Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
The check_http -S/--ssl option now takes an optional argument which
specifies the desired SSL/TLS protocol version (#3285367 - Jason Lunn).
|
|
Some versions of OpenSSL fail to negotiate the SSL connection with at
least some versions of Tomcat if stateless SSL session resumption
support (see RFC4507) is enabled:
| CRITICAL - Cannot make SSL connection
| 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10
The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL
0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by
disabling the RFC4507 functionality when using OpenSSL versions which
support it.
Thanks to Dag Bakke for reporting the issue and for giving me access to
a server I could use to reproduce the problem.
|
|
|
|
|
|
Return an UNKNOWN status if a faulty sensor is detected. This can be
suppressed with the new "--ignore-fault" option.
(Fixes Debian bug #615133, patch suggested by Jan Wagner.)
|
|
certificate errors (Opsview team)
|
|
Duncan Ferguson)
|
|
When specifying a host-name on the command line, each of its IPs is added to
the host table (and each one is pinged). So, the buffer has to be large enough
to hold all of the respective host objects. (argc - 1) only fits hosts with a
single IP.
Thanks to Max Kosmach <max@tcen.ru> for reporting this in Debian bug #623702.
|
|
|
|
This patch adds a check for the certificate cn (hostname) to normal
certificate checks. It returns CRITICAL if th cn is missing, otherwise it
prints it in the normal output.
Patch by Stéphane Urbanovski
|
|
parsing of
performance data. Now replaced with ','
|
|
This enables floating point and ranges, and make the code more standard.
|
|
|
|
This reverts commit 896962a1ad1b7d7c75d42c565b06cc799feb0a7c.
Conflicts:
NEWS
plugins/tests/check_snmp.t
Notes:
Reverting because I rebased a patch that was doing the same thing, plus
fixing more related regressions, and both didn't work together.
I kept the tests intact except for one that wouldn't pass on 1.4.14
either
|
|
Original patch to make Timeticks works as in check_snmp v1.4.14, it turns
out is_numeric isn't so useful and treating all types as numeric works
best for backwards-compatibility. This is how it used to work in 1.4.14.
As a special case, I also make calculate_rate look up for numeric values
as it would otherwise return the last value instead.
|
|
|
|
#601699)
|
|
group (Bekar - #2973603)
Various values (dused_pct, dfree_pct, inodes_free, inodes_total, ...) are now carried in
the parameter_list structure. Assignments have been moved to a subroutine preventing
code redundancies.
Group metrics are now calculated based on units rather than blocks. This fixes freespace calculation
when blocksizes differ within a group.
|
|
numbers (according to strtod) to be a numeric value for threshold and
performance data
|
|
|
|
|
|
values to warn/crit parameters
|
|
|
|
Some commands need the environment to function properly. One such
example is check_ssh and check_by_ssh when a SOCKS proxy is required.
This patch use setenv and extern char **environ to alter and pass the
new environment to the child process Those modules have been added to
Gnulib for portability.
|
|
|
|
|
|
See http://nagiosplugin.org/c-api-private for more details on the API.
Also updated check_snmp -l option to change the perfdata label.
|
|
|
|
|
|
|
|
Bug #2832884 reported problem with translations outputting pot file
headers. This is caused by "" matching the header of the translation
files.
This patch moves gettext macros inside utils macros and update some
french translations.
|
|
REJECT_RC is defined on some radiusclient versions and differenciates
between auth errors and bad responses. This patch will affect only the
behaviour of those clients exporting REJECT_RC.
In addition, unexpected return codes are now handled properly and
return UNKNOWN.
|
|
|
|
|
|
If Perl's "shift" function is called outside of a subroutine and without
any argument, it usually shifts @ARGV. However, if a plugin is executed
via ePN, such a call will shift @_ instead, so we must explicitly
specify @ARGV for this to work as expected.
This fixes Debian bug #545940, see: http://bugs.debian.org/545940
Commit de7191e3424e02ba278a39b86e8b1906a25d0362 fixed the same issue for
check_disk_smb.
(Reported by Hendrik Jaeger, forwarded by Jan Wagner.)
|
|
| check_radius doesn't seem to provide any way to modify the
| NAS-IP-Address attribute that it uses in the packets it sends, but it
| does so for NAS-Identifier.
|
| Instead, it hardcodes the IP address that it gets from the
| rc_own_ipaddress() library call, and that in turn translates into
| calling gethostbyname() on the result of uname(). This call can easily
| fail, and its result can easily be unsuitable - for example when the
| Nagios instance uses its own virtual host, and you don't want the
| original system hostname leaked to the RADIUS servers you monitor with
| this.
|
| Furthermore, this behaviour is inconsistent with RFC 2865, which
| defines the two attributes as analogous and never suggests hardcoding
| the value of either of them in client software.
Therefore, this commit adds the "-N, --nas-ip-address" option which
allows for specifying the value of the NAS-IP-Address attribute.
| I've also noticed that the original code for NAS-IP-Address hardcoding
| is broken in its error handling - it does "return (ERROR_PC)", which
| is meaningless in the context of check_radius.c. That actually seems
| to be copy&waste from radiusclient-0.3.2/src/radexample.c. :) I fixed
| that.
|
| While debugging, I also took the opportunity to decouple the
| nas-identifier rc_avpair_add() instance from the initial three,
| because this is just bad practice to lump a fourth optional attribute
| into the same block with the required attributes, the error handling
| for which is throwing the same daft message "Out of Memory?"...
[ http://bugs.debian.org/482947 ]
(Contributed by Josip Rodin, forwarded by Jan Wagner.)
|
|
The check_ldap plugin did not allow for specifying an empty LDAP base.
See: http://bugs.debian.org/479984
(Fixed by Stephane Chazelas, forwarded by Jan Wagner.)
|
|
| When perl plugin scripts are run with the embedded perl interpreter in
| nagios3, the "shift" perl command doesn't shift @ARGV, but @_ (which
| happens to contain the same thing as @ARGV at the time the script was
| started).
|
| [...]
|
| A fix is to replace all the instances of "shift" with "shift @ARGV".
[ http://bugs.debian.org/478906 ]
(Fixed by Stephane Chazelas, forwarded by Jan Wagner.)
|
|
| The check_disk_smb plugin purports to support guest users, but it
| doesn't work out, because it doesn't specify the -N command line
| option to smbclient when no password is specified, making smbclient
| stop and ask.
[ http://bugs.debian.org/425129 ]
(Fixed by Josip Rodin, forwarded by Jan Wagner.)
|
|
Add the "-a, --address option" which allows for specifying the IP
address of the server to connect to. If this option is used, the IP
address will be handed over to smbclient(1)'s "-I" option. (Contributed
by Sean Finney, forwarded by Jan Wagner.)
|
|
|
|
The fix is making SNI an option.
|
|
Bug #1867716 fixed what it meant to fix: broken perfdata strings.
Unfortunately some users relied on half-broken perfdata string where at
least the first token was OK. This patch do a two-way conversion
(string to double then back to string) instead and use the conversion
result for the performance data.
A possible caveat is that the string may change where it normally
shouldn't but the result should be somewhat similar.
|
|
|
|
Add support for checking the number of usable time sources (i.e., the
number of peers which are classified as so-called "truechimers" by NTP's
intersection algorithm). The new "-m" and "-n" options allow for
specifying the according WARNING and CRITICAL thresholds (and thereby
activating the truechimers check), respectively.
|
|
|
|
|
|
|