From c08d6a429ba0e0cd3642ba2c2fe85687472ee22f Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Fri, 28 Feb 2014 13:28:33 +0100 Subject: Replace "plugins-scripts/subst.in" foo Remove the buggy and complex awk(1) magic in "plugins-scripts/subst.in" in favor of simple sed(1) substitutions. The plugins in the "plugins-scripts" directory now always use the PATH specified via "./configure --trusted-path", or the default PATH hard-coded in "configure.ac". Fixes #1242. diff --git a/NEWS b/NEWS index 42ac42a..c0c9d11 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,8 @@ This file documents the major additions and syntax changes between releases. renamed MP_STATE_DIRECTORY. The old variable will continue to work in v1.6.x check_swap used to allow returning OK on a system without swap when only percent thresholds were used. This is no longer the case and one must now use -n/--no-swap= + The Perl and Shell plugins now use the PATH specified via ./configure's --trusted-path + option, or "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" by default 1.5 2nd October 2013 ENHANCEMENTS diff --git a/configure.ac b/configure.ac index 5759e60..a1ef445 100644 --- a/configure.ac +++ b/configure.ac @@ -10,6 +10,7 @@ AM_MAINTAINER_MODE([enable]) AC_CONFIG_HEADERS([config.h]) AC_CANONICAL_HOST +DEFAULT_PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" RELEASE=1 AC_SUBST(RELEASE) @@ -75,7 +76,8 @@ AC_DEFINE_UNQUOTED(CGIURL,"$CGIURL",[URL of CGI programs]) AC_ARG_WITH(trusted_path, ACX_HELP_STRING([--with-trusted-path=PATH], [sets trusted path for executables called by scripts]), - with_trusted_path=$withval) + with_trusted_path=$withval, + with_trusted_path=$DEFAULT_PATH) AC_SUBST(with_trusted_path) EXTRAS= @@ -1781,7 +1783,6 @@ AC_OUTPUT( lib/tests/Makefile plugins-root/Makefile plugins-scripts/Makefile - plugins-scripts/subst plugins-scripts/utils.pm plugins-scripts/utils.sh perlmods/Makefile diff --git a/plugins-scripts/Makefile.am b/plugins-scripts/Makefile.am index 4ea262a..78a950c 100644 --- a/plugins-scripts/Makefile.am +++ b/plugins-scripts/Makefile.am @@ -23,6 +23,11 @@ EXTRA_DIST=check_breeze.pl check_disk_smb.pl check_flexlm.pl check_ircd.pl \ check_ifstatus.pl check_ifoperstatus.pl check_wave.pl check_mailq.pl check_file_age.pl \ utils.sh.in utils.pm.in t +EDIT = sed \ + -e 's|[@]NP_VERSION[@]|$(NP_VERSION)|g' \ + -e 's|[@]TRUSTED_PATH[@]|$(with_trusted_path)|g' \ + -e 's|[@]PERL[@]|$(PERL)|g' + TESTS_ENVIRONMENT=perl -I $(top_builddir) -I $(top_srcdir) TESTS = @SCRIPT_TEST@ @@ -38,11 +43,11 @@ test-debug: CLEANFILES=$(libexec_SCRIPTS) .pl : - NP_VERSION=$(NP_VERSION) $(AWK) -f ./subst $< > $@ + $(EDIT) $< > $@ chmod +x $@ .sh : - NP_VERSION=$(NP_VERSION) $(AWK) -f ./subst $< > $@ + $(EDIT) $< > $@ chmod +x $@ clean-local: diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl index 917a1c6..38badeb 100755 --- a/plugins-scripts/check_breeze.pl +++ b/plugins-scripts/check_breeze.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wT +#!@PERL@ -wT use strict; @@ -13,7 +13,7 @@ $PROGNAME = "check_breeze"; sub print_help (); sub print_usage (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 36259d5..99948a4 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!@PERL@ -w # # # check_disk.pl [warn] [critical] [port] @@ -33,7 +33,7 @@ sub print_usage (); $PROGNAME = "check_disk_smb"; -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index e028038..5e062de 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl @@ -1,4 +1,4 @@ -#!/bin/perl -w +#!@PERL@ -w # check_file_age.pl Copyright (C) 2003 Steven Grimm # @@ -36,7 +36,7 @@ my ($result, $message, $age, $size, $st); $PROGNAME="check_file_age"; -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl index de63d3a..49d674d 100755 --- a/plugins-scripts/check_flexlm.pl +++ b/plugins-scripts/check_flexlm.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!@PERL@ -w # # usage: # check_flexlm.pl license_file @@ -44,7 +44,7 @@ $PROGNAME="check_flexlm"; sub print_help (); sub print_usage (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index 159eb62..1a7fbba 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!@PERL@ -w # # check_ifoperstatus.pl - monitoring plugin # @@ -49,7 +49,7 @@ sub usage ($); sub print_usage (); sub process_arguments (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index 4760a28..e9e6214 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!@PERL@ -w # # check_ifstatus.pl - monitoring plugin # @@ -47,7 +47,7 @@ sub usage ($); sub print_usage (); sub process_arguments (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl index dab6595..c14980c 100755 --- a/plugins-scripts/check_ircd.pl +++ b/plugins-scripts/check_ircd.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wT +#!@PERL@ -wT # ----------------------------------------------------------------------------- # File Name: check_ircd.pl @@ -62,7 +62,7 @@ sub bindRemote ($$); # -------------------------------------------------------------[ Enviroment ]-- -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh index be4c7be..8653a5e 100755 --- a/plugins-scripts/check_log.sh +++ b/plugins-scripts/check_log.sh @@ -58,18 +58,12 @@ # Paths to commands used in this script. These # may have to be modified to match your system setup. -GREP="/bin/egrep" -DIFF="/bin/diff" -TAIL="/bin/tail" -CAT="/bin/cat" -RM="/bin/rm" -CHMOD="/bin/chmod" -TOUCH="/bin/touch" - PROGNAME=`/bin/basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" -PATH="@trusted_path@" +PATH="@TRUSTED_PATH@" + +export PATH . $PROGPATH/utils.sh @@ -177,7 +171,7 @@ fi # the old diff file and exit if [ ! -e $oldlog ]; then - $CAT $logfile > $oldlog + cat $logfile > $oldlog echo "Log check data initialized..." exit $STATE_OK fi @@ -191,20 +185,20 @@ if [ -x /bin/mktemp ]; then else tempdiff=`/bin/date '+%H%M%S'` tempdiff="/tmp/check_log.${tempdiff}" - $TOUCH $tempdiff - $CHMOD 600 $tempdiff + touch $tempdiff + chmod 600 $tempdiff fi -$DIFF $logfile $oldlog | $GREP -v "^>" > $tempdiff +diff $logfile $oldlog | grep -v "^>" > $tempdiff # Count the number of matching log entries we have -count=`$GREP -c "$query" $tempdiff` +count=`grep -c "$query" $tempdiff` # Get the last matching entry in the diff file -lastentry=`$GREP "$query" $tempdiff | $TAIL -1` +lastentry=`grep "$query" $tempdiff | tail -1` -$RM -f $tempdiff -$CAT $logfile > $oldlog +rm -f $tempdiff +cat $logfile > $oldlog if [ "$count" = "0" ]; then # no matches, exit with no error echo "Log check ok - 0 pattern matches found" diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index 488cf2f..df1385d 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!@PERL@ -w # check_mailq - check to see how many messages are in the smtp queue awating # transmittal. @@ -40,7 +40,7 @@ sub print_help (); sub print_usage (); sub process_arguments (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; $PROGNAME = "check_mailq"; diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index cf23ae8..652a12a 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!@PERL@ -w # # Copyright 2003 Roy Sigurd Karlsbakk @@ -35,7 +35,7 @@ use strict; my $PROGNAME = "check_mssql"; -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl index 6e0d02d..82939bf 100755 --- a/plugins-scripts/check_netdns.pl +++ b/plugins-scripts/check_netdns.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!@PERL@ -w # Perl version of check_dns plugin which calls DNS directly instead of # relying on nslookup (which has bugs) @@ -33,7 +33,7 @@ use utils ; my $PROGNAME = "check_netdns"; -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_ntp.pl b/plugins-scripts/check_ntp.pl index cdcbffa..13da939 100755 --- a/plugins-scripts/check_ntp.pl +++ b/plugins-scripts/check_ntp.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!@PERL@ -w # # (c)1999 Ian Cass, Knowledge Matters Ltd. # Read the GNU copyright stuff for all the legalese @@ -69,7 +69,7 @@ $PROGNAME="check_ntp"; sub print_help (); sub print_usage (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_oracle.sh b/plugins-scripts/check_oracle.sh index efa1df1..ceac95d 100755 --- a/plugins-scripts/check_oracle.sh +++ b/plugins-scripts/check_oracle.sh @@ -9,7 +9,7 @@ PROGNAME=`basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" -PATH="@trusted_path@" +PATH="@TRUSTED_PATH@" . $PROGPATH/utils.sh diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl index f7fe032..cbdeceb 100755 --- a/plugins-scripts/check_rpc.pl +++ b/plugins-scripts/check_rpc.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!@PERL@ -w # # check_rpc plugin for monitoring # @@ -37,7 +37,7 @@ sub print_help (); sub print_usage (); sub in ($$); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; $ENV{'LC_ALL'}='C'; diff --git a/plugins-scripts/check_sensors.sh b/plugins-scripts/check_sensors.sh index 53db9b4..05c64c4 100755 --- a/plugins-scripts/check_sensors.sh +++ b/plugins-scripts/check_sensors.sh @@ -3,8 +3,9 @@ PROGNAME=`basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" -TRUSTED_PATH="@trusted_path@" -PATH=${TRUSTED_PATH:-"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"} +PATH="@TRUSTED_PATH@" + +export PATH . $PROGPATH/utils.sh diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl index 5192753..5fa78e3 100755 --- a/plugins-scripts/check_wave.pl +++ b/plugins-scripts/check_wave.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wT +#!@PERL@ -wT # @@ -16,7 +16,7 @@ $PROGNAME = "check_wave"; sub print_help (); sub print_usage (); -$ENV{'PATH'}='@trusted_path@'; +$ENV{'PATH'}='@TRUSTED_PATH@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/subst.in b/plugins-scripts/subst.in deleted file mode 100644 index c730b77..0000000 --- a/plugins-scripts/subst.in +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/awk - -function which(c,path) { - cmd = "test -x " c; - - if (system(cmd)==0) { - return c; - } - - sub(/\/.*\//,"",c); - for (dir in path) { - cmd = "test -x " path[dir] "/" c; - if (system(cmd)==0) { - return path[dir] "/" c; - } - } - - - return c; -} - -BEGIN { - split(ENVIRON["PATH"] ":/sbin:/usr/sbin",path,/:/); - -} - -# Plugin revision -/@NP_VERSION@/ {sub(/@NP_VERSION@/,ENVIRON["NP_VERSION"]);} - -# scripting language (first line) - -/^#! ?\/.*\/python/ {sub(/^#! ?\/.*\/python/,"#! @PYTHON@");} -/^#! ?\/.*\/perl/ {sub(/^#! ?\/.*\/perl/,"#! @PERL@");} -/^#! ?\/.*\/[a-z]{0,2}awk/ {sub(/^#! ?\/.*\/[a-z]{0,2}awk/,"#! @AWK@");} -/^#! ?\/.*\/sh/ {sub(/^#! ?\/.*\/sh/,"#! @SHELL@");} - -# If a script contains a reference to a fully qualified command, -# subst will replace the fully qualified command with whatever is -# returned from the which subroutine. run before changes to INC to add libexecdir -# FIXME: Prepend executables with a substitution keyword instead. -# -/^[^#]/ && /(\/.*)?\/(bin|sbin|lib|libexec)\// { - match($0,/(\/.*)?\/(bin|sbin|lib|libexec)\/[-_a-zA-Z0-9]+/); - c=substr($0,RSTART,RLENGTH); - sub(c,which(c,path)); -} - -# Trusted path mechanism -/@trusted_path@/ {sub(/@trusted_path@/,"@with_trusted_path@");} - -{ - print; -} -- cgit v0.10-9-g596f