aboutsummaryrefslogtreecommitdiff
path: root/plugins-scripts
diff options
context:
space:
mode:
authorGravatar Matthias Eble <psychotrahe@gmx.de> 2009-06-11 01:17:58 +0200
committerGravatar Matthias Eble <psychotrahe@gmx.de> 2009-06-11 01:17:58 +0200
commit5195074095cac48dd15d857bce69c1aa909ec2b2 (patch)
tree6ebdfa3f9472c678e6a9df183f260205986b6860 /plugins-scripts
parentaff6140989777cbf128e9e4d6e35531372c284c1 (diff)
downloadmonitoring-plugins-5195074095cac48dd15d857bce69c1aa909ec2b2.tar.gz
Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
check_ifoperstatus didn't function correctly with SNMPv3. This is fixed now. Created argument-hash for SNMP session creation. This removes redundant code. Session creation was moved out of process_arguments() and now takes place after setting the timeout handler. Additionally the -x argument was added to specify the privprotocol.
Diffstat (limited to 'plugins-scripts')
-rwxr-xr-xplugins-scripts/check_ifoperstatus.pl110
1 files changed, 39 insertions, 71 deletions
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl
index d0a1655a..503f1e41 100755
--- a/plugins-scripts/check_ifoperstatus.pl
+++ b/plugins-scripts/check_ifoperstatus.pl
@@ -61,7 +61,7 @@ my $answer = "";
my $snmpkey = 0;
my $community = "public";
my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
-my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context);
+my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
my $port = 161;
my @snmpoids;
my $sysUptime = '1.3.6.1.2.1.1.3.0';
@@ -89,12 +89,14 @@ my $lastc;
my $dormantWarn;
my $adminWarn;
my $name;
+my %session_opts;
### Validate Arguments
$status = process_arguments();
+use Data::Dumper;
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print ("ERROR: No snmp response from $hostname (alarm)\n");
@@ -103,6 +105,16 @@ $SIG{'ALRM'} = sub {
alarm($timeout);
+print Dumper(\%session_opts);
+($session, $error) = Net::SNMP->session(%session_opts);
+
+
+if (!defined($session)) {
+ $state='UNKNOWN';
+ $answer=$error;
+ print ("$state: $answer\n");
+ exit $ERRORS{$state};
+}
## map ifdescr to ifindex - should look at being able to cache this value
@@ -293,6 +305,7 @@ sub print_help() {
printf " -X (--privpass) privacy password (cleartext ascii or localized key\n";
printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n";
printf " privacy password and authEngineID\n";
+ printf " -x (--privproto) privacy protocol (DES or AES; default: DES)\n";
printf " -k (--key) SNMP IfIndex value\n";
printf " -d (--descr) SNMP ifDescr value\n";
printf " -T (--type) SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
@@ -327,6 +340,7 @@ sub process_arguments() {
"U=s" => \$secname, "secname=s" => \$secname,
"A=s" => \$authpass, "authpass=s" => \$authpass,
"X=s" => \$privpass, "privpass=s" => \$privpass,
+ "x=s" => \$privproto, "privproto=s" => \$privproto,
"c=s" => \$context, "context=s" => \$context,
"k=i" => \$snmpkey, "key=i",\$snmpkey,
"d=s" => \$ifdescr, "descr=s" => \$ifdescr,
@@ -387,10 +401,27 @@ sub process_arguments() {
$timeout = $TIMEOUT;
}
+
+ if ($snmp_version !~ /[123]/){
+ $state='UNKNOWN';
+ print ("$state: No support for SNMP v$snmp_version yet\n");
+ exit $ERRORS{$state};
+ }
+
+ %session_opts = (
+ -hostname => $hostname,
+ -port => $port,
+ -version => $snmp_version,
+ -maxmsgsize => $maxmsgsize
+ );
+
+ $session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
+
if ($snmp_version =~ /3/ ) {
# Must define a security level even though default is noAuthNoPriv
# v3 requires a security username
if (defined $seclevel && defined $secname) {
+ $session_opts{'-username'} = $secname;
# Must define a security level even though defualt is noAuthNoPriv
unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
@@ -400,23 +431,22 @@ sub process_arguments() {
# Authentication wanted
if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
-
unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) {
usage();
exit $ERRORS{"UNKNOWN"};
}
+ $session_opts{'-authprotocol'} = $authproto if(defined $authproto);
if ( !defined $authpass) {
usage();
exit $ERRORS{"UNKNOWN"};
}else{
if ($authpass =~ /^0x/ ) {
- $auth = "-authkey => $authpass" ;
+ $session_opts{'-authkey'} = $authpass ;
}else{
- $auth = "-authpassword => $authpass";
+ $session_opts{'-authpassword'} = $authpass ;
}
}
-
}
# Privacy (DES encryption) wanted
@@ -426,21 +456,20 @@ sub process_arguments() {
exit $ERRORS{"UNKNOWN"};
}else{
if ($privpass =~ /^0x/){
- $priv = "-privkey => $privpass";
+ $session_opts{'-privkey'} = $privpass;
}else{
- $priv = "-privpassword => $privpass";
+ $session_opts{'-privpassword'} = $privpass;
}
}
+
+ $session_opts{'-privprotocol'} = $privproto if(defined $privproto);
}
# Context name defined or default
-
unless ( defined $context) {
$context = "";
}
-
-
}else {
usage();
exit $ERRORS{'UNKNOWN'}; ;
@@ -448,67 +477,6 @@ sub process_arguments() {
} # end snmpv3
- if ( $snmp_version =~ /[12]/ ) {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -community => $community,
- -port => $port,
- -version => $snmp_version,
- -maxmsgsize => $maxmsgsize
- );
-
- if (!defined($session)) {
- $state='UNKNOWN';
- $answer=$error;
- print ("$state: $answer\n");
- exit $ERRORS{$state};
- }
-
- }elsif ( $snmp_version =~ /3/ ) {
-
- if ($seclevel eq 'noAuthNoPriv') {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -port => $port,
- -version => $snmp_version,
- -username => $secname,
- );
-
- }elsif ( $seclevel eq 'authNoPriv' ) {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -port => $port,
- -version => $snmp_version,
- -username => $secname,
- $auth,
- -authprotocol => $authproto,
- );
- }elsif ($seclevel eq 'authPriv' ) {
- ($session, $error) = Net::SNMP->session(
- -hostname => $hostname,
- -port => $port,
- -version => $snmp_version,
- -username => $secname,
- $auth,
- -authprotocol => $authproto,
- $priv
- );
- }
-
-
- if (!defined($session)) {
- $state='UNKNOWN';
- $answer=$error;
- print ("$state: $answer\n");
- exit $ERRORS{$state};
- }
-
- }else{
- $state='UNKNOWN';
- print ("$state: No support for SNMP v$snmp_version yet\n");
- exit $ERRORS{$state};
- }
-
}
## End validation