aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Matthias Eble <psychotrahe@gmx.de> 2009-06-11 17:20:55 +0200
committerGravatar Matthias Eble <psychotrahe@gmx.de> 2009-06-11 17:20:55 +0200
commitedda2536e589810070abcb59e3cb2b3d0b334a01 (patch)
treec65405f5ce165c2a1d0c87c7f826440990353705
parente16b35b2ca960f8e56c17013a749e181d429a725 (diff)
downloadmonitoring-plugins-edda2536e589810070abcb59e3cb2b3d0b334a01.tar.gz
Fixed SNMPv3 behaviour of check_ifstatus. Added -P to define privprotocol (#2343438 - Robin Schroeder)
check_ifstatus didn't function correctly with SNMPv3. This is fixed now. Created argument-hash for SNMP session creation. This removes redundant code. Session creation was moved out of process_arguments() and now takes place after setting the timeout handler. Additionally the -P argument was added to specify the privprotocol.
-rw-r--r--NEWS4
-rwxr-xr-xplugins-scripts/check_ifstatus.pl170
-rw-r--r--plugins-scripts/t/check_ifstatus.t63
3 files changed, 132 insertions, 105 deletions
diff --git a/NEWS b/NEWS
index 66106e07..421784d1 100644
--- a/NEWS
+++ b/NEWS
@@ -39,8 +39,8 @@ This file documents the major additions and syntax changes between releases.
Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675)
check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds
check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster)
- Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
- check_ifoperstatus is now more userfriendly in case of missing arguments
+ Fixed SNMPv3 behaviour of check_ifoperstatus and check_ifstatus. Added -x/-P to define privprotocol (#2343438 - Robin Schroeder)
+ check_ifoperstatus and check_ifstatus are now more user-friendly in case of missing arguments
1.4.13 25th Sept 2008
Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen)
diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl
index bae3ffa7..22638234 100755
--- a/plugins-scripts/check_ifstatus.pl
+++ b/plugins-scripts/check_ifstatus.pl
@@ -42,7 +42,8 @@ Getopt::Long::Configure('bundling');
my $PROGNAME = "check_ifstatus";
sub print_help ();
-sub usage ();
+sub usage ($);
+sub print_usage ();
sub process_arguments ();
@@ -63,7 +64,7 @@ my $snmpoid=0;
my $key=0;
my $community = "public";
my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
-my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context);
+my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
my $port = 161;
my @snmpoids;
my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7';
@@ -92,6 +93,7 @@ my $opt_u;
my $opt_x ;
my %excluded ;
my @unused_ports ;
+my %session_opts;
@@ -115,6 +117,15 @@ if ($status != 0)
alarm($timeout);
+($session, $error) = Net::SNMP->session(%session_opts);
+
+if (!defined($session)) {
+ $state='UNKNOWN';
+ $answer=$error;
+ print ("$state: $answer\n");
+ exit $ERRORS{$state};
+}
+
push(@snmpoids,$snmpIfOperStatus);
push(@snmpoids,$snmpIfAdminStatus);
@@ -209,19 +220,25 @@ my $perfdata = sprintf("up=%d,down=%d,dormant=%d,excluded=%d,unused=%d",$ifup,$i
print ("$state: $answer |$perfdata\n");
exit $ERRORS{$state};
+sub usage($) {
+ print "$_[0]\n";
+ print_usage();
+ exit $ERRORS{"UNKNOWN"};
+}
-sub usage (){
- printf "\nMissing arguments!\n";
+sub print_usage() {
printf "\n";
+ printf "usage: \n";
printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n";
printf "Copyright (C) 2000 Christoph Kron\n";
printf "Updates 5/2002 Subhendu Ghosh\n";
- printf "\n\n";
support();
- exit $ERRORS{"UNKNOWN"};
+ printf "\n\n";
}
-sub print_help (){
+sub print_help() {
+ print_revision($PROGNAME, '@NP_VERSION@');
+ print_usage();
printf "check_ifstatus plugin for Nagios monitors operational \n";
printf "status of each network interface on the target host\n";
printf "\nUsage:\n";
@@ -242,14 +259,15 @@ sub print_help (){
printf " See the IANAifType-MIB for a list of interface types.\n";
printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n";
printf " -U (--secname) username for SNMPv3 context\n";
- printf " -c (--context) SNMPv3 context name (default is empty string)";
+ printf " -c (--context) SNMPv3 context name (default is empty string)\n";
printf " -A (--authpass) authentication password (cleartext ascii or localized key\n";
- printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
+ printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " auth password and authEngineID\n";
- printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n";
+ printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n";
printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
- printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
+ printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " privacy password and authEngineID\n";
+ printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n";
printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n";
printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n";
printf " -V (--version) Plugin version\n";
@@ -269,6 +287,7 @@ sub process_arguments() {
"U=s" => \$secname, "secname=s" => \$secname,
"A=s" => \$authpass, "authpass=s" => \$authpass,
"X=s" => \$privpass, "privpass=s" => \$privpass,
+ "P=s" => \$privproto, "privproto=s" => \$privproto,
"c=s" => \$context, "context=s" => \$context,
"p=i" =>\$port, "port=i" => \$port,
"H=s" => \$hostname, "hostname=s" => \$hostname,
@@ -280,9 +299,10 @@ sub process_arguments() {
);
if ($status == 0){
- print_help() ;
+ print_help();
exit $ERRORS{'OK'};
}
+
if ($opt_V) {
print_revision($PROGNAME,'@NP_VERSION@');
exit $ERRORS{'OK'};
@@ -297,68 +317,75 @@ sub process_arguments() {
$timeout = $TIMEOUT;
}
+ if ($snmp_version !~ /[123]/){
+ $state='UNKNOWN';
+ print ("$state: No support for SNMP v$snmp_version yet\n");
+ exit $ERRORS{$state};
+ }
+
+ %session_opts = (
+ -hostname => $hostname,
+ -port => $port,
+ -version => $snmp_version,
+ -maxmsgsize => $maxmsgsize
+ );
+
+ $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
+
if ($snmp_version =~ /3/ ) {
# Must define a security level even though default is noAuthNoPriv
# v3 requires a security username
- if (defined $seclevel && defined $secname) {
+ if (defined $seclevel && defined $secname) {
+ $session_opts{'-username'} = $secname;
# Must define a security level even though defualt is noAuthNoPriv
- unless ($seclevel eq ('noAuthNoPriv' || 'authNoPriv' || 'authPriv' ) ) {
- usage();
- exit $ERRORS{"UNKNOWN"};
+ unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
+ usage("Must define a valid security level even though default is noAuthNoPriv");
}
# Authentication wanted
- if ($seclevel eq ('authNoPriv' || 'authPriv') ) {
-
- unless ($authproto eq ('MD5' || 'SHA1') ) {
- usage();
- exit $ERRORS{"UNKNOWN"};
+ if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
+ if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') {
+ usage("Auth protocol can be either MD5 or SHA1");
}
+ $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
if ( !defined $authpass) {
- usage();
- exit $ERRORS{"UNKNOWN"};
+ usage("Auth password/key is not defined");
}else{
if ($authpass =~ /^0x/ ) {
- $auth = "-authkey => $authpass" ;
+ $session_opts{'-authkey'} = $authpass ;
}else{
- $auth = "-authpassword => $authpass";
+ $session_opts{'-authpassword'} = $authpass ;
}
}
-
}
# Privacy (DES encryption) wanted
- if ($seclevel eq 'authPriv' ) {
+ if ($seclevel eq 'authPriv' ) {
if (! defined $privpass) {
- usage();
- exit $ERRORS{"UNKNOWN"};
+ usage("Privacy passphrase/key is not defined");
}else{
if ($privpass =~ /^0x/){
- $priv = "-privkey => $privpass";
+ $session_opts{'-privkey'} = $privpass;
}else{
- $priv = "-privpassword => $privpass";
+ $session_opts{'-privpassword'} = $privpass;
}
}
+
+ $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
}
# Context name defined or default
-
unless ( defined $context) {
$context = "";
}
-
-
}else {
- usage();
- exit $ERRORS{'UNKNOWN'}; ;
+ usage("Security level or name is not defined");
}
} # end snmpv3
- # for snmp v1 & v2c we default to community = "public"
-
# Excluded interfaces types (ifType) (backup interfaces, dial-on demand interfaces, PPP interfaces
if (defined $opt_x) {
my @x = split(/,/, $opt_x);
@@ -380,79 +407,16 @@ sub process_arguments() {
}
if (! utils::is_hostname($hostname)){
- usage();
+ usage("Hostname invalid or not given");
exit $ERRORS{"UNKNOWN"};
}
- # create SNMP session handle based on options passed.
-
- if ( ! $snmp_version ) {
- $snmp_version =1 ;
- }else{
- if ( $snmp_version =~ /[12]/ ) {
-
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -community => $community,
- -port => $port,
- -version => $snmp_version,
- -maxmsgsize => $maxmsgsize
- );
-
- if (!defined($session)) {
- $state='UNKNOWN';
- $answer=$error;
- print ("$state: $answer");
- exit $ERRORS{$state};
- }
-
- }elsif ( $snmp_version =~ /3/ ) {
-
- if ($seclevel eq 'noAuthNoPriv') {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -port => $port,
- -version => $snmp_version,
- -username => $secname,
- );
-
- }elsif ( $seclevel eq 'authNoPriv' ) {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -port => $port,
- -version => $snmp_version,
- -username => $secname,
- -authprotocol => $authproto,
- $auth
- );
- }elsif ($seclevel eq 'authPriv' ) {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -port => $port,
- -version => $snmp_version,
- -username => $secname,
- -authprotocol => $authproto,
- $auth,
- $priv
- );
- }
-
-
- if (!defined($session)) {
- $state='UNKNOWN';
- $answer=$error;
- print ("$state: $answer");
- exit $ERRORS{$state};
- }
-
- }else{
+ if ($snmp_version !~ /[123]/) {
$state='UNKNOWN';
print ("$state: No support for SNMP v$snmp_version yet\n");
exit $ERRORS{$state};
}
-}
return $ERRORS{"OK"};
-
}
diff --git a/plugins-scripts/t/check_ifstatus.t b/plugins-scripts/t/check_ifstatus.t
new file mode 100644
index 00000000..c5169d90
--- /dev/null
+++ b/plugins-scripts/t/check_ifstatus.t
@@ -0,0 +1,63 @@
+#! /usr/bin/perl -w -I ..
+#
+# SNMP Test via check_ifoperstatus
+#
+#
+
+use strict;
+use Test::More;
+use NPTest;
+
+my $tests = 9;
+plan tests => $tests;
+my $res;
+
+my $plugin = "check_ifstatus";
+SKIP: {
+ skip "$plugin is not created", $tests if ( ! -x $plugin );
+
+ my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost",
+ "A host providing an SNMP Service");
+
+ my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public",
+ "The SNMP Community string for SNMP Testing (assumes snmp v1)" );
+
+ my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+ "The hostname of system not responsive to network requests" );
+
+ my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
+ "An invalid (not known to DNS) hostname" );
+
+ $res = NPTest->testCmd( "./$plugin" );
+ is( $res->return_code, 3, "No arguments" );
+ like( $res->output, '/usage/', "Output contains usage" );
+
+ $res = NPTest->testCmd( "./$plugin -H fakehost -v 3 --seclevel rubbish --secname foobar" );
+ is( $res->return_code, 3, "invalid seclevel" );
+ like( $res->output, "/Must define a valid security level/", "Output contains 'Must define a valid security level'" );
+
+ SKIP: {
+ skip "no snmp host defined", 2 if ( ! $host_snmp );
+
+ $res = NPTest->testCmd( "./$plugin -H $host_snmp -C $snmp_community ");
+ like($res->output, '/^.*host.*interfaces up/', "String contains host.*interfaces up");
+
+ $res = NPTest->testCmd( "./$plugin -H $host_snmp -C rubbish");
+ cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL for community 'rubbish'" );
+
+ }
+
+ SKIP: {
+ skip "no non responsive host defined", 1 if ( ! $host_nonresponsive );
+ $res = NPTest->testCmd( "./$plugin -H $host_nonresponsive -C $snmp_community");
+ cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
+ }
+
+ SKIP: {
+ skip "no invalid host defined", 2 if ( ! $hostname_invalid );
+ $res = NPTest->testCmd( "./$plugin -H $hostname_invalid -C $snmp_community");
+ cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with invalid host" );
+ like($res->output, "/Unable to resolve.*$hostname_invalid/", "String matches unable to resolve.*$hostname_invalid");
+ }
+
+}