Module: check_mk
Branch: master
Commit: c4c4c23efb925bb40a52a4b6dc52979fdb07751f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c4c4c23efb925b…
Author: Marcel Arentz <ma(a)mathias-kettner.de>
Date: Mon Sep 18 10:50:10 2017 +0200
5015 FIX mk_oracle.bat: Removed deprecated plugin
Removed obsolete plugin which is deprecated since 1.2.6. Please use
mk_oracle.ps1 instead.
Change-Id: Ia146ab34d72a2e99be259bd99bf43f270a1b02f5
---
.werks/5015 | 11 +++++++
agents/windows/plugins/mk_oracle.bat | 58 ------------------------------------
agents/windows/plugins/mk_oracle.ps1 | 2 --
3 files changed, 11 insertions(+), 60 deletions(-)
diff --git a/.werks/5015 b/.werks/5015
new file mode 100644
index 0000000..db578fa
--- /dev/null
+++ b/.werks/5015
@@ -0,0 +1,11 @@
+Title: mk_oracle.bat: Removed deprecated plugin
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1505724422
+Class: fix
+
+Removed obsolete plugin which is deprecated since 1.2.6. Please use
+mk_oracle.ps1 instead.
diff --git a/agents/windows/plugins/mk_oracle.bat b/agents/windows/plugins/mk_oracle.bat
deleted file mode 100644
index 255d758..0000000
--- a/agents/windows/plugins/mk_oracle.bat
+++ /dev/null
@@ -1,58 +0,0 @@
-@echo off
-REM Old deprecated ORACLE plugin (Batch)
-REM ; If you not run this plugin with the environment variable ORACLE_SID set,
-REM ; you can uncomment (Remove the "REM " prefix) the line below to
-REM ; use e.g. "localhost" as oracle sid.
-REM SET ORACLE_SID=localhost
-
-REM ; If you like to use a special auth parameter please change the line below
-SET AUTH=/ as sysdba
-
-echo ^<^<^<oracle_version^>^>^>
-(echo.|set /p x=%ORACLE_SID% )
-(
-echo set cmdsep on
-echo set cmdsep '"'; --"
-echo "set pages 0"
-echo "set feedback off"
-echo "set head off"
-echo "select banner from v$version where banner like 'Oracle%%';"
-) | sqlplus -S %AUTH%
-
-echo ^<^<^<oracle_sessions^>^>^>
-(echo.|set /p x=%ORACLE_SID%)
-(
-echo set cmdsep on
-echo set cmdsep '"'; --"
-echo "set pages 0"
-echo "set feedback off"
-echo "set head off"
-echo "select count(*) from v$session where status = 'ACTIVE';"
-) | sqlplus -S %AUTH%
-
-echo ^<^<^<oracle_logswitches^>^>^>
-(echo.|set /p x=%ORACLE_SID%)
-(
-echo set cmdsep on
-echo set cmdsep '"'; --"
-echo "set pages 0"
-echo "set feedback off"
-echo "set head off"
-echo "select count(*) from v$loghist where first_time > sysdate - 1/24;"
-) | sqlplus -S %AUTH%
-
-REM ; This is nearly the same query as in the linux agent. With the exception that the
-REM ; column th.instance is fetched as first column to get the SID
-echo ^<^<^<oracle_tablespaces^>^>^>
-(
-echo set cmdsep on
-echo set cmdsep '"'; --"
-echo "set pages 0"
-echo "set linesize 900"
-echo "set tab off"
-echo "set feedback off"
-echo "set head off"
-echo "column instance format a10"
-echo "column file_name format a100"
-echo "select th.instance, f.file_name, f.tablespace_name, f.status, f.AUTOEXTENSIBLE, f.blocks, f.maxblocks, f.USER_BLOCKS, f.INCREMENT_BY, f.ONLINE_STATUS, t.BLOCK_SIZE, t.status, decode(sum(fs.blocks), NULL, 0, sum(fs.blocks)) free_blocks from v$thread th, dba_data_files f, dba_tablespaces t, dba_free_space fs where f.tablespace_name = t.tablespace_name and f.file_id = fs.file_id(+) group by th.instance, f.file_name, f.tablespace_name, f.status, f.autoextensible, f.blocks, f.maxblocks, f.user_blocks, f.increment_by, f.online_status, t.block_size, t.status UNION SELECT th.instance, f.file_name, f.tablespace_name, f.status, f.AUTOEXTENSIBLE, f.blocks, f.maxblocks, f.USER_BLOCKS, f.INCREMENT_BY, 'TEMP', t.BLOCK_SIZE, t.status, sum(sh.blocks_free) free_blocks FROM v$thread th, dba_temp_files f, dba_tablespaces t, v$temp_space_header sh WHERE f.tablespace_name = t.tablespace_name and f.file_id = sh.file_id GROUP BY th.instance, f.file_name, f.tablespace_name, f.status, f.autoextensible, f.blocks, f.maxblocks, f.user_blocks, f.increment_by, 'TEMP', t.block_size, t.status;"
-) | sqlplus -S %AUTH%
diff --git a/agents/windows/plugins/mk_oracle.ps1 b/agents/windows/plugins/mk_oracle.ps1
index c983b34..2fa230f 100644
--- a/agents/windows/plugins/mk_oracle.ps1
+++ b/agents/windows/plugins/mk_oracle.ps1
@@ -27,13 +27,11 @@
# and Mathias Kettner. Thorsten is responsible for the ORACLE
# stuff, Mathias for the shell hacking, Andrew for the powershell...
-# NOTE: This plugin is still EXPERIMENTAL!
###############################################################################
# open issues
###############################################################################
# 1. error connection to instance, old async still shown is this ok?
-# 2. login to database using Oracle wallet (nice to have, currently not planned)
###############################################################################
# usage
Module: check_mk
Branch: master
Commit: a91fb5c9230532b8a4152806a66e9365dbee4bd2
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a91fb5c9230532…
Author: Tom Baerwinkel <tb(a)mathias-kettner.de>
Date: Thu Aug 24 13:19:14 2017 +0200
4816 iptables: New check which monitors parameters of the iptables configuration
Change-Id: If1fdff09b6af28fa56f2b0945bbb4a547595fff0
---
.werks/4816 | 10 +++++
agents/plugins/mk_iptables | 34 +++++++++++++++
checkman/iptables | 18 ++++++++
checks/iptables | 106 +++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 168 insertions(+)
diff --git a/.werks/4816 b/.werks/4816
new file mode 100644
index 0000000..c912cc5
--- /dev/null
+++ b/.werks/4816
@@ -0,0 +1,10 @@
+Title: iptables: New check which monitors parameters of the iptables configuration
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1503573513
+Class: feature
+
+
diff --git a/agents/plugins/mk_iptables b/agents/plugins/mk_iptables
new file mode 100755
index 0000000..42beb34
--- /dev/null
+++ b/agents/plugins/mk_iptables
@@ -0,0 +1,34 @@
+#!/bin/bash
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+# iptables
+if type iptables-save > /dev/null
+then
+ echo "<<<iptables>>>"
+ # output filter configuration without table name, comments and
+ # status data, i.e. lines beginning with '*', '#' or ':'.
+ iptables-save -t filter | sed '/^[#*:]/d'
+fi
+
diff --git a/checkman/iptables b/checkman/iptables
new file mode 100644
index 0000000..96dbc42
--- /dev/null
+++ b/checkman/iptables
@@ -0,0 +1,18 @@
+title: Iptables modifications
+agents: linux
+catalog: os/misc
+license: GPL
+distribution: check_mk
+description:
+ This check computes the differences between the current output of the
+ command iptables-save and a cached initial state persisted on the
+ monitoring server.
+ The check is OK if no changes can be detected and CRIT otherwise.
+ If the state is CRIT a diff of the cached and initial configurations
+ is shown in the long output. If a user wants to accept the diff a
+ service rediscovery can be performed.
+
+inventory:
+ One check per system is created if the agent plugin mk_iptables was
+ deployed.
+
diff --git a/checks/iptables b/checks/iptables
new file mode 100644
index 0000000..b99f72a
--- /dev/null
+++ b/checks/iptables
@@ -0,0 +1,106 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2014 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# Example output from agent:
+#<<<iptables>>>
+#-A INPUT -j RH-Firewall-1-INPUT
+#-A FORWARD -j RH-Firewall-1-INPUT
+#-A OUTPUT -d 10.139.7.11/32 -j REJECT --reject-with icmp-port-unreachable
+#-A RH-Firewall-1-INPUT -i lo -j ACCEPT
+#-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
+#-A RH-Firewall-1-INPUT -p esp -j ACCEPT
+#-A RH-Firewall-1-INPUT -p ah -j ACCEPT
+#-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4000 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 29543 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 29043 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 30001 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 30000 -j ACCEPT
+#-A RH-Firewall-1-INPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 58002 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p udp -m udp --dport 58001 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 631 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 6556 -j ACCEPT
+#-A RH-Firewall-1-INPUT -p udp -m udp --dport 6556 -j ACCEPT
+#-A RH-Firewall-1-INPUT -s 89.254.0.0/16 -p tcp -m state --state NEW -m tcp --dport 252 -j ACCEPT
+#-A RH-Firewall-1-INPUT -s 89.254.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7070 -j ACCEPT
+#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
+#COMMIT
+
+
+def parse_iptables(info):
+ config_lines = [" ".join(sublist) for sublist in info]
+ config = "\n".join(config_lines)
+ return config
+
+
+def inventory_iptables(parsed):
+ return [(None, {"config_hash": hash(parsed)})]
+
+
+def check_iptables(_no_item, params, parsed):
+ item_state = get_item_state("iptables.config")
+
+ if not item_state:
+ set_item_state("iptables.config",
+ {"config": parsed, "hash": hash(parsed)})
+ return 0, "saved initial configuration"
+
+ initial_config_hash = params["config_hash"]
+ new_config_hash = hash(parsed)
+
+ if initial_config_hash == new_config_hash:
+ if initial_config_hash != item_state.get("hash"):
+ set_item_state("iptables.config",
+ {"config": parsed, "hash": new_config_hash})
+ return 0, "accepted new filters after service rediscovery / reboot"
+ else:
+ return 0, "no changes in filters table detected"
+ else:
+ import difflib
+
+ reference_config = item_state["config"].splitlines()
+ actual_config = parsed.splitlines()
+ diff = difflib.context_diff(reference_config, actual_config,
+ fromfile="before", tofile="after",
+ lineterm="")
+ diff_output = "\n".join(diff)
+
+ return 2, "\r\n".join(["changes in filters table detected",
+ diff_output])
+
+
+check_info["iptables"] = {
+ 'parse_function' : parse_iptables,
+ 'check_function' : check_iptables,
+ 'inventory_function' : inventory_iptables,
+ 'service_description' : 'Iptables',
+}
Module: check_mk
Branch: master
Commit: 188e55649fbfc17c45ec184c69d6e435ba68e983
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=188e55649fbfc1…
Author: Tom Baerwinkel <tb(a)mathias-kettner.de>
Date: Mon Jul 17 14:02:22 2017 +0200
4811 mssql_backup: Set limits for different type of backups
For the check mssql_backup it is now possible to set limits for
different types of backups (e.g. database backup, log backup etc.)
instead of just one limit that is valid for all backups. The
limits can be set in the rule "MSSQL Time since last Backup".
If no backup types are supported by the agent the parameter
"Database Backup" can be used to set a general limit.
Change-Id: Iea7ff7a86d03e6fd5a043c9bdb6f120053febed8
---
.werks/4811 | 15 ++++
checks/mssql_backup | 134 ++++++++++++++++++++++-------------
web/plugins/wato/check_parameters.py | 88 +++++++++++++++++++++--
3 files changed, 183 insertions(+), 54 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=188e55649f…