Module: check_mk
Branch: master
Commit: dde6e566e3c12e1a79b4cc399d99235c056c59b3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=dde6e566e3c12e…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 11:44:03 2014 +0200
runas: new plugin script to include and execute mrpe, local and plugin scripts as different user
With the new plugin <tt>runas</tt> you can configure additional include files and
directories for mrpe, local and plugin scripts. You can also change the user context
of each of these scripts. It allows non-root users to add additional scripts which might
get executed with reduced permission.
---
.werks/928 | 39 +++++++++++++++++++++++++++
ChangeLog | 3 ++-
agents/plugins/mrpe_include | 4 +++
agents/plugins/runas | 61 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 106 insertions(+), 1 deletion(-)
diff --git a/.werks/928 b/.werks/928
new file mode 100644
index 0000000..76d7e0f
--- /dev/null
+++ b/.werks/928
@@ -0,0 +1,39 @@
+Title: runas: new plugin script to include and execute mrpe, local and plugin scripts as different user
+Level: 2
+Component: checks
+Version: 1.2.5i3
+Date: 1401442173
+Class: feature
+
+With the new plugin <tt>runas</tt> you can configure additional include files and
+directories for mrpe, local and plugin scripts. You can also change the user context
+of each of these scripts. It allows non-root users to add additional scripts which might
+get executed with reduced permission.
+
+This check is configured with the configuration file <tt>runas.cfg</tt>.
+In a default installation this file is located within the Check_MK config directory under <tt>/etc/check_mk/runas.cfg</tt>.
+
+The <tt>runas.cfg</tt> configuration syntax is as follow
+[Script type] [User context] [File / Directory ]
+
+The <tt>Script type</tt> can be set to <tt>mrpe</tt>, <tt>local</tt> and <tt>plugin</tt>.
+The <tt>User context</tt> represents the user. If you do not want to change the context set this field to <tt>-</tt>
+Depending on the script type the third value points to a file or directory.
+The mrpe type requires a target file which contains the mrpe commands.
+Local and plugins types require are target folder, which contains the executable local and plugin scripts.<br>
+
+Here is an example configuration:
+
+F+:/etc/check_mk/runas.cfg
+mrpe ab /home/ab/mrpe_commands.cfg
+mrpe lm /home/lm/mrpe_commands.cfg
+mrpe - /root/mrpe/extra_commands.cfg
+plugin ab /var/ab/plugins
+local ab /var/ab/local
+F-:
+
+<b>Note:</b>You need to set up the local and plugin scripts in different folders, because the line
+<tt>plugin ab /var/ab/plugins</tt> indicates that all executable files within this folder are treated as plugins.
+
+
+
diff --git a/ChangeLog b/ChangeLog
index ab94946..0bcc9df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -64,8 +64,9 @@
* 0926 windows agent: local / plugin scripts now get the REMOTE_HOST as environment variable
* 0163 kaspersky_av_quarantine,kaspersky_av_tasks,kaspersky_av_updates: New checks for kaspersky anti virus on linux
* 0164 symantec_av_progstate,symantec_av_quarantine, symantec_av_updates: New checks for Symantec Anti Virus on Linux
- * 0165 ups checks now supports also GE devices (Thanks to Andy Taylor)...
* 0927 windows agent: now able to evaluate logfiles written in unicode (2 bytes per character)...
+ * 0165 ups checks now supports also GE devices (Thanks to Andy Taylor)...
+ * 0928 runas: new plugin script to include and execute mrpe, local and plugin scripts as different user...
* 0777 FIX: special agent emcvnx: did not work with security file authentication...
* 0786 FIX: zfsget: fixed compatibility with older Solaris agents...
* 0809 FIX: brocade_fcport: Fixed recently introduced problem with port speed detection
diff --git a/agents/plugins/mrpe_include b/agents/plugins/mrpe_include
index 3fcfb64..4691548 100755
--- a/agents/plugins/mrpe_include
+++ b/agents/plugins/mrpe_include
@@ -1,4 +1,8 @@
#!/bin/bash
+
+# Note: This script is deprecated and has been replaced by the script runas
+# which is able to handle mrpe, local and plugin scripts
+
echo '<<<mrpe>>>'
grep -Ev '^[[:space:]]*($|#)' "$MK_CONFDIR/mrpe_include.cfg" | \
while read user include
diff --git a/agents/plugins/runas b/agents/plugins/runas
new file mode 100755
index 0000000..ed514d6
--- /dev/null
+++ b/agents/plugins/runas
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# This plugin allows to execute mrpe, local and plugin skripts with a different user context
+# It is configured with in the file $MK_CONFDIR/runas.cfg
+#
+# Syntax:
+# [Script type] [User context] [File / Directory]
+#
+# Example configuration
+# # Execute mrpe commands in given files under specific user
+# # A '-' means no user context switch
+# mrpe ab /home/ab/mrpe_commands.cfg
+# mrpe lm /home/lm/mrpe_commands.cfg
+# mrpe - /root/mrpe/extra_commands.cfg
+#
+# Excecute -executable- files in the target directories under specific user context
+# plugin ab /var/ab/plugins
+# local ab /var/ab/local
+#
+
+grep -Ev '^[[:space:]]*($|#)' "$MK_CONFDIR/runas.cfg" | \
+while read type user include
+do
+ if [ -d $include -o \( "$type" == "mrpe" -a -f $include \) ] ; then
+ PREFIX=""
+ if [ "$user" != "-" ] ; then
+ PREFIX="su $user -c "
+ fi
+
+ # mrpe includes
+ if [ "$type" == "mrpe" ] ; then
+ echo "<<<mrpe>>>"
+ grep -Ev '^[[:space:]]*($|#)' "$include" | \
+ while read descr cmdline
+ do
+ PLUGIN=${cmdline%% *}
+ if [ -n "$PREFIX" ] ; then
+ cmdline="$PREFIX\"$cmdline\""
+ fi
+ OUTPUT=$(eval "$cmdline")
+ echo -n "(${PLUGIN##*/}) $descr $? $OUTPUT" | tr \\n \\1
+ echo
+ done
+ # local and plugin includes
+ elif [ "$type" == "local" -o "$type" == "plugin" ] ; then
+ if [ "$type" == "local" ] ; then
+ echo "<<<local>>>"
+ fi
+ find $include -executable -type f | \
+ while read filename
+ do
+ if [ -n "$PREFIX" ] ; then
+ cmdline="$PREFIX\"$filename\""
+ else
+ cmdline=$filename
+ fi
+ $cmdline
+ done
+ fi
+ fi
+done
Module: check_mk
Branch: master
Commit: b404925175153d71ec5757a0497dca8bf5406315
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b404925175153d…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed May 28 15:45:43 2014 +0200
windows agent: now able to evaluate logfiles written in unicode (2 bytes per character)
The windows agent was unable to process logfiles which were written as unicode. Those files
had binary zeros every other byte, rendering the normal "readline" logfile processing useless.<br>
The agent can now read unicode files correctly, convert each line to a multibyte representation
(most of the time it is only a single byte) and apply the configured logfile patterns accordingly.
---
.werks/927 | 12 +++
ChangeLog | 1 +
agents/windows/check_mk_agent-64.exe | Bin 205312 -> 206848 bytes
agents/windows/check_mk_agent.cc | 152 +++++++++++++++++++++++++++++++---
agents/windows/check_mk_agent.exe | Bin 175104 -> 176640 bytes
agents/windows/install_agent-64.exe | Bin 158331 -> 159073 bytes
agents/windows/install_agent.exe | Bin 155451 -> 156101 bytes
7 files changed, 154 insertions(+), 11 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=b404925175…
Module: check_mk
Branch: master
Commit: 7c8410b9f2c7436c4bc880cfa0c28d26ec484fc7
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7c8410b9f2c743…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed May 28 15:34:02 2014 +0200
treasures: wato_include_hosts.mk: merge hosts of an existing hosts.mk with hosts from an include folder
---
doc/treasures/wato_include_hosts.mk | 68 +++++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
diff --git a/doc/treasures/wato_include_hosts.mk b/doc/treasures/wato_include_hosts.mk
new file mode 100644
index 0000000..9ae3fcb
--- /dev/null
+++ b/doc/treasures/wato_include_hosts.mk
@@ -0,0 +1,68 @@
+
+# This file needs to be appended to the existing hosts.mk file
+# Upon parsing the hosts.mk file the include dir is evaluated.
+# Within the include dir there are host definition files with the format
+#
+# ipaddress:1.2.3.4
+# tag_agent:cmk-agent
+# tag_criticality:critical
+# tag_networking:lan
+# alias:Alias of Host A
+#
+# If the WATO folder is saved the already existing hosts are merged with
+# the hosts of the included files. After the hosts.mk is newly written this
+# script appendix is removed, too.
+
+_include_dir = ".devops"
+
+import os, inspect
+def add_host_data(_filename):
+ global all_hosts, host_attributes, ipaddresses, extra_host_conf
+
+ try:
+ _host_ip = None
+ _tags_plain = []
+ _host_attributes = {}
+ _alias = None
+
+ _lines = file(_filename).readlines()
+ _hostname = os.path.basename(_filename)
+ for _line in _lines:
+ _what, _data = _line.split(":",1)
+ _data = _data[:-1]
+ if _what.startswith("tag_"):
+ _tags_plain.append(_data)
+ elif _what == "ipaddress":
+ _host_ip = _data
+ elif _what == "alias":
+ _alias = _data
+ _host_attributes.update({_what: _data})
+
+
+ all_hosts += [ _hostname + "|" + "|".join(_tags_plain) + "|/" + FOLDER_PATH + "/" ]
+ if _host_ip:
+ ipaddresses.update({_hostname: _host_ip})
+
+ if _alias:
+ extra_host_conf.setdefault('alias', []).extend([(_alias, [_hostname])])
+
+ host_attributes.update({_hostname: _host_attributes})
+ except Exception, e:
+ pass
+
+_hosts_mk_path = os.path.dirname(inspect.getsourcefile(lambda _: None))
+for _dirpath, _dirname, _filenames in os.walk(_hosts_mk_path + "/" + _include_dir):
+ for _filename in _filenames:
+ if _filename.startswith("."):
+ continue
+ # Host ist bereits im Montoring -> nichts weiter tun
+ for _hh in all_hosts:
+ if _hh.startswith(_filename + "|"):
+ continue
+
+ # Host ins monitoring aufnehmen
+ add_host_data("%s/%s" % (_dirpath, _filename))
+
+
+# TODO: remove hosts where no include file pendant is available
+# This can be done by evaluating the host tag for the wato folder
Module: check_mk
Branch: master
Commit: 505743f5778b40f4c8a1ab953ebc39d3bab1c705
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=505743f5778b40…
Author: Bernd Stroessenreuther <bs(a)mathias-kettner.de>
Date: Wed May 28 12:19:04 2014 +0200
notify_multitech.py: added documentation for the iSMS Gateway
---
doc/treasures/notify_multitech.py | 46 ++++++++++++++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/doc/treasures/notify_multitech.py b/doc/treasures/notify_multitech.py
index 8c9c2c0..ba3f949 100755
--- a/doc/treasures/notify_multitech.py
+++ b/doc/treasures/notify_multitech.py
@@ -2,9 +2,53 @@
# Send SMS via MultiTech SMS-Gateway # encoding: utf-8
#
# This notification script can be put below share/check_mk/notifications. It sends
-# SMS via a MultiTech SMS-Gateway. Please add your personal configuration directly in this
+# SMS via a MultiTech SMS-Gateway
+# (http://www.multitech.com/en_US/PRODUCTS/Families/MultiModemiSMS/)
+# Please add your personal configuration directly in this
# script. The target phone number is take from the contact's pager address.
# You can override this by specifying it as a parameter
+#
+# Some hints for setup of the MultiTech SMS-Gateway:
+#
+# * Please use at least Firmware Version 1.51.9 earlier versions did cause much
+# trouble. The devices are not yet delivered with this version, so an upgrade is
+# required. You get SF100-u-v1.51.9-16Jan2013.bin.zip e. g. at
+# https://shop.netways.de/attachment.php?id_attachment=64
+#
+# * Deactivate the PIN of the SIM card. This can be done most easy by inserting
+# the SIM into a mobile phone.
+#
+# * By default, the device has IP 192.168.2.1, user admin, password admin.
+# You can change these in the admin interface by browser (http).
+#
+# * Look into the status information in the web interface to make sure, the
+# SIM card is displayed as enabled there.
+# If not: Make sure you did insert the SIM card with contacts to the bottom,
+# and the cut off corner to the front right.
+#
+# * Under
+# Administration > Admin Access > Allowed Networks
+# you can restrict access to the device. Make sure, the IPs of the sending
+# Check_MK machines are included there.
+#
+# * Under
+# SMS Services > Send API
+# enable HTTP Status, set port to 80
+#
+# * Under
+# SMS Services > International Number
+# clear the check box "Disable International Number"
+#
+# * Under
+# SMS Services > Send SMS Users
+# create a user for Check_MK. This one needs to be entered below.
+#
+# * Do not forget to go to the "Save & Restart" tab and click "save" there.
+# This writes your changes into the flash memory of the device. Otherwise
+# they will be lost on next reboot.
+#
+
+
import sys, os, urllib
# This does not need to be changed