From 817b6b655cafab905850db658fd189f0be6c0343 Mon Sep 17 00:00:00 2001
From: Chl <chl-dev@bugness.org>
Date: Wed, 6 Mar 2024 00:25:45 +0100
Subject: [PATCH] nagios/netstat: free form command (let's be wild !)

(...and maybe insecure...)
---
 nagios/check_netstat_connectioncount.sh | 17 +++++++++++++++++
 nagios/etc/76_netstat.cfg               |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/nagios/check_netstat_connectioncount.sh b/nagios/check_netstat_connectioncount.sh
index b1c3c1a..491fa4b 100755
--- a/nagios/check_netstat_connectioncount.sh
+++ b/nagios/check_netstat_connectioncount.sh
@@ -37,6 +37,9 @@ Note: Since the port is checked against the lastest ranges given, order
       of the arguments is important. Ex:
       ./check_netstat_connectioncount.sh -w 1:5 -c 1:10 -p 22 -p listen-unix:X11 -w 1:50 -c 1:100 -p 80 -p 443
 
+Note 2: grep's return code can be different from 0 so remember to wrap it :
+  ./check_netstat_connectioncount.sh -w 1:10 -c 1:20 -p cmd:weird_cpt:'ls /tmp | (grep -c "private" || true )'
+
 Special values for 'port' :
 	all
 	all-ipv4
@@ -46,6 +49,7 @@ Special values for 'port' :
 	listen-ipv6
 	listen-unix
 	listen-unix:PATTERN
+	cmd:LABEL:SHELL COMMAND LINE
 
 Default values:
 	warning_range:	$RANGE_WARNING
@@ -145,6 +149,19 @@ while getopts hw:c:p: f; do
 					CPT="$( $COMMAND_SYS -xl | tail -n +2 | grep "$( echo "$OPTARG" | sed 's/^listen-unix://' )" | wc -l )"
 					PORT_NUMBER=$OPTARG  # risque de bug côté superviseur ?
 					;;
+				'cmd:'*)
+					# Free form. Should be 'cmd:<label>:<shell commands returning a number>'
+					LABEL="$( echo "$OPTARG" | sed -n 's/^cmd:\([^:]\+\):.*/\1/p' )"
+					PORT_NUMBER="$LABEL"
+					CUSTOM_CMD="$( echo "$OPTARG" | sed -n 's/^cmd:\([^:]\+\):\(.*\)/\2/p' )"
+					if [ -z "$LABEL" ] || [ -z "$CUSTOM_CMD" ]; then
+						echo "UNKNOWN: empty label or command in '$OPTARG' (should be cmd:LABEL:COMMAND LINE)"
+						exit 3
+					fi
+					# If the command fail, this script will stop and the output code will
+					# be different than 0 so it shouldn't pass unnoticed.
+					CPT="$( sh -c "$CUSTOM_CMD" )"
+					;;
 				*)
 					PORT_NUMBER=$( printf "%d" "$OPTARG" )
 					LABEL="port$PORT_NUMBER"
diff --git a/nagios/etc/76_netstat.cfg b/nagios/etc/76_netstat.cfg
index 2eadb7d..0eeee5c 100644
--- a/nagios/etc/76_netstat.cfg
+++ b/nagios/etc/76_netstat.cfg
@@ -1,3 +1,3 @@
 # Commande de check sur le nombre de connexions TCP et UDP
 command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22
-#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22  -w 1:100 -c 1:200 -p80 -p 443 
+#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22  -w 1:100 -c 1:200 -p80 -p 443  -p all -p listen-unix