summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorJan Wagner <waja@cyconet.org>2013-10-01 14:50:04 +0200
committerJan Wagner <waja@cyconet.org>2013-10-01 14:50:04 +0200
commit97349ae13d65ea91abbe6fd93c34aba28817493e (patch)
tree45891d6902204bbe9943018a7bbca795576b9c6a /plugins
parentc188965c3c2f437c18a78ac47ed59099e2ecf05b (diff)
downloadmonitoring-plugins-97349ae13d65ea91abbe6fd93c34aba28817493e.tar.gz
check_ssh: check protocol
It would be useful to be able to detect the protocols supported by the remote ssh server to locate any using the insecure ssh v1 protocol. This patch attempts to match against the protocol string in the ssh response. Example: check_ssh -H my.host.com -P 2.0 -- Just turning attached patch of github issue #780 into a push request. (Closes #780)
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_ssh.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index 6e8a5fc5..6842c4cf 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -46,6 +46,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
46int port = -1; 46int port = -1;
47char *server_name = NULL; 47char *server_name = NULL;
48char *remote_version = NULL; 48char *remote_version = NULL;
49char *remote_protocol = NULL;
49int verbose = FALSE; 50int verbose = FALSE;
50 51
51int process_arguments (int, char **); 52int process_arguments (int, char **);
@@ -53,7 +54,7 @@ int validate_arguments (void);
53void print_help (void); 54void print_help (void);
54void print_usage (void); 55void print_usage (void);
55 56
56int ssh_connect (char *haddr, int hport, char *remote_version); 57int ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol);
57 58
58 59
59 60
@@ -78,7 +79,7 @@ main (int argc, char **argv)
78 alarm (socket_timeout); 79 alarm (socket_timeout);
79 80
80 /* ssh_connect exits if error is found */ 81 /* ssh_connect exits if error is found */
81 result = ssh_connect (server_name, port, remote_version); 82 result = ssh_connect (server_name, port, remote_version, remote_protocol);
82 83
83 alarm (0); 84 alarm (0);
84 85
@@ -105,6 +106,7 @@ process_arguments (int argc, char **argv)
105 {"timeout", required_argument, 0, 't'}, 106 {"timeout", required_argument, 0, 't'},
106 {"verbose", no_argument, 0, 'v'}, 107 {"verbose", no_argument, 0, 'v'},
107 {"remote-version", required_argument, 0, 'r'}, 108 {"remote-version", required_argument, 0, 'r'},
109 {"remote-protcol", required_argument, 0, 'P'},
108 {0, 0, 0, 0} 110 {0, 0, 0, 0}
109 }; 111 };
110 112
@@ -116,7 +118,7 @@ process_arguments (int argc, char **argv)
116 strcpy (argv[c], "-t"); 118 strcpy (argv[c], "-t");
117 119
118 while (1) { 120 while (1) {
119 c = getopt_long (argc, argv, "+Vhv46t:r:H:p:", longopts, &option); 121 c = getopt_long (argc, argv, "+Vhv46t:r:H:p:P:", longopts, &option);
120 122
121 if (c == -1 || c == EOF) 123 if (c == -1 || c == EOF)
122 break; 124 break;
@@ -152,6 +154,9 @@ process_arguments (int argc, char **argv)
152 case 'r': /* remote version */ 154 case 'r': /* remote version */
153 remote_version = optarg; 155 remote_version = optarg;
154 break; 156 break;
157 case 'P': /* remote version */
158 remote_protocol = optarg;
159 break;
155 case 'H': /* host */ 160 case 'H': /* host */
156 if (is_host (optarg) == FALSE) 161 if (is_host (optarg) == FALSE)
157 usage2 (_("Invalid hostname/address"), optarg); 162 usage2 (_("Invalid hostname/address"), optarg);
@@ -206,7 +211,7 @@ validate_arguments (void)
206 211
207 212
208int 213int
209ssh_connect (char *haddr, int hport, char *remote_version) 214ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol)
210{ 215{
211 int sd; 216 int sd;
212 int result; 217 int result;
@@ -254,6 +259,14 @@ ssh_connect (char *haddr, int hport, char *remote_version)
254 exit (STATE_WARNING); 259 exit (STATE_WARNING);
255 } 260 }
256 261
262 if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
263 printf
264 (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
265 ssh_server, ssh_proto, remote_protocol);
266 close(sd);
267 exit (STATE_WARNING);
268 }
269
257 elapsed_time = (double)deltime(tv) / 1.0e6; 270 elapsed_time = (double)deltime(tv) / 1.0e6;
258 271
259 printf 272 printf
@@ -296,6 +309,9 @@ print_help (void)
296 printf (" %s\n", "-r, --remote-version=STRING"); 309 printf (" %s\n", "-r, --remote-version=STRING");
297 printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); 310 printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
298 311
312 printf (" %s\n", "-P, --remote-protocol=STRING");
313 printf (" %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)"));
314
299 printf (UT_VERBOSE); 315 printf (UT_VERBOSE);
300 316
301 printf (UT_SUPPORT); 317 printf (UT_SUPPORT);