1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
--- ../../original_sources/nagios-plugins-1.4.2/contrib/nagios_shell 2005-10-11 20:27:28.411568216 -0400
+++ nagios-plugins-1.4.2/contrib/nagios_shell 2005-10-11 20:28:54.933414896 -0400
@@ -0,0 +1,165 @@
+#! /usr/bin/perl -T
+
+# changable variables
+# set $NAGIOS_PLUGIN_DIR to the directory that contains the nagios plugins.
+# Don't include a trailing '/'.
+my($NAGIOS_PLUGIN_DIR)="PLUGIN_DIR_HERE";
+
+# Other commands that can be run via this shell. It is strongly
+# recommended that all of these are specified with a full path name.
+my(@other_commands) = (
+);
+
+# set the PATH needed for the commands run under this shell.
+$ENV{'PATH'} = "/bin:/usr/bin:/usr/sbin";
+
+#Name: nagiosshell
+#Use: used as forced command under ssh as receiver for check_by_ssh plugin
+#Function: Check provided command and runs it from predefined directory
+# or fully specified path.
+# Example: in ~nagios/.ssh/authorized_keys on system to be monitoed using
+# check_by_ssh:
+#
+# command="/path/to/nagiosshell" from="nagios.example.org" ssh-rsa AAAAB3N...
+#
+# This has not been tested with the multiple passive mode of check_by_ssh.
+
+use warnings;
+use strict;
+
+my($command, $exec_command, @args, @exec_args, $i);
+
+die("$0: Not running as forced command, \$SSH_ORIGINAL_COMMAND not found.\n")
+ if (not exists($ENV{"SSH_ORIGINAL_COMMAND"}));
+
+($command, @args) = split(' ', $ENV{"SSH_ORIGINAL_COMMAND"});
+if ($command !~ m#/#) {
+ # then its a command name and not a full path
+ if (! -x "$NAGIOS_PLUGIN_DIR/$command") {
+ print "$0: Unable to find command $NAGIOS_PLUGIN_DIR/$command.\n";
+ exit 3;
+ } else {
+ # create the fully qualified name
+ ($exec_command) = ($command =~ m/^([A-z0-9_.-]+)$/);
+ $exec_command = "$NAGIOS_PLUGIN_DIR/$exec_command";
+ }
+} else {
+ # we have a qualified command path, verify it
+ foreach $i (@other_commands) {
+ $exec_command = $i if ($i eq $command);
+ }
+}
+
+if (! $exec_command) {
+ print "$0: Unable to validate $command\n";
+ exit 3;
+}
+
+# set up a clean environment
+# PATH is explicitly set at top of script in modifyable variables.
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV', 'PERLLIB'};
+
+# clean the args
+foreach (@args) {
+ if ( m/^([^`;()]*)$/ ) {
+ push(@exec_args, $1);
+ } else {
+ die ("$0: Unsafe argument $_ found. Exiting.\n");
+ }
+}
+
+# run the requested command without executing a shell.
+if (@exec_args) {
+ eval {no warnings 'all'; exec $exec_command $exec_command, @exec_args};
+} else {
+ eval {no warnings 'all'; exec $exec_command $exec_command};
+}
+
+use warnings;
+
+die("$0: Unable to exec ($!) $exec_command with args: \"" . join('", "', @exec_args) . "\".\n");
+
+#TESTPREP:
+# mkdir $NAGIOS_PLUGIN_DIR
+# echo '#! /usr/bin/foo' > $NAGIOS_PLUGIN_BIN/check_foo
+# echo '#! /bin/sh' > $NAGIOS_PLUGIN_BIN/check_bar
+# echo 'ls "$@"' >> $NAGIOS_PLUGIN_BIN/check_bar
+# chmod +x $NAGIOS_PLUGIN_BIN/check_bar $NAGIOS_PLUGIN_BIN/check_foo
+
+#TEST:
+#- plugin unable to exec good args
+# SSH_ORIGINAL_COMMAND='check_foo -w 3:5 -c 2,4,3 -d 12-34' ./nagios_shell
+##Unable to exec (No such file or directory) /tmp/nagiosplug/check_foo
+## with args: "-w", "3:5", "-c", "2,4,3", "-d", "12-34".
+
+#- plugin unable to exec bad args
+# SSH_ORIGINAL_COMMAND='check_foo -w 3`5 -c 2,4,3 -d 12-34' ./nagios_shell
+##./nagios_shell: Unsafe argument 3`5 found. Exiting.
+
+#- plugin unable to exec no args
+# SSH_ORIGINAL_COMMAND='check_foo' ./nagios_shell
+##./nagios_shell: Unable to exec (No such file or directory)
+## /tmp/nagiosplug/check_foo with args: "".
+
+#- plugin able to exec good args
+# SSH_ORIGINAL_COMMAND='check_bar -w 3:5 -c 2,4,3 -d 12-34' ./nagios_shell
+##ls: 2,4,3: No such file or directory
+##ls: 12-34: No such file or directory
+
+#- plugin able to exec bad args
+# SSH_ORIGINAL_COMMAND='check_bar -w 35 -c 2,4,3 -d (12-34)' ./nagios_shell
+##./nagios_shell: Unsafe argument (12-34) found. Exiting.
+
+#- plugin able to exec no args
+# SSH_ORIGINAL_COMMAND='check_bar' ./nagios_shell
+## list of files in directory
+
+#- non existant plugin no args
+# SSH_ORIGINAL_COMMAND='check_zap' ./nagios_shell
+##./nagios_shell: Unable to find command /tmp/nagiosplug/check_zap.
+
+#- non existant plugin bad args
+# SSH_ORIGINAL_COMMAND='check_zap (foo' ./nagios_shell
+##./nagios_shell: Unable to find command /tmp/nagiosplug/check_zap.
+
+#- non existant plugin good args
+# SSH_ORIGINAL_COMMAND='check_zap foo' ./nagios_shell
+##./nagios_shell: Unable to find command /tmp/nagiosplug/check_zap.
+
+#- explicit command unable to exec (non-existent) good args
+# SSH_ORIGINAL_COMMAND='/usr/bin/nc1 -l /tmp' ./nagios_shell
+##Unable to exec (No such file or directory) /usr/bin/nc1 with args:
+## "-l", "/tmp".
+
+#- explicit command unable to exec (non-existent) bad args
+# SSH_ORIGINAL_COMMAND='/usr/bin/nc1 -l (/tmp)' ./nagios_shell
+##Unsafe argument (/tmp) found. Exiting.
+
+#- explicit command unable to exec (non-existent) no args
+# SSH_ORIGINAL_COMMAND='/usr/bin/nc1' ./nagios_shell
+##./nagios_shell: Unable to exec (No such file or directory)
+## /usr/bin/nc1 with args: "".
+
+#- explicit command able to exec good args
+# SSH_ORIGINAL_COMMAND='/usr/bin/ls -l /dev/null' ./nagios_shell
+##crw-rw-rw- 1 rouilj None 1, 3 Sep 24 23:19 /dev/null
+
+#- explicit command able to exec bad args
+# SSH_ORIGINAL_COMMAND='/usr/bin/ls -l `/dev/null`' ./nagios_shell
+##./nagios_shell: Unsafe argument `/dev/null` found. Exiting.
+
+#- explicit command able to exec no args
+# SSH_ORIGINAL_COMMAND='/usr/bin/ls ' ./nagios_shell
+##list of files in directory
+
+#- explicit command not found in list
+# SSH_ORIGINAL_COMMAND='/usr/bin/nc3' ./nagios_shell
+##./nagios_shell: Unable to validate /usr/bin/nc3
+
+#- explicit command not found in list bad args
+# SSH_ORIGINAL_COMMAND='/usr/bin/nc3 (foo' ./nagios_shell
+##./nagios_shell: Unable to validate /usr/bin/nc3
+
+#- explicit command not found in list good args
+# SSH_ORIGINAL_COMMAND='/usr/bin/nc3 foo' ./nagios_shell
+##./nagios_shell: Unable to validate /usr/bin/nc3
|