Module: check_mk
Branch: master
Commit: d46c7d6fe8a88bceeaddc8df436ad72ff4dafede
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d46c7d6fe8a88b…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Apr 3 14:57:57 2014 +0200
New localcheck for Linux that makes sure that filesystems in /etc/fstab are mounted
The new local check is in <tt>share/doc/check_mk/treasures/localchecks/check_fstab_mounts</tt>. Simply
copy it to <tt>/usr/lib/…
[View More]check_mk_agent/local/</tt> on your Linux agents. It will alert you if any
filesystem that is listed in <tt>/etc/fstab</tt> is not being mounted. Filesystems with the option
<tt>noauto</tt> are excluded from the check.
---
.werks/751 | 11 ++++++++
ChangeLog | 1 +
doc/treasures/localchecks/check_fstab_mounts | 37 ++++++++++++++++++++++++++
3 files changed, 49 insertions(+)
diff --git a/.werks/751 b/.werks/751
new file mode 100644
index 0000000..b20f4c2
--- /dev/null
+++ b/.werks/751
@@ -0,0 +1,11 @@
+Title: New localcheck for Linux that makes sure that filesystems in /etc/fstab are mounted
+Level: 1
+Component: checks
+Version: 1.2.5i3
+Date: 1396529750
+Class: feature
+
+The new local check is in <tt>share/doc/check_mk/treasures/localchecks/check_fstab_mounts</tt>. Simply
+copy it to <tt>/usr/lib/check_mk_agent/local/</tt> on your Linux agents. It will alert you if any
+filesystem that is listed in <tt>/etc/fstab</tt> is not being mounted. Filesystems with the option
+<tt>noauto</tt> are excluded from the check.
diff --git a/ChangeLog b/ChangeLog
index d3e785a..527b30f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
1.2.5i3:
Checks & Agents:
* 0149 cisco_secure: New check for Port Security on Cisco swichtes
+ * 0751 New localcheck for Linux that makes sure that filesystems in /etc/fstab are mounted...
* 0777 FIX: special agent emcvnx: did not work with security file authentication...
Multisite:
diff --git a/doc/treasures/localchecks/check_fstab_mounts b/doc/treasures/localchecks/check_fstab_mounts
new file mode 100755
index 0000000..40b4e0a
--- /dev/null
+++ b/doc/treasures/localchecks/check_fstab_mounts
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+# This localcheck makes sure that every filesystem that is listed in /etc/fstab to
+# be mounted automatically, also appears mounted in /proc/mounts
+
+# /dev/mapper/vg0-lv--root / ext4 errors=remount-ro 0 1
+# # /boot was on /dev/md0 during installation
+# UUID=bec44dfa-7c70-4da7-857a-2e324cc230bd /boot ext4 defaults 0 2
+# /dev/mapper/vg0-lv--home /home ext4 defaults 0 2
+# tmpfs /omd/sites/aq/tmp tmpfs noauto,user,mode=755,uid=aq,gid=aq 0 0
+# tmpfs /opt/omd/sites/zentrale/tmp tmpfs noauto,user,mode=755,uid=zentrale,gid=zentrale 0 0
+# tmpfs /opt/omd/sites/hirn/tmp tmpfs noauto,user,mode=755,uid=hirn,gid=hirn 0 0
+# tmpfs /opt/omd/sites/heute/tmp tmpfs noauto,user,mode=755,uid=heute,gid=heute 0 0
+
+mounted = [ l.split()[1] for l in file("/proc/mounts") ]
+
+missing = []
+count = 0
+for line in file("/etc/fstab"):
+ if not line.strip() or line.strip().startswith("#"):
+ continue
+
+ device, mountpoint, fstype, options, rest = line.split(None, 4)
+ options = options.split(",")
+ if "noauto" not in options and mountpoint not in mounted:
+ missing.append("%s is not mounted on %s" % (device, mountpoint))
+ else:
+ count += 1
+
+if missing:
+ state = 2
+ output = ", ".join(missing)
+
+else:
+ state = 0
+ output = "All %d expected filesystems of /etc/fstab are mounted" % count
+
+print "%d Mounted_Filesystems - %s" % (state, output)
[View Less]
Module: check_mk
Branch: master
Commit: f52ff988687b3fd9f7e030844e4729da7eb73141
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f52ff988687b3f…
Author: Bastian Kuhn <bk(a)mathias-kettner.de>
Date: Thu Apr 3 09:50:07 2014 +0200
cisco_secure: New check for Port Security on Cisco swichtes
---
.werks/149 | 8 +++++
ChangeLog | 3 ++
checkman/cisco_secure | 17 ++++++++++
checks/cisco_secure | 86 ++++++++++++++++++++++++++++++++++…
[View More]+++++++++++++++
4 files changed, 114 insertions(+)
diff --git a/.werks/149 b/.werks/149
new file mode 100644
index 0000000..6aead12
--- /dev/null
+++ b/.werks/149
@@ -0,0 +1,8 @@
+Title: cisco_secure: New check for Port Security on Cisco swichtes
+Level: 1
+Component: checks
+Version: 1.2.5i3
+Date: 1396511368
+Class: feature
+
+
diff --git a/ChangeLog b/ChangeLog
index 4ed1181..7b48ed2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
1.2.5i3:
+ Checks & Agents:
+ * 0149 cisco_secure: New check for Port Security on Cisco swichtes
+
Livestatus:
* 0747 FIX: livestatus table hostsbygroup: fixed bug with group_authorization strict...
diff --git a/checkman/cisco_secure b/checkman/cisco_secure
new file mode 100644
index 0000000..c79b9cd
--- /dev/null
+++ b/checkman/cisco_secure
@@ -0,0 +1,17 @@
+title: Cisco switches: Port Security status
+agents: snmp
+catalog: hw/network/cisco
+license: GPL
+distribution: check_mk
+description:
+ This check monitors the port Security feature of cisco_switches. It returns a {CRITICAL} state for
+ each port which is locked due a security isse. If is port security configured but cant be enabled
+ the check returns {WARNING}. If a port goes down, the check ignores that and only shows a information in the
+ check output.
+
+item:
+ The description of the Port
+
+inventory:
+ One check for each port with enabled port security which is also up will be created
+
diff --git a/checks/cisco_secure b/checks/cisco_secure
new file mode 100644
index 0000000..f3e9fa6
--- /dev/null
+++ b/checks/cisco_secure
@@ -0,0 +1,86 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2013 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# ails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+def cisco_secure_convert(info):
+ data = []
+ # l[1] = Name, l[2] = Portstate
+ names = dict([ (l[0], ( l[1], l[2] )) for l in info[0]] )
+ for num, enabled, status, violationCount, lastmac in info[1]:
+ mac = ":".join(["%02s" % hex(ord(m))[2:] for m in lastmac]).replace(' ', '0')
+ data.append(( names[num][0], int(names[num][1]), int(enabled), int(status), int(violationCount), mac ))
+ return data
+
+def inventory_cisco_secure(info):
+ info = cisco_secure_convert(info)
+ inventory = []
+ for name, op_state, enabled, status, violationCount, lastmac in info:
+ #if portsecurity enabled and port up OR currently there is sercurity issue`
+ if ( enabled == 1 and op_state == 1) or status == 3:
+ inventory.append( (name, None) )
+ return inventory
+
+def check_cisco_secure(item, params, info):
+ secure_states = {
+ 1 : "full Operational",
+ 2 : "could not be enabled due to certain reasons",
+ 3 : "shutdown due to security violation"
+ }
+
+ info = cisco_secure_convert(info)
+ for name, op_state, enabled, status, violationCount, lastmac in info:
+ if name == item:
+ message = "Port Security %s (Violation Count: %s, Last Mac: %s)" % \
+ ( secure_states[status], violationCount, lastmac )
+
+ # If port cant be enabled and is up
+ if status == 2 and op_state == 1:
+ return 1, message
+ # Port cant be enabled but is down, so no error state
+ elif status == 2:
+ return 0, "Port is down"
+ # Security issue
+ elif status == 3:
+ return 2, message
+ return 0, message
+
+check_info["cisco_secure"] = {
+ "check_function" : check_cisco_secure,
+ "inventory_function" : inventory_cisco_secure,
+ "service_description" : "Security Port %s",
+ "snmp_scan_function" : lambda oid: "cisco" in oid(".1.3.6.1.2.1.1.1.0").lower() and \
+ oid(".1.3.6.1.4.1.9.9.315.1.2.1.1.1.*"),
+ "snmp_info" : [ (".1.3.6.1.2.1.2.2.1", [OID_END, 2, 8 ] ),
+ ( ".1.3.6.1.4.1.9.9.315.1.2.1.1",
+ [
+ OID_END,
+ "1", # cpsIfPortSecurityEnable
+ "2", # cpsIfPortSecurityStatus
+ "9", # cpsIfViolationCount
+ "10", # cpsIfSecureLastMacAddress
+ ] ),
+ ]
+}
+
[View Less]
fixed bug with group_authorization strict
Message-ID: <533c1351.ZuoBN8EVT1waNze9%ab(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: e29b47d102b2b1baf35a3dbc7ce8888403a743b3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e29b47d102b2b1…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed Apr 2 15:40:06 …
[View More]2014 +0200
FIX livestatus table hostsbygroup: fixed bug with group_authorization strict
On calling the livestatus table hostsbygroup with an AuthUser the table
did not hide the entire hostsgroup in case the group_authorization was set to <tt>strict</tt>
and one host in the group was not a contact for the AuthUser.
This has been fixed.
With the group_authorization <tt>strict</tt> setting the AuthUser now
needs to be a contact of every host in the hostgroup, otherwise the hostgroup
is not shown at all.
---
.werks/747 | 16 ++++++++++++++++
ChangeLog | 3 +++
livestatus/src/TableHosts.cc | 30 +++++++++++++++++++++++++-----
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/.werks/747 b/.werks/747
new file mode 100644
index 0000000..def45a0
--- /dev/null
+++ b/.werks/747
@@ -0,0 +1,16 @@
+Title: livestatus table hostsbygroup: fixed bug with group_authorization strict
+Level: 2
+Component: livestatus
+Version: 1.2.5i3
+Date: 1396445685
+Class: fix
+
+On calling the livestatus table hostsbygroup with an AuthUser the table
+did not hide the entire hostsgroup in case the group_authorization was set to <tt>strict</tt>
+and one host in the group was not a contact for the AuthUser.
+
+This has been fixed.
+
+With the group_authorization <tt>strict</tt> setting the AuthUser now
+needs to be a contact of every host in the hostgroup, otherwise the hostgroup
+is not shown at all.
diff --git a/ChangeLog b/ChangeLog
index eac789b..4ed1181 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
1.2.5i3:
+ Livestatus:
+ * 0747 FIX: livestatus table hostsbygroup: fixed bug with group_authorization strict...
+
1.2.5i2:
Checks & Agents:
diff --git a/livestatus/src/TableHosts.cc b/livestatus/src/TableHosts.cc
index afc1657..86f5243 100644
--- a/livestatus/src/TableHosts.cc
+++ b/livestatus/src/TableHosts.cc
@@ -362,14 +362,34 @@ void TableHosts::answerQuery(Query *query)
if (_by_group) {
hostgroup *hgroup = hostgroup_list;
hostbygroup hg;
+ bool show_hgroup;
+
+ // When g_group_authorization is set to AUTH_STRICT we need to pre-check
+ // if every host of this group is visible to the _auth_user
+ bool requires_precheck = query->authUser() && g_group_authorization == AUTH_STRICT;
+
while (hgroup) {
+ show_hgroup = true;
hg._hostgroup = hgroup;
hostsmember *mem = hgroup->members;
- while (mem) {
- memcpy(&hg._host, mem->host_ptr, sizeof(host));
- if (!query->processDataset(&hg))
- break;
- mem = mem->next;
+ if (requires_precheck) {
+ while (mem) {
+ if (!is_authorized_for(query->authUser(), mem->host_ptr, 0)) {
+ show_hgroup = false;
+ break;
+ }
+ mem = mem->next;
+ }
+ }
+
+ if (show_hgroup) {
+ mem = hgroup->members;
+ while (mem) {
+ memcpy(&hg._host, mem->host_ptr, sizeof(host));
+ if (!query->processDataset(&hg))
+ break;
+ mem = mem->next;
+ }
}
hgroup = hgroup->next;
}
[View Less]
Module: check_mk
Branch: master
Commit: 6eba0b96f6403ed1cf4764f3ca7f99f00a646b8d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6eba0b96f6403e…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed Apr 2 13:28:23 2014 +0200
zfsget: fixed problem with agent output of check_mk_agent.solaris
The reported columns from the check_mk_agent.solaris did not match
the columns expected in the check. This has been fixed.
Might have fixed problem with other agents than …
[View More]check_mk_agent.linux, too.
---
.werks/746 | 11 +++++++++++
ChangeLog | 1 +
checks/zfsget | 6 +++++-
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/.werks/746 b/.werks/746
new file mode 100644
index 0000000..6ae8b02
--- /dev/null
+++ b/.werks/746
@@ -0,0 +1,11 @@
+Title: zfsget: fixed problem with agent output of check_mk_agent.solaris
+Level: 1
+Component: checks
+Class: feature
+State: unknown
+Version: 1.2.5i2
+Date: 1396438010
+
+The reported columns from the check_mk_agent.solaris did not match
+the columns expected in the check. This has been fixed.
+Might have fixed problem with other agents than check_mk_agent.linux, too.
diff --git a/ChangeLog b/ChangeLog
index ae82fc1..d86bf63 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
* 0600 nfsexports.solaris: new agent plugin for monitoring nfs exports on solaris systems...
* 0743 mem, fortigate_memory, solaris_mem: display total SWAP info in check output
* 0745 drbd: Roles and diskstates are now configurable via WATO...
+ * 0746 zfsget: fixed problem with agent output of check_mk_agent.solaris...
* 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit...
Multisite:
diff --git a/checks/zfsget b/checks/zfsget
index b798c3b..c57609b 100644
--- a/checks/zfsget
+++ b/checks/zfsget
@@ -106,7 +106,11 @@ def parse_zfsget(info):
def zfsget_parse_df_info(entries, info):
new_entries = {}
- for device, fs_type, kbytes, used, avail, percent, mountpoint in info:
+ for entry in info:
+ if len(entry) == 6:
+ device, kbytes, used, avail, percent, mountpoint = entry
+ else:
+ device, fs_type, kbytes, used, avail, percent, mountpoint = entry
# ignore entries already contained in zfsget and also
# entries for virtual filesystems (like swap)
if mountpoint.startswith("/") and mountpoint not in entries:
[View Less]
Module: check_mk
Branch: master
Commit: e08b11d11bdf6619d7c4a0dc8aa7071fa03abaff
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e08b11d11bdf66…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed Apr 2 11:38:03 2014 +0200
drbd: Roles and diskstates are now configurable via WATO
You can now configure the result for each role scenario as well as set specific states
for each diskstate or completely disable the evaluation for roles and diskstates.
For example:…
[View More]<br><br>
Roles:<br>
Secondary/Secondary -> CRIT<br><br>
Diskstates:<br>
Secondary/Inconsistent -> CRIT<br>
Primary/Attaching -> WARN<br>
---
.werks/745 | 17 +++++++
ChangeLog | 1 +
checkman/drbd | 19 ++++++--
checks/drbd | 87 +++++++++++++++++++++++++++++-----
web/plugins/wato/check_parameters.py | 85 +++++++++++++++++++++++++++++++++
5 files changed, 194 insertions(+), 15 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=e08b11d11b…
[View Less]