diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_apt.c | 15 | ||||
-rw-r--r-- | plugins/check_dns.c | 44 | ||||
-rw-r--r-- | plugins/t/NPTest.cache.travis | 4 | ||||
-rw-r--r-- | plugins/t/check_apt.t | 18 | ||||
-rw-r--r-- | plugins/t/check_dns.t | 26 |
5 files changed, 92 insertions, 15 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c index a639a411..c90b3df7 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c | |||
@@ -73,6 +73,7 @@ char* add_to_regexp(char *expr, const char *next); | |||
73 | /* configuration variables */ | 73 | /* configuration variables */ |
74 | static int verbose = 0; /* -v */ | 74 | static int verbose = 0; /* -v */ |
75 | static int do_update = 0; /* whether to call apt-get update */ | 75 | static int do_update = 0; /* whether to call apt-get update */ |
76 | static int only_critical = 0; /* whether to warn about non-critical updates */ | ||
76 | static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ | 77 | static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ |
77 | static char *upgrade_opts = NULL; /* options to override defaults for upgrade */ | 78 | static char *upgrade_opts = NULL; /* options to override defaults for upgrade */ |
78 | static char *update_opts = NULL; /* options to override defaults for update */ | 79 | static char *update_opts = NULL; /* options to override defaults for update */ |
@@ -110,7 +111,7 @@ int main (int argc, char **argv) { | |||
110 | 111 | ||
111 | if(sec_count > 0){ | 112 | if(sec_count > 0){ |
112 | result = max_state(result, STATE_CRITICAL); | 113 | result = max_state(result, STATE_CRITICAL); |
113 | } else if(packages_available > 0){ | 114 | } else if(packages_available > 0 && only_critical == 0){ |
114 | result = max_state(result, STATE_WARNING); | 115 | result = max_state(result, STATE_WARNING); |
115 | } else if(result > STATE_UNKNOWN){ | 116 | } else if(result > STATE_UNKNOWN){ |
116 | result = STATE_UNKNOWN; | 117 | result = STATE_UNKNOWN; |
@@ -148,12 +149,13 @@ int process_arguments (int argc, char **argv) { | |||
148 | {"include", required_argument, 0, 'i'}, | 149 | {"include", required_argument, 0, 'i'}, |
149 | {"exclude", required_argument, 0, 'e'}, | 150 | {"exclude", required_argument, 0, 'e'}, |
150 | {"critical", required_argument, 0, 'c'}, | 151 | {"critical", required_argument, 0, 'c'}, |
152 | {"only-critical", no_argument, 0, 'o'}, | ||
151 | {"input-file", required_argument, 0, INPUT_FILE_OPT}, | 153 | {"input-file", required_argument, 0, INPUT_FILE_OPT}, |
152 | {0, 0, 0, 0} | 154 | {0, 0, 0, 0} |
153 | }; | 155 | }; |
154 | 156 | ||
155 | while(1) { | 157 | while(1) { |
156 | c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL); | 158 | c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL); |
157 | 159 | ||
158 | if(c == -1 || c == EOF || c == 1) break; | 160 | if(c == -1 || c == EOF || c == 1) break; |
159 | 161 | ||
@@ -203,6 +205,9 @@ int process_arguments (int argc, char **argv) { | |||
203 | case 'c': | 205 | case 'c': |
204 | do_critical=add_to_regexp(do_critical, optarg); | 206 | do_critical=add_to_regexp(do_critical, optarg); |
205 | break; | 207 | break; |
208 | case 'o': | ||
209 | only_critical=1; | ||
210 | break; | ||
206 | case INPUT_FILE_OPT: | 211 | case INPUT_FILE_OPT: |
207 | input_filename = optarg; | 212 | input_filename = optarg; |
208 | break; | 213 | break; |
@@ -463,7 +468,11 @@ print_help (void) | |||
463 | printf (" %s\n", _("upgrades for Debian and Ubuntu:")); | 468 | printf (" %s\n", _("upgrades for Debian and Ubuntu:")); |
464 | printf (" \t\%s\n", SECURITY_RE); | 469 | printf (" \t\%s\n", SECURITY_RE); |
465 | printf (" %s\n", _("Note that the package must first match the include list before its")); | 470 | printf (" %s\n", _("Note that the package must first match the include list before its")); |
466 | printf (" %s\n\n", _("information is compared against the critical list.")); | 471 | printf (" %s\n", _("information is compared against the critical list.")); |
472 | printf (" %s\n", "-o, --only-critical"); | ||
473 | printf (" %s\n", _("Only warn about upgrades matching the critical list. The total number")); | ||
474 | printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause")); | ||
475 | printf (" %s\n\n", _("the plugin to return WARNING status.")); | ||
467 | 476 | ||
468 | printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); | 477 | printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); |
469 | printf (" %s\n", "-u, --update=OPTS"); | 478 | printf (" %s\n", "-u, --update=OPTS"); |
diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 54ce7d16..5feafc80 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c | |||
@@ -42,6 +42,8 @@ const char *email = "devel@monitoring-plugins.org"; | |||
42 | int process_arguments (int, char **); | 42 | int process_arguments (int, char **); |
43 | int validate_arguments (void); | 43 | int validate_arguments (void); |
44 | int error_scan (char *); | 44 | int error_scan (char *); |
45 | int ip_match_cidr(const char *, const char *); | ||
46 | unsigned long ip2long(const char *); | ||
45 | void print_help (void); | 47 | void print_help (void); |
46 | void print_usage (void); | 48 | void print_usage (void); |
47 | 49 | ||
@@ -126,7 +128,7 @@ main (int argc, char **argv) | |||
126 | if (verbose) | 128 | if (verbose) |
127 | puts(chld_out.line[i]); | 129 | puts(chld_out.line[i]); |
128 | 130 | ||
129 | if (strcasestr (chld_out.line[i], ".in-addr.arpa")) { | 131 | if (strcasestr (chld_out.line[i], ".in-addr.arpa") || strcasestr (chld_out.line[i], ".ip6.arpa")) { |
130 | if ((temp_buffer = strstr (chld_out.line[i], "name = "))) | 132 | if ((temp_buffer = strstr (chld_out.line[i], "name = "))) |
131 | addresses[n_addresses++] = strdup (temp_buffer + 7); | 133 | addresses[n_addresses++] = strdup (temp_buffer + 7); |
132 | else { | 134 | else { |
@@ -226,9 +228,14 @@ main (int argc, char **argv) | |||
226 | if (result == STATE_OK && expected_address_cnt > 0) { | 228 | if (result == STATE_OK && expected_address_cnt > 0) { |
227 | result = STATE_CRITICAL; | 229 | result = STATE_CRITICAL; |
228 | temp_buffer = ""; | 230 | temp_buffer = ""; |
231 | |||
229 | for (i=0; i<expected_address_cnt; i++) { | 232 | for (i=0; i<expected_address_cnt; i++) { |
230 | /* check if we get a match and prepare an error string */ | 233 | /* check if we get a match on 'raw' ip or cidr */ |
231 | if (strcmp(address, expected_address[i]) == 0) result = STATE_OK; | 234 | if ( strcmp(address, expected_address[i]) == 0 |
235 | || ip_match_cidr(address, expected_address[i]) ) | ||
236 | result = STATE_OK; | ||
237 | |||
238 | /* prepare an error string */ | ||
232 | xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); | 239 | xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); |
233 | } | 240 | } |
234 | if (result == STATE_CRITICAL) { | 241 | if (result == STATE_CRITICAL) { |
@@ -289,7 +296,32 @@ main (int argc, char **argv) | |||
289 | return result; | 296 | return result; |
290 | } | 297 | } |
291 | 298 | ||
299 | int | ||
300 | ip_match_cidr(const char *addr, const char *cidr_ro) | ||
301 | { | ||
302 | char *subnet, *mask_c, *cidr = strdup(cidr_ro); | ||
303 | int mask; | ||
304 | subnet = strtok(cidr, "/"); | ||
305 | mask_c = strtok(NULL, "\0"); | ||
306 | if (!subnet || !mask_c) | ||
307 | return FALSE; | ||
308 | mask = atoi(mask_c); | ||
309 | |||
310 | /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */ | ||
311 | return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask); | ||
312 | } | ||
292 | 313 | ||
314 | unsigned long | ||
315 | ip2long(const char* src) { | ||
316 | unsigned long ip[4]; | ||
317 | /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */ | ||
318 | return (sscanf(src, "%3lu.%3lu.%3lu.%3lu", | ||
319 | &ip[0], &ip[1], &ip[2], &ip[3]) == 4 && | ||
320 | ip[0] < 256 && ip[1] < 256 && | ||
321 | ip[2] < 256 && ip[3] < 256) | ||
322 | ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3] | ||
323 | : 0; | ||
324 | } | ||
293 | 325 | ||
294 | int | 326 | int |
295 | error_scan (char *input_buffer) | 327 | error_scan (char *input_buffer) |
@@ -494,9 +526,9 @@ print_help (void) | |||
494 | printf (" %s\n", _("The name or address you want to query")); | 526 | printf (" %s\n", _("The name or address you want to query")); |
495 | printf (" -s, --server=HOST\n"); | 527 | printf (" -s, --server=HOST\n"); |
496 | printf (" %s\n", _("Optional DNS server you want to use for the lookup")); | 528 | printf (" %s\n", _("Optional DNS server you want to use for the lookup")); |
497 | printf (" -a, --expected-address=IP-ADDRESS|HOST\n"); | 529 | printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); |
498 | printf (" %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with")); | 530 | printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); |
499 | printf (" %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any")); | 531 | printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); |
500 | printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); | 532 | printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); |
501 | printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically).")); | 533 | printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically).")); |
502 | printf (" -A, --expect-authority\n"); | 534 | printf (" -A, --expect-authority\n"); |
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis index bcec9855..38c0a6b2 100644 --- a/plugins/t/NPTest.cache.travis +++ b/plugins/t/NPTest.cache.travis | |||
@@ -4,8 +4,10 @@ | |||
4 | 'NP_DNS_SERVER' => '8.8.8.8', | 4 | 'NP_DNS_SERVER' => '8.8.8.8', |
5 | 'NP_GOOD_NTP_SERVICE' => '', | 5 | 'NP_GOOD_NTP_SERVICE' => '', |
6 | 'NP_HOSTNAME_INVALID' => 'nosuchhost', | 6 | 'NP_HOSTNAME_INVALID' => 'nosuchhost', |
7 | 'NP_HOSTNAME_VALID' => 'monitoringplugins.org', | 7 | 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org', |
8 | 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', | 8 | 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', |
9 | 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30', | ||
10 | 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30', | ||
9 | 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', | 11 | 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', |
10 | 'NP_HOST_DHCP_RESPONSIVE' => '', | 12 | 'NP_HOST_DHCP_RESPONSIVE' => '', |
11 | 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', | 13 | 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', |
diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t index 9ba0ff8e..430eb53e 100644 --- a/plugins/t/check_apt.t +++ b/plugins/t/check_apt.t | |||
@@ -23,7 +23,7 @@ sub make_result_regexp { | |||
23 | } | 23 | } |
24 | 24 | ||
25 | if (-x "./check_apt") { | 25 | if (-x "./check_apt") { |
26 | plan tests => 28; | 26 | plan tests => 36; |
27 | } else { | 27 | } else { |
28 | plan skip_all => "No check_apt compiled"; | 28 | plan skip_all => "No check_apt compiled"; |
29 | } | 29 | } |
@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") ); | |||
40 | is( $result->return_code, 1, "Debian apt output, warning" ); | 40 | is( $result->return_code, 1, "Debian apt output, warning" ); |
41 | like( $result->output, make_result_regexp(13, 0), "Output correct" ); | 41 | like( $result->output, make_result_regexp(13, 0), "Output correct" ); |
42 | 42 | ||
43 | $result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") ); | ||
44 | is( $result->return_code, 0, "Debian apt output, no critical" ); | ||
45 | like( $result->output, make_result_regexp(13, 0), "Output correct" ); | ||
46 | |||
43 | $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") ); | 47 | $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") ); |
44 | is( $result->return_code, 2, "Debian apt output, some critical" ); | 48 | is( $result->return_code, 2, "Debian apt output, some critical" ); |
45 | like( $result->output, make_result_regexp(19, 4), "Output correct" ); | 49 | like( $result->output, make_result_regexp(19, 4), "Output correct" ); |
46 | 50 | ||
51 | $result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") ); | ||
52 | is( $result->return_code, 2, "Debian apt output, some critical" ); | ||
53 | like( $result->output, make_result_regexp(19, 4), "Output correct" ); | ||
54 | |||
47 | $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") ); | 55 | $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") ); |
48 | is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" ); | 56 | is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" ); |
49 | like( $result->output, make_result_regexp(19, 4), "Output correct" ); | 57 | like( $result->output, make_result_regexp(19, 4), "Output correct" ); |
@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") ); | |||
52 | is( $result->return_code, 1, "Debian apt output, filter for libc6" ); | 60 | is( $result->return_code, 1, "Debian apt output, filter for libc6" ); |
53 | like( $result->output, make_result_regexp(3, 0), "Output correct" ); | 61 | like( $result->output, make_result_regexp(3, 0), "Output correct" ); |
54 | 62 | ||
63 | $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") ); | ||
64 | is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" ); | ||
65 | like( $result->output, make_result_regexp(3, 0), "Output correct" ); | ||
66 | |||
55 | $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") ); | 67 | $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") ); |
56 | is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" ); | 68 | is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" ); |
57 | like( $result->output, make_result_regexp(9, 4), "Output correct" ); | 69 | like( $result->output, make_result_regexp(9, 4), "Output correct" ); |
@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") ); | |||
64 | is( $result->return_code, 2, "Debian apt output, filter out libc6" ); | 76 | is( $result->return_code, 2, "Debian apt output, filter out libc6" ); |
65 | like( $result->output, make_result_regexp(16, 4), "Output correct" ); | 77 | like( $result->output, make_result_regexp(16, 4), "Output correct" ); |
66 | 78 | ||
79 | $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") ); | ||
80 | is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" ); | ||
81 | like( $result->output, make_result_regexp(16, 4), "Output correct" ); | ||
82 | |||
67 | $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") ); | 83 | $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") ); |
68 | is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" ); | 84 | is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" ); |
69 | like( $result->output, make_result_regexp(10, 0), "Output correct" ); | 85 | like( $result->output, make_result_regexp(10, 0), "Output correct" ); |
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t index 035e7682..cdfbe60d 100644 --- a/plugins/t/check_dns.t +++ b/plugins/t/check_dns.t | |||
@@ -10,26 +10,38 @@ use NPTest; | |||
10 | 10 | ||
11 | plan skip_all => "check_dns not compiled" unless (-x "check_dns"); | 11 | plan skip_all => "check_dns not compiled" unless (-x "check_dns"); |
12 | 12 | ||
13 | plan tests => 16; | 13 | plan tests => 19; |
14 | 14 | ||
15 | my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; | 15 | my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; |
16 | 16 | ||
17 | my $hostname_valid = getTestParameter( | 17 | my $hostname_valid = getTestParameter( |
18 | "NP_HOSTNAME_VALID", | 18 | "NP_HOSTNAME_VALID", |
19 | "A valid (known to DNS) hostname", | 19 | "A valid (known to DNS) hostname", |
20 | "monitoring-plugins.org" | 20 | "monitoring-plugins.org", |
21 | ); | 21 | ); |
22 | 22 | ||
23 | my $hostname_valid_ip = getTestParameter( | 23 | my $hostname_valid_ip = getTestParameter( |
24 | "NP_HOSTNAME_VALID_IP", | 24 | "NP_HOSTNAME_VALID_IP", |
25 | "The IP address of the valid hostname $hostname_valid", | 25 | "The IP address of the valid hostname $hostname_valid", |
26 | "66.118.156.50", | 26 | "130.133.8.40", |
27 | ); | ||
28 | |||
29 | my $hostname_valid_cidr = getTestParameter( | ||
30 | "NP_HOSTNAME_VALID_CIDR", | ||
31 | "An valid CIDR range containing $hostname_valid_ip", | ||
32 | "130.133.8.41/30", | ||
33 | ); | ||
34 | |||
35 | my $hostname_invalid_cidr = getTestParameter( | ||
36 | "NP_HOSTNAME_INVALID_CIDR", | ||
37 | "An (valid) CIDR range NOT containing $hostname_valid_ip", | ||
38 | "130.133.8.39/30", | ||
27 | ); | 39 | ); |
28 | 40 | ||
29 | my $hostname_valid_reverse = getTestParameter( | 41 | my $hostname_valid_reverse = getTestParameter( |
30 | "NP_HOSTNAME_VALID_REVERSE", | 42 | "NP_HOSTNAME_VALID_REVERSE", |
31 | "The hostname of $hostname_valid_ip", | 43 | "The hostname of $hostname_valid_ip", |
32 | "66-118-156-50.static.sagonet.net.", | 44 | "orwell.monitoring-plugins.org.", |
33 | ); | 45 | ); |
34 | 46 | ||
35 | my $hostname_invalid = getTestParameter( | 47 | my $hostname_invalid = getTestParameter( |
@@ -87,3 +99,9 @@ $res = NPTest->testCmd("./check_dns -H $hostname_valid_ip -a $hostname_valid_rev | |||
87 | cmp_ok( $res->return_code, '==', 0, "Got expected fqdn"); | 99 | cmp_ok( $res->return_code, '==', 0, "Got expected fqdn"); |
88 | like ( $res->output, $successOutput, "Output OK"); | 100 | like ( $res->output, $successOutput, "Output OK"); |
89 | 101 | ||
102 | $res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_cidr -t 5"); | ||
103 | cmp_ok( $res->return_code, '==', 0, "Got expected address"); | ||
104 | |||
105 | $res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5"); | ||
106 | cmp_ok( $res->return_code, '==', 2, "Got wrong address"); | ||
107 | like ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK"); | ||