(tv) / 1.0e6; | 270 | elapsed_time = (double)deltime(tv) / 1.0e6; |
258 | 271 | ||
259 | printf | 272 | printf |
@@ -296,6 +309,9 @@ print_help (void) | |||
296 | printf (" %s\n", "-r, --remote-version=STRING"); | 309 | printf (" %s\n", "-r, --remote-version=STRING"); |
297 | printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); | 310 | printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); |
298 | 311 | ||
312 | printf (" %s\n", "-P, --remote-protocol=STRING"); | ||
313 | printf (" %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)")); | ||
314 | |||
299 | printf (UT_VERBOSE); | 315 | printf (UT_VERBOSE); |
300 | 316 | ||
301 | printf (UT_SUPPORT); | 317 | printf (UT_SUPPORT); |