nagios/netstat: free form command (let's be wild !)

(...and maybe insecure...)
2024-03-06 00:25:45 +01:00 · 2024-03-06 00:25:45 +01:00 · 817b6b655c
parent 775e35d759
commit 817b6b655c
2 changed files with 18 additions and 1 deletions
--- a/nagios/check_netstat_connectioncount.sh
+++ b/nagios/check_netstat_connectioncount.sh
@ -37,6 +37,9 @@ Note: Since the port is checked against the lastest ranges given, order
      of the arguments is important. Ex:
      ./check_netstat_connectioncount.sh -w 1:5 -c 1:10 -p 22 -p listen-unix:X11 -w 1:50 -c 1:100 -p 80 -p 443

+Note 2: grep's return code can be different from 0 so remember to wrap it :
+  ./check_netstat_connectioncount.sh -w 1:10 -c 1:20 -p cmd:weird_cpt:'ls /tmp | (grep -c "private" || true )'
+
 Special values for 'port' :
 	all
 	all-ipv4
@ -46,6 +49,7 @@ Special values for 'port' :
 	listen-ipv6
 	listen-unix
 	listen-unix:PATTERN
+	cmd:LABEL:SHELL COMMAND LINE

 Default values:
 	warning_range:	$RANGE_WARNING
@ -145,6 +149,19 @@ while getopts hw:c:p: f; do
 					CPT="$( $COMMAND_SYS -xl | tail -n +2 | grep "$( echo "$OPTARG" | sed 's/^listen-unix://' )" | wc -l )"
 					PORT_NUMBER=$OPTARG  # risque de bug côté superviseur ?
 					;;
+				'cmd:'*)
+					# Free form. Should be 'cmd:<label>:<shell commands returning a number>'
+					LABEL="$( echo "$OPTARG" | sed -n 's/^cmd:\([^:]\+\):.*/\1/p' )"
+					PORT_NUMBER="$LABEL"
+					CUSTOM_CMD="$( echo "$OPTARG" | sed -n 's/^cmd:\([^:]\+\):\(.*\)/\2/p' )"
+					if [ -z "$LABEL" ] || [ -z "$CUSTOM_CMD" ]; then
+						echo "UNKNOWN: empty label or command in '$OPTARG' (should be cmd:LABEL:COMMAND LINE)"
+						exit 3
+					fi
+					# If the command fail, this script will stop and the output code will
+					# be different than 0 so it shouldn't pass unnoticed.
+					CPT="$( sh -c "$CUSTOM_CMD" )"
+					;;
 				*)
 					PORT_NUMBER=$( printf "%d" "$OPTARG" )
 					LABEL="port$PORT_NUMBER"
--- a/nagios/etc/76_netstat.cfg
+++ b/nagios/etc/76_netstat.cfg
@ -1,3 +1,3 @@
 # Commande de check sur le nombre de connexions TCP et UDP
 command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22
-#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22  -w 1:100 -c 1:200 -p80 -p 443 
+#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22  -w 1:100 -c 1:200 -p80 -p 443  -p all -p listen-unix