Package: monitoring-plugins

Package: monitoring-plugins / 2.4.0-5

Metadata

Package	Version	Patches format
monitoring-plugins	2.4.0-5	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
02_check_icmp_links \| (download)	plugins-root/Makefile.am \| 3 2 + 1 - 0 ! plugins-root/Makefile.in \| 3 2 + 1 - 0 ! 2 files changed, 4 insertions(+), 2 deletions(-)	---
03_epn \| (download)	plugins-scripts/check_disk_smb.pl \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
04_lmstat_path \| (download)	plugins-scripts/utils.pm.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
10_check_curl_fix_redirects \| (download)	plugins/check_curl.c \| 15 10 + 5 - 0 ! plugins/tests/check_curl.t \| 14 11 + 3 - 0 ! plugins/tests/check_http.t \| 12 11 + 1 - 0 ! 3 files changed, 32 insertions(+), 9 deletions(-)	[patch] check_curl: fix relative redirects on non-standard port Having a webserver respond with a relative redirect as for ex. in `Location: /path/to.html` check_curl would use the wrong standard http/https port instead of crafting the absolute url using the given scheme/hostname and port. Adding a new test case for this for check_http and check_curl. check_http did it correct already, so no fix necessary there. before: %>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv ** HEADER ** HTTP/1.1 302 Found ... Location: /redirect2 ... * Seen redirect location /redirect2 scheme: (null) host: (null) port: (null) path: /redirect2 Redirection to http://127.0.0.1:80/redirect2 fixed: %>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv ** HEADER ** HTTP/1.1 302 Found ... Location: /redirect2 ... * Seen redirect location /redirect2 scheme: (null) host: (null) port: (null) path: /redirect2 Redirection to http://127.0.0.1:50493/redirect2 Signed-off-by: Sven Nierlein <sven@nierlein.de>
11_check_curl_raise_ssl_issue \| (download)	plugins/check_curl.c \| 17 9 + 8 - 0 ! 1 file changed, 9 insertions(+), 8 deletions(-)	[patch] check_curl: raise ssl issue when --continue-after-certificate is used This change aims to raise the worst status between the SSL check and the HTTP check. before: check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22807 bytes in 0.076 second response time \|time=0.075516s;;;0.000000;10.000000 size=22807B;;;0; 0 after: /usr/lib/nagios/ovh/check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22840 bytes in 0.090 second response time \|time=0.090463s;;;0.000000;10.000000 size=22840B;;;0; 2
12_check_curl_add_docu \| (download)	plugins/check_curl.c \| 9 6 + 3 - 0 ! 1 file changed, 6 insertions(+), 3 deletions(-)	[patch] check_curl: documentation for --certificate, --cookie-jar From the mere help output for -C / --certificate, I was confused about what its two integer parameters do. Unfortunately, I also missed out on the explaining examples later. Since I like to have basic documentation for each flag, I tried to make the arguments as short as possible. The other fix was one hyphen too many for the --cookie-jar option.
13_check_mysql_fix_variables \| (download)	plugins/check_mysql.c \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	---
14_check_curl_remove_experimental_state \| (download)	plugins/check_curl.c \| 2 0 + 2 - 0 ! 1 file changed, 2 deletions(-)	---
15_check_curl_fix_regex \| (download)	plugins/check_curl.c \| 10 5 + 5 - 0 ! 1 file changed, 5 insertions(+), 5 deletions(-)	[patch 1/3] check_curl: fix help for state regex option The help output of `check-curl` contained a typo, the real option is `state-regex` and not `regex-state` as the help suggests. Also added the two possible options to avoid confusion.
16_check_curl_openssl_error \| (download)	plugins/check_curl.c \| 29 22 + 7 - 0 ! 1 file changed, 22 insertions(+), 7 deletions(-)	[patch] fix check_curl: openssl ssl_read: error:0a000126:ssl routines::unexpected eof while reading, errno 0 using check_curl on a probably embedded device responding as 'Server: GoAhead-Webs' %> check_curl -H ... -S -vvv > GET / HTTP/1.1 Host: ... User-Agent: check_curl/v2.4.0 (monitoring-plugins 2.4.0, libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0) Accept: / Connection: close * Mark bundle as not supporting multiuse * HTTP 1.0, assume close after body < HTTP/1.0 302 Redirect < Server: GoAhead-Webs < Date: Tue Mar 26 17:57:16 2019 < Cache-Control: no-cache, no-store, must-revalidate,private < Pragma: no-cache < Expires: 0 < Content-Type: text/html < X-Frame-Options: sameorigin < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Location: https://... < * OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0 * Closing connection 0 reading the discussion on https://github.com/openssl/openssl/discussions/22690 suggest to set the option SSL_OP_IGNORE_UNEXPECTED_EOF which makes check_curl behave like check_http at this point. Since this is a rather new flag, fencing it in ifdefs. And since there can only be one ssl ctx function, we need to move both tasks into one function.
17_check_fping_dontfrag_random \| (download)	plugins/check_fping.c \| 22 20 + 2 - 0 ! 1 file changed, 20 insertions(+), 2 deletions(-)	[patch] add dontfrag/random for fping Support the dont fragment and randomise packet data options for check_fping
18_check_curl_fix_TLS_notes \| (download)	plugins/check_curl.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] check_curl: update tls notification notes
19_check_curl_cookie_handling \| (download)	plugins/check_curl.c \| 8 7 + 1 - 0 ! 1 file changed, 7 insertions(+), 1 deletion(-)	[patch] check_curl: enable internal cookie handling This enables us to enable curl cookie engine by specifying an empty filename as the cookie jar file. This works, since curl's CURLOPT_COOKIEFILE option allows passing an empty string as filename, which it interprets as a request to enable the cookie processing. But since CURLOPT_COOKIEJAR would now attempt to write to a file named by an empty filename, it would break again (or at least produce a warning in verbose output). Overall this is allows to handle checking URLs with cookie based sessions without persisting the cookies to disk, by using the curl-internal redirect following.
20_check_icmp_fix_rtmin \| (download)	plugins-root/check_icmp.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] check_icmp: set rtmin initially
21_check_http_state_regex \| (download)	plugins/check_http.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] check_http: fix documentation for --state-regex
22_check_by_ssh_missing_options \| (download)	plugins/check_by_ssh.c \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	[patch] check_by_ssh: remove warning/critical from help
23_sslutils_fix_error_message \| (download)	plugins/sslutils.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] change error message for missing certificate The old error message is quite similar to the openssl `failed to retrieve issuer certificate` and can mislead users to troubleshooting certificate stores. The new message should be distinct enough to make it clear to users that this is not a problem raised by the underlying SSL implementation, but a problem inside monitoring-plugins.
24_check_http_deprecation \| (download)	plugins/check_http.c \| 10 10 + 0 - 0 ! 1 file changed, 10 insertions(+)	[patch] check_http: adding deprecation text
25_check_users_sd_get_uids \| (download)	plugins/check_users.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] check_users: use sd_get_uids instead of sd_get_session Previously check_users in combination with systemd used sd_get_sessions (3) to aquire the number of users, probably with the idea that every users opens a session. Turns out, that a user can have multiple sessions and we only really want to know how many users there are. This commit changes to sd_get_uids (3) to achieve that target.
26_check_mysql_replica \| (download)	plugins/check_mysql.c \| 95 77 + 18 - 0 ! 1 file changed, 77 insertions(+), 18 deletions(-)	[patch 1/2] add mysql server version dectection and adaptive replica query
27_check_mysql_fix_replica \| (download)	plugins/check_mysql.c \| 40 14 + 26 - 0 ! 1 file changed, 14 insertions(+), 26 deletions(-)	---

Patch	File delta	Description
02_check_icmp_links \| (download)	plugins-root/Makefile.am \| 3 2 + 1 - 0 ! plugins-root/Makefile.in \| 3 2 + 1 - 0 ! 2 files changed, 4 insertions(+), 2 deletions(-)	---
03_epn \| (download)	plugins-scripts/check_disk_smb.pl \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
04_lmstat_path \| (download)	plugins-scripts/utils.pm.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
10_check_curl_fix_redirects \| (download)	plugins/check_curl.c \| 15 10 + 5 - 0 ! plugins/tests/check_curl.t \| 14 11 + 3 - 0 ! plugins/tests/check_http.t \| 12 11 + 1 - 0 ! 3 files changed, 32 insertions(+), 9 deletions(-)	[patch] check_curl: fix relative redirects on non-standard port Having a webserver respond with a relative redirect as for ex. in `Location: /path/to.html` check_curl would use the wrong standard http/https port instead of crafting the absolute url using the given scheme/hostname and port. Adding a new test case for this for check_http and check_curl. check_http did it correct already, so no fix necessary there. before: %>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv ** HEADER ** HTTP/1.1 302 Found ... Location: /redirect2 ... * Seen redirect location /redirect2 scheme: (null) host: (null) port: (null) path: /redirect2 Redirection to http://127.0.0.1:80/redirect2 fixed: %>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv ** HEADER ** HTTP/1.1 302 Found ... Location: /redirect2 ... * Seen redirect location /redirect2 scheme: (null) host: (null) port: (null) path: /redirect2 Redirection to http://127.0.0.1:50493/redirect2 Signed-off-by: Sven Nierlein <sven@nierlein.de>
11_check_curl_raise_ssl_issue \| (download)	plugins/check_curl.c \| 17 9 + 8 - 0 ! 1 file changed, 9 insertions(+), 8 deletions(-)	[patch] check_curl: raise ssl issue when --continue-after-certificate is used This change aims to raise the worst status between the SSL check and the HTTP check. before: check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22807 bytes in 0.076 second response time \|time=0.075516s;;;0.000000;10.000000 size=22807B;;;0; 0 after: /usr/lib/nagios/ovh/check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22840 bytes in 0.090 second response time \|time=0.090463s;;;0.000000;10.000000 size=22840B;;;0; 2
12_check_curl_add_docu \| (download)	plugins/check_curl.c \| 9 6 + 3 - 0 ! 1 file changed, 6 insertions(+), 3 deletions(-)	[patch] check_curl: documentation for --certificate, --cookie-jar From the mere help output for -C / --certificate, I was confused about what its two integer parameters do. Unfortunately, I also missed out on the explaining examples later. Since I like to have basic documentation for each flag, I tried to make the arguments as short as possible. The other fix was one hyphen too many for the --cookie-jar option.
13_check_mysql_fix_variables \| (download)	plugins/check_mysql.c \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	---
14_check_curl_remove_experimental_state \| (download)	plugins/check_curl.c \| 2 0 + 2 - 0 ! 1 file changed, 2 deletions(-)	---
15_check_curl_fix_regex \| (download)	plugins/check_curl.c \| 10 5 + 5 - 0 ! 1 file changed, 5 insertions(+), 5 deletions(-)	[patch 1/3] check_curl: fix help for state regex option The help output of `check-curl` contained a typo, the real option is `state-regex` and not `regex-state` as the help suggests. Also added the two possible options to avoid confusion.
16_check_curl_openssl_error \| (download)	plugins/check_curl.c \| 29 22 + 7 - 0 ! 1 file changed, 22 insertions(+), 7 deletions(-)	[patch] fix check_curl: openssl ssl_read: error:0a000126:ssl routines::unexpected eof while reading, errno 0 using check_curl on a probably embedded device responding as 'Server: GoAhead-Webs' %> check_curl -H ... -S -vvv > GET / HTTP/1.1 Host: ... User-Agent: check_curl/v2.4.0 (monitoring-plugins 2.4.0, libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0) Accept: / Connection: close * Mark bundle as not supporting multiuse * HTTP 1.0, assume close after body < HTTP/1.0 302 Redirect < Server: GoAhead-Webs < Date: Tue Mar 26 17:57:16 2019 < Cache-Control: no-cache, no-store, must-revalidate,private < Pragma: no-cache < Expires: 0 < Content-Type: text/html < X-Frame-Options: sameorigin < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Location: https://... < * OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0 * Closing connection 0 reading the discussion on https://github.com/openssl/openssl/discussions/22690 suggest to set the option SSL_OP_IGNORE_UNEXPECTED_EOF which makes check_curl behave like check_http at this point. Since this is a rather new flag, fencing it in ifdefs. And since there can only be one ssl ctx function, we need to move both tasks into one function.
17_check_fping_dontfrag_random \| (download)	plugins/check_fping.c \| 22 20 + 2 - 0 ! 1 file changed, 20 insertions(+), 2 deletions(-)	[patch] add dontfrag/random for fping Support the dont fragment and randomise packet data options for check_fping
18_check_curl_fix_TLS_notes \| (download)	plugins/check_curl.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] check_curl: update tls notification notes
19_check_curl_cookie_handling \| (download)	plugins/check_curl.c \| 8 7 + 1 - 0 ! 1 file changed, 7 insertions(+), 1 deletion(-)	[patch] check_curl: enable internal cookie handling This enables us to enable curl cookie engine by specifying an empty filename as the cookie jar file. This works, since curl's CURLOPT_COOKIEFILE option allows passing an empty string as filename, which it interprets as a request to enable the cookie processing. But since CURLOPT_COOKIEJAR would now attempt to write to a file named by an empty filename, it would break again (or at least produce a warning in verbose output). Overall this is allows to handle checking URLs with cookie based sessions without persisting the cookies to disk, by using the curl-internal redirect following.
20_check_icmp_fix_rtmin \| (download)	plugins-root/check_icmp.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] check_icmp: set rtmin initially
21_check_http_state_regex \| (download)	plugins/check_http.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] check_http: fix documentation for --state-regex
22_check_by_ssh_missing_options \| (download)	plugins/check_by_ssh.c \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	[patch] check_by_ssh: remove warning/critical from help
23_sslutils_fix_error_message \| (download)	plugins/sslutils.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] change error message for missing certificate The old error message is quite similar to the openssl `failed to retrieve issuer certificate` and can mislead users to troubleshooting certificate stores. The new message should be distinct enough to make it clear to users that this is not a problem raised by the underlying SSL implementation, but a problem inside monitoring-plugins.
24_check_http_deprecation \| (download)	plugins/check_http.c \| 10 10 + 0 - 0 ! 1 file changed, 10 insertions(+)	[patch] check_http: adding deprecation text
25_check_users_sd_get_uids \| (download)	plugins/check_users.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] check_users: use sd_get_uids instead of sd_get_session Previously check_users in combination with systemd used sd_get_sessions (3) to aquire the number of users, probably with the idea that every users opens a session. Turns out, that a user can have multiple sessions and we only really want to know how many users there are. This commit changes to sd_get_uids (3) to achieve that target.
26_check_mysql_replica \| (download)	plugins/check_mysql.c \| 95 77 + 18 - 0 ! 1 file changed, 77 insertions(+), 18 deletions(-)	[patch 1/2] add mysql server version dectection and adaptive replica query
27_check_mysql_fix_replica \| (download)	plugins/check_mysql.c \| 40 14 + 26 - 0 ! 1 file changed, 14 insertions(+), 26 deletions(-)	---