diff options
author | Matthias Eble <psychotrahe@gmx.de> | 2009-06-11 17:20:55 +0200 |
---|---|---|
committer | Matthias Eble <psychotrahe@gmx.de> | 2009-06-11 17:20:55 +0200 |
commit | edda2536e589810070abcb59e3cb2b3d0b334a01 (patch) | |
tree | c65405f5ce165c2a1d0c87c7f826440990353705 /plugins-scripts/check_ifstatus.pl | |
parent | e16b35b2ca960f8e56c17013a749e181d429a725 (diff) | |
download | monitoring-plugins-edda2536e589810070abcb59e3cb2b3d0b334a01.tar.gz |
Fixed SNMPv3 behaviour of check_ifstatus. Added -P to define privprotocol (#2343438 - Robin Schroeder)
check_ifstatus didn't function correctly with SNMPv3. This is fixed now.
Created argument-hash for SNMP session creation. This removes redundant code.
Session creation was moved out of process_arguments() and now takes place
after setting the timeout handler.
Additionally the -P argument was added to specify the privprotocol.
Diffstat (limited to 'plugins-scripts/check_ifstatus.pl')
-rwxr-xr-x | plugins-scripts/check_ifstatus.pl | 170 |
1 files changed, 67 insertions, 103 deletions
diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index bae3ffa7..22638234 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -42,7 +42,8 @@ Getopt::Long::Configure('bundling'); my $PROGNAME = "check_ifstatus"; sub print_help (); -sub usage (); +sub usage ($); +sub print_usage (); sub process_arguments (); @@ -63,7 +64,7 @@ my $snmpoid=0; my $key=0; my $community = "public"; my $maxmsgsize = 1472 ; # Net::SNMP default is 1472 -my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context); +my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context); my $port = 161; my @snmpoids; my $snmpIfAdminStatus = '1.3.6.1.2.1.2.2.1.7'; @@ -92,6 +93,7 @@ my $opt_u; my $opt_x ; my %excluded ; my @unused_ports ; +my %session_opts; @@ -115,6 +117,15 @@ if ($status != 0) alarm($timeout); +($session, $error) = Net::SNMP->session(%session_opts); + +if (!defined($session)) { + $state='UNKNOWN'; + $answer=$error; + print ("$state: $answer\n"); + exit $ERRORS{$state}; +} + push(@snmpoids,$snmpIfOperStatus); push(@snmpoids,$snmpIfAdminStatus); @@ -209,19 +220,25 @@ my $perfdata = sprintf("up=%d,down=%d,dormant=%d,excluded=%d,unused=%d",$ifup,$i print ("$state: $answer |$perfdata\n"); exit $ERRORS{$state}; +sub usage($) { + print "$_[0]\n"; + print_usage(); + exit $ERRORS{"UNKNOWN"}; +} -sub usage (){ - printf "\nMissing arguments!\n"; +sub print_usage() { printf "\n"; + printf "usage: \n"; printf "check_ifstatus -C <READCOMMUNITY> -p <PORT> -H <HOSTNAME>\n"; printf "Copyright (C) 2000 Christoph Kron\n"; printf "Updates 5/2002 Subhendu Ghosh\n"; - printf "\n\n"; support(); - exit $ERRORS{"UNKNOWN"}; + printf "\n\n"; } -sub print_help (){ +sub print_help() { + print_revision($PROGNAME, '@NP_VERSION@'); + print_usage(); printf "check_ifstatus plugin for Nagios monitors operational \n"; printf "status of each network interface on the target host\n"; printf "\nUsage:\n"; @@ -242,14 +259,15 @@ sub print_help (){ printf " See the IANAifType-MIB for a list of interface types.\n"; printf " -L (--seclevel) choice of \"noAuthNoPriv\", \"authNoPriv\", or \"authPriv\"\n"; printf " -U (--secname) username for SNMPv3 context\n"; - printf " -c (--context) SNMPv3 context name (default is empty string)"; + printf " -c (--context) SNMPv3 context name (default is empty string)\n"; printf " -A (--authpass) authentication password (cleartext ascii or localized key\n"; - printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; + printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " auth password and authEngineID\n"; - printf " -a (--authproto) Authentication protocol ( MD5 or SHA1)\n"; + printf " -a (--authproto) Authentication protocol (MD5 or SHA1)\n"; printf " -X (--privpass) privacy password (cleartext ascii or localized key\n"; - printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; + printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " privacy password and authEngineID\n"; + printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n"; printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n"; printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n"; printf " -V (--version) Plugin version\n"; @@ -269,6 +287,7 @@ sub process_arguments() { "U=s" => \$secname, "secname=s" => \$secname, "A=s" => \$authpass, "authpass=s" => \$authpass, "X=s" => \$privpass, "privpass=s" => \$privpass, + "P=s" => \$privproto, "privproto=s" => \$privproto, "c=s" => \$context, "context=s" => \$context, "p=i" =>\$port, "port=i" => \$port, "H=s" => \$hostname, "hostname=s" => \$hostname, @@ -280,9 +299,10 @@ sub process_arguments() { ); if ($status == 0){ - print_help() ; + print_help(); exit $ERRORS{'OK'}; } + if ($opt_V) { print_revision($PROGNAME,'@NP_VERSION@'); exit $ERRORS{'OK'}; @@ -297,68 +317,75 @@ sub process_arguments() { $timeout = $TIMEOUT; } + if ($snmp_version !~ /[123]/){ + $state='UNKNOWN'; + print ("$state: No support for SNMP v$snmp_version yet\n"); + exit $ERRORS{$state}; + } + + %session_opts = ( + -hostname => $hostname, + -port => $port, + -version => $snmp_version, + -maxmsgsize => $maxmsgsize + ); + + $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/); + if ($snmp_version =~ /3/ ) { # Must define a security level even though default is noAuthNoPriv # v3 requires a security username - if (defined $seclevel && defined $secname) { + if (defined $seclevel && defined $secname) { + $session_opts{'-username'} = $secname; # Must define a security level even though defualt is noAuthNoPriv - unless ($seclevel eq ('noAuthNoPriv' || 'authNoPriv' || 'authPriv' ) ) { - usage(); - exit $ERRORS{"UNKNOWN"}; + unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) { + usage("Must define a valid security level even though default is noAuthNoPriv"); } # Authentication wanted - if ($seclevel eq ('authNoPriv' || 'authPriv') ) { - - unless ($authproto eq ('MD5' || 'SHA1') ) { - usage(); - exit $ERRORS{"UNKNOWN"}; + if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) { + if (defined $authproto && $authproto ne 'MD5' && $authproto ne 'SHA1') { + usage("Auth protocol can be either MD5 or SHA1"); } + $session_opts{'-authprotocol'} = $authproto if(defined $authproto); if ( !defined $authpass) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Auth password/key is not defined"); }else{ if ($authpass =~ /^0x/ ) { - $auth = "-authkey => $authpass" ; + $session_opts{'-authkey'} = $authpass ; }else{ - $auth = "-authpassword => $authpass"; + $session_opts{'-authpassword'} = $authpass ; } } - } # Privacy (DES encryption) wanted - if ($seclevel eq 'authPriv' ) { + if ($seclevel eq 'authPriv' ) { if (! defined $privpass) { - usage(); - exit $ERRORS{"UNKNOWN"}; + usage("Privacy passphrase/key is not defined"); }else{ if ($privpass =~ /^0x/){ - $priv = "-privkey => $privpass"; + $session_opts{'-privkey'} = $privpass; }else{ - $priv = "-privpassword => $privpass"; + $session_opts{'-privpassword'} = $privpass; } } + + $session_opts{'-privprotocol'} = $privproto if(defined $privproto); } # Context name defined or default - unless ( defined $context) { $context = ""; } - - }else { - usage(); - exit $ERRORS{'UNKNOWN'}; ; + usage("Security level or name is not defined"); } } # end snmpv3 - # for snmp v1 & v2c we default to community = "public" - # Excluded interfaces types (ifType) (backup interfaces, dial-on demand interfaces, PPP interfaces if (defined $opt_x) { my @x = split(/,/, $opt_x); @@ -380,79 +407,16 @@ sub process_arguments() { } if (! utils::is_hostname($hostname)){ - usage(); + usage("Hostname invalid or not given"); exit $ERRORS{"UNKNOWN"}; } - # create SNMP session handle based on options passed. - - if ( ! $snmp_version ) { - $snmp_version =1 ; - }else{ - if ( $snmp_version =~ /[12]/ ) { - - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -community => $community, - -port => $port, - -version => $snmp_version, - -maxmsgsize => $maxmsgsize - ); - - if (!defined($session)) { - $state='UNKNOWN'; - $answer=$error; - print ("$state: $answer"); - exit $ERRORS{$state}; - } - - }elsif ( $snmp_version =~ /3/ ) { - - if ($seclevel eq 'noAuthNoPriv') { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - ); - - }elsif ( $seclevel eq 'authNoPriv' ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - -authprotocol => $authproto, - $auth - ); - }elsif ($seclevel eq 'authPriv' ) { - ($session, $error) = Net::SNMP->session( - -hostname => $hostname, - -port => $port, - -version => $snmp_version, - -username => $secname, - -authprotocol => $authproto, - $auth, - $priv - ); - } - - - if (!defined($session)) { - $state='UNKNOWN'; - $answer=$error; - print ("$state: $answer"); - exit $ERRORS{$state}; - } - - }else{ + if ($snmp_version !~ /[123]/) { $state='UNKNOWN'; print ("$state: No support for SNMP v$snmp_version yet\n"); exit $ERRORS{$state}; } -} return $ERRORS{"OK"}; - } |