diff options
author | Matthias Eble <psychotrahe@gmx.de> | 2009-06-10 23:17:58 (GMT) |
---|---|---|
committer | Matthias Eble <psychotrahe@gmx.de> | 2009-06-10 23:17:58 (GMT) |
commit | 5195074095cac48dd15d857bce69c1aa909ec2b2 (patch) | |
tree | 6ebdfa3f9472c678e6a9df183f260205986b6860 /plugins-scripts/check_ifoperstatus.pl | |
parent | aff6140989777cbf128e9e4d6e35531372c284c1 (diff) | |
download | monitoring-plugins-5195074095cac48dd15d857bce69c1aa909ec2b2.tar.gz |
Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
check_ifoperstatus didn't function correctly with SNMPv3. This is fixed now.
Created argument-hash for SNMP session creation. This removes redundant code.
Session creation was moved out of process_arguments() and now takes place
after setting the timeout handler.
Additionally the -x argument was added to specify the privprotocol.
Diffstat (limited to 'plugins-scripts/check_ifoperstatus.pl')
-rwxr-xr-x | plugins-scripts/check_ifoperstatus.pl | 110 |
1 files changed, 39 insertions, 71 deletions
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index d0a1655..503f1e4 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl | |||
@@ -61,7 +61,7 @@ my $answer = ""; | |||
61 | my $snmpkey = 0; | 61 | my $snmpkey = 0; |
62 | my $community = "public"; | 62 | my $community = "public"; |
63 | my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 | 63 | my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 |
64 | my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); | 64 | my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context); |
65 | my $port = 161; | 65 | my $port = 161; |
66 | my @snmpoids; | 66 | my @snmpoids; |
67 | my $sysUptime = '1.3.6.1.2.1.1.3.0'; | 67 | my $sysUptime = '1.3.6.1.2.1.1.3.0'; |
@@ -89,12 +89,14 @@ my $lastc; | |||
89 | my $dormantWarn; | 89 | my $dormantWarn; |
90 | my $adminWarn; | 90 | my $adminWarn; |
91 | my $name; | 91 | my $name; |
92 | my %session_opts; | ||
92 | 93 | ||
93 | ### Validate Arguments | 94 | ### Validate Arguments |
94 | 95 | ||
95 | $status = process_arguments(); | 96 | $status = process_arguments(); |
96 | 97 | ||
97 | 98 | ||
99 | use Data::Dumper; | ||
98 | # Just in case of problems, let's not hang Nagios | 100 | # Just in case of problems, let's not hang Nagios |
99 | $SIG{'ALRM'} = sub { | 101 | $SIG{'ALRM'} = sub { |
100 | print ("ERROR: No snmp response from $hostname (alarm)\n"); | 102 | print ("ERROR: No snmp response from $hostname (alarm)\n"); |
@@ -103,6 +105,16 @@ $SIG{'ALRM'} = sub { | |||
103 | 105 | ||
104 | alarm($timeout); | 106 | alarm($timeout); |
105 | 107 | ||
108 | print Dumper(\%session_opts); | ||
109 | ($session, $error) = Net::SNMP->session(%session_opts); | ||
110 | |||
111 | |||
112 | if (!defined($session)) { | ||
113 | $state='UNKNOWN'; | ||
114 | $answer=$error; | ||
115 | print ("$state: $answer\n"); | ||
116 | exit $ERRORS{$state}; | ||
117 | } | ||
106 | 118 | ||
107 | ## map ifdescr to ifindex - should look at being able to cache this value | 119 | ## map ifdescr to ifindex - should look at being able to cache this value |
108 | 120 | ||
@@ -293,6 +305,7 @@ sub print_help() { | |||
293 | printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; | 305 | printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; |
294 | printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; | 306 | printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; |
295 | printf " privacy password and authEngineID\n"; | 307 | printf " privacy password and authEngineID\n"; |
308 | printf " -x (--privproto) privacy protocol (DES or AES; default: DES)\n"; | ||
296 | printf " -k (--key) SNMP IfIndex value\n"; | 309 | printf " -k (--key) SNMP IfIndex value\n"; |
297 | printf " -d (--descr) SNMP ifDescr value\n"; | 310 | printf " -d (--descr) SNMP ifDescr value\n"; |
298 | printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; | 311 | printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n"; |
@@ -327,6 +340,7 @@ sub process_arguments() { | |||
327 | "U=s" => \$secname, "secname=s" => \$secname, | 340 | "U=s" => \$secname, "secname=s" => \$secname, |
328 | "A=s" => \$authpass, "authpass=s" => \$authpass, | 341 | "A=s" => \$authpass, "authpass=s" => \$authpass, |
329 | "X=s" => \$privpass, "privpass=s" => \$privpass, | 342 | "X=s" => \$privpass, "privpass=s" => \$privpass, |
343 | "x=s" => \$privproto, "privproto=s" => \$privproto, | ||
330 | "c=s" => \$context, "context=s" => \$context, | 344 | "c=s" => \$context, "context=s" => \$context, |
331 | "k=i" => \$snmpkey, "key=i",\$snmpkey, | 345 | "k=i" => \$snmpkey, "key=i",\$snmpkey, |
332 | "d=s" => \$ifdescr, "descr=s" => \$ifdescr, | 346 | "d=s" => \$ifdescr, "descr=s" => \$ifdescr, |
@@ -387,10 +401,27 @@ sub process_arguments() { | |||
387 | $timeout = $TIMEOUT; | 401 | $timeout = $TIMEOUT; |
388 | } | 402 | } |
389 | 403 | ||
404 | |||
405 | if ($snmp_version !~ /[123]/){ | ||
406 | $state='UNKNOWN'; | ||
407 | print ("$state: No support for SNMP v$snmp_version yet\n"); | ||
408 | exit $ERRORS{$state}; | ||
409 | } | ||
410 | |||
411 | %session_opts = ( | ||
412 | -hostname => $hostname, | ||
413 | -port => $port, | ||
414 | -version => $snmp_version, | ||
415 | -maxmsgsize => $maxmsgsize | ||
416 | ); | ||
417 | |||
418 | $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/); | ||
419 | |||
390 | if ($snmp_version =~ /3/ ) { | 420 | if ($snmp_version =~ /3/ ) { |
391 | # Must define a security level even though default is noAuthNoPriv | 421 | # Must define a security level even though default is noAuthNoPriv |
392 | # v3 requires a security username | 422 | # v3 requires a security username |
393 | if (defined $seclevel && defined $secname) { | 423 | if (defined $seclevel && defined $secname) { |
424 | $session_opts{'-username'} = $secname; | ||
394 | 425 | ||
395 | # Must define a security level even though defualt is noAuthNoPriv | 426 | # Must define a security level even though defualt is noAuthNoPriv |
396 | unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { | 427 | unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { |
@@ -400,23 +431,22 @@ sub process_arguments() { | |||
400 | 431 | ||
401 | # Authentication wanted | 432 | # Authentication wanted |
402 | if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { | 433 | if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { |
403 | |||
404 | unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { | 434 | unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) { |
405 | usage(); | 435 | usage(); |
406 | exit $ERRORS{"UNKNOWN"}; | 436 | exit $ERRORS{"UNKNOWN"}; |
407 | } | 437 | } |
438 | $session_opts{'-authprotocol'} = $authproto if(defined $authproto); | ||
408 | 439 | ||
409 | if ( !defined $authpass) { | 440 | if ( !defined $authpass) { |
410 | usage(); | 441 | usage(); |
411 | exit $ERRORS{"UNKNOWN"}; | 442 | exit $ERRORS{"UNKNOWN"}; |
412 | }else{ | 443 | }else{ |
413 | if ($authpass =~ /^0x/ ) { | 444 | if ($authpass =~ /^0x/ ) { |
414 | $auth = "-authkey => $authpass" ; | 445 | $session_opts{'-authkey'} = $authpass ; |
415 | }else{ | 446 | }else{ |
416 | $auth = "-authpassword => $authpass"; | 447 | $session_opts{'-authpassword'} = $authpass ; |
417 | } | 448 | } |
418 | } | 449 | } |
419 | |||
420 | } | 450 | } |
421 | 451 | ||
422 | # Privacy (DES encryption) wanted | 452 | # Privacy (DES encryption) wanted |
@@ -426,21 +456,20 @@ sub process_arguments() { | |||
426 | exit $ERRORS{"UNKNOWN"}; | 456 | exit $ERRORS{"UNKNOWN"}; |
427 | }else{ | 457 | }else{ |
428 | if ($privpass =~ /^0x/){ | 458 | if ($privpass =~ /^0x/){ |
429 | $priv = "-privkey => $privpass"; | 459 | $session_opts{'-privkey'} = $privpass; |
430 | }else{ | 460 | }else{ |
431 | $priv = "-privpassword => $privpass"; | 461 | $session_opts{'-privpassword'} = $privpass; |
432 | } | 462 | } |
433 | } | 463 | } |
464 | |||
465 | $session_opts{'-privprotocol'} = $privproto if(defined $privproto); | ||
434 | } | 466 | } |
435 | 467 | ||
436 | # Context name defined or default | 468 | # Context name defined or default |
437 | |||
438 | unless ( defined $context) { | 469 | unless ( defined $context) { |
439 | $context = ""; | 470 | $context = ""; |
440 | } | 471 | } |
441 | 472 | ||
442 | |||
443 | |||
444 | }else { | 473 | }else { |
445 | usage(); | 474 | usage(); |
446 | exit $ERRORS{'UNKNOWN'}; ; | 475 | exit $ERRORS{'UNKNOWN'}; ; |
@@ -448,67 +477,6 @@ sub process_arguments() { | |||
448 | } # end snmpv3 | 477 | } # end snmpv3 |
449 | 478 | ||
450 | 479 | ||
451 | if ( $snmp_version =~ /[12]/ ) { | ||
452 | ($session, $error) = Net::SNMP->session( | ||
453 | -hostname => $hostname, | ||
454 | -community => $community, | ||
455 | -port => $port, | ||
456 | -version => $snmp_version, | ||
457 | -maxmsgsize => $maxmsgsize | ||
458 | ); | ||
459 | |||
460 | if (!defined($session)) { | ||
461 | $state='UNKNOWN'; | ||
462 | $answer=$error; | ||
463 | print ("$state: $answer\n"); | ||
464 | exit $ERRORS{$state}; | ||
465 | } | ||
466 | |||
467 | }elsif ( $snmp_version =~ /3/ ) { | ||
468 | |||
469 | if ($seclevel eq 'noAuthNoPriv') { | ||
470 | ($session, $error) = Net::SNMP->session( | ||
471 | -hostname => $hostname, | ||
472 | -port => $port, | ||
473 | -version => $snmp_version, | ||
474 | -username => $secname, | ||
475 | ); | ||
476 | |||
477 | }elsif ( $seclevel eq 'authNoPriv' ) { | ||
478 | ($session, $error) = Net::SNMP->session( | ||
479 | -hostname => $hostname, | ||
480 | -port => $port, | ||
481 | -version => $snmp_version, | ||
482 | -username => $secname, | ||
483 | $auth, | ||
484 | -authprotocol => $authproto, | ||
485 | ); | ||
486 | }elsif ($seclevel eq 'authPriv' ) { | ||
487 | ($session, $error) = Net::SNMP->session( | ||
488 | -hostname => $hostname, | ||
489 | -port => $port, | ||
490 | -version => $snmp_version, | ||
491 | -username => $secname, | ||
492 | $auth, | ||
493 | -authprotocol => $authproto, | ||
494 | $priv | ||
495 | ); | ||
496 | } | ||
497 | |||
498 | |||
499 | if (!defined($session)) { | ||
500 | $state='UNKNOWN'; | ||
501 | $answer=$error; | ||
502 | print ("$state: $answer\n"); | ||
503 | exit $ERRORS{$state}; | ||
504 | } | ||
505 | |||
506 | }else{ | ||
507 | $state='UNKNOWN'; | ||
508 | print ("$state: No support for SNMP v$snmp_version yet\n"); | ||
509 | exit $ERRORS{$state}; | ||
510 | } | ||
511 | |||
512 | } | 480 | } |
513 | ## End validation | 481 | ## End validation |
514 | 482 | ||