diff options
author | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-02-28 13:22:34 +0100 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-02-28 13:22:34 +0100 |
commit | e260efb25690b13002a0bf432507f66bdad90f02 (patch) | |
tree | 6e3fa00ba0c82457b83cdfaca050b8f31199e602 | |
parent | 5f77fa7510afda19c832b2497f4799d9648c532e (diff) | |
parent | 0a3252d88d148a8cb21774cd3ae6a1cb1fbb004c (diff) | |
download | monitoring-plugins-e260efb25690b13002a0bf432507f66bdad90f02.tar.gz |
Merge remote-tracking branch 'awiddersheim/fix_trusted_path'
* awiddersheim/fix_trusted_path:
Fix trusted path
Conflicts:
plugins-scripts/check_ntp.pl
plugins-scripts/subst.in
Closes #1212.
-rw-r--r-- | configure.ac | 5 | ||||
-rwxr-xr-x | plugins-scripts/check_breeze.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_disk_smb.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_file_age.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_flexlm.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_ifoperstatus.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_ifstatus.pl | 3 | ||||
-rwxr-xr-x | plugins-scripts/check_ircd.pl | 6 | ||||
-rwxr-xr-x | plugins-scripts/check_log.sh | 3 | ||||
-rwxr-xr-x | plugins-scripts/check_mailq.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_mssql.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_netdns.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_ntp.pl | 471 | ||||
-rwxr-xr-x | plugins-scripts/check_oracle.sh | 1 | ||||
-rwxr-xr-x | plugins-scripts/check_rpc.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_sensors.sh | 5 | ||||
-rwxr-xr-x | plugins-scripts/check_wave.pl | 2 | ||||
-rw-r--r-- | plugins-scripts/subst.in | 12 |
18 files changed, 508 insertions, 28 deletions
diff --git a/configure.ac b/configure.ac index 773eb2e5..5759e60b 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -74,9 +74,8 @@ AC_DEFINE_UNQUOTED(CGIURL,"$CGIURL",[URL of CGI programs]) | |||
74 | 74 | ||
75 | AC_ARG_WITH(trusted_path, | 75 | AC_ARG_WITH(trusted_path, |
76 | ACX_HELP_STRING([--with-trusted-path=PATH], | 76 | ACX_HELP_STRING([--with-trusted-path=PATH], |
77 | [sets trusted path for executables called by scripts (default=/bin:/sbin:/usr/bin:/usr/sbin)]), | 77 | [sets trusted path for executables called by scripts]), |
78 | with_trusted_path=$withval, | 78 | with_trusted_path=$withval) |
79 | with_trusted_path=/bin:/sbin:/usr/bin:/usr/sbin) | ||
80 | AC_SUBST(with_trusted_path) | 79 | AC_SUBST(with_trusted_path) |
81 | 80 | ||
82 | EXTRAS= | 81 | EXTRAS= |
diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl index 5ff4fcfa..917a1c6f 100755 --- a/plugins-scripts/check_breeze.pl +++ b/plugins-scripts/check_breeze.pl | |||
@@ -13,7 +13,7 @@ $PROGNAME = "check_breeze"; | |||
13 | sub print_help (); | 13 | sub print_help (); |
14 | sub print_usage (); | 14 | sub print_usage (); |
15 | 15 | ||
16 | $ENV{'PATH'}=''; | 16 | $ENV{'PATH'}='@trusted_path@'; |
17 | $ENV{'BASH_ENV'}=''; | 17 | $ENV{'BASH_ENV'}=''; |
18 | $ENV{'ENV'}=''; | 18 | $ENV{'ENV'}=''; |
19 | 19 | ||
diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index b0a61144..36259d59 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl | |||
@@ -33,7 +33,7 @@ sub print_usage (); | |||
33 | 33 | ||
34 | $PROGNAME = "check_disk_smb"; | 34 | $PROGNAME = "check_disk_smb"; |
35 | 35 | ||
36 | $ENV{'PATH'}=''; | 36 | $ENV{'PATH'}='@trusted_path@'; |
37 | $ENV{'BASH_ENV'}=''; | 37 | $ENV{'BASH_ENV'}=''; |
38 | $ENV{'ENV'}=''; | 38 | $ENV{'ENV'}=''; |
39 | 39 | ||
diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index 2781c2ac..e0280381 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl | |||
@@ -36,6 +36,10 @@ my ($result, $message, $age, $size, $st); | |||
36 | 36 | ||
37 | $PROGNAME="check_file_age"; | 37 | $PROGNAME="check_file_age"; |
38 | 38 | ||
39 | $ENV{'PATH'}='@trusted_path@'; | ||
40 | $ENV{'BASH_ENV'}=''; | ||
41 | $ENV{'ENV'}=''; | ||
42 | |||
39 | $opt_w = 240; | 43 | $opt_w = 240; |
40 | $opt_c = 600; | 44 | $opt_c = 600; |
41 | $opt_W = 0; | 45 | $opt_W = 0; |
diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl index a0b007fb..de63d3ab 100755 --- a/plugins-scripts/check_flexlm.pl +++ b/plugins-scripts/check_flexlm.pl | |||
@@ -44,7 +44,7 @@ $PROGNAME="check_flexlm"; | |||
44 | sub print_help (); | 44 | sub print_help (); |
45 | sub print_usage (); | 45 | sub print_usage (); |
46 | 46 | ||
47 | $ENV{'PATH'}=''; | 47 | $ENV{'PATH'}='@trusted_path@'; |
48 | $ENV{'BASH_ENV'}=''; | 48 | $ENV{'BASH_ENV'}=''; |
49 | $ENV{'ENV'}=''; | 49 | $ENV{'ENV'}=''; |
50 | 50 | ||
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index 26fae76d..159eb62e 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl | |||
@@ -49,6 +49,10 @@ sub usage ($); | |||
49 | sub print_usage (); | 49 | sub print_usage (); |
50 | sub process_arguments (); | 50 | sub process_arguments (); |
51 | 51 | ||
52 | $ENV{'PATH'}='@trusted_path@'; | ||
53 | $ENV{'BASH_ENV'}=''; | ||
54 | $ENV{'ENV'}=''; | ||
55 | |||
52 | my $timeout; | 56 | my $timeout; |
53 | my $status; | 57 | my $status; |
54 | my %ifOperStatus = ('1','up', | 58 | my %ifOperStatus = ('1','up', |
diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index 588e5df3..4760a281 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl | |||
@@ -47,6 +47,9 @@ sub usage ($); | |||
47 | sub print_usage (); | 47 | sub print_usage (); |
48 | sub process_arguments (); | 48 | sub process_arguments (); |
49 | 49 | ||
50 | $ENV{'PATH'}='@trusted_path@'; | ||
51 | $ENV{'BASH_ENV'}=''; | ||
52 | $ENV{'ENV'}=''; | ||
50 | 53 | ||
51 | my $status; | 54 | my $status; |
52 | my %ifOperStatus = ('1','up', | 55 | my %ifOperStatus = ('1','up', |
diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl index e45e9fc1..dab65954 100755 --- a/plugins-scripts/check_ircd.pl +++ b/plugins-scripts/check_ircd.pl | |||
@@ -62,9 +62,9 @@ sub bindRemote ($$); | |||
62 | 62 | ||
63 | # -------------------------------------------------------------[ Enviroment ]-- | 63 | # -------------------------------------------------------------[ Enviroment ]-- |
64 | 64 | ||
65 | $ENV{PATH} = ""; | 65 | $ENV{'PATH'}='@trusted_path@'; |
66 | $ENV{ENV} = ""; | 66 | $ENV{'BASH_ENV'}=''; |
67 | $ENV{BASH_ENV} = ""; | 67 | $ENV{'ENV'}=''; |
68 | 68 | ||
69 | # -----------------------------------------------------------------[ Global ]-- | 69 | # -----------------------------------------------------------------[ Global ]-- |
70 | 70 | ||
diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh index 54408cbd..be4c7be1 100755 --- a/plugins-scripts/check_log.sh +++ b/plugins-scripts/check_log.sh | |||
@@ -57,8 +57,6 @@ | |||
57 | 57 | ||
58 | # Paths to commands used in this script. These | 58 | # Paths to commands used in this script. These |
59 | # may have to be modified to match your system setup. | 59 | # may have to be modified to match your system setup. |
60 | # TV: removed PATH restriction. Need to think more about what this means overall | ||
61 | #PATH="" | ||
62 | 60 | ||
63 | GREP="/bin/egrep" | 61 | GREP="/bin/egrep" |
64 | DIFF="/bin/diff" | 62 | DIFF="/bin/diff" |
@@ -71,6 +69,7 @@ TOUCH="/bin/touch" | |||
71 | PROGNAME=`/bin/basename $0` | 69 | PROGNAME=`/bin/basename $0` |
72 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` | 70 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` |
73 | REVISION="@NP_VERSION@" | 71 | REVISION="@NP_VERSION@" |
72 | PATH="@trusted_path@" | ||
74 | 73 | ||
75 | . $PROGPATH/utils.sh | 74 | . $PROGPATH/utils.sh |
76 | 75 | ||
diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index a7de87bf..488cf2f1 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl | |||
@@ -40,7 +40,7 @@ sub print_help (); | |||
40 | sub print_usage (); | 40 | sub print_usage (); |
41 | sub process_arguments (); | 41 | sub process_arguments (); |
42 | 42 | ||
43 | $ENV{'PATH'}=''; | 43 | $ENV{'PATH'}='@trusted_path@'; |
44 | $ENV{'BASH_ENV'}=''; | 44 | $ENV{'BASH_ENV'}=''; |
45 | $ENV{'ENV'}=''; | 45 | $ENV{'ENV'}=''; |
46 | $PROGNAME = "check_mailq"; | 46 | $PROGNAME = "check_mailq"; |
diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index e3e7391d..cf23ae82 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl | |||
@@ -35,6 +35,10 @@ use strict; | |||
35 | 35 | ||
36 | my $PROGNAME = "check_mssql"; | 36 | my $PROGNAME = "check_mssql"; |
37 | 37 | ||
38 | $ENV{'PATH'}='@trusted_path@'; | ||
39 | $ENV{'BASH_ENV'}=''; | ||
40 | $ENV{'ENV'}=''; | ||
41 | |||
38 | my ( | 42 | my ( |
39 | $server,$database,$username,$password,$query,$help,$verbose,$timeout, | 43 | $server,$database,$username,$password,$query,$help,$verbose,$timeout, |
40 | $dbh,$sth,$row, | 44 | $dbh,$sth,$row, |
diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl index 5b246429..6e0d02d1 100755 --- a/plugins-scripts/check_netdns.pl +++ b/plugins-scripts/check_netdns.pl | |||
@@ -33,6 +33,10 @@ use utils ; | |||
33 | 33 | ||
34 | my $PROGNAME = "check_netdns"; | 34 | my $PROGNAME = "check_netdns"; |
35 | 35 | ||
36 | $ENV{'PATH'}='@trusted_path@'; | ||
37 | $ENV{'BASH_ENV'}=''; | ||
38 | $ENV{'ENV'}=''; | ||
39 | |||
36 | Getopt::Long::Configure(`bundling`); | 40 | Getopt::Long::Configure(`bundling`); |
37 | GetOptions("V" => $opt_V, "version" => $opt_V, | 41 | GetOptions("V" => $opt_V, "version" => $opt_V, |
38 | "h" => $opt_h, "help" => $opt_h, | 42 | "h" => $opt_h, "help" => $opt_h, |
diff --git a/plugins-scripts/check_ntp.pl b/plugins-scripts/check_ntp.pl new file mode 100755 index 00000000..cdcbffac --- /dev/null +++ b/plugins-scripts/check_ntp.pl | |||
@@ -0,0 +1,471 @@ | |||
1 | #!/usr/bin/perl -w | ||
2 | # | ||
3 | # (c)1999 Ian Cass, Knowledge Matters Ltd. | ||
4 | # Read the GNU copyright stuff for all the legalese | ||
5 | # | ||
6 | # Check NTP time servers plugin. This plugin requires the ntpdate utility to | ||
7 | # be installed on the system, however since it's part of the ntp suite, you | ||
8 | # should already have it installed. | ||
9 | # | ||
10 | # | ||
11 | # Nothing clever done in this program - its a very simple bare basics hack to | ||
12 | # get the job done. | ||
13 | # | ||
14 | # Things to do... | ||
15 | # check @words[9] for time differences greater than +/- x secs & return a | ||
16 | # warning. | ||
17 | # | ||
18 | # (c) 1999 Mark Jewiss, Knowledge Matters Limited | ||
19 | # 22-9-1999, 12:45 | ||
20 | # | ||
21 | # Modified script to accept 2 parameters or set defaults. | ||
22 | # Now issues warning or critical alert is time difference is greater than the | ||
23 | # time passed. | ||
24 | # | ||
25 | # These changes have not been tested completely due to the unavailability of a | ||
26 | # server with the incorrect time. | ||
27 | # | ||
28 | # (c) 1999 Bo Kersey, VirCIO - Managed Server Solutions <bo@vircio.com> | ||
29 | # 22-10-99, 12:17 | ||
30 | # | ||
31 | # Modified the script to give useage if no parameters are input. | ||
32 | # | ||
33 | # Modified the script to check for negative as well as positive | ||
34 | # time differences. | ||
35 | # | ||
36 | # Modified the script to work with ntpdate 3-5.93e Wed Apr 14 20:23:03 EDT 1999 | ||
37 | # | ||
38 | # Modified the script to work with ntpdate's that return adjust or offset... | ||
39 | # | ||
40 | # | ||
41 | # Script modified 2000 June 01 by William Pietri <william@bianca.com> | ||
42 | # | ||
43 | # Modified script to handle weird cases: | ||
44 | # o NTP server doesn't respond (e.g., has died) | ||
45 | # o Server has correct time but isn't suitable synchronization | ||
46 | # source. This happens while starting up and if contact | ||
47 | # with master has been lost. | ||
48 | # | ||
49 | # Modifed to run under Embedded Perl (sghosh@users.sf.net) | ||
50 | # - combined logic some blocks together.. | ||
51 | # | ||
52 | # Added ntpdate check for stratum 16 desynch peer (James Fidell) Feb 03, 2003 | ||
53 | # | ||
54 | # ntpdate - offset is in seconds | ||
55 | # changed ntpdc to ntpq - jitter/dispersion is in milliseconds | ||
56 | # | ||
57 | # Patch for for regex for stratum1 refid. | ||
58 | |||
59 | require 5.004; | ||
60 | use POSIX; | ||
61 | use strict; | ||
62 | use Getopt::Long; | ||
63 | use vars qw($opt_V $opt_h $opt_H $opt_t $opt_w $opt_c $opt_O $opt_j $opt_k $verbose $PROGNAME $def_jitter $ipv4 $ipv6); | ||
64 | use lib utils.pm; | ||
65 | use utils qw($TIMEOUT %ERRORS &print_revision &support); | ||
66 | |||
67 | $PROGNAME="check_ntp"; | ||
68 | |||
69 | sub print_help (); | ||
70 | sub print_usage (); | ||
71 | |||
72 | $ENV{'PATH'}='@trusted_path@'; | ||
73 | $ENV{'BASH_ENV'}=''; | ||
74 | $ENV{'ENV'}=''; | ||
75 | |||
76 | # defaults in sec | ||
77 | my $DEFAULT_OFFSET_WARN = 60; # 1 minute | ||
78 | my $DEFAULT_OFFSET_CRIT = 120; # 2 minutes | ||
79 | # default in millisec | ||
80 | my $DEFAULT_JITTER_WARN = 5000; # 5 sec | ||
81 | my $DEFAULT_JITTER_CRIT = 10000; # 10 sec | ||
82 | |||
83 | Getopt::Long::Configure('bundling'); | ||
84 | GetOptions | ||
85 | ("V" => \$opt_V, "version" => \$opt_V, | ||
86 | "h" => \$opt_h, "help" => \$opt_h, | ||
87 | "v" => \$verbose, "verbose" => \$verbose, | ||
88 | "4" => \$ipv4, "use-ipv4" => \$ipv4, | ||
89 | "6" => \$ipv6, "use-ipv6" => \$ipv6, | ||
90 | "w=f" => \$opt_w, "warning=f" => \$opt_w, # offset|adjust warning if above this number | ||
91 | "c=f" => \$opt_c, "critical=f" => \$opt_c, # offset|adjust critical if above this number | ||
92 | "O" => \$opt_O, "zero-offset" => \$opt_O, # zero-offset bad | ||
93 | "j=s" => \$opt_j, "jwarn=i" => \$opt_j, # jitter warning if above this number | ||
94 | "k=s" => \$opt_k, "jcrit=i" => \$opt_k, # jitter critical if above this number | ||
95 | "t=s" => \$opt_t, "timeout=i" => \$opt_t, | ||
96 | "H=s" => \$opt_H, "hostname=s" => \$opt_H); | ||
97 | |||
98 | if ($opt_V) { | ||
99 | print_revision($PROGNAME,'@NP_VERSION@'); | ||
100 | exit $ERRORS{'OK'}; | ||
101 | } | ||
102 | |||
103 | if ($opt_h) { | ||
104 | print_help(); | ||
105 | exit $ERRORS{'OK'}; | ||
106 | } | ||
107 | |||
108 | # jitter test params specified | ||
109 | if (defined $opt_j || defined $opt_k ) { | ||
110 | $def_jitter = 1; | ||
111 | } | ||
112 | |||
113 | $opt_H = shift unless ($opt_H); | ||
114 | my $host = $1 if ($opt_H && $opt_H =~ m/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|[a-zA-Z][-a-zA-Z0-9]+(\.[a-zA-Z][-a-zA-Z0-9]+)*)$/); | ||
115 | unless ($host) { | ||
116 | print "No target host specified\n"; | ||
117 | print_usage(); | ||
118 | exit $ERRORS{'UNKNOWN'}; | ||
119 | } | ||
120 | |||
121 | my ($timeout, $owarn, $ocrit, $jwarn, $jcrit); | ||
122 | |||
123 | $timeout = $TIMEOUT; | ||
124 | ($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1); | ||
125 | |||
126 | $owarn = $DEFAULT_OFFSET_WARN; | ||
127 | ($opt_w) && ($opt_w =~ /^([0-9.]+)$/) && ($owarn = $1); | ||
128 | |||
129 | $ocrit = $DEFAULT_OFFSET_CRIT; | ||
130 | ($opt_c) && ($opt_c =~ /^([0-9.]+)$/) && ($ocrit = $1); | ||
131 | |||
132 | $jwarn = $DEFAULT_JITTER_WARN; | ||
133 | ($opt_j) && ($opt_j =~ /^([0-9]+)$/) && ($jwarn = $1); | ||
134 | |||
135 | $jcrit = $DEFAULT_JITTER_CRIT; | ||
136 | ($opt_k) && ($opt_k =~ /^([0-9]+)$/) && ($jcrit = $1); | ||
137 | |||
138 | if ($ocrit < $owarn ) { | ||
139 | print "Critical offset should be larger than warning offset\n"; | ||
140 | print_usage(); | ||
141 | exit $ERRORS{"UNKNOWN"}; | ||
142 | } | ||
143 | |||
144 | if ($def_jitter) { | ||
145 | if ($opt_k < $opt_j) { | ||
146 | print "Critical jitter should be larger than warning jitter\n"; | ||
147 | print_usage(); | ||
148 | exit $ERRORS{'UNKNOWN'}; | ||
149 | } | ||
150 | } | ||
151 | |||
152 | |||
153 | my $stratum = -1; | ||
154 | my $ignoreret = 0; | ||
155 | my $answer = undef; | ||
156 | my $offset = undef; | ||
157 | my $jitter = undef; | ||
158 | my $syspeer = undef; | ||
159 | my $candidate = 0; | ||
160 | my @candidates; | ||
161 | my $msg; # first line of output to print if format is invalid | ||
162 | |||
163 | my $state = $ERRORS{'UNKNOWN'}; | ||
164 | my $ntpdate_error = $ERRORS{'UNKNOWN'}; | ||
165 | my $jitter_error = $ERRORS{'UNKNOWN'}; | ||
166 | |||
167 | # some systems don't have a proper ntpq (migrated from ntpdc) | ||
168 | my $have_ntpq = undef; | ||
169 | if ($utils::PATH_TO_NTPQ && -x $utils::PATH_TO_NTPQ ) { | ||
170 | $have_ntpq = 1; | ||
171 | }else{ | ||
172 | $have_ntpq = 0; | ||
173 | } | ||
174 | |||
175 | # Just in case of problems, let's not hang Nagios | ||
176 | $SIG{'ALRM'} = sub { | ||
177 | print ("ERROR: No response from ntp server (alarm)\n"); | ||
178 | exit $ERRORS{"UNKNOWN"}; | ||
179 | }; | ||
180 | alarm($timeout); | ||
181 | |||
182 | # Determine protocol to be used for ntpdate and ntpq | ||
183 | my $ntpdate = $utils::PATH_TO_NTPDATE; | ||
184 | my $ntpq = $utils::PATH_TO_NTPQ; | ||
185 | if ($ipv4) { | ||
186 | $ntpdate .= " -4"; | ||
187 | $ntpq .= " -4"; | ||
188 | } | ||
189 | elsif ($ipv6) { | ||
190 | $ntpdate .= " -6"; | ||
191 | $ntpq .= " -6"; | ||
192 | } | ||
193 | # else don't use any flags | ||
194 | |||
195 | ### | ||
196 | ### | ||
197 | ### First, check ntpdate | ||
198 | ### | ||
199 | ### | ||
200 | |||
201 | if (!open (NTPDATE, $ntpdate . " -q $host 2>&1 |")) { | ||
202 | print "Could not open $ntpdate: $!\n"; | ||
203 | exit $ERRORS{"UNKNOWN"}; | ||
204 | } | ||
205 | |||
206 | my $out; | ||
207 | while (<NTPDATE>) { | ||
208 | #print if ($verbose); # noop | ||
209 | $msg = $_ unless ($msg); | ||
210 | $out .= "$_ "; | ||
211 | |||
212 | if (/stratum\s(\d+)/) { | ||
213 | $stratum = $1; | ||
214 | } | ||
215 | |||
216 | if (/(offset|adjust)\s+([-.\d]+)/i) { | ||
217 | $offset = $2; | ||
218 | |||
219 | # An offset of 0.000000 with an error is probably bogus. Actually, | ||
220 | # it's probably always bogus, but let's be paranoid here. | ||
221 | # Has been reported that 0.0000 happens in a production environment | ||
222 | # on Solaris 8 so this check should be taken out - SF tracker 1150777 | ||
223 | if (defined $opt_O ) { | ||
224 | if ($offset == 0) { undef $offset;} | ||
225 | } | ||
226 | |||
227 | $ntpdate_error = defined ($offset) ? $ERRORS{"OK"} : $ERRORS{"CRITICAL"}; | ||
228 | print "ntperr = $ntpdate_error \n" if $verbose; | ||
229 | |||
230 | } | ||
231 | |||
232 | if (/no server suitable for synchronization found/) { | ||
233 | if ($stratum == 16) { | ||
234 | $ntpdate_error = $ERRORS{"WARNING"}; | ||
235 | $msg = "Desynchronized peer server found"; | ||
236 | $ignoreret=1; | ||
237 | } | ||
238 | else { | ||
239 | $ntpdate_error = $ERRORS{"CRITICAL"}; | ||
240 | $msg = "No suitable peer server found - "; | ||
241 | } | ||
242 | } | ||
243 | |||
244 | } | ||
245 | $out =~ s/\n//g; | ||
246 | close (NTPDATE) || | ||
247 | die $! ? "$out - Error closing $ntpdate pipe: $!" | ||
248 | : "$out - Exit status: $? from $ntpdate\n"; | ||
249 | |||
250 | # declare an error if we also get a non-zero return code from ntpdate | ||
251 | # unless already set to critical | ||
252 | if ( $? && !$ignoreret ) { | ||
253 | print "stderr = $? : $! \n" if $verbose; | ||
254 | $ntpdate_error = $ntpdate_error == $ERRORS{"CRITICAL"} ? $ERRORS{"CRITICAL"} : $ERRORS{"UNKNOWN"} ; | ||
255 | print "ntperr = $ntpdate_error : $!\n" if $verbose; | ||
256 | } | ||
257 | |||
258 | ### | ||
259 | ### | ||
260 | ### Then scan xntpq/ntpq if it exists | ||
261 | ### and look in the 11th column for jitter | ||
262 | ### | ||
263 | # Field 1: Tally Code ( Space, 'x','.','-','+','#','*','o') | ||
264 | # Only match for '*' which implies sys.peer | ||
265 | # or 'o' which implies pps.peer | ||
266 | # If both exist, the last one is picked. | ||
267 | # Field 2: address of the remote peer | ||
268 | # Field 3: Refid of the clock (0.0.0.0 if unknown, WWWV/PPS/GPS/ACTS/USNO/PCS/... if Stratum1) | ||
269 | # Field 4: stratum (0-15) | ||
270 | # Field 5: Type of the peer: local (l), unicast (u), multicast (m) | ||
271 | # broadcast (b); not sure about multicast/broadcast | ||
272 | # Field 6: last packet receive (in seconds) | ||
273 | # Field 7: polling interval | ||
274 | # Field 8: reachability resgister (octal) | ||
275 | # Field 9: delay | ||
276 | # Field 10: offset | ||
277 | # Field 11: dispersion/jitter | ||
278 | # | ||
279 | # According to bug 773588 Some solaris xntpd implementations seemto match on | ||
280 | # "#" even though the docs say it exceeds maximum distance. Providing patch | ||
281 | # here which will generate a warining. | ||
282 | |||
283 | if ($have_ntpq) { | ||
284 | |||
285 | if ( open(NTPQ, $ntpq . " -np $host 2>&1 |") ) { | ||
286 | while (<NTPQ>) { | ||
287 | print $_ if ($verbose); | ||
288 | if ( /timed out/ ){ | ||
289 | $have_ntpq = 0 ; | ||
290 | last ; | ||
291 | } | ||
292 | # number of candidates on <host> for sys.peer | ||
293 | if (/^(\*|\+|\#|o])/) { | ||
294 | ++$candidate; | ||
295 | push (@candidates, $_); | ||
296 | print "Candidate count= $candidate\n" if ($verbose); | ||
297 | } | ||
298 | |||
299 | # match sys.peer or pps.peer | ||
300 | if (/^(\*|o)(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)/) { | ||
301 | $syspeer = $2; | ||
302 | $stratum = $4; | ||
303 | $jitter = $11; | ||
304 | print "match $_ \n" if $verbose; | ||
305 | if ($jitter > $jcrit) { | ||
306 | print "Jitter_crit = $11 :$jcrit\n" if ($verbose); | ||
307 | $jitter_error = $ERRORS{'CRITICAL'}; | ||
308 | } elsif ($jitter > $jwarn ) { | ||
309 | print "Jitter_warn = $11 :$jwarn\n" if ($verbose); | ||
310 | $jitter_error = $ERRORS{'WARNING'}; | ||
311 | } else { | ||
312 | $jitter_error = $ERRORS{'OK'}; | ||
313 | } | ||
314 | } else { | ||
315 | print "No match!\n" if $verbose; | ||
316 | $jitter = '(not parsed)'; | ||
317 | } | ||
318 | |||
319 | } | ||
320 | close NTPQ || | ||
321 | die $! ? "Error closing $ntpq pipe: $!" | ||
322 | : "Exit status: $? from $ntpq\n"; | ||
323 | |||
324 | # if we did not match sys.peer or pps.peer but matched # candidates only | ||
325 | # generate a warning | ||
326 | # based on bug id 773588 | ||
327 | unless (defined $syspeer) { | ||
328 | if ($#candidates >=0) { | ||
329 | foreach my $c (@candidates) { | ||
330 | $c =~ /^(#)([-0-9.\s]+)\s+([-0-9A-Za-z_().]+)\s+([-0-9.]+)\s+([lumb-]+)\s+([-0-9m.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)/; | ||
331 | $syspeer = $2; | ||
332 | $stratum = $4; | ||
333 | $jitter = $11; | ||
334 | print "candidate match $c \n" if $verbose; | ||
335 | if ($jitter > $jcrit) { | ||
336 | print "Candidate match - Jitter_crit = $11 :$jcrit\n" if ($verbose); | ||
337 | $jitter_error = $ERRORS{'CRITICAL'}; | ||
338 | }elsif ($jitter > $jwarn ) { | ||
339 | print "Candidate match - Jitter_warn = $11 :$jwarn \n" if ($verbose); | ||
340 | $jitter_error = $ERRORS{'WARNING'}; | ||
341 | } else { | ||
342 | $jitter_error = $ERRORS{'WARNING'}; | ||
343 | } | ||
344 | } | ||
345 | |||
346 | } | ||
347 | } | ||
348 | } | ||
349 | } | ||
350 | |||
351 | |||
352 | if ($ntpdate_error != $ERRORS{'OK'}) { | ||
353 | $state = $ntpdate_error; | ||
354 | if ($ntpdate_error == $ERRORS{'WARNING'} ) { | ||
355 | $answer = $msg; | ||
356 | } | ||
357 | else { | ||
358 | $answer = $msg . "Server for ntp probably down"; | ||
359 | } | ||
360 | |||
361 | if (defined($offset) && abs($offset) > $ocrit) { | ||
362 | $state = $ERRORS{'CRITICAL'}; | ||
363 | $answer = "Server Error and offset $offset sec > +/- $ocrit sec"; | ||
364 | } elsif (defined($offset) && abs($offset) > $owarn) { | ||
365 | $answer = "Server error and offset $offset sec > +/- $owarn sec"; | ||
366 | } elsif (defined($jitter) && abs($jitter) > $jcrit) { | ||
367 | $answer = "Server error and jitter $jitter msec > +/- $jcrit msec"; | ||
368 | } elsif (defined($jitter) && abs($jitter) > $jwarn) { | ||
369 | $answer = "Server error and jitter $jitter msec > +/- $jwarn msec"; | ||
370 | } | ||
371 | |||
372 | } elsif ($have_ntpq && $jitter_error != $ERRORS{'OK'}) { | ||
373 | $state = $jitter_error; | ||
374 | $answer = "Jitter $jitter too high"; | ||
375 | if (defined($offset) && abs($offset) > $ocrit) { | ||
376 | $state = $ERRORS{'CRITICAL'}; | ||
377 | $answer = "Jitter error and offset $offset sec > +/- $ocrit sec"; | ||
378 | } elsif (defined($offset) && abs($offset) > $owarn) { | ||
379 | $answer = "Jitter error and offset $offset sec > +/- $owarn sec"; | ||
380 | } elsif (defined($jitter) && abs($jitter) > $jcrit) { | ||
381 | $answer = "Jitter error and jitter $jitter msec > +/- $jcrit msec"; | ||
382 | } elsif (defined($jitter) && abs($jitter) > $jwarn) { | ||
383 | $answer = "Jitter error and jitter $jitter msec > +/- $jwarn msec"; | ||
384 | } | ||
385 | |||
386 | } elsif( !$have_ntpq ) { # no errors from ntpdate and no ntpq or ntpq timed out | ||
387 | if (abs($offset) > $ocrit) { | ||
388 | $state = $ERRORS{'CRITICAL'}; | ||
389 | $answer = "Offset $offset sec > +/- $ocrit sec"; | ||
390 | } elsif (abs($offset) > $owarn) { | ||
391 | $state = $ERRORS{'WARNING'}; | ||
392 | $answer = "Offset $offset sec > +/- $owarn sec"; | ||
393 | } elsif (( abs($offset) > $owarn) && $def_jitter ) { | ||
394 | $state = $ERRORS{'WARNING'}; | ||
395 | $answer = "Offset $offset sec > +/- $owarn sec, ntpq timed out"; | ||
396 | } elsif ( $def_jitter ) { | ||
397 | $state = $ERRORS{'WARNING'}; | ||
398 | $answer = "Offset $offset secs, ntpq timed out"; | ||
399 | } else{ | ||
400 | $state = $ERRORS{'OK'}; | ||
401 | $answer = "Offset $offset secs"; | ||
402 | } | ||
403 | |||
404 | |||
405 | |||
406 | } else { # no errors from ntpdate or ntpq | ||
407 | if (abs($offset) > $ocrit) { | ||
408 | $state = $ERRORS{'CRITICAL'}; | ||
409 | $answer = "Offset $offset sec > +/- $ocrit sec, jitter $jitter msec"; | ||
410 | } elsif (abs($jitter) > $jcrit ) { | ||
411 | $state = $ERRORS{'CRITICAL'}; | ||
412 | $answer = "Jitter $jitter msec> +/- $jcrit msec, offset $offset sec"; | ||
413 | } elsif (abs($offset) > $owarn) { | ||
414 | $state = $ERRORS{'WARNING'}; | ||
415 | $answer = "Offset $offset sec > +/- $owarn sec, jitter $jitter msec"; | ||
416 | } elsif (abs($jitter) > $jwarn ) { | ||
417 | $state = $ERRORS{'WARNING'}; | ||
418 | $answer = "Jitter $jitter msec> +/- $jwarn msec, offset $offset sec"; | ||
419 | |||
420 | } else { | ||
421 | $state = $ERRORS{'OK'}; | ||
422 | $answer = "Offset $offset secs, jitter $jitter msec, peer is stratum $stratum"; | ||
423 | } | ||
424 | |||
425 | } | ||
426 | |||
427 | foreach my $key (keys %ERRORS) { | ||
428 | if ($state==$ERRORS{$key}) { | ||
429 | # print ("NTP $key: $answer"); | ||
430 | print ("NTP $key: $answer|offset=$offset, jitter=" . $jitter/1000 . ",peer_stratum=$stratum\n"); | ||
431 | last; | ||
432 | } | ||
433 | } | ||
434 | exit $state; | ||
435 | |||
436 | |||
437 | #### | ||
438 | #### subs | ||
439 | |||
440 | sub print_usage () { | ||
441 | print "Usage: $PROGNAME -H <host> [-46] [-O] [-w <warn>] [-c <crit>] [-j <warn>] [-k <crit>] [-v verbose]\n"; | ||
442 | } | ||
443 | |||
444 | sub print_help () { | ||
445 | print_revision($PROGNAME,'@NP_VERSION@'); | ||
446 | print "Copyright (c) 2003 Bo Kersey/Karl DeBisschop\n"; | ||
447 | print "\n"; | ||
448 | print_usage(); | ||
449 | print " | ||
450 | Checks the local timestamp offset versus <host> with ntpdate | ||
451 | Checks the jitter/dispersion of clock signal between <host> and its sys.peer with ntpq\n | ||
452 | -O (--zero-offset) | ||
453 | A zero offset on \"ntpdate\" will generate a CRITICAL.\n | ||
454 | -w (--warning) | ||
455 | Clock offset in seconds at which a warning message will be generated.\n Defaults to $DEFAULT_OFFSET_WARN. | ||
456 | -c (--critical) | ||
457 | Clock offset in seconds at which a critical message will be generated.\n Defaults to $DEFAULT_OFFSET_CRIT. | ||
458 | -j (--jwarn) | ||
459 | Clock jitter in milliseconds at which a warning message will be generated.\n Defaults to $DEFAULT_JITTER_WARN. | ||
460 | -k (--jcrit) | ||
461 | Clock jitter in milliseconds at which a critical message will be generated.\n Defaults to $DEFAULT_JITTER_CRIT. | ||
462 | |||
463 | If jitter/dispersion is specified with -j or -k and ntpq times out, then a | ||
464 | warning is returned.\n | ||
465 | -4 (--use-ipv4) | ||
466 | Use IPv4 connection | ||
467 | -6 (--use-ipv6) | ||
468 | Use IPv6 connection | ||
469 | \n"; | ||
470 | support(); | ||
471 | } | ||
diff --git a/plugins-scripts/check_oracle.sh b/plugins-scripts/check_oracle.sh index b653372e..efa1df19 100755 --- a/plugins-scripts/check_oracle.sh +++ b/plugins-scripts/check_oracle.sh | |||
@@ -9,6 +9,7 @@ | |||
9 | PROGNAME=`basename $0` | 9 | PROGNAME=`basename $0` |
10 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` | 10 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` |
11 | REVISION="@NP_VERSION@" | 11 | REVISION="@NP_VERSION@" |
12 | PATH="@trusted_path@" | ||
12 | 13 | ||
13 | . $PROGPATH/utils.sh | 14 | . $PROGPATH/utils.sh |
14 | 15 | ||
diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl index 3a6f7179..f7fe0321 100755 --- a/plugins-scripts/check_rpc.pl +++ b/plugins-scripts/check_rpc.pl | |||
@@ -37,9 +37,9 @@ sub print_help (); | |||
37 | sub print_usage (); | 37 | sub print_usage (); |
38 | sub in ($$); | 38 | sub in ($$); |
39 | 39 | ||
40 | $ENV{'BASH_ENV'}=''; | 40 | $ENV{'PATH'}='@trusted_path@'; |
41 | $ENV{'BASH_ENV'}=''; | ||
41 | $ENV{'ENV'}=''; | 42 | $ENV{'ENV'}=''; |
42 | $ENV{'PATH'}=''; | ||
43 | $ENV{'LC_ALL'}='C'; | 43 | $ENV{'LC_ALL'}='C'; |
44 | 44 | ||
45 | #Initialise protocol for each progname number | 45 | #Initialise protocol for each progname number |
diff --git a/plugins-scripts/check_sensors.sh b/plugins-scripts/check_sensors.sh index 874e1049..53db9b49 100755 --- a/plugins-scripts/check_sensors.sh +++ b/plugins-scripts/check_sensors.sh | |||
@@ -1,14 +1,13 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | 2 | ||
3 | PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin | ||
4 | |||
5 | PROGNAME=`basename $0` | 3 | PROGNAME=`basename $0` |
6 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` | 4 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` |
7 | REVISION="@NP_VERSION@" | 5 | REVISION="@NP_VERSION@" |
6 | TRUSTED_PATH="@trusted_path@" | ||
7 | PATH=${TRUSTED_PATH:-"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"} | ||
8 | 8 | ||
9 | . $PROGPATH/utils.sh | 9 | . $PROGPATH/utils.sh |
10 | 10 | ||
11 | |||
12 | print_usage() { | 11 | print_usage() { |
13 | echo "Usage: $PROGNAME" [--ignore-fault] | 12 | echo "Usage: $PROGNAME" [--ignore-fault] |
14 | } | 13 | } |
diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl index b8ec3f03..51927534 100755 --- a/plugins-scripts/check_wave.pl +++ b/plugins-scripts/check_wave.pl | |||
@@ -16,7 +16,7 @@ $PROGNAME = "check_wave"; | |||
16 | sub print_help (); | 16 | sub print_help (); |
17 | sub print_usage (); | 17 | sub print_usage (); |
18 | 18 | ||
19 | $ENV{'PATH'}=''; | 19 | $ENV{'PATH'}='@trusted_path@'; |
20 | $ENV{'BASH_ENV'}=''; | 20 | $ENV{'BASH_ENV'}=''; |
21 | $ENV{'ENV'}=''; | 21 | $ENV{'ENV'}=''; |
22 | 22 | ||
diff --git a/plugins-scripts/subst.in b/plugins-scripts/subst.in index 66777d75..c730b770 100644 --- a/plugins-scripts/subst.in +++ b/plugins-scripts/subst.in | |||
@@ -45,17 +45,9 @@ BEGIN { | |||
45 | sub(c,which(c,path)); | 45 | sub(c,which(c,path)); |
46 | } | 46 | } |
47 | 47 | ||
48 | # Trusted path mechanism (deprecated) | 48 | # Trusted path mechanism |
49 | 49 | /@trusted_path@/ {sub(/@trusted_path@/,"@with_trusted_path@");} | |
50 | /^[ \t]*\$ENV[ \t]*\{[ \t'"]*PATH[ \t"']*\}[ \t]*=/ { | ||
51 | sub(/\=[ \t]*['"][^"']+["']/,"='@with_trusted_path@' # autoconf-derived"); | ||
52 | } | ||
53 | |||
54 | /^[\t ]*(export[\t ]*)?PATH[\t ]*=['"]+.+["']$/ { | ||
55 | sub(/\=.*$/,"='@with_trusted_path@' # autoconf-derived"); | ||
56 | } | ||
57 | 50 | ||
58 | { | 51 | { |
59 | print; | 52 | print; |
60 | } | 53 | } |
61 | |||