summaryrefslogtreecommitdiffstats
path: root/plugins/t/check_ssh.t
diff options
context:
space:
mode:
authorLorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>2024-03-27 00:35:16 +0100
committerGitHub <noreply@github.com>2024-03-27 00:35:16 +0100
commit66f62dd336832702a1e4f60cbfc4258de2c931cf (patch)
treeb78316a49a398db2fa89d70506fa158cbbf25d54 /plugins/t/check_ssh.t
parent8698a6d976012908ea0af36ca1a520c3111928c7 (diff)
downloadmonitoring-plugins-66f62dd336832702a1e4f60cbfc4258de2c931cf.tar.gz
check_ssh: patches from op5 (#1738)
* check_ssh: properly parse a delayed version control string This resolves an issue with SSH servers which do not respond with their version control string as the first thing in the SSH protocol version exchange phase after connection establishment. This patch also makes sure that we disregard a potential comment in the version exchange string to avoid nonsense mismatches. In the future, we might want to add the capability to match against a user specified comment. In addition, the patch largely improves the communication towards the server, which adds better protocol adherence. Of course, new test cases are added to support the trigger and guard against regressions of the bugs solved by this patch. This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945) Signed-off-by: Anton Lofgren <alofgren@op5.com> * check_ssh.t: Fix a few typos Signed-off-by: Anton Lofgren <alofgren@op5.com> * check_ssh: Handle non-alpha software versions This patch fixes a bug where we would reject version control strings that do not contain letters, because the assumption is made that they always do. This is not required by the RFC however, and there exist implementations that do not contain letters. I've also added a few references to the RFC to make the process of parsing the control string more apparent. This fixes op5#8716 (https://bugs.op5.com/view.php?id=8716) Signed-off-by: Anton Lofgren <alofgren@op5.com> * check_ssh: Fix a typo in "remote-protocol parameter remote-protcol -> remote-protocol Signed-off-by: Anton Lofgren <alofgren@op5.com> * Remove unused variable * Formating fixes * Update translations * Remove merge conflict artefact from previous merge * Set fixed include paths * Improve code style to be slightly more readable * Update test cases for different netcat behaviour and reduce sleep time --------- Signed-off-by: Anton Lofgren <alofgren@op5.com> Co-authored-by: Anton Lofgren <alofgren@op5.com>
Diffstat (limited to 'plugins/t/check_ssh.t')
-rw-r--r--plugins/t/check_ssh.t122
1 files changed, 102 insertions, 20 deletions
diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t
index a5cd23ce..907d33a8 100644
--- a/plugins/t/check_ssh.t
+++ b/plugins/t/check_ssh.t
@@ -8,34 +8,116 @@ use strict;
8use Test::More; 8use Test::More;
9use NPTest; 9use NPTest;
10 10
11my $res;
12
11# Required parameters 13# Required parameters
12my $ssh_host = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost"); 14my $ssh_host = getTestParameter("NP_SSH_HOST",
13my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" ); 15 "A host providing SSH service",
14my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" ); 16 "localhost");
17
18my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
19 "The hostname of system not responsive to network requests",
20 "10.0.0.1" );
21
22my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID",
23 "An invalid (not known to DNS) hostname",
24 "nosuchhost" );
25
26
27plan tests => 14 + 6;
28
29SKIP: {
30 skip "SSH_HOST must be defined", 6 unless $ssh_host;
31 my $result = NPTest->testCmd(
32 "./check_ssh -H $ssh_host"
33 );
34 cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
35 like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
36
37
38 $result = NPTest->testCmd(
39 "./check_ssh -H $host_nonresponsive -t 2"
40 );
41 cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
42 like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
43
44
45
46 $result = NPTest->testCmd(
47 "./check_ssh -H $hostname_invalid -t 2"
48 );
49 cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
50 like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
51
15 52
53}
54SKIP: {
16 55
17plan skip_all => "SSH_HOST must be defined" unless $ssh_host; 56 skip "No netcat available", 14 unless (system("which nc > /dev/null") == 0);
18plan tests => 6;
19 57
58 # netcat on linux (on debian) will just keep the socket open if not advised otherwise
59 # therefore we add -q to close it after two seconds after receiving the EOF from input
60 my $nc_flags = "-l 5003 -N";
61 #A valid protocol version control string has the form
62 # SSH-protoversion-softwareversion SP comments CR LF
63 #
64 # where `comments` is optional, protoversion is the SSH protocol version and
65 # softwareversion is an arbitrary string representing the server software version
66 open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
67 sleep 0.1;
68 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
69 cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
70 like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
71 close NC;
20 72
21my $result = NPTest->testCmd( 73 open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|");
22 "./check_ssh -H $ssh_host" 74 sleep 0.1;
23 ); 75 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
24cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)"); 76 cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string");
25like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)"); 77 like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string");
78 close NC;
26 79
80 open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
81 sleep 0.1;
82 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
83 cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
84 like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
85 close NC;
27 86
28$result = NPTest->testCmd( 87 open(NC, "echo 'SSH-' | nc ${nc_flags}|");
29 "./check_ssh -H $host_nonresponsive -t 2" 88 sleep 0.1;
30 ); 89 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
31cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)"); 90 cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
32like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)"); 91 like( $res->output, '/^SSH CRITICAL/', "Output OK");
92 close NC;
33 93
94 open(NC, "echo '' | nc ${nc_flags}|");
95 sleep 0.1;
96 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
97 cmp_ok( $res->return_code, '==', 2, "No version control string received");
98 like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
99 close NC;
34 100
101 open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
102 sleep 0.1;
103 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
104 cmp_ok( $res->return_code, '==', 2, "No version control string received");
105 like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
106 close NC;
35 107
36$result = NPTest->testCmd(
37 "./check_ssh -H $hostname_invalid -t 2"
38 );
39cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
40like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
41 108
109 #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
110 open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 0.5;
111 echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 0.5;
112 echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 0.2;
113 echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 0.3;
114 printf 'EEEEEEEEEEEEEEEEEE'; sleep 0.2;
115 printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 0.2;
116 echo 'Some\nPrepended\nData\nLines\n'; sleep 0.2;
117 echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|");
118 sleep 0.1;
119 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
120 cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
121 like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
122 close NC;
123}