diff options
author | awiddersheim <awiddersheim@hotmail.com> | 2013-10-22 10:33:56 -0400 |
---|---|---|
committer | awiddersheim <awiddersheim@hotmail.com> | 2013-10-22 10:33:56 -0400 |
commit | 0a3252d88d148a8cb21774cd3ae6a1cb1fbb004c (patch) | |
tree | 756f8d4b09eb6ee3c2ef75301a7027e9a42509dc | |
parent | f6576c6db4eeb655f16a71286757e4a93792887d (diff) | |
download | monitoring-plugins-0a3252d88d148a8cb21774cd3ae6a1cb1fbb004c.tar.gz |
Fix trusted path
When configuring the plugins you have the option to specify a trusted path with --with-trusted-path. This option seems to have been deprecated at some point for unknown reasons and had typically had no affect. This commit makes this option work again for those who have a desire to use it. There should be no affect on those who have not chosen to specify a trusted path.
-rw-r--r-- | configure.in | 5 | ||||
-rwxr-xr-x | plugins-scripts/check_breeze.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_disk_smb.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_file_age.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_flexlm.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_ifoperstatus.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_ifstatus.pl | 3 | ||||
-rwxr-xr-x | plugins-scripts/check_ircd.pl | 6 | ||||
-rwxr-xr-x | plugins-scripts/check_log.sh | 3 | ||||
-rwxr-xr-x | plugins-scripts/check_mailq.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_mssql.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_netdns.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_ntp.pl | 2 | ||||
-rwxr-xr-x | plugins-scripts/check_oracle.sh | 1 | ||||
-rwxr-xr-x | plugins-scripts/check_rpc.pl | 4 | ||||
-rwxr-xr-x | plugins-scripts/check_sensors.sh | 5 | ||||
-rwxr-xr-x | plugins-scripts/check_wave.pl | 2 | ||||
-rw-r--r-- | plugins-scripts/subst.in | 13 |
18 files changed, 38 insertions, 30 deletions
diff --git a/configure.in b/configure.in index 7e8c8102..7562ca41 100644 --- a/configure.in +++ b/configure.in @@ -75,9 +75,8 @@ AC_DEFINE_UNQUOTED(CGIURL,"$CGIURL",[URL of CGI programs]) AC_ARG_WITH(trusted_path, ACX_HELP_STRING([--with-trusted-path=PATH], - [sets trusted path for executables called by scripts (default=/bin:/sbin:/usr/bin:/usr/sbin)]), - with_trusted_path=$withval, - with_trusted_path=/bin:/sbin:/usr/bin:/usr/sbin) + [sets trusted path for executables called by scripts]), + with_trusted_path=$withval) AC_SUBST(with_trusted_path) EXTRAS= diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl index a4e8542c..037060c8 100755 --- a/plugins-scripts/check_breeze.pl +++ b/plugins-scripts/check_breeze.pl @@ -12,7 +12,7 @@ $PROGNAME = "check_breeze"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 0c89db57..01c560ef 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -32,7 +32,7 @@ sub print_usage (); $PROGNAME = "check_disk_smb"; -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index dcd5efab..37bbe86f 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl @@ -37,6 +37,10 @@ my ($result, $message, $age, $size, $st); $PROGNAME="check_file_age"; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + $opt_w = 240; $opt_c = 600; $opt_W = 0; diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl index 54d933c7..05973777 100755 --- a/plugins-scripts/check_flexlm.pl +++ b/plugins-scripts/check_flexlm.pl @@ -43,7 +43,7 @@ $PROGNAME="check_flexlm"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index 588993be..452911b7 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -47,6 +47,10 @@ sub usage ($); sub print_usage (); sub process_arguments (); +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + my $timeout; my $status; my %ifOperStatus = ('1','up', diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index 63c71ffa..421580ad 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -46,6 +46,9 @@ sub usage ($); sub print_usage (); sub process_arguments (); +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; my $status; my %ifOperStatus = ('1','up', diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl index 42a9bca9..f80c5c65 100755 --- a/plugins-scripts/check_ircd.pl +++ b/plugins-scripts/check_ircd.pl @@ -63,9 +63,9 @@ sub bindRemote ($$); # -------------------------------------------------------------[ Enviroment ]-- -$ENV{PATH} = ""; -$ENV{ENV} = ""; -$ENV{BASH_ENV} = ""; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; # -----------------------------------------------------------------[ Global ]-- diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh index a1bfb486..a9ff06ad 100755 --- a/plugins-scripts/check_log.sh +++ b/plugins-scripts/check_log.sh @@ -57,8 +57,6 @@ # Paths to commands used in this script. These # may have to be modified to match your system setup. -# TV: removed PATH restriction. Need to think more about what this means overall -#PATH="" ECHO="/bin/echo" GREP="/bin/egrep" @@ -72,6 +70,7 @@ TOUCH="/bin/touch" PROGNAME=`/bin/basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" +PATH="@trusted_path@" . $PROGPATH/utils.sh diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index 31eb46a4..1d0a3ad7 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -39,7 +39,7 @@ sub print_help (); sub print_usage (); sub process_arguments (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; $PROGNAME = "check_mailq"; diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index 9a8fc511..4486149d 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl @@ -35,6 +35,10 @@ use strict; my $PROGNAME = "check_mssql"; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + my ( $server,$database,$username,$password,$query,$help,$verbose,$timeout, $dbh,$sth,$row, diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl index ecdbdb1a..9871a9a5 100755 --- a/plugins-scripts/check_netdns.pl +++ b/plugins-scripts/check_netdns.pl @@ -32,6 +32,10 @@ use utils ; my $PROGNAME = "check_netdns"; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + Getopt::Long::Configure(`bundling`); GetOptions("V" => $opt_V, "version" => $opt_V, "h" => $opt_h, "help" => $opt_h, diff --git a/plugins-scripts/check_ntp.pl b/plugins-scripts/check_ntp.pl index 5c87e0a6..cdcbffac 100755 --- a/plugins-scripts/check_ntp.pl +++ b/plugins-scripts/check_ntp.pl @@ -69,7 +69,7 @@ $PROGNAME="check_ntp"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_oracle.sh b/plugins-scripts/check_oracle.sh index 2a8ab21d..f5302e3b 100755 --- a/plugins-scripts/check_oracle.sh +++ b/plugins-scripts/check_oracle.sh @@ -9,6 +9,7 @@ PROGNAME=`basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" +PATH="@trusted_path@" . $PROGPATH/utils.sh diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl index d2701e95..e09754dd 100755 --- a/plugins-scripts/check_rpc.pl +++ b/plugins-scripts/check_rpc.pl @@ -36,9 +36,9 @@ sub print_help (); sub print_usage (); sub in ($$); -$ENV{'BASH_ENV'}=''; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; -$ENV{'PATH'}=''; $ENV{'LC_ALL'}='C'; #Initialise protocol for each progname number diff --git a/plugins-scripts/check_sensors.sh b/plugins-scripts/check_sensors.sh index 874e1049..53db9b49 100755 --- a/plugins-scripts/check_sensors.sh +++ b/plugins-scripts/check_sensors.sh @@ -1,14 +1,13 @@ #!/bin/sh -PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin - PROGNAME=`basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" +TRUSTED_PATH="@trusted_path@" +PATH=${TRUSTED_PATH:-"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"} . $PROGPATH/utils.sh - print_usage() { echo "Usage: $PROGNAME" [--ignore-fault] } diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl index 2671112a..8f9a4da3 100755 --- a/plugins-scripts/check_wave.pl +++ b/plugins-scripts/check_wave.pl @@ -15,7 +15,7 @@ $PROGNAME = "check_wave"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/subst.in b/plugins-scripts/subst.in index a70ad884..49a95ca1 100644 --- a/plugins-scripts/subst.in +++ b/plugins-scripts/subst.in @@ -61,18 +61,9 @@ BEGIN { # add to libexecdir to INC for perl utils.pm /^use/ { if (/lib/) { if (/utils.pm|"."/ ) {sub(/utils.pm|"."/,led() )} } } - -# Trusted path mechanism (deprecated) - -/^[ \t]*\$ENV[ \t]*\{[ \t'"]*PATH[ \t"']*\}[ \t]*=/ { - sub(/\=[ \t]*['"][^"']+["']/,"='@with_trusted_path@' # autoconf-derived"); -} - -/^[\t ]*(export[\t ]*)?PATH[\t ]*=['"]+.+["']$/ { - sub(/\=.*$/,"='@with_trusted_path@' # autoconf-derived"); -} +# Trusted path mechanism +/@trusted_path@/ {sub(/@trusted_path@/,"@with_trusted_path@");} { print; } - |