탐색 도움말
로그인
LBP
/
nagios-plugins
의 미러 https://github.com/nagios-plugins/nagios-plugins.git
4
0
포크 0
파일 이슈 0 위키
소스 검색

Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)

check_ifoperstatus didn't function correctly with SNMPv3. This is fixed now.
Created argument-hash for SNMP session creation. This removes redundant code.
Session creation was moved out of process_arguments() and now takes place
after setting the timeout handler.

Additionally the -x argument was added to specify the privprotocol.
Matthias Eble 16 년 전
부모
aff6140989
커밋
5195074095
2개의 변경된 파일40개의 추가작업 그리고 71개의 파일을 삭제
분할 보기 변경상태 보기
  1. 1 0
      NEWS
  2. 39 71
      plugins-scripts/check_ifoperstatus.pl

+ 1 - 0
NEWS
파일 보기 

@@ -39,6 +39,7 @@ This file documents the major additions and syntax changes between releases.
 
 	Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675)
 
 	check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds
 
 	check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster)
 
+	Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
 
 
 1.4.13 25th Sept 2008
 
 	Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen)

+ 39 - 71
plugins-scripts/check_ifoperstatus.pl
파일 보기 

@@ -61,7 +61,7 @@ my $answer = "";
 
 my $snmpkey = 0;
 
 my $community = "public";
 
 my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
 
-my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context);
 
+my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
 
 my $port = 161;
 
 my @snmpoids;
 
 my $sysUptime        = '1.3.6.1.2.1.1.3.0';
 
@@ -89,12 +89,14 @@ my $lastc;
 
 my $dormantWarn;
 
 my $adminWarn;
 
 my $name;
 
+my %session_opts;
 
 
 ### Validate Arguments
 
 
 $status = process_arguments();
 
 
 
+use Data::Dumper;
 
 # Just in case of problems, let's not hang Nagios
 
 $SIG{'ALRM'} = sub {
 
      print ("ERROR: No snmp response from $hostname (alarm)\n");
 
@@ -103,6 +105,16 @@ $SIG{'ALRM'} = sub {
 
 
 alarm($timeout);
 
 
+print Dumper(\%session_opts);
 
+($session, $error) = Net::SNMP->session(%session_opts);
 
+
 
+		
+if (!defined($session)) {
 
+			$state='UNKNOWN';
 
+			$answer=$error;
 
+			print ("$state: $answer\n");
 
+			exit $ERRORS{$state};
 
+}
 
 
 ## map ifdescr to ifindex - should look at being able to cache this value
 
 
@@ -293,6 +305,7 @@ sub print_help() {
 
 	printf "   -X (--privpass)   privacy password (cleartext ascii or localized key\n";
 
 	printf "                     in hex with 0x prefix generated by using	\"snmpkey\" utility\n"; 
 	printf "                     privacy password and authEngineID\n";
 
+	printf "   -x (--privproto)  privacy protocol (DES or AES; default: DES)\n";
 
 	printf "   -k (--key)        SNMP IfIndex value\n";
 
 	printf "   -d (--descr)      SNMP ifDescr value\n";
 
 	printf "   -T (--type)       SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
 
@@ -327,6 +340,7 @@ sub process_arguments() {
 
 			"U=s" => \$secname,   "secname=s"   => \$secname,
 
 			"A=s" => \$authpass,  "authpass=s"  => \$authpass,
 
 			"X=s" => \$privpass,  "privpass=s"  => \$privpass,
 
+			"x=s" => \$privproto,  "privproto=s"  => \$privproto,
 
 			"c=s" => \$context,   "context=s"   => \$context,
 
 			"k=i" => \$snmpkey, "key=i",\$snmpkey,
 
 			"d=s" => \$ifdescr, "descr=s" => \$ifdescr,
 
@@ -387,10 +401,27 @@ sub process_arguments() {
 
 		$timeout = $TIMEOUT;
 
 	}
 
 
+		
+	if ($snmp_version !~ /[123]/){
 
+		$state='UNKNOWN';
 
+		print ("$state: No support for SNMP v$snmp_version yet\n");
 
+		exit $ERRORS{$state};
 
+	}
 
+
 
+	%session_opts = (
 
+		-hostname  => $hostname,
 
+		-port      => $port,
 
+		-version	=> $snmp_version,
 
+		-maxmsgsize => $maxmsgsize
 
+	);
 
+
 
+	$session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
 
+
 
 	if ($snmp_version =~ /3/ ) {
 
 		# Must define a security level even though default is noAuthNoPriv
 
 		# v3 requires a security username
 
 		if (defined $seclevel  && defined $secname) {
 
+			$session_opts{'-username'} = $secname;
 
 		
 			# Must define a security level even though defualt is noAuthNoPriv
 
 			unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
 
@@ -400,23 +431,22 @@ sub process_arguments() {
 
 			
 			# Authentication wanted
 
 			if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
 
-		
 				unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) {
 
 					usage();
 
 					exit $ERRORS{"UNKNOWN"};
 
 				}
 
+				$session_opts{'-authprotocol'} = $authproto if(defined $authproto);
 
 
 				if ( !defined $authpass) {
 
 					usage();
 
 					exit $ERRORS{"UNKNOWN"};
 
 				}else{
 
 					if ($authpass =~ /^0x/ ) {
 
-						$auth = "-authkey => $authpass" ;
 
+						$session_opts{'-authkey'} = $authpass ;
 
 					}else{
 
-						$auth = "-authpassword => $authpass";
 
+						$session_opts{'-authpassword'} = $authpass ;
 
 					}
 
 				}
 
-					
 			}
 
 			
 			# Privacy (DES encryption) wanted
 
@@ -426,21 +456,20 @@ sub process_arguments() {
 
 					exit $ERRORS{"UNKNOWN"};
 
 				}else{
 
 					if ($privpass =~ /^0x/){
 
-						$priv = "-privkey => $privpass";
 
+						$session_opts{'-privkey'} = $privpass;
 
 					}else{
 
-						$priv = "-privpassword => $privpass";
 
+						$session_opts{'-privpassword'} = $privpass;
 
 					}
 
 				}
 
+
 
+				$session_opts{'-privprotocol'} = $privproto if(defined $privproto);
 
 			}
 
 
 			# Context name defined or default
 
-
 
 			unless ( defined $context) {
 
 				$context = "";
 
 			}
 
 		
-		
-		
 		}else {
 
 					usage();
 
 					exit $ERRORS{'UNKNOWN'}; ;
 
@@ -448,67 +477,6 @@ sub process_arguments() {
 
 	} # end snmpv3
 
 
 
-	if ( $snmp_version =~ /[12]/ ) {
 
-  	($session, $error) = Net::SNMP->session(
 
-			-hostname  => $hostname,
 
-			-community => $community,
 
-			-port      => $port,
 
-			-version	=> $snmp_version,
 
-			-maxmsgsize => $maxmsgsize
 
-		);
 
-
 
-		if (!defined($session)) {
 
-			$state='UNKNOWN';
 
-			$answer=$error;
 
-			print ("$state: $answer\n");
 
-			exit $ERRORS{$state};
 
-		}
 
-	
-	}elsif ( $snmp_version =~ /3/ ) {
 
-
 
-		if ($seclevel eq 'noAuthNoPriv') {
 
-			($session, $error) = Net::SNMP->session(
 
-				-hostname  => $hostname,
 
-				-port      => $port,
 
-				-version  => $snmp_version,
 
-				-username => $secname,
 
-			);
 
-
 
-		}elsif ( $seclevel eq 'authNoPriv' ) {
 
-			($session, $error) = Net::SNMP->session(
 
-				-hostname  => $hostname,
 
-				-port      => $port,
 
-				-version  => $snmp_version,
 
-				-username => $secname,
 
-				$auth,
 
-				-authprotocol => $authproto,
 
-			);	
-		}elsif ($seclevel eq 'authPriv' ) {
 
-			($session, $error) = Net::SNMP->session(
 
-				-hostname  => $hostname,
 
-				-port      => $port,
 
-				-version  => $snmp_version,
 
-				-username => $secname,
 
-				$auth,
 
-				-authprotocol => $authproto,
 
-				$priv
 
-			);
 
-		}
 
-					
-					
-		if (!defined($session)) {
 
-					$state='UNKNOWN';
 
-					$answer=$error;
 
-					print ("$state: $answer\n");
 
-					exit $ERRORS{$state};
 
-		}
 
-
 
-	}else{
 
-		$state='UNKNOWN';
 
-		print ("$state: No support for SNMP v$snmp_version yet\n");
 
-		exit $ERRORS{$state};
 
-	}
 
-
 
 }
 
 ## End validation