Age | Commit message (Collapse) | Author | Files | Lines |
|
changes:
- CRYPTO_lock detection replaced in configure.ac. We don't use that
function anywhere, so just replace it with the suggested one from
https://wiki.openssl.org/index.php/Library_Initialization#Autoconf
- OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included.
Set it ourself using the suggested openssl 1.1 version check from
https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility
- openssl 1.1 sends a sigpipe if the connection is still open when
calling SSL_shutdown(), so move the close before the shutdown.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
If a web page contains a nul character, check_http reads the complete page but --string does not search beyond this character.
|
|
This reverts commit 6cd50bc42cb4b25a3c0f7153df7f83b7262f404b.
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
|
|
check_dig: use +retry instead of +tries
|
|
After upgrading from an Ubuntu/15.10 to 16.04 installation, I noticed that
check_dig is always returning a WARNING:
$ /usr/lib/nagios/plugins/check_dig -l localhost -v
/usr/bin/dig -p 53 @127.0.0.1 localhost A +tries=3 +time=6
Looking for: 'localhost'
DNS WARNING - 0.008 seconds response time (dig returned an error status)|time=0.008274s;;;0.000000
The older Ubuntu installation got its check_dig from the
nagios-plugins-standard package[0] which did not include the +tries
option. The current Ubuntu version provides its check_dig from the
monitoring-plugins-standard package[1], which _does_ use the +tries
option that was introduced with df53473[2].
On my system, it so happens that /usr/bin/dig is provided not by the
(BIND) dnsutils package but by knot-dnsutils[3] from the Knot DNS project.
The Knot dig(1) command doesn't support the +tries option[4] but does
support +retry (which is also supported[5] by the BIND dig(1) command).
One way to fix that would be for me to install the BIND dnsutils package. But I did not
want to do that: it's so much larger in size and pulls in much more dependencies
than the knot-dnsutils package.
The patch below changes check_dig to use +retry instead of +tries. Both
options are similar, but not the same:
+retry - Sets the number of times to retry UDP queries to server to T
instead of the default, 2. Unlike +tries, this does not include
the initial query
As number_tries seems to be hard coded to 3, I've lowered DEFAULT_TRIES to
2 so check_dig should behave as before (with +tries=3).
Thanks,
Christian.
[0] http://packages.ubuntu.com/wily/nagios-plugins-standard
[1] http://packages.ubuntu.com/xenial/monitoring-plugins-standard
[2] https://github.com/monitoring-plugins/monitoring-plugins/commit/df53473
[3] http://packages.ubuntu.com/xenial/knot-dnsutils
[4] https://www.knot-dns.cz/docs/2.x/html/man_kdig.html#notes
[5] https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/man.dig.html
Signed-off-by: Christian Kujau <lists@nerdbynature.de>
|
|
Remove function unused since commit b5cc292.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
|
|
Enabled snmp tests against snmpd on localhost. It was installed already
in the travis file, we just need to enable the tests by setting the
parameters in the answers file.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
datatype indicator"
This reverts commit 3178c8c0ff18822a04fe01c749f3564887473eed.
|
|
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
check_ntp: remove unused variables
|
|
negate: remove unused variables
|
|
check_disk: remove unused variables
|
|
check_ntp_time: remove unused variables
|
|
check_dns: remove dead code
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Change solution to display GMT time in the local display format with
the offset number of hours from GMT to be clear about what timezone
this is if the local display format does not include offset.
|
|
This reverts commit 2d9e61a4382b8366331cde7617dbc4e381a0219a.
|
|
Tests need to match new output time and timezone.
|
|
SSL certs are required to use times in GMT per
https://www.ietf.org/rfc/rfc5280.txt but the mktime() here assumes the
current timezone.
Fix the time_t conversion to be done assuming GMT with timegm() and
only do it once rather than twice.
Display the expiry date and time with ISO format years and give an
offset from GMT and a timezone to be very clear about exactly what time
is being displayed. Time given is correct and now in the machine’s
timezone.
|
|
The "-6" optarg now prepends the server_address with "udp6:" for the
snmpget external command as per the net-snmp syntax at:
http://www.net-snmp.org/wiki/index.php/FAQ:Applications_28
Thanks to DrydenK (Roberto Greiner) for the heads up.
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Fix for issue https://github.com/nagios-plugins/nagios-plugins/issues/81
check_users now uses the standard warning and critical ranges parser and
a standard perdata output routine.
|
|
This fix changes output of check_disk in case of --error-only/-e option
is used and state is ok
- Old output: DISK OK
- New output: DISK OK - free space: / 159731 MB (83% inode=61%);
/dev/shm 2926 MB (100% inode=99%); /boot 58 MB (32% inode=99%);
Resolves: #1420
|
|
right now it is not possible to print the command output of ssh. check_by_ssh
only prints the command itself. This patchs adds printing the output too. This
makes it possible to use ssh with verbose logging which helps debuging any
connection, key or other ssh problems.
Note: you must use -E,--skip-stderr=<high number>, otherwise check_by_ssh would
always exit with unknown state.
Example:
./check_by_ssh -H localhost -o LogLevel=DEBUG3 -C "sleep 1" -E 999 -v
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
* pr/1386:
check_dig: expected answer is now incasesensitive
|
|
|
|
Thus recent Versions of bind will no longer change .IN-ADDR.ARPA to lowercase
as the uppercase version is also valid.
To have check_dns.c consider this fact change strstr to strcasestr
|
|
If a web page contains a nul character, check_http reads the complete page but --expect does not search beyond this character.
|
|
|
|
check_dig was casesensitive if an expected answer is given.
Switching strstr with strcasestr fixes this issue
While testing i noticed a bug where expected is not an exact match
New issue for that is opened #1385
This fix closes #1233
|
|
This reverts commit 6986aa1d0a352d8d02eed4896034631fffd25a27. That
commit leads to issues on non-Linux systems, and it seems to not
(always) work as expected on Linux, either.
Conflicts:
plugins/Makefile.am
plugins/check_disk.c
Closes #1377 and closes #1329.
|
|
* maint:
sslutils: Remove superfluous parenthesis for sslv3 function too
sslutils: remove superfluous parenthesis
check_snmp: modified tests
check_snmp.c: switched DEFAULT_TIMEOUT to DEFAULT_SOCKET_TIMEOUT (provided by utils.h), already used by help description, see issue #1318
install snmpd on travis tests
enable libtab on travis builds
add perl snmp to travis dependencies
NEWS: Mention check_ups performance data fix
Fix incorrect performance data thresholds
check_dhcp: Fix option parsing
Fixes segfaults when running via monitoring worker (off-by-one)
travis: fix http test host
sslutils: Check if OpenSSL supports SSLv3.
Conflicts:
NEWS
plugins/sslutils.c
|
|
expect option (-e) supported only first response, so checking for
any other response like 250-xxx would never match. This fix stores
return of relevant buffer
closes #1381
|
|
- currently STARTTLS check does not work with -e if there's text
like '220 hostname ESMTP*'. This is caused by SMTP answer from
host. Postfix answer: 220 2.0.0 Ready to start TLS, Exchange
2010: 220 2.0.0 SMTP server ready. This fix checks against 220
closes #1093
|
|
|
|
|
|
Don't forget to issue an SMTP QUIT command when the -D/--certificate
option is specified. This avoids undesired MTA log messages.
|
|
* pr/1373:
check_http: Allow for requesting TLSv1.1/TLSv1.2
|
|
check_http's -S/--ssl option now allows for requesting the TLSv1.1 and
TLSv1.2 protocols. Apart from that, a '+' suffix can be appended in
oder to also accept newer protocols than the specified version.
Closes #1338, and closes #1354, and closes #1359.
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
|
|
Remove superfluous parenthesis.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
|