From 817b6b655cafab905850db658fd189f0be6c0343 Mon Sep 17 00:00:00 2001 From: Chl Date: Wed, 6 Mar 2024 00:25:45 +0100 Subject: [PATCH] nagios/netstat: free form command (let's be wild !) (...and maybe insecure...) --- nagios/check_netstat_connectioncount.sh | 17 +++++++++++++++++ nagios/etc/76_netstat.cfg | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/nagios/check_netstat_connectioncount.sh b/nagios/check_netstat_connectioncount.sh index b1c3c1a..491fa4b 100755 --- a/nagios/check_netstat_connectioncount.sh +++ b/nagios/check_netstat_connectioncount.sh @@ -37,6 +37,9 @@ Note: Since the port is checked against the lastest ranges given, order of the arguments is important. Ex: ./check_netstat_connectioncount.sh -w 1:5 -c 1:10 -p 22 -p listen-unix:X11 -w 1:50 -c 1:100 -p 80 -p 443 +Note 2: grep's return code can be different from 0 so remember to wrap it : + ./check_netstat_connectioncount.sh -w 1:10 -c 1:20 -p cmd:weird_cpt:'ls /tmp | (grep -c "private" || true )' + Special values for 'port' : all all-ipv4 @@ -46,6 +49,7 @@ Special values for 'port' : listen-ipv6 listen-unix listen-unix:PATTERN + cmd:LABEL:SHELL COMMAND LINE Default values: warning_range: $RANGE_WARNING @@ -145,6 +149,19 @@ while getopts hw:c:p: f; do CPT="$( $COMMAND_SYS -xl | tail -n +2 | grep "$( echo "$OPTARG" | sed 's/^listen-unix://' )" | wc -l )" PORT_NUMBER=$OPTARG # risque de bug côté superviseur ? ;; + 'cmd:'*) + # Free form. Should be 'cmd: