Module: check_mk
Branch: master
Commit: e276acb069a72745000cf60ec410a4a9cd00f3ed
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e276acb069a727…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Fri Aug 4 09:49:00 2017 +0200
5082 FIX gude_powerbanks: Adapted discovery of powerbanks
Devices with OID_END=38 are 12 port power switches with two powerbanks.
Means each powerbank has 6 outlets. Here we can use ChanStatus in order
to find out if one powerbank is enabled/used.
Devices with OID_END=19 are simple switch outlets: 1 Port and 1 powerbank
Once it's plugged in, the state is "on". Thus we use PortState in
discovering function.
Change-Id: I7311aca83abd3ae055e466114b43f7eab44e0d4e
---
.werks/5082 | 17 +++++++++++++
checks/gude_powerbanks | 68 +++++++++++++++++++++++++++++++-------------------
2 files changed, 60 insertions(+), 25 deletions(-)
diff --git a/.werks/5082 b/.werks/5082
new file mode 100644
index 0000000..54b0e8d
--- /dev/null
+++ b/.werks/5082
@@ -0,0 +1,17 @@
+Title: gude_powerbanks: Adapted discovery of powerbanks
+Level: 1
+Component: checks
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1501832832
+
+Devices with OID_END=38 are 12 port power switches with two powerbanks.
+Means each powerbank has 6 outlets. Here we can use ChanStatus in order
+to find out if one powerbank is enabled/used.
+
+Devices with OID_END=19 are simple switch outlets: 1 Port and 1 powerbank
+Once it's plugged in, the state is "on". Thus we use PortState in
+discovering function.
diff --git a/checks/gude_powerbanks b/checks/gude_powerbanks
index 428b14d..faaa792 100644
--- a/checks/gude_powerbanks
+++ b/checks/gude_powerbanks
@@ -25,9 +25,14 @@
# Boston, MA 02110-1301 USA.
-# 19:1100, 38:822X
-# .1.3.6.1.4.1.28507.**.1.5.2.1.2.1 0 --> GUDEADS-EPC****-MIB::epc****OVPStatus.1
-# .1.3.6.1.4.1.28507.**.1.5.2.1.2.2 1 --> GUDEADS-EPC****-MIB::epc****OVPStatus.2
+# Knowledge from customer:
+# Devices with OID_END=38 are 12 port power switches with two powerbanks.
+# Means each powerbank has 6 outlets. Here we can use ChanStatus in order
+# to find out if one powerbank is enabled/used.
+#
+# Device with OID_END=19 is a simple switch outlet: 1 Port and 1 powerbank
+# Once it's plugged in, the state is "on". Thus we use PortState in
+# discovering function.
factory_settings["gude_powerbank_default_levels"] = {
@@ -37,20 +42,24 @@ factory_settings["gude_powerbank_default_levels"] = {
def parse_gude_powerbanks(info):
+ map_port_states = {"0" : (2, "off"),
+ "1" : (0, "on"),}
+ map_channel_states = {"0" : (2, "data not active"),
+ "1" : (0, "data valid"),}
+
+ ports = dict(info[0])
parsed = {}
for oid_idx, device_state, energy_str, active_power_str, \
- current_str, volt_str, freq_str, appower_str in info:
+ current_str, volt_str, freq_str, appower_str in info[1]:
oid, idx = oid_idx.split(".")
- if oid in [ "19" ]:
- map_device_states = { "0" : (2, "off"),
- "1" : (0, "on") }
- if oid in [ "38" ]:
- map_device_states = { "0" : (2, "data not active"),
- "1" : (0, "data valid") }
+ if oid in ["19"]:
+ device_state = map_port_states[ports[oid_idx]]
+ if oid in ["38"]:
+ device_state = map_channel_states[device_state]
parsed.setdefault(idx, {
- "device_state" : map_device_states[device_state]
+ "device_state" : device_state
})
for what, key, factor in [
@@ -65,22 +74,31 @@ def parse_gude_powerbanks(info):
return parsed
+def inventory_gude_powerbanks(parsed):
+ return [(powerbank, {}) for powerbank, attrs in parsed.items()
+ if attrs["device_state"][1] not in ["off", "data not active"]]
+
+
check_info['gude_powerbanks'] = {
- 'parse_function' : parse_gude_powerbanks,
- 'inventory_function' : inventory_elphase,
- 'check_function' : check_elphase,
- 'service_description' : 'Powerbank %s',
+ 'parse_function' : parse_gude_powerbanks,
+ 'inventory_function' : inventory_gude_powerbanks,
+ 'check_function' : check_elphase,
+ 'service_description' : 'Powerbank %s',
'has_perfdata' : True,
- 'snmp_info' : ('.1.3.6.1.4.1.28507', [ '19', '38' ], [
- OID_END,
- "1.5.1.2.1.2", # GUDEADS-EPC****-MIB::epc****OVPStatus
- "1.5.1.2.1.3", # GUDEADS-EPC****-MIB::epc****AbsEnergyActive
- "1.5.1.2.1.4", # GUDEADS-EPC****-MIB::epc****PowerActive
- "1.5.1.2.1.5", # GUDEADS-EPC****-MIB::epc****Current
- "1.5.1.2.1.6", # GUDEADS-EPC****-MIB::epc****Voltage
- "1.5.1.2.1.7", # GUDEADS-EPC****-MIB::epc****Frequency
- "1.5.1.2.1.10", # GUDEADS-EPC****-MIB::epc****PowerApparent
- ]),
+ 'snmp_info' : [('.1.3.6.1.4.1.28507', ['19', '38'], [
+ OID_END,
+ "1.3.1.2.1.3", # GUDEADS=EPC****-MIB::epc****PortState
+ ]),
+ ('.1.3.6.1.4.1.28507', ['19', '38'], [
+ OID_END,
+ "1.5.1.2.1.2", # GUDEADS-EPC****-MIB::epc****ChanStatus
+ "1.5.1.2.1.3", # GUDEADS-EPC****-MIB::epc****AbsEnergyActive
+ "1.5.1.2.1.4", # GUDEADS-EPC****-MIB::epc****PowerActive
+ "1.5.1.2.1.5", # GUDEADS-EPC****-MIB::epc****Current
+ "1.5.1.2.1.6", # GUDEADS-EPC****-MIB::epc****Voltage
+ "1.5.1.2.1.7", # GUDEADS-EPC****-MIB::epc****Frequency
+ "1.5.1.2.1.10", # GUDEADS-EPC****-MIB::epc****PowerApparent
+ ])],
'snmp_scan_function' : lambda oid: oid(".1.3.6.1.2.1.1.2.0").startswith(".1.3.6.1.4.1.28507.19") or \
oid(".1.3.6.1.2.1.1.2.0").startswith(".1.3.6.1.4.1.28507.38"),
'default_levels_variable' : 'gude_powerbank_default_levels',
Module: check_mk
Branch: master
Commit: 414116d637d3aa3dfec66d883e1fc723eece1b5e
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=414116d637d3aa…
Author: Sven Panne <sp(a)mathias-kettner.de>
Date: Thu Aug 3 14:36:44 2017 +0200
5025 FIX Make communication with smartping helpers more robust
When the communication between the Micro Core and the smartping helpers
(icmpsender/icmpreceiver) fails, we restart the latter, but we forgot to
flush an internal buffer. In some cases this could lead to more
communication problems later. This has been fixed.
Change-Id: Ie412d21c66be994a5d292aebdeedf4274dd8dd89
---
.werks/5025 | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/.werks/5025 b/.werks/5025
new file mode 100644
index 0000000..dd1ea20
--- /dev/null
+++ b/.werks/5025
@@ -0,0 +1,13 @@
+Title: Make communication with smartping helpers more robust
+Level: 1
+Component: core
+Compatible: compat
+Edition: cee
+Version: 1.5.0i1
+Date: 1501763656
+Class: fix
+
+When the communication between the Micro Core and the smartping helpers
+(icmpsender/icmpreceiver) fails, we restart the latter, but we forgot to
+flush an internal buffer. In some cases this could lead to more
+communication problems later. This has been fixed.
Module: check_mk
Branch: master
Commit: 8721b1efea19a2b0c7fe2c4330acaa7d8d13c248
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8721b1efea19a2…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Thu Aug 3 07:48:06 2017 +0200
5079 FIX windows_tasks: Adapted man page; Some OK states were missing
Change-Id: I2d92d6c8194b0fd79d8c0c0ef6504ee742156e3b
---
.werks/5079 | 11 +++++++++++
checkman/windows_tasks | 3 ++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/.werks/5079 b/.werks/5079
new file mode 100644
index 0000000..700e8a0
--- /dev/null
+++ b/.werks/5079
@@ -0,0 +1,11 @@
+Title: windows_tasks: Adapted man page; Some OK states were missing
+Level: 1
+Component: checks
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1501739058
+
+
diff --git a/checkman/windows_tasks b/checkman/windows_tasks
index 74a8b35..61425d5 100644
--- a/checkman/windows_tasks
+++ b/checkman/windows_tasks
@@ -6,7 +6,8 @@ distribution: check_mk
description:
The Windows Task Scheduler Checks controlls the last return state of windows task scripts.
The check goes to {WARNING} state, if the task is disabled. If the Script from the Task returns
- another return code as 0, the Check goes {CRITICAL}.
+ another return code as "0", "1", "267009", "267014", "267045", "-2147216609", "-2147750687"
+ the Check goes {CRITICAL}.
In order to run, its needed to copy the windows_tasks.ps1 script to the plugin folder of the agent.
inventory:
Module: check_mk
Branch: master
Commit: e55afe0e4ac4a79a6f8f4e7f70ac04698b037746
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e55afe0e4ac4a7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Aug 2 16:36:41 2017 +0200
5051 FIX Fixed backup/restore of encrypted backups
It was not possible to perform encrypted backups since version 1.4.0b5. An error
message "NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead“)" was
displayed in the log when trying to create such a backup.
Workaround: Disable encrypted backups and perform unencrypted ones.
Encrypted backups created with previous versions need to be restored with 1.4.0b4
or older.
Change-Id: Ib3bd6798cc104b0ee1b1a5e9a7872223df7fe78b
---
.werks/5051 | 18 ++++++++++++++++++
bin/mkbackup | 39 +++++++++++++++++++++++----------------
2 files changed, 41 insertions(+), 16 deletions(-)
diff --git a/.werks/5051 b/.werks/5051
new file mode 100644
index 0000000..3254b81
--- /dev/null
+++ b/.werks/5051
@@ -0,0 +1,18 @@
+Title: Fixed backup/restore of encrypted backups
+Level: 1
+Component: wato
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1501684381
+
+It was not possible to perform encrypted backups since version 1.4.0b5. An error
+message "NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead“)" was
+displayed in the log when trying to create such a backup.
+
+Workaround: Disable encrypted backups and perform unencrypted ones.
+
+Encrypted backups created with previous versions need to be restored with 1.4.0b4
+or older.
diff --git a/bin/mkbackup b/bin/mkbackup
index c9d1a36..96010a4 100755
--- a/bin/mkbackup
+++ b/bin/mkbackup
@@ -53,7 +53,7 @@ from tarfile import TarFile, ReadError
from hashlib import md5
from OpenSSL import crypto
-from Crypto.Cipher import AES
+from Crypto.Cipher import AES, PKCS1_OAEP
from Crypto.PublicKey import RSA
import Crypto.Util.number
@@ -836,7 +836,10 @@ class BackupStream(MKBackupStream):
# Write out a file version marker and the encrypted secret key, preceded by
# a length indication. All separated by \0.
- return "%d\0%d\0%s\0" % (1, len(encrypted_secret_key), encrypted_secret_key)
+ # Version 1: Encrypted secret key written with pubkey.encrypt(). Worked with
+ # early versions of 1.4 until moving from PyCryto to PyCryptodome
+ # Version 2: Use PKCS1_OAEP for encrypting the encrypted_secret_key.
+ return "%d\0%d\0%s\0" % (2, len(encrypted_secret_key), encrypted_secret_key)
def _read_chunk(self):
@@ -878,16 +881,13 @@ class BackupStream(MKBackupStream):
# logic from http://stackoverflow.com/questions/6309958/encrypting-a-file-with-rsa-in-py…
+ # Since our packages moved from PyCrypto to PyCryptodome we need to change this to use PKCS1_OAEP.
def _derive_key(self, pubkey, key_length):
secret_key = os.urandom(key_length)
- # Padding (see explanations below)
- plaintext_length = (Crypto.Util.number.size(pubkey.n) - 2) / 8
- padding = '\xff' + os.urandom(16)
- padding += '\0' * (plaintext_length - len(padding) - len(secret_key))
-
# Encrypt the secret key with the RSA public key
- encrypted_secret_key = pubkey.encrypt(padding + secret_key, None)[0]
+ cipher_rsa = PKCS1_OAEP.new(pubkey)
+ encrypted_secret_key = cipher_rsa.encrypt(secret_key)
return secret_key, encrypted_secret_key
@@ -898,8 +898,8 @@ class RestoreStream(MKBackupStream):
if not self._encrypt():
return
- encrypted_secret_key = self._read_encrypted_secret_key()
- secret_key = self._decrypt_secret_key(encrypted_secret_key)
+ file_version, encrypted_secret_key = self._read_encrypted_secret_key()
+ secret_key = self._decrypt_secret_key(file_version, encrypted_secret_key)
self._cipher = AES.new(secret_key, AES.MODE_CBC, self._iv)
@@ -945,8 +945,8 @@ class RestoreStream(MKBackupStream):
return buf
file_version = read_field()
- if file_version != "1":
- raise MKGeneralException("Failed to process backup file (invalid version)")
+ if file_version not in [ "1", "2" ]:
+ raise MKGeneralException("Failed to process backup file (invalid version %r)" % file_version)
try:
key_len = int(read_field())
@@ -961,7 +961,7 @@ class RestoreStream(MKBackupStream):
if self._stream.read(1) != "\0":
raise MKGeneralException("Failed to parse the encrypted backup file (header broken)")
- return encrypted_secret_key
+ return file_version, encrypted_secret_key
def _get_encryption_private_key(self):
@@ -988,10 +988,17 @@ class RestoreStream(MKBackupStream):
raise MKGeneralException("Failed to load private key (wrong passphrase?)")
- def _decrypt_secret_key(self, encrypted_secret_key):
+ def _decrypt_secret_key(self, file_version, encrypted_secret_key):
private_key = self._get_encryption_private_key()
- secret_key_with_padding = private_key.decrypt(encrypted_secret_key)
- return secret_key_with_padding[-32:]
+
+ if file_version == "1":
+ raise MKGeneralException("You can not restore this backup using your current Check_MK "
+ "version. You need to use a Check_MK 1.4 version that has "
+ "been released before 2017-03-24. The last compatible "
+ "release is 1.4.0b4.")
+ else:
+ cipher_rsa = PKCS1_OAEP.new(private_key)
+ return cipher_rsa.decrypt(encrypted_secret_key)
# Returns the base path for the backup to work with. In backup mode, this is