summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_apt.c15
-rw-r--r--plugins/check_dns.c44
-rw-r--r--plugins/t/NPTest.cache.travis4
-rw-r--r--plugins/t/check_apt.t18
-rw-r--r--plugins/t/check_dns.t26
5 files changed, 92 insertions, 15 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index a639a411..c90b3df7 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -73,6 +73,7 @@ char* add_to_regexp(char *expr, const char *next);
73/* configuration variables */ 73/* configuration variables */
74static int verbose = 0; /* -v */ 74static int verbose = 0; /* -v */
75static int do_update = 0; /* whether to call apt-get update */ 75static int do_update = 0; /* whether to call apt-get update */
76static int only_critical = 0; /* whether to warn about non-critical updates */
76static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ 77static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
77static char *upgrade_opts = NULL; /* options to override defaults for upgrade */ 78static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
78static char *update_opts = NULL; /* options to override defaults for update */ 79static char *update_opts = NULL; /* options to override defaults for update */
@@ -110,7 +111,7 @@ int main (int argc, char **argv) {
110 111
111 if(sec_count > 0){ 112 if(sec_count > 0){
112 result = max_state(result, STATE_CRITICAL); 113 result = max_state(result, STATE_CRITICAL);
113 } else if(packages_available > 0){ 114 } else if(packages_available > 0 && only_critical == 0){
114 result = max_state(result, STATE_WARNING); 115 result = max_state(result, STATE_WARNING);
115 } else if(result > STATE_UNKNOWN){ 116 } else if(result > STATE_UNKNOWN){
116 result = STATE_UNKNOWN; 117 result = STATE_UNKNOWN;
@@ -148,12 +149,13 @@ int process_arguments (int argc, char **argv) {
148 {"include", required_argument, 0, 'i'}, 149 {"include", required_argument, 0, 'i'},
149 {"exclude", required_argument, 0, 'e'}, 150 {"exclude", required_argument, 0, 'e'},
150 {"critical", required_argument, 0, 'c'}, 151 {"critical", required_argument, 0, 'c'},
152 {"only-critical", no_argument, 0, 'o'},
151 {"input-file", required_argument, 0, INPUT_FILE_OPT}, 153 {"input-file", required_argument, 0, INPUT_FILE_OPT},
152 {0, 0, 0, 0} 154 {0, 0, 0, 0}
153 }; 155 };
154 156
155 while(1) { 157 while(1) {
156 c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL); 158 c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL);
157 159
158 if(c == -1 || c == EOF || c == 1) break; 160 if(c == -1 || c == EOF || c == 1) break;
159 161
@@ -203,6 +205,9 @@ int process_arguments (int argc, char **argv) {
203 case 'c': 205 case 'c':
204 do_critical=add_to_regexp(do_critical, optarg); 206 do_critical=add_to_regexp(do_critical, optarg);
205 break; 207 break;
208 case 'o':
209 only_critical=1;
210 break;
206 case INPUT_FILE_OPT: 211 case INPUT_FILE_OPT:
207 input_filename = optarg; 212 input_filename = optarg;
208 break; 213 break;
@@ -463,7 +468,11 @@ print_help (void)
463 printf (" %s\n", _("upgrades for Debian and Ubuntu:")); 468 printf (" %s\n", _("upgrades for Debian and Ubuntu:"));
464 printf (" \t\%s\n", SECURITY_RE); 469 printf (" \t\%s\n", SECURITY_RE);
465 printf (" %s\n", _("Note that the package must first match the include list before its")); 470 printf (" %s\n", _("Note that the package must first match the include list before its"));
466 printf (" %s\n\n", _("information is compared against the critical list.")); 471 printf (" %s\n", _("information is compared against the critical list."));
472 printf (" %s\n", "-o, --only-critical");
473 printf (" %s\n", _("Only warn about upgrades matching the critical list. The total number"));
474 printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
475 printf (" %s\n\n", _("the plugin to return WARNING status."));
467 476
468 printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); 477 printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
469 printf (" %s\n", "-u, --update=OPTS"); 478 printf (" %s\n", "-u, --update=OPTS");
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 54ce7d16..5feafc80 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -42,6 +42,8 @@ const char *email = "devel@monitoring-plugins.org";
42int process_arguments (int, char **); 42int process_arguments (int, char **);
43int validate_arguments (void); 43int validate_arguments (void);
44int error_scan (char *); 44int error_scan (char *);
45int ip_match_cidr(const char *, const char *);
46unsigned long ip2long(const char *);
45void print_help (void); 47void print_help (void);
46void print_usage (void); 48void print_usage (void);
47 49
@@ -126,7 +128,7 @@ main (int argc, char **argv)
126 if (verbose) 128 if (verbose)
127 puts(chld_out.line[i]); 129 puts(chld_out.line[i]);
128 130
129 if (strcasestr (chld_out.line[i], ".in-addr.arpa")) { 131 if (strcasestr (chld_out.line[i], ".in-addr.arpa") || strcasestr (chld_out.line[i], ".ip6.arpa")) {
130 if ((temp_buffer = strstr (chld_out.line[i], "name = "))) 132 if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
131 addresses[n_addresses++] = strdup (temp_buffer + 7); 133 addresses[n_addresses++] = strdup (temp_buffer + 7);
132 else { 134 else {
@@ -226,9 +228,14 @@ main (int argc, char **argv)
226 if (result == STATE_OK && expected_address_cnt > 0) { 228 if (result == STATE_OK && expected_address_cnt > 0) {
227 result = STATE_CRITICAL; 229 result = STATE_CRITICAL;
228 temp_buffer = ""; 230 temp_buffer = "";
231
229 for (i=0; i<expected_address_cnt; i++) { 232 for (i=0; i<expected_address_cnt; i++) {
230 /* check if we get a match and prepare an error string */ 233 /* check if we get a match on 'raw' ip or cidr */
231 if (strcmp(address, expected_address[i]) == 0) result = STATE_OK; 234 if ( strcmp(address, expected_address[i]) == 0
235 || ip_match_cidr(address, expected_address[i]) )
236 result = STATE_OK;
237
238 /* prepare an error string */
232 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 239 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
233 } 240 }
234 if (result == STATE_CRITICAL) { 241 if (result == STATE_CRITICAL) {
@@ -289,7 +296,32 @@ main (int argc, char **argv)
289 return result; 296 return result;
290} 297}
291 298
299int
300ip_match_cidr(const char *addr, const char *cidr_ro)
301{
302 char *subnet, *mask_c, *cidr = strdup(cidr_ro);
303 int mask;
304 subnet = strtok(cidr, "/");
305 mask_c = strtok(NULL, "\0");
306 if (!subnet || !mask_c)
307 return FALSE;
308 mask = atoi(mask_c);
309
310 /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */
311 return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask);
312}
292 313
314unsigned long
315ip2long(const char* src) {
316 unsigned long ip[4];
317 /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */
318 return (sscanf(src, "%3lu.%3lu.%3lu.%3lu",
319 &ip[0], &ip[1], &ip[2], &ip[3]) == 4 &&
320 ip[0] < 256 && ip[1] < 256 &&
321 ip[2] < 256 && ip[3] < 256)
322 ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]
323 : 0;
324}
293 325
294int 326int
295error_scan (char *input_buffer) 327error_scan (char *input_buffer)
@@ -494,9 +526,9 @@ print_help (void)
494 printf (" %s\n", _("The name or address you want to query")); 526 printf (" %s\n", _("The name or address you want to query"));
495 printf (" -s, --server=HOST\n"); 527 printf (" -s, --server=HOST\n");
496 printf (" %s\n", _("Optional DNS server you want to use for the lookup")); 528 printf (" %s\n", _("Optional DNS server you want to use for the lookup"));
497 printf (" -a, --expected-address=IP-ADDRESS|HOST\n"); 529 printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
498 printf (" %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with")); 530 printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
499 printf (" %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any")); 531 printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
500 printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); 532 printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
501 printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically).")); 533 printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
502 printf (" -A, --expect-authority\n"); 534 printf (" -A, --expect-authority\n");
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index bcec9855..38c0a6b2 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -4,8 +4,10 @@
4 'NP_DNS_SERVER' => '8.8.8.8', 4 'NP_DNS_SERVER' => '8.8.8.8',
5 'NP_GOOD_NTP_SERVICE' => '', 5 'NP_GOOD_NTP_SERVICE' => '',
6 'NP_HOSTNAME_INVALID' => 'nosuchhost', 6 'NP_HOSTNAME_INVALID' => 'nosuchhost',
7 'NP_HOSTNAME_VALID' => 'monitoringplugins.org', 7 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org',
8 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', 8 'NP_HOSTNAME_VALID_IP' => '130.133.8.40',
9 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30',
10 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30',
9 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', 11 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.',
10 'NP_HOST_DHCP_RESPONSIVE' => '', 12 'NP_HOST_DHCP_RESPONSIVE' => '',
11 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', 13 'NP_HOST_NONRESPONSIVE' => '10.0.0.1',
diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t
index 9ba0ff8e..430eb53e 100644
--- a/plugins/t/check_apt.t
+++ b/plugins/t/check_apt.t
@@ -23,7 +23,7 @@ sub make_result_regexp {
23} 23}
24 24
25if (-x "./check_apt") { 25if (-x "./check_apt") {
26 plan tests => 28; 26 plan tests => 36;
27} else { 27} else {
28 plan skip_all => "No check_apt compiled"; 28 plan skip_all => "No check_apt compiled";
29} 29}
@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") );
40is( $result->return_code, 1, "Debian apt output, warning" ); 40is( $result->return_code, 1, "Debian apt output, warning" );
41like( $result->output, make_result_regexp(13, 0), "Output correct" ); 41like( $result->output, make_result_regexp(13, 0), "Output correct" );
42 42
43$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") );
44is( $result->return_code, 0, "Debian apt output, no critical" );
45like( $result->output, make_result_regexp(13, 0), "Output correct" );
46
43$result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") ); 47$result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") );
44is( $result->return_code, 2, "Debian apt output, some critical" ); 48is( $result->return_code, 2, "Debian apt output, some critical" );
45like( $result->output, make_result_regexp(19, 4), "Output correct" ); 49like( $result->output, make_result_regexp(19, 4), "Output correct" );
46 50
51$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") );
52is( $result->return_code, 2, "Debian apt output, some critical" );
53like( $result->output, make_result_regexp(19, 4), "Output correct" );
54
47$result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") ); 55$result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") );
48is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" ); 56is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" );
49like( $result->output, make_result_regexp(19, 4), "Output correct" ); 57like( $result->output, make_result_regexp(19, 4), "Output correct" );
@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
52is( $result->return_code, 1, "Debian apt output, filter for libc6" ); 60is( $result->return_code, 1, "Debian apt output, filter for libc6" );
53like( $result->output, make_result_regexp(3, 0), "Output correct" ); 61like( $result->output, make_result_regexp(3, 0), "Output correct" );
54 62
63$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
64is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" );
65like( $result->output, make_result_regexp(3, 0), "Output correct" );
66
55$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") ); 67$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") );
56is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" ); 68is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" );
57like( $result->output, make_result_regexp(9, 4), "Output correct" ); 69like( $result->output, make_result_regexp(9, 4), "Output correct" );
@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") );
64is( $result->return_code, 2, "Debian apt output, filter out libc6" ); 76is( $result->return_code, 2, "Debian apt output, filter out libc6" );
65like( $result->output, make_result_regexp(16, 4), "Output correct" ); 77like( $result->output, make_result_regexp(16, 4), "Output correct" );
66 78
79$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") );
80is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" );
81like( $result->output, make_result_regexp(16, 4), "Output correct" );
82
67$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") ); 83$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") );
68is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" ); 84is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" );
69like( $result->output, make_result_regexp(10, 0), "Output correct" ); 85like( $result->output, make_result_regexp(10, 0), "Output correct" );
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t
index 035e7682..cdfbe60d 100644
--- a/plugins/t/check_dns.t
+++ b/plugins/t/check_dns.t
@@ -10,26 +10,38 @@ use NPTest;
10 10
11plan skip_all => "check_dns not compiled" unless (-x "check_dns"); 11plan skip_all => "check_dns not compiled" unless (-x "check_dns");
12 12
13plan tests => 16; 13plan tests => 19;
14 14
15my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; 15my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/';
16 16
17my $hostname_valid = getTestParameter( 17my $hostname_valid = getTestParameter(
18 "NP_HOSTNAME_VALID", 18 "NP_HOSTNAME_VALID",
19 "A valid (known to DNS) hostname", 19 "A valid (known to DNS) hostname",
20 "monitoring-plugins.org" 20 "monitoring-plugins.org",
21 ); 21 );
22 22
23my $hostname_valid_ip = getTestParameter( 23my $hostname_valid_ip = getTestParameter(
24 "NP_HOSTNAME_VALID_IP", 24 "NP_HOSTNAME_VALID_IP",
25 "The IP address of the valid hostname $hostname_valid", 25 "The IP address of the valid hostname $hostname_valid",
26 "66.118.156.50", 26 "130.133.8.40",
27 );
28
29my $hostname_valid_cidr = getTestParameter(
30 "NP_HOSTNAME_VALID_CIDR",
31 "An valid CIDR range containing $hostname_valid_ip",
32 "130.133.8.41/30",
33 );
34
35my $hostname_invalid_cidr = getTestParameter(
36 "NP_HOSTNAME_INVALID_CIDR",
37 "An (valid) CIDR range NOT containing $hostname_valid_ip",
38 "130.133.8.39/30",
27 ); 39 );
28 40
29my $hostname_valid_reverse = getTestParameter( 41my $hostname_valid_reverse = getTestParameter(
30 "NP_HOSTNAME_VALID_REVERSE", 42 "NP_HOSTNAME_VALID_REVERSE",
31 "The hostname of $hostname_valid_ip", 43 "The hostname of $hostname_valid_ip",
32 "66-118-156-50.static.sagonet.net.", 44 "orwell.monitoring-plugins.org.",
33 ); 45 );
34 46
35my $hostname_invalid = getTestParameter( 47my $hostname_invalid = getTestParameter(
@@ -87,3 +99,9 @@ $res = NPTest->testCmd("./check_dns -H $hostname_valid_ip -a $hostname_valid_rev
87cmp_ok( $res->return_code, '==', 0, "Got expected fqdn"); 99cmp_ok( $res->return_code, '==', 0, "Got expected fqdn");
88like ( $res->output, $successOutput, "Output OK"); 100like ( $res->output, $successOutput, "Output OK");
89 101
102$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_cidr -t 5");
103cmp_ok( $res->return_code, '==', 0, "Got expected address");
104
105$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5");
106cmp_ok( $res->return_code, '==', 2, "Got wrong address");
107like ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK");