1
0
Fork 0

nagios/netstat: free form command (let's be wild !)

(...and maybe insecure...)
This commit is contained in:
Chl 2024-03-06 00:25:45 +01:00
parent 775e35d759
commit 817b6b655c
2 changed files with 18 additions and 1 deletions

View file

@ -37,6 +37,9 @@ Note: Since the port is checked against the lastest ranges given, order
of the arguments is important. Ex:
./check_netstat_connectioncount.sh -w 1:5 -c 1:10 -p 22 -p listen-unix:X11 -w 1:50 -c 1:100 -p 80 -p 443
Note 2: grep's return code can be different from 0 so remember to wrap it :
./check_netstat_connectioncount.sh -w 1:10 -c 1:20 -p cmd:weird_cpt:'ls /tmp | (grep -c "private" || true )'
Special values for 'port' :
all
all-ipv4
@ -46,6 +49,7 @@ Special values for 'port' :
listen-ipv6
listen-unix
listen-unix:PATTERN
cmd:LABEL:SHELL COMMAND LINE
Default values:
warning_range: $RANGE_WARNING
@ -145,6 +149,19 @@ while getopts hw:c:p: f; do
CPT="$( $COMMAND_SYS -xl | tail -n +2 | grep "$( echo "$OPTARG" | sed 's/^listen-unix://' )" | wc -l )"
PORT_NUMBER=$OPTARG # risque de bug côté superviseur ?
;;
'cmd:'*)
# Free form. Should be 'cmd:<label>:<shell commands returning a number>'
LABEL="$( echo "$OPTARG" | sed -n 's/^cmd:\([^:]\+\):.*/\1/p' )"
PORT_NUMBER="$LABEL"
CUSTOM_CMD="$( echo "$OPTARG" | sed -n 's/^cmd:\([^:]\+\):\(.*\)/\2/p' )"
if [ -z "$LABEL" ] || [ -z "$CUSTOM_CMD" ]; then
echo "UNKNOWN: empty label or command in '$OPTARG' (should be cmd:LABEL:COMMAND LINE)"
exit 3
fi
# If the command fail, this script will stop and the output code will
# be different than 0 so it shouldn't pass unnoticed.
CPT="$( sh -c "$CUSTOM_CMD" )"
;;
*)
PORT_NUMBER=$( printf "%d" "$OPTARG" )
LABEL="port$PORT_NUMBER"

View file

@ -1,3 +1,3 @@
# Commande de check sur le nombre de connexions TCP et UDP
command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22
#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22 -w 1:100 -c 1:200 -p80 -p 443
#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22 -w 1:100 -c 1:200 -p80 -p 443 -p all -p listen-unix