From a4308b19135bdadf339163f7e127c628d987a0fc Mon Sep 17 00:00:00 2001 From: PhiBo Date: Wed, 28 Apr 2021 15:11:23 +0200 Subject: Add CodeQL checks Add initial github actions to perform CodeQL securtiy checks --- .github/workflows/codeql-analysis.yml | 71 +++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..9de367e5 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '15 18 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + - name: Install packages + run: | + sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential + sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ + libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ + libdbd-sqlite3 libssl-dev libcurl4-openssl-dev liburiparser-dev + + - name: Configure build + run: | + ./tools/setup + ./configure --enable-libtap + + - name: Build + run: | + make + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 -- cgit v1.2.3-74-g34f1 From fc71e3f9304ed51f3fd7ca544f38a30a590c8ba5 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Tue, 13 Apr 2021 09:15:12 +0200 Subject: migrate travis ci to github actions --- .github/NPTest.cache | 54 +++++++++++++++++++++++ .github/prepare_debian.sh | 99 +++++++++++++++++++++++++++++++++++++++++++ .github/workflows/test.yml | 77 +++++++++++++++++++++++++++++++++ .travis.yml | 98 ------------------------------------------ plugins/t/NPTest.cache.travis | 54 ----------------------- 5 files changed, 230 insertions(+), 152 deletions(-) create mode 100644 .github/NPTest.cache create mode 100755 .github/prepare_debian.sh create mode 100644 .github/workflows/test.yml delete mode 100644 .travis.yml delete mode 100644 plugins/t/NPTest.cache.travis (limited to '.github/workflows') diff --git a/.github/NPTest.cache b/.github/NPTest.cache new file mode 100644 index 00000000..232305a7 --- /dev/null +++ b/.github/NPTest.cache @@ -0,0 +1,54 @@ +{ + 'NP_ALLOW_SUDO' => 'yes', + 'NP_DNS_SERVER' => '8.8.8.8', + 'NP_GOOD_NTP_SERVICE' => '', + 'NP_HOST_DHCP_RESPONSIVE' => '', + 'NP_HOST_HPJD_PORT_INVALID' => '161', + 'NP_HOST_HPJD_PORT_VALID' => '', + 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30', + 'NP_HOSTNAME_INVALID' => 'nosuchhost', + 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30', + 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', + 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org', + 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', + 'NP_HOST_NONRESPONSIVE' => '192.168.1.2', + 'NP_HOST_RESPONSIVE' => 'localhost', + 'NP_HOST_SMB' => '', + 'NP_HOST_SNMP' => '', + 'NP_HOST_TCP_FTP' => '', + 'NP_HOST_TCP_HPJD' => '', + 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org', + 'NP_HOST_TCP_HTTP' => 'localhost', + 'NP_HOST_TCP_IMAP' => 'imap.web.de', + 'NP_HOST_TCP_JABBER' => 'jabber.org', + 'NP_HOST_TCP_LDAP' => 'localhost', + 'NP_HOST_TCP_POP' => 'pop.web.de', + 'NP_HOST_TCP_PROXY' => 'localhost', + 'NP_HOST_TCP_SMTP' => 'localhost', + 'NP_HOST_TCP_SMTP_NOTLS' => '', + 'NP_HOST_TCP_SMTP_TLS' => '', + 'NP_HOST_TLS_CERT' => 'localhost', + 'NP_HOST_TLS_HTTP' => 'localhost', + 'NP_HOST_UDP_TIME' => 'none', + 'NP_INTERNET_ACCESS' => 'yes', + 'NP_LDAP_BASE_DN' => 'dc=nodomain', + 'NP_MOUNTPOINT2_VALID' => '/media/ramdisk1', + 'NP_MOUNTPOINT_VALID' => '/', + 'NP_MYSQL_LOGIN_DETAILS' => '-u root -d test', + 'NP_MYSQL_SERVER' => 'localhost', + 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', + 'NP_MYSQL_WITH_SLAVE' => '', + 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', + 'NP_NO_NTP_SERVICE' => 'localhost', + 'NP_PORT_TCP_PROXY' => '3128', + 'NP_SMB_SHARE' => '', + 'NP_SMB_SHARE_DENY' => '', + 'NP_SMB_SHARE_SPC' => '', + 'NP_SMB_VALID_USER' => '', + 'NP_SMB_VALID_USER_PASS' => '', + 'NP_SNMP_COMMUNITY' => '', + 'NP_SNMP_USER' => '', + 'NP_SSH_CONFIGFILE' => '~/.ssh/config', + 'NP_SSH_HOST' => 'localhost', + 'NP_SSH_IDENTITY' => '~/.ssh/id_rsa' +} diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh new file mode 100755 index 00000000..40053206 --- /dev/null +++ b/.github/prepare_debian.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +set -x +set -e + +export DEBIAN_FRONTEND=noninteractive + +apt-get update +apt-get -y install software-properties-common +if [ $(lsb_release -is) = "Debian" ]; then + apt-add-repository non-free + apt-get update +fi +apt-get -y install perl autotools-dev libdbi-dev libldap2-dev libpq-dev libradcli-dev libnet-snmp-perl procps +apt-get -y install libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd +apt-get -y install fping snmp netcat smbclient vsftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl +apt-get -y install libdbd-sybase-perl libnet-dns-perl +apt-get -y install slapd ldap-utils +apt-get -y install gcc make autoconf automake gettext +apt-get -y install faketime +apt-get -y install libmonitoring-plugin-perl +apt-get -y install libcurl4-openssl-dev +apt-get -y install liburiparser-dev +apt-get -y install squid +apt-get -y install openssh-server +apt-get -y install mariadb-server mariadb-client libmariadb-dev +apt-get -y install cron iputils-ping +apt-get -y install iproute2 + +# remove ipv6 interface from hosts +if [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ]; then + sed '/^::1/d' /etc/hosts > /tmp/hosts + cp -f /tmp/hosts /etc/hosts +fi + +ip addr show + +cat /etc/hosts + + +# apache +a2enmod ssl +a2ensite default-ssl +make-ssl-cert generate-default-snakeoil --force-overwrite +service apache2 start + +# squid +cp tools/squid.conf /etc/squid/squid.conf +service squid start + +# mariadb +service mariadb start +mysql -e "create database IF NOT EXISTS test;" -uroot + +# ldap +sed -e 's/cn=admin,dc=nodomain/'$(/usr/sbin/slapcat|grep ^dn:|awk '{print $2}')'/' -i .github/NPTest.cache +service slapd start + +# sshd +ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa +cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys +service ssh start +sleep 1 +ssh-keyscan localhost >> ~/.ssh/known_hosts +touch ~/.ssh/config + +# start one login session, required for check_users +( ssh -n -tt root@localhost "top" < /dev/null >/dev/null 2>&1 & ) +sleep 1 +who +ssh root@localhost "top -b -n 1" + +# snmpd +for DIR in /usr/share/snmp/mibs /usr/share/mibs; do + rm -f $DIR/ietf/SNMPv2-PDU \ + $DIR/ietf/IPSEC-SPD-MIB \ + $DIR/ietf/IPATM-IPMC-MIB \ + $DIR/iana/IANA-IPPM-METRICS-REGISTRY-MIB +done +mkdir -p /var/lib/snmp/mib_indexes +sed -e 's/^agentaddress.*/agentaddress 127.0.0.1/' -i /etc/snmp/snmpd.conf +service snmpd start + +# start cron, will be used by check_nagios +cron + +# start postfix +service postfix start + +# start ftpd +service vsftpd start + +# hostname +sed "/NP_HOST_TLS_CERT/s/.*/'NP_HOST_TLS_CERT' => '$(hostname)',/" -i /src/.github/NPTest.cache + +# create some test files to lower inodes +for i in $(seq 10); do + touch /media/ramdisk2/test.$1 +done diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..4c3497d0 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,77 @@ +name: Test + +on: + push: + branches: + - '*' + pull_request: + +jobs: +# macos: +# name: Running tests on ${{ matrix.os }} +# strategy: +# fail-fast: false +# matrix: +# os: +# - macos-10.15 +# runs-on: ${{ matrix.os }} +# steps: +# +# - name: Git clone repository +# uses: actions/checkout@v2 +# #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate +# # uses: mxschmitt/action-tmate@v3 +# - name: Prepare machine +# run: | +# brew install automake +# - name: Run the tests +# run: | +# tools/setup \ +# && ./configure --enable-libtap \ +# && make \ +# && make test + + linux: + runs-on: ubuntu-latest + name: Running tests on ${{ matrix.distro }} + strategy: + fail-fast: false + matrix: + distro: + #- 'debian:10' + - 'debian:testing' + #- 'ubuntu:20.10' + #- 'centos:7' + #- 'centos:8' + include: + #- distro: 'debian:10' + # prepare: .github/prepare_debian.sh + - distro: 'debian:testing' + prepare: .github/prepare_debian.sh + #- distro: 'ubuntu:20.10' + # prepare: .github/prepare_debian.sh + #- distro: 'centos:7' + # prepare: .github/prepare_centos.sh + #- distro: 'centos:8' + # prepare: .github/prepare_centos.sh + steps: + - name: Git clone repository + uses: actions/checkout@v2 + #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate + # uses: mxschmitt/action-tmate@v3 + - name: Run the tests on ${{ matrix.distro }} + run: | + docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 tmp-vol + docker run \ + -e NPTEST_ACCEPTDEFAULT=1 \ + -e NPTEST_CACHE="/src/.github/NPTest.cache" \ + -w /src -v ${PWD}:/src \ + --tmpfs /media/ramdisk1 \ + --mount source=tmp-vol,destination=/src,target=/media/ramdisk2 \ + ${{ matrix.distro }} \ + /bin/sh -c '${{ matrix.prepare }} && \ + tools/setup && \ + ./configure --enable-libtap && \ + make && \ + make test' + docker volume rm tmp-vol diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3d9fe64e..00000000 --- a/.travis.yml +++ /dev/null @@ -1,98 +0,0 @@ -sudo: required -dist: xenial -language: c - -env: - global: - # This is the encrypted COVERITY_SCAN_TOKEN, created via the "travis - # encrypt" command using the project repository's public key. - - secure: "ggJ9c/VfKcwtrwz/My+ne4My7D8g3qi3vz5Hh+yLiri0+oIXCy313ZD6ssIEY/5beQZEOnuHhBgBJd/Y3clSQNc2M9fRNc+wxOkIO992lgnY0MZJN3y9MLfpqUbTClhU9Fst0qXQqGpI6UI8yz1tj7yKi7DPrycJLRrjMpyTfyo=" - -matrix: - include: - - compiler: "gcc" - os: linux - env: - - PLATFORM=linux BITS=64 HOST=x86_64 - addons: - coverity_scan: - project: - name: "monitoring-plugins/monitoring-plugins" - description: "Monitoring Plugins" - notification_email: team@monitoring-plugins.org - build_command_prepend: tools/setup && ./configure - build_command: make - branch_pattern: coverity.* - - compiler: "clang" - os: linux - env: - - PLATFORM=linux BITS=64 HOST=x86_64 - -before_install: - # Trusty related fixed - # multiverse is no on trusty activated (https://github.com/travis-ci/travis-ci/issues/4979) - - sudo apt-get install -qq --no-install-recommends software-properties-common - - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty multiverse" && sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse" - # /etc/hosts has IPv6 hosts (https://github.com/travis-ci/travis-ci/issues/4978) - - sudo [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ] || sudo sed -i '/^::1/d' /etc/hosts - # Trusty has running ntpd on localhost, but we don't like that for our tests - - "sudo killall -9 ntpd ||:" - # Trusty has no swap, lets create some - - sudo fallocate -l 20M /swapfile; sudo chmod 600 /swapfile; sudo mkswap /swapfile; sudo swapon /swapfile - - sudo apt-get update -qq - - sudo apt-get purge -qq gawk - -install: - - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradcli-dev libkrb5-dev libnet-snmp-perl procps - - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd - - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl - - sudo apt-get install -qq --no-install-recommends libdbd-sybase-perl libnet-dns-perl - - sudo apt-get install -qq --no-install-recommends slapd ldap-utils - - sudo apt-get install -qq --no-install-recommends autoconf automake - - sudo apt-get install -qq --no-install-recommends faketime - - sudo apt-get install -qq --no-install-recommends libmonitoring-plugin-perl - - sudo apt-get install -qq --no-install-recommends libcurl4-openssl-dev - - sudo apt-get install -qq --no-install-recommends liburiparser-dev - - sudo apt-get install -qq --no-install-recommends squid - # Trusty related dependencies (not yet provided) - - test "$(dpkg -l | grep -E "mysql-(client|server)-[0-9].[0-9]" | grep -c ^ii)" -gt 0 || sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server - # enable ssl apache - - sudo a2enmod ssl - - sudo a2ensite default-ssl - - sudo make-ssl-cert generate-default-snakeoil --force-overwrite - - sudo service apache2 reload - - sudo cp tools/squid.conf /etc/squid/squid.conf - - sudo service squid reload - - sudo service mysql restart - -before_script: - # ensure we have a test database in place for tests - - mysql -e "create database IF NOT EXISTS test;" -uroot - # Detect LDAP configuration (seems volatile on trusty env) - - sed -e 's/cn=admin,dc=nodomain/'$(sudo /usr/sbin/slapcat|grep ^dn:|grep cn=|awk '{print $2}')'/' -i plugins/t/NPTest.cache.travis - - tools/setup - - ./configure --enable-libtap - - make - - export NPTEST_ACCEPTDEFAULT=1 - - export NPTEST_CACHE="$(pwd)/plugins/t/NPTest.cache.travis" - - ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa - - cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys - - ssh-keyscan localhost >> ~/.ssh/known_hosts - - touch ~/.ssh/config - - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB - - sudo mkdir -p /var/lib/snmp/mib_indexes - - sudo mkdir /media/ramdisk && sudo chmod 777 /media/ramdisk && sudo mount -t tmpfs -o size=20% none /media/ramdisk - - sed "/NP_HOST_TLS_CERT/s/.*/'NP_HOST_TLS_CERT' => '$(hostname)',/" -i $NPTEST_CACHE - -script: - - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make test; fi - -notifications: - irc: - channels: - - "chat.freenode.net#Monitoring-Plugins" - on_success: change - on_failure: always - skip_join: true - email: - # - team@monitoring-plugins.org diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis deleted file mode 100644 index 9b9f8059..00000000 --- a/plugins/t/NPTest.cache.travis +++ /dev/null @@ -1,54 +0,0 @@ -{ - 'NP_ALLOW_SUDO' => 'yes', - 'NP_DNS_SERVER' => '8.8.8.8', - 'NP_GOOD_NTP_SERVICE' => '', - 'NP_HOST_DHCP_RESPONSIVE' => '', - 'NP_HOST_HPJD_PORT_INVALID' => '161', - 'NP_HOST_HPJD_PORT_VALID' => '', - 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30', - 'NP_HOSTNAME_INVALID' => 'nosuchhost', - 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30', - 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', - 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org', - 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', - 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', - 'NP_HOST_RESPONSIVE' => 'localhost', - 'NP_HOST_SMB' => '', - 'NP_HOST_SNMP' => '', - 'NP_HOST_TCP_FTP' => '', - 'NP_HOST_TCP_HPJD' => '', - 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org', - 'NP_HOST_TCP_HTTP' => 'localhost', - 'NP_HOST_TCP_IMAP' => 'imap.web.de', - 'NP_HOST_TCP_JABBER' => 'jabber.org', - 'NP_HOST_TCP_LDAP' => 'localhost', - 'NP_HOST_TCP_POP' => 'pop.web.de', - 'NP_HOST_TCP_PROXY' => 'localhost', - 'NP_HOST_TCP_SMTP' => 'localhost', - 'NP_HOST_TCP_SMTP_NOTLS' => '', - 'NP_HOST_TCP_SMTP_TLS' => '', - 'NP_HOST_TLS_CERT' => 'localhost, - 'NP_HOST_TLS_HTTP' => 'localhost', - 'NP_HOST_UDP_TIME' => 'none', - 'NP_INTERNET_ACCESS' => 'yes', - 'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain', - 'NP_MOUNTPOINT2_VALID' => '/media/ramdisk', - 'NP_MOUNTPOINT_VALID' => '/', - 'NP_MYSQL_LOGIN_DETAILS' => '-u root -d test', - 'NP_MYSQL_SERVER' => 'localhost', - 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', - 'NP_MYSQL_WITH_SLAVE' => '', - 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', - 'NP_NO_NTP_SERVICE' => 'localhost', - 'NP_PORT_TCP_PROXY' => '3128', - 'NP_SMB_SHARE' => '', - 'NP_SMB_SHARE_DENY' => '', - 'NP_SMB_SHARE_SPC' => '', - 'NP_SMB_VALID_USER' => '', - 'NP_SMB_VALID_USER_PASS' => '', - 'NP_SNMP_COMMUNITY' => '', - 'NP_SNMP_USER' => '', - 'NP_SSH_CONFIGFILE' => '~/.ssh/config', - 'NP_SSH_HOST' => 'localhost', - 'NP_SSH_IDENTITY' => '~/.ssh/id_rsa' -} -- cgit v1.2.3-74-g34f1 From 227369bb3bec2a44ebece952a9085bfb032a7a0e Mon Sep 17 00:00:00 2001 From: Jacob Hansen Date: Wed, 19 May 2021 13:12:29 +0200 Subject: Disable IPv6 in tests Docker doesn't seem to have a working IPv6 stack by default. For now disable IPv6 tests. Signed-off-by: Jacob Hansen --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4c3497d0..06cc4419 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,7 +71,7 @@ jobs: ${{ matrix.distro }} \ /bin/sh -c '${{ matrix.prepare }} && \ tools/setup && \ - ./configure --enable-libtap && \ + ./configure --enable-libtap --with-ipv6=no && \ make && \ make test' docker volume rm tmp-vol -- cgit v1.2.3-74-g34f1 From 226469f970568340d27d90499199823b67b9e3dc Mon Sep 17 00:00:00 2001 From: Jacob Hansen Date: Wed, 19 May 2021 13:59:52 +0200 Subject: Prune container and volumes Rather than manully removing the tmpfs volume. Signed-off-by: Jacob Hansen --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 06cc4419..3e467957 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -74,4 +74,5 @@ jobs: ./configure --enable-libtap --with-ipv6=no && \ make && \ make test' - docker volume rm tmp-vol + docker container prune -f + docker volume prune -f -- cgit v1.2.3-74-g34f1 From 6344d29143bfd80d511e6c2d4bd39b9f58e03f14 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Thu, 20 May 2021 17:49:46 +0200 Subject: remove useless comments Signed-off-by: Sven Nierlein --- .github/prepare_debian.sh | 4 ---- .github/workflows/test.yml | 38 +++----------------------------------- 2 files changed, 3 insertions(+), 39 deletions(-) (limited to '.github/workflows') diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh index a74f3464..c68b9f5d 100755 --- a/.github/prepare_debian.sh +++ b/.github/prepare_debian.sh @@ -69,12 +69,8 @@ ssh-keyscan localhost >> ~/.ssh/known_hosts touch ~/.ssh/config # start one login session, required for check_users -#( ssh -n -tt root@localhost "top" < /dev/null >/dev/null 2>&1 & ) ssh -tt localhost /dev/null 2>/dev/null & disown %1 -#sleep 1 -#who -#ssh root@localhost "top -b -n 1" # snmpd for DIR in /usr/share/snmp/mibs /usr/share/mibs; do diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3e467957..512d28e6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,29 +8,7 @@ on: jobs: # macos: -# name: Running tests on ${{ matrix.os }} -# strategy: -# fail-fast: false -# matrix: -# os: -# - macos-10.15 -# runs-on: ${{ matrix.os }} -# steps: -# -# - name: Git clone repository -# uses: actions/checkout@v2 -# #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate -# # uses: mxschmitt/action-tmate@v3 -# - name: Prepare machine -# run: | -# brew install automake -# - name: Run the tests -# run: | -# tools/setup \ -# && ./configure --enable-libtap \ -# && make \ -# && make test - +# ... linux: runs-on: ubuntu-latest name: Running tests on ${{ matrix.distro }} @@ -38,22 +16,12 @@ jobs: fail-fast: false matrix: distro: - #- 'debian:10' - 'debian:testing' - #- 'ubuntu:20.10' - #- 'centos:7' - #- 'centos:8' + #... include: - #- distro: 'debian:10' - # prepare: .github/prepare_debian.sh - distro: 'debian:testing' prepare: .github/prepare_debian.sh - #- distro: 'ubuntu:20.10' - # prepare: .github/prepare_debian.sh - #- distro: 'centos:7' - # prepare: .github/prepare_centos.sh - #- distro: 'centos:8' - # prepare: .github/prepare_centos.sh + #... steps: - name: Git clone repository uses: actions/checkout@v2 -- cgit v1.2.3-74-g34f1 From a96161c824f7f97830f4aa4daa166013961d55f1 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Mon, 25 Oct 2021 14:55:50 +0200 Subject: actions: map utmp from host to container this fixes the check_users not having any logged in user to check. --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github/workflows') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 512d28e6..0f93930a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,6 +35,7 @@ jobs: -e NPTEST_CACHE="/src/.github/NPTest.cache" \ -w /src -v ${PWD}:/src \ --tmpfs /media/ramdisk1 \ + -v /var/run/utmp:/var/run/utmp \ --mount source=tmp-vol,destination=/src,target=/media/ramdisk2 \ ${{ matrix.distro }} \ /bin/sh -c '${{ matrix.prepare }} && \ -- cgit v1.2.3-74-g34f1 From 175e43133c9dbeb156e52b8e54cd04e44401f424 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 3 Jul 2022 15:57:55 +0200 Subject: Update CodeQL and update runner before installing (#1775) --- .github/workflows/codeql-analysis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9de367e5..afe6ab4f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -53,6 +53,7 @@ jobs: - name: Install packages run: | + sudo apt update sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ @@ -62,10 +63,10 @@ jobs: run: | ./tools/setup ./configure --enable-libtap - + - name: Build run: | make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 -- cgit v1.2.3-74-g34f1 From f7f7309b99f9f0eb4176a4c7cb8e5991d23b5b74 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 6 Nov 2022 23:12:41 +0100 Subject: Update GitHub runner (#1810) * Update action/checkout to v3 * Format debian prepare script --- .github/prepare_debian.sh | 61 ++++++++++++++++++++++++++++++++++------------ .github/workflows/test.yml | 2 +- 2 files changed, 46 insertions(+), 17 deletions(-) (limited to '.github/workflows') diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh index 4021c104..d8a76da6 100755 --- a/.github/prepare_debian.sh +++ b/.github/prepare_debian.sh @@ -11,21 +11,51 @@ if [ $(lsb_release -is) = "Debian" ]; then apt-add-repository non-free apt-get update fi -apt-get -y install perl autotools-dev libdbi-dev libldap2-dev libpq-dev libradcli-dev libnet-snmp-perl procps -apt-get -y install libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd -apt-get -y install fping snmp netcat-openbsd smbclient vsftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl -apt-get -y install libdbd-sybase-perl libnet-dns-perl -apt-get -y install slapd ldap-utils -apt-get -y install gcc make autoconf automake gettext -apt-get -y install faketime -apt-get -y install libmonitoring-plugin-perl -apt-get -y install libcurl4-openssl-dev -apt-get -y install liburiparser-dev -apt-get -y install squid -apt-get -y install openssh-server -apt-get -y install mariadb-server mariadb-client libmariadb-dev -apt-get -y install cron iputils-ping -apt-get -y install iproute2 +apt-get -y install perl \ + autotools-dev \ + libdbi-dev \ + libldap2-dev \ + libpq-dev \ + libradcli-dev \ + libnet-snmp-perl \ + procps \ + libdbi0-dev \ + libdbd-sqlite3 \ + libssl-dev \ + dnsutils \ + snmp-mibs-downloader \ + libsnmp-perl \ + snmpd \ + fping \ + snmp \ + netcat-openbsd \ + smbclient \ + vsftpd \ + apache2 \ + ssl-cert \ + postfix \ + libhttp-daemon-ssl-perl \ + libdbd-sybase-perl \ + libnet-dns-perl \ + slapd \ + ldap-utils \ + gcc \ + make \ + autoconf \ + automake \ + gettext \ + faketime \ + libmonitoring-plugin-perl \ + libcurl4-openssl-dev \ + liburiparser-dev \ + squid \ + openssh-server \ + mariadb-server \ + mariadb-client \ + libmariadb-dev \ + cron \ + iputils-ping \ + iproute2 # remove ipv6 interface from hosts if [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ]; then @@ -37,7 +67,6 @@ ip addr show cat /etc/hosts - # apache a2enmod ssl a2ensite default-ssl diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0f93930a..d2785a41 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: #... steps: - name: Git clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate # uses: mxschmitt/action-tmate@v3 - name: Run the tests on ${{ matrix.distro }} -- cgit v1.2.3-74-g34f1 From 4a5ddd201119260028db6a4f27027d72aa9a160a Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:48:28 +0100 Subject: Check curl detect ipv6 (#1809) * If server_address is an IPv6 address surround it with brackets * If the message is too short, we should not have an underflow * Add simple conditional test case available if IPv6 is --- .github/workflows/test.yml | 2 +- plugins/check_curl.c | 22 ++++++++++++++++++---- plugins/t/check_curl.t | 39 ++++++++++++++++++++++++++++----------- 3 files changed, 47 insertions(+), 16 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d2785a41..80d49f7e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -40,7 +40,7 @@ jobs: ${{ matrix.distro }} \ /bin/sh -c '${{ matrix.prepare }} && \ tools/setup && \ - ./configure --enable-libtap --with-ipv6=no && \ + ./configure --enable-libtap --with-ipv6=no && \ make && \ make test' docker container prune -f diff --git a/plugins/check_curl.c b/plugins/check_curl.c index a69854a8..2ad373c0 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -476,6 +476,18 @@ check_http (void) printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache); } + // If server_address is an IPv6 address it must be surround by square brackets + struct in6_addr tmp_in_addr; + if (inet_pton(AF_INET6, server_address, &tmp_in_addr) == 1) { + char *new_server_address = malloc(strlen(server_address) + 3); + if (new_server_address == NULL) { + die(STATE_UNKNOWN, "HTTP UNKNOWN - Unable to allocate memory\n"); + } + snprintf(new_server_address, strlen(server_address)+3, "[%s]", server_address); + free(server_address); + server_address = new_server_address; + } + /* compose URL: use the address we want to connect to, set Host: header later */ snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", use_ssl ? "https" : "http", @@ -999,10 +1011,12 @@ GOT_FIRST_CERT: result = max_state_alt(get_status(total_time, thlds), result); /* Cut-off trailing characters */ - if(msg[strlen(msg)-2] == ',') - msg[strlen(msg)-2] = '\0'; - else - msg[strlen(msg)-3] = '\0'; + if (strlen(msg) >= 2) { + if(msg[strlen(msg)-2] == ',') + msg[strlen(msg)-2] = '\0'; + else + msg[strlen(msg)-3] = '\0'; + } /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index 693f4b25..eae98cc1 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -1,15 +1,22 @@ #! /usr/bin/perl -w -I .. # -# HyperText Transfer Protocol (HTTP) Test via check_http +# HyperText Transfer Protocol (HTTP) Test via check_curl # # use strict; use Test::More; use POSIX qw/mktime strftime/; -use NPTest; -plan tests => 57; +use vars qw($tests $has_ipv6); + +BEGIN { + use NPTest; + $has_ipv6 = NPTest::has_ipv6(); + $tests = $has_ipv6 ? 59 : 57; + plan tests => $tests; +} + my $successOutput = '/OK.*HTTP.*second/'; @@ -18,6 +25,7 @@ my $plugin = 'check_http'; $plugin = 'check_curl' if $0 =~ m/check_curl/mx; my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tcp_http_ipv6 = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1"); my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost"); my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); @@ -31,26 +39,35 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0; $res = NPTest->testCmd( - "./$plugin $host_tcp_http -wt 300 -ct 600" - ); + "./$plugin $host_tcp_http -wt 300 -ct 600" + ); cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); like( $res->output, $successOutput, "Output OK" ); +if ($has_ipv6) { + # Test for IPv6 formatting + $res = NPTest->testCmd( + "./$plugin -I $host_tcp_http_ipv6 -wt 300 -ct 600" + ); + cmp_ok( $res->return_code, '==', 0, "IPv6 URL formatting is working" ); + like( $res->output, $successOutput, "Output OK" ); +} + $res = NPTest->testCmd( - "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" - ); + "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" + ); like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" - ); + "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" + ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK"); $res = NPTest->testCmd( - "./$plugin $hostname_invalid -wt 1 -ct 2" - ); + "./$plugin $hostname_invalid -wt 1 -ct 2" + ); cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # The first part of the message comes from the OS catalogue, so cannot check this. # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename -- cgit v1.2.3-74-g34f1 From de06e5832eb45ed0a23d4ad9f66d4faa51cb5371 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:49:31 +0100 Subject: Bump github/codeql-action from 1 to 2 (#1812) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index afe6ab4f..860c783c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,7 +43,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. -- cgit v1.2.3-74-g34f1 From 1bc6d81651c5b5fe865515d420fc2772f4997059 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Nov 2022 04:26:26 +0000 Subject: Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 860c783c..ab8bfaae 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL -- cgit v1.2.3-74-g34f1