Checkmk git commits

checkmk-commits@lists.checkmk.com

1 participants
64613 discussions

Check_MK Git: check_mk: FIX table statehist: now able to cancel a running query if limit is reached

by Andreas Boesl

Module: check_mk Branch: master Commit: d16580c6600da2215f45e31473cfde0f0ec9f6e0 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d16580c6600da2… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Mon Mar 31 13:55:36 2014 +0200 FIX table statehist: now able to cancel a running query if limit is reached The livestatus table statehist was unable to end a query when the <tt>Timelimit:</tt> or <tt>Limit:</tt> options were reached. --- .werks/742 | 11 +++++++ ChangeLog | 3 ++ livestatus/src/TableStateHistory.cc | 55 ++++++++++++++++++++--------------- livestatus/src/TableStateHistory.h | 1 + 4 files changed, 47 insertions(+), 23 deletions(-) diff --git a/.werks/742 b/.werks/742 new file mode 100644 index 0000000..1f1b183 --- /dev/null +++ b/.werks/742 @@ -0,0 +1,11 @@ +Title: table statehist: now able to cancel a running query if limit is reached +Level: 1 +Component: livestatus +Class: fix +State: unknown +Version: 1.2.5i2 +Date: 1396266716 + +The livestatus table statehist was unable to end a query when +the <tt>Timelimit:</tt> or <tt>Limit:</tt> options were reached. + diff --git a/ChangeLog b/ChangeLog index 6707853..9305a36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ BI: * 0741 FIX: BI editor: fixed display bug in "Create nodes based on a service search"... + Livestatus: + * 0742 FIX: table statehist: now able to cancel a running query if limit is reached... + 1.2.5i1: Core & Setup: diff --git a/livestatus/src/TableStateHistory.cc b/livestatus/src/TableStateHistory.cc index ee1f8c6..9705336 100644 --- a/livestatus/src/TableStateHistory.cc +++ b/livestatus/src/TableStateHistory.cc @@ -317,6 +317,9 @@ void TableStateHistory::answerQuery(Query *query) g_store->logCache()->lockLogCache(); g_store->logCache()->logCachePreChecks(); + // This flag might be set to true by the return value of processDataset(...) + _abort_query = false; + // Keep track of the historic state of services/hosts here typedef map<HostServiceKey, HostServiceState*> state_info_t; state_info_t state_info; @@ -389,6 +392,9 @@ void TableStateHistory::answerQuery(Query *query) while (0 != (entry = getNextLogentry())) { + if (_abort_query) + break; + if (entry->_time >= _until) { getPreviousLogentry(); break; @@ -637,31 +643,33 @@ void TableStateHistory::answerQuery(Query *query) // Create final reports state_info_t::iterator it_hst = state_info.begin(); - while (it_hst != state_info.end()) - { - HostServiceState* hst = it_hst->second; - - // No trace since the last two nagios startup -> host/service has vanished - if (hst->_may_no_longer_exist) { - // Log last known state up to nagios restart - hst->_time = hst->_last_known_time; - hst->_until = hst->_last_known_time; - process(query, hst); + if (!_abort_query) { + while (it_hst != state_info.end()) + { + HostServiceState* hst = it_hst->second; + + // No trace since the last two nagios startup -> host/service has vanished + if (hst->_may_no_longer_exist) { + // Log last known state up to nagios restart + hst->_time = hst->_last_known_time; + hst->_until = hst->_last_known_time; + process(query, hst); + + // Set absent state + hst->_state = -1; + hst->_until = hst->_time; + hst->_debug_info = "UNMONITORED"; + if (hst->_log_output) + free(hst->_log_output); + hst->_log_output = 0; + } - // Set absent state - hst->_state = -1; + hst->_time = _until - 1; hst->_until = hst->_time; - hst->_debug_info = "UNMONITORED"; - if (hst->_log_output) - free(hst->_log_output); - hst->_log_output = 0; - } - hst->_time = _until - 1; - hst->_until = hst->_time; - - process(query, hst); - it_hst++; + process(query, hst); + it_hst++; + } } // Cleanup ! @@ -889,7 +897,8 @@ inline void TableStateHistory::process(Query *query, HostServiceState *hs_state) } // if (hs_state->_duration > 0) - query->processDataset(hs_state); + _abort_query = !query->processDataset(hs_state); + hs_state->_from = hs_state->_until; }; diff --git a/livestatus/src/TableStateHistory.h b/livestatus/src/TableStateHistory.h index 465e0c1..99423d1 100644 --- a/livestatus/src/TableStateHistory.h +++ b/livestatus/src/TableStateHistory.h @@ -43,6 +43,7 @@ class TableStateHistory : public Table Query *_query; int _since; int _until; + bool _abort_query; // Notification periods information, name: active(1)/inactive(0) typedef map<string, int> _notification_periods_t;

10 years, 6 months

Check_MK Git: check_mk: FIX Changed transid implemtation to work as CSRF protection ( Fixes CVE-2014-2330)

by Lars Michelsen

Module: check_mk Branch: master Commit: 50bb17166b31a46a53716f9d238d9b009906827f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=50bb17166b31a4… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Mar 31 12:09:30 2014 +0200 FIX Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330) This change fixes possible attacks against Check_MK Multisite users. In previous versions a possible attacker could try to make the browsers of authenticated users open URLs of the Check_MK Multisite GUI to execute actions e.g. within WATO without knowledge of the attacked user. To make such an attack possible, there are several things needed: The user must be authenticated with multisite and have enough permission within multisite to execute the actions the attacker wants to use, the attacker needs to know the exact URL to the Multisite GUI. Then the attacker needs to make the user either click on a manipulated link or open a manipulated webpage which makes the browser of the user, where the user is authenticated with multisite, open the URL the attacker wants to make it open. The multisite GUI makes use of transids (transaction ids) when processing form submissions or actions. The transids were mainly used to prevent double execution of actions when reloading the page which performed the action in the browser. Now we changed internal handling of the transid to make it also prevent CSRF attacks. The transid is now some kind of shared secret between the webserver and the browser of the user. This ensures a form submission is intended by a previously requested page. This change impicates an incompatible change: In case you use a script which opens multisite pages to perform an action, e.g. set a downtime and use this with a regular user account which authenticates by username/password, the script won't work anymore after this change. The way to go is to adapt the script and change the user to authenticate with an automation secret instead of a password. For this kind of authentication, you will need to user other URL parameters (_username=... and _secret=...). --- .werks/766 | 33 +++++++++++++++++++++++ ChangeLog | 1 + web/htdocs/htmllib.py | 69 +++++++++++++++++++++++++++++++++++-------------- web/htdocs/login.py | 2 ++ 4 files changed, 86 insertions(+), 19 deletions(-) diff --git a/.werks/766 b/.werks/766 new file mode 100644 index 0000000..21d8748 --- /dev/null +++ b/.werks/766 @@ -0,0 +1,33 @@ +Title: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330) +Level: 3 +Component: multisite +Version: 1.2.5i2 +Date: 1396259365 +Class: fix + +This change fixes possible attacks against Check_MK Multisite users. In previous +versions a possible attacker could try to make the browsers of authenticated users +open URLs of the Check_MK Multisite GUI to execute actions e.g. within WATO without +knowledge of the attacked user. + +To make such an attack possible, there are several things needed: The user must be +authenticated with multisite and have enough permission within multisite to execute +the actions the attacker wants to use, the attacker needs to know the exact URL to the +Multisite GUI. Then the attacker needs to make the user either click on a manipulated +link or open a manipulated webpage which makes the browser of the user, where the user +is authenticated with multisite, open the URL the attacker wants to make it open. + +The multisite GUI makes use of transids (transaction ids) when processing form +submissions or actions. The transids were mainly used to prevent double execution +of actions when reloading the page which performed the action in the browser. +Now we changed internal handling of the transid to make it also prevent CSRF attacks. +The transid is now some kind of shared secret between the webserver and the browser +of the user. This ensures a form submission is intended by a previously requested page. + +This change impicates an incompatible change: In case you use a script which opens +multisite pages to perform an action, e.g. set a downtime and use this with a regular +user account which authenticates by username/password, the script won't work anymore +after this change. +The way to go is to adapt the script and change the user to authenticate with an +automation secret instead of a password. For this kind of authentication, you will +need to user other URL parameters (_username=... and _secret=...). diff --git a/ChangeLog b/ChangeLog index 5c95b6f..4c9d690 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Multisite: * 0765 NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps... + * 0766 FIX: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330)... 1.2.5i1: diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py index 8c31d42..6a9c84c 100644 --- a/web/htdocs/htmllib.py +++ b/web/htdocs/htmllib.py @@ -74,6 +74,8 @@ class html: self.treestates = {} self.treestates_for_id = None self.caches = {} + self.new_transids = [] + self.ignore_transids = False RETURN = 13 SHIFT = 16 @@ -801,6 +803,9 @@ class html: self.bottom_footer() self.body_end() + # Hopefully this is the correct place to performe some "finalization" tasks. + self.store_new_transids() + def add_status_icon(self, img, tooltip, url = None): if url: self.status_icons[img] = tooltip, url @@ -938,35 +943,61 @@ class html: if not self.has_var("_ajaxid"): self.javascript("if(parent && parent.frames[0]) parent.frames[0].location.reload();"); - # Compute a (hopefully) unique transaction id + def set_ignore_transids(self): + self.ignore_transids = True + + # Compute a (hopefully) unique transaction id. This is generated during rendering + # of a form or an action link, stored in a user specific file for later validation, + # sent to the users browser via HTML code, then submitted by the user together + # with the action (link / form) and then validated if it is a known transid. When + # it is a known transid, it will be used and invalidated. If the id is not known, + # the action will not be processed. def fresh_transid(self): - return "%d/%d" % (int(time.time()), random.getrandbits(32)) + transid = "%d/%d" % (int(time.time()), random.getrandbits(32)) + self.new_transids.append(transid) + return transid # Marks a transaction ID as used. This is done by saving # it in a user specific settings file "transids.mk". At this # time we remove all entries from that list that are older - # then one week. - def invalidate_transid(self, id): - used_ids = self.load_transids() - new_ids = [] + # than one week. + def store_new_transids(self): + valid_ids = self.load_transids() + + cleared_ids = [] now = time.time() - for used_id in used_ids: - timestamp, rand = used_id.split("/") + for valid_id in valid_ids: + timestamp, rand = valid_id.split("/") if now - int(timestamp) < 604800: # 7 * 24 hours - new_ids.append(used_id) - used_ids.append(id) - self.save_transids(used_ids) - - # Checks, if the current transaction is valid, i.e. now - # browser reload. The HTML variable _transid must be present. - # If it is empty or -1, then it's always valid (this is used - # for webservice calls). + cleared_ids.append(valid_id) + + self.save_transids(cleared_ids + self.new_transids) + + # Remove the used transid from the list of valid ones + def invalidate_transid(self, used_id): + valid_ids = self.load_transids() + try: + valid_ids.remove(used_id) + except ValueError: + return + self.save_transids(valid_ids) + + # Checks, if the current transaction is valid, i.e. in case of + # browser reload a browser reload, the form submit should not + # be handled a second time.. The HTML variable _transid must be present. + # + # In case of automation users (authed by _secret in URL): If it is empty + # or -1, then it's always valid (this is used for webservice calls). + # This was also possible for normal users, but has been removed to preven + # security related issues. def transaction_valid(self): if not self.has_var("_transid"): return False id = self.var("_transid") - if not id or id == "-1": + if not id or self.ignore_transids: return True # automation + + # Normal user/password auth user handling timestamp, rand = id.split("/") # If age is too old (one week), it is always @@ -975,8 +1006,8 @@ class html: if now - int(timestamp) >= 604800: # 7 * 24 hours return False - # Now check, if this id is not yet invalidated - return id not in self.load_transids() + # Now check, if this id is a valid one + return id in self.load_transids() # Checks, if the current page is a transation, i.e. something # that is secured by a transid (such as a submitted form) diff --git a/web/htdocs/login.py b/web/htdocs/login.py index c3a06e0..55452c0 100644 --- a/web/htdocs/login.py +++ b/web/htdocs/login.py @@ -128,6 +128,8 @@ def check_auth_automation(): if secret and user and "/" not in user: path = defaults.var_dir + "/web/" + user + "/automation.secret" if os.path.isfile(path) and file(path).read().strip() == secret: + # Auth with automation secret succeeded - mark transid as unneeded in this case + html.set_ignore_transids() return user raise MKAuthException(_("Invalid automation secret for user %s") % user)

10 years, 6 months

Check_MK Git: check_mk: NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps

by Lars Michelsen

Module: check_mk Branch: master Commit: d43dc093a23c641d03a15b05aa4d555d20a010f6 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d43dc093a23c64… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Mar 31 08:51:44 2014 +0200 NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps The NagVis-Maps sidebar snapin now shows a green box with yellow or red borders when maps have a problematic summary state, but have been acknowledged or set into downtime. --- .werks/765 | 9 +++++++++ ChangeLog | 3 +++ web/plugins/sidebar/nagvis_maps.py | 21 ++++++++++++++++++++- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/.werks/765 b/.werks/765 new file mode 100644 index 0000000..62b9129 --- /dev/null +++ b/.werks/765 @@ -0,0 +1,9 @@ +Title: NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps +Level: 1 +Component: multisite +Version: 1.2.5i2 +Date: 1396248631 +Class: feature + +The NagVis-Maps sidebar snapin now shows a green box with yellow or red borders when +maps have a problematic summary state, but have been acknowledged or set into downtime. diff --git a/ChangeLog b/ChangeLog index 59ec71b..5c95b6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ * 0764 lnx_quota: Added new check to monitor Linux File System Quota... * 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit... + Multisite: + * 0765 NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps... + 1.2.5i1: Core & Setup: diff --git a/web/plugins/sidebar/nagvis_maps.py b/web/plugins/sidebar/nagvis_maps.py index cbb4f29..89b5d23 100644 --- a/web/plugins/sidebar/nagvis_maps.py +++ b/web/plugins/sidebar/nagvis_maps.py @@ -44,5 +44,24 @@ sidebar_snapins["nagvis_maps"] = { "render": render_nagvis_maps, "allowed": [ "user", "admin", "guest" ], "refresh": True, - "styles": "" + "styles": """ +div.state1.statea { + border-color: #ff0; +} +div.state2.statea { + border-color: #f00; +} +div.statea { + background-color: #0b3; +} +div.state1.stated { + border-color: #ff0; +} +div.state2.stated { + border-color: #f00; +} +div.stated { + background-color: #0b3; +} +""" }

10 years, 6 months

Check_MK Git: check_mk: FIX BI editor: fixed display bug in "

by Andreas Boesl

Create nodes based on a service search" Message-ID: <5339289d.9axEslwjsI1Saguu%ab(a)mathias-kettner.de> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Module: check_mk Branch: master Commit: 58eb05aad2ae27bc798e92b2a383e390ad85fc3d URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=58eb05aad2ae27… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Mon Mar 31 10:34:34 2014 +0200 FIX BI editor: fixed display bug in "Create nodes based on a service search" The WATO BI editor had some problems when displaying rules with the pattern<br> "Create nodes based on a service search" -> "State of a service" --- .werks/741 | 9 +++++++++ ChangeLog | 3 +++ web/htdocs/wato.py | 3 ++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.werks/741 b/.werks/741 new file mode 100644 index 0000000..956eb45 --- /dev/null +++ b/.werks/741 @@ -0,0 +1,9 @@ +Title: BI editor: fixed display bug in "Create nodes based on a service search" +Level: 1 +Component: bi +Version: 1.2.5i2 +Date: 1396254706 +Class: fix + +The WATO BI editor had some problems when displaying rules with the pattern<br> +"Create nodes based on a service search" -> "State of a service" diff --git a/ChangeLog b/ChangeLog index 59ec71b..3fb0a69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ * 0764 lnx_quota: Added new check to monitor Linux File System Quota... * 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit... + BI: + * 0741 FIX: BI editor: fixed display bug in "Create nodes based on a service search"... + 1.2.5i1: Core & Setup: diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index b00ac70..9338fff 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -15089,7 +15089,8 @@ def bi_called_rule(node): return subnode[1][0], info elif node[0] == "foreach_service": subnode = node[1][-1] - return subnode[1][0], _("Called for each service...") + if subnode[0] == 'call': + return subnode[1][0], _("Called for each service...") def count_bi_rule_references(aggregations, aggregation_rules, ruleid): aggr_refs = 0

10 years, 6 months

Check_MK Git: check_mk: Some preparations for upcoming reporting

by Mathias Kettner

Module: check_mk Branch: master Commit: 2baa0b895d3deabfb62cd3a80c574fe255040372 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2baa0b895d3dea… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Sun Mar 30 22:08:43 2014 +0200 Some preparations for upcoming reporting --- mkeventd/web/plugins/views/mkeventd.py | 1 + web/htdocs/config.py | 2 ++ web/htdocs/index.py | 7 +++++++ web/htdocs/views.py | 22 +++++++++++++++++++++- web/plugins/views/bi.py | 1 + web/plugins/views/painters.py | 2 ++ web/plugins/views/perfometer.py | 1 + 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/mkeventd/web/plugins/views/mkeventd.py b/mkeventd/web/plugins/views/mkeventd.py index 6fb10e6..9bb2111 100644 --- a/mkeventd/web/plugins/views/mkeventd.py +++ b/mkeventd/web/plugins/views/mkeventd.py @@ -619,6 +619,7 @@ if mkeventd_enabled: multisite_painters["event_icons"] = { "title" : _("Event Icons"), "short" : _("Icons"), + "printable" : False, "columns" : [ "event_phase" ], "paint" : paint_event_icons, } diff --git a/web/htdocs/config.py b/web/htdocs/config.py index f748d98..bb8ea35 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -319,6 +319,8 @@ def may_with_roles(some_role_ids, pname): base_role_id = role["basedon"] else: base_role_id = role_id + if pname not in permissions_by_name: + return False # Permission unknown. Assume False. Functionality might be missing perm = permissions_by_name[pname] he_may = base_role_id in perm["defaults"] if he_may: diff --git a/web/htdocs/index.py b/web/htdocs/index.py index df53cc0..d18635a 100644 --- a/web/htdocs/index.py +++ b/web/htdocs/index.py @@ -68,6 +68,13 @@ def load_all_plugins(): pass except Exception: raise + + # Load reporting plugins (only available in subscription version) + try: + reporting.load_plugins() + except: + pass + __builtin__.load_all_plugins = load_all_plugins # Main entry point for all HTTP-requests (called directly by mod_apache) diff --git a/web/htdocs/views.py b/web/htdocs/views.py index 6eacfab..dd3d124 100644 --- a/web/htdocs/views.py +++ b/web/htdocs/views.py @@ -235,6 +235,18 @@ class Filter: def heading_info(self, infoname): return None +def unset_all_filtervars(): + for f in multisite_filters.values(): + for varname in f.htmlvars: + html.del_var(varname) + +def get_all_filtervars(): + filtervars = {} + for f in multisite_filters.values(): + for varname in f.htmlvars: + if html.has_var(varname): + filtervars[varname] = html.var(varname) + return filtervars # Load all views - users or builtins def load_views(): @@ -1176,7 +1188,15 @@ def page_view(): raise MKGeneralException(_("Missing the variable view_name in the URL.")) view = html.available_views.get(view_name) if not view: - raise MKGeneralException(("No view defined with the name '%s'.") % html.attrencode(view_name)) + raise MKGeneralException(_("No view defined with the name '%s'.") % html.attrencode(view_name)) + + if config.may("reporting.instant"): + if html.var("instant_report"): + import reporting + reporting.instant_report() + return + + html.add_status_icon("report", _("Export as PDF (instant report)"), html.makeuri([("instant_report", "1")])) show_view(view, True, True, True) diff --git a/web/plugins/views/bi.py b/web/plugins/views/bi.py index a335f1c..4c33124 100644 --- a/web/plugins/views/bi.py +++ b/web/plugins/views/bi.py @@ -89,6 +89,7 @@ def paint_bi_icons(row): multisite_painters["aggr_icons"] = { "title" : _("Links"), "columns" : [ "aggr_group", "aggr_name", "aggr_effective_state" ], + "printable" : False, "paint" : paint_bi_icons, } diff --git a/web/plugins/views/painters.py b/web/plugins/views/painters.py index 00f8c6c..65a5628 100644 --- a/web/plugins/views/painters.py +++ b/web/plugins/views/painters.py @@ -188,6 +188,7 @@ def iconpainter_columns(what): multisite_painters["service_icons"] = { "title": _("Service icons"), "short": _("Icons"), + "printable" : False, # does not contain printable text "columns": iconpainter_columns("service"), "groupby" : lambda row: "", # Do not account for in grouping "paint": lambda row: paint_icons("service", row) @@ -196,6 +197,7 @@ multisite_painters["service_icons"] = { multisite_painters["host_icons"] = { "title": _("Host icons"), "short": _("Icons"), + "printable" : False, # does not contain printable text "columns": iconpainter_columns("host"), "groupby" : lambda row: "", # Do not account for in grouping "paint": lambda row: paint_icons("host", row) diff --git a/web/plugins/views/perfometer.py b/web/plugins/views/perfometer.py index 997f123..1b27798 100644 --- a/web/plugins/views/perfometer.py +++ b/web/plugins/views/perfometer.py @@ -197,6 +197,7 @@ multisite_painters["perfometer"] = { "service_check_command", "service_pnpgraph_present", "service_plugin_output" ], "paint" : paint_perfometer, "sorter" : "svc_perf_val01", + "printable" : False, # No printable on PDF, only in HTML } load_web_plugins("perfometer", globals())

10 years, 6 months

Check_MK Git: check_mk: cisco_temp_sensor: Check cleanup

by Bastian Kuhn

Module: check_mk Branch: master Commit: 90df37d95c06ae9ab70476cad78fc65b7b750c73 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=90df37d95c06ae… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Fri Mar 28 14:55:15 2014 +0100 cisco_temp_sensor: Check cleanup --- checks/cisco_temp_sensor | 60 ++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/checks/cisco_temp_sensor b/checks/cisco_temp_sensor index 32c5d7d..19404b5 100644 --- a/checks/cisco_temp_sensor +++ b/checks/cisco_temp_sensor @@ -159,32 +159,34 @@ def check_cisco_temp_sensor(item, _no_params, info): ( "temperature", value, warn, crit ) ]) return (3, "sensor not found in SNMP data") -check_info['cisco_temp_sensor'] = (check_cisco_temp_sensor, "Temperature %s", 1, inventory_cisco_temp_sensor) - -snmp_info['cisco_temp_sensor'] = [ - # Description of sensors - ( ".1.3.6.1.2.1.47.1.1.1.1", [ - OID_END, - 2, # Description of the sensor - ]), - - # Type and current state - ( ".1.3.6.1.4.1.9.9.91.1.1.1.1", [ - OID_END, - 1, # Type (see above), 8 = Celsius, 12 = truth value - 4, # Most recent measurement - 5, # Status of the sensor 1 == ok, 2 == cannot report, 3 == broken - ]), - - # Threshold - ( ".1.3.6.1.4.1.9.9.91.1.2.1.1", [ - OID_END, - 4, # Thresholds - ]), -] - -snmp_scan_functions['cisco_temp_sensor'] = \ - lambda oid: "cisco" in oid(".1.3.6.1.2.1.1.1.0").lower() and \ - oid(".1.3.6.1.4.1.9.9.91.1.1.1.1.*") != None - -checkgroup_of["cisco_temp_sensor"] = "temperature_auto" + +check_info['cisco_temp_sensor'] = { + "check_function" : check_cisco_temp_sensor, + "inventory_function" : inventory_cisco_temp_sensor, + "service_description": "Temperature %s", + "has_perfdata" : True, + "snmp_scan_function" : lambda oid: "cisco" in oid(".1.3.6.1.2.1.1.1.0").lower() and \ + oid(".1.3.6.1.4.1.9.9.91.1.1.1.1.*") != None, + "snmp_info" : [ + ( ".1.3.6.1.2.1.47.1.1.1.1", [ + OID_END, + 2, # Description of the sensor + ]), + + # Type and current state + ( ".1.3.6.1.4.1.9.9.91.1.1.1.1", [ + OID_END, + 1, # Type (see above), 8 = Celsius, 12 = truth value + 4, # Most recent measurement + 5, # Status of the sensor 1 == ok, 2 == cannot report, 3 == broken + ]), + + # Threshold + ( ".1.3.6.1.4.1.9.9.91.1.2.1.1", [ + OID_END, + 4, # Thresholds + ]), + ], + "group" : "temperature_auto" +} +

10 years, 6 months

Check_MK Git: check_mk: lnx_quota: Added new check to monitor Linux File System Quota

by Lars Michelsen

Module: check_mk Branch: master Commit: 67efa2f17f32dbb41ab9dd330f257a56b9896e5c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=67efa2f17f32db… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Mar 28 19:56:05 2014 +0100 lnx_quota: Added new check to monitor Linux File System Quota This check monitors filesystems where linux user quotas has been configured for users which exceed their space and file quotas. --- .werks/764 | 9 +++++++++ ChangeLog | 1 + 2 files changed, 10 insertions(+) diff --git a/.werks/764 b/.werks/764 new file mode 100644 index 0000000..df81538 --- /dev/null +++ b/.werks/764 @@ -0,0 +1,9 @@ +Title: lnx_quota: Added new check to monitor Linux File System Quota +Level: 1 +Component: checks +Version: 1.2.5i2 +Date: 1396032940 +Class: feature + +This check monitors filesystems where linux user quotas has been +configured for users which exceed their space and file quotas. diff --git a/ChangeLog b/ChangeLog index 13cca8f..59ec71b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ * 0147 enterasys_fans: New Check to monitor fans of enterasys swichtes * 0774 ibm_svc_nodestats.diskio: new check for disk troughput per node on IBM SVC / V7000 devices * 0775 ibm_svc_systemstats.diskio: new check for disk throughput in IBM SVC / V7000 devices in total + * 0764 lnx_quota: Added new check to monitor Linux File System Quota... * 0740 FIX: winperf_if: now able to handle bandwidth > 4GBit...

10 years, 6 months

Check_MK Git: check_mk: lnx_quota: Added new check to monitor Linux File System Quota

by Lars Michelsen

Module: check_mk Branch: master Commit: 79547604b2d139d7ce6d601fe62fd0e9e4974128 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=79547604b2d139… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Mar 28 19:55:30 2014 +0100 lnx_quota: Added new check to monitor Linux File System Quota --- agents/plugins/lnx_quota | 6 +++ checkman/lnx_quota | 22 ++++++++++ checks/lnx_quota | 102 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+) diff --git a/agents/plugins/lnx_quota b/agents/plugins/lnx_quota new file mode 100644 index 0000000..09fde34 --- /dev/null +++ b/agents/plugins/lnx_quota @@ -0,0 +1,6 @@ +#!/bin/bash +echo "<<<lnx_quota>>>" +for VOL in $(grep usrjquota /etc/fstab | cut -d' ' -f2); do + echo "[[[$VOL]]]" + repquota -up $VOL +done diff --git a/checkman/lnx_quota b/checkman/lnx_quota new file mode 100644 index 0000000..2f236e5 --- /dev/null +++ b/checkman/lnx_quota @@ -0,0 +1,22 @@ +title: Linux File System Quotas +agents: linux +catalog: os/storage +license: GPL +distribution: check_mk +description: + This check monitors filesystems where linux user quotas has been configured + for users which exceed their space and file quotas. + + The check uses information provided by the Check_MK linux agent which are + available when the agent has been extended with the {lnx_quota} agent plugin. + +item: + The mountpoint of the filesystem + +perfdata: + Two values per user. {<user>_blocks} reports the currently allocated space + of the user in bytes and {<user>_files} reports the number of files currently + owned by the user. + +inventory: + Creates one check for each filesystem with enabled user quotas diff --git a/checks/lnx_quota b/checks/lnx_quota new file mode 100644 index 0000000..524c217 --- /dev/null +++ b/checks/lnx_quota @@ -0,0 +1,102 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2013 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# ails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +def lnx_quota_parse(info): + parsed = {} + fs = None + for line in info: + if line[0].startswith('[[['): + # new filesystem + fs = line[0][3:-3] + parsed[fs] = {} + elif fs and len(line) == 10: + # new table entry + parsed[fs][line[0]] = map(int, line[2:]) + return parsed + +def inventory_lnx_quota(info): + inv = [] + for fs in lnx_quota_parse(info).keys(): + inv.append((fs, {})) + return inv + +def check_lnx_quota(item, params, info): + parsed = lnx_quota_parse(info) + if item not in parsed: + return 3, 'Quota info not found for this filesystem' + + state = 0 + output = [] + perfdata = [] + + fmt = lambda v, w: w == 'files' and '%d files' % v or get_bytes_human_readable(used*1000, 1000) + + for user, values in parsed[item].items(): + for what, (used, soft, hard, grace) in [ + ('blocks', values[:4]), + ('files', values[4:]) ]: + if soft == 0 and hard == 0: + continue # skip entries with not-set limits + + this_state = 0 + txt = '%s %s' % (user, fmt(used, what)) + if used > hard: + this_state = 2 + txt += ' (over %s hard(!!))' % fmt(hard, what) + elif used > soft: + this_state = 1 + txt += ' (over %s soft' % fmt(soft, what) + if grace != 0: + # user is or was in grace period + if grace <= time.time(): + txt += ', grace exceeded(!!)' + this_state = 2 + else: + txt += ', within grace(!)' + else: + txt += '(!)' + txt += ')' + # When users are in "ok" state, don't output their usage, just + # add the perfdata for them + if this_state: + output.append(txt) + state = max(state, this_state) + + perfdata.append(('%s_%s' % (user, what), used*1000, + soft*1000, hard*1000, 0, hard*1000)) + + if not output: + output.append('All users are within quota') + + return state, ', '.join(output), perfdata + +check_info['lnx_quota'] = { + 'check_function' : check_lnx_quota, + 'inventory_function' : inventory_lnx_quota, + 'service_description' : 'Quota %s', + 'has_perfdata' : True, + 'group' : 'quota', +}

10 years, 6 months

Check_MK Git: check_mk: FIX winperf_if: now able to handle display of bandwidth > 4GBit

by Andreas Boesl

Module: check_mk Branch: master Commit: c8ee9de6e9e0f88fc09708d27a65ce665423b53d URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c8ee9de6e9e0f8… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Fri Mar 28 15:20:55 2014 +0100 FIX winperf_if: now able to handle display of bandwidth > 4GBit If an interface had a bandwidth of > 4GBit the check did not receive the correct bandwidth value, because of a 32 bit counter overflow. Workaround: The windows plugin wmic_if.bat now also reports the correct bandwidth value. If you use this plugin its bandwidth value will have precedence before the bandwidth determined by the agent. --- .werks/740 | 11 +++++++++++ ChangeLog | 2 ++ agents/windows/plugins/wmic_if.bat | 2 +- checks/winperf_if | 3 ++- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.werks/740 b/.werks/740 new file mode 100644 index 0000000..504df72 --- /dev/null +++ b/.werks/740 @@ -0,0 +1,11 @@ +Title: winperf_if: now able to handle display of bandwidth > 4GBit +Level: 1 +Component: checks +Version: 1.2.5i2 +Date: 1396016199 +Class: fix + +If an interface had a bandwidth of > 4GBit the check did not receive +the correct bandwidth value, because of a 32 bit counter overflow. +Workaround: The windows plugin wmic_if.bat now also reports the correct bandwidth value. +If you use this plugin its bandwidth value will have precedence before the bandwidth determined by the agent. diff --git a/ChangeLog b/ChangeLog index 2cdf4e3..62c7302 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 1.2.5i2: Checks & Agents: + * 0147 enterasys_fans: New Check to monitor fans of enterasys swichtes * 0774 ibm_svc_nodestats.diskio: new check for disk troughput per node on IBM SVC / V7000 devices + * 0740 FIX: winperf_if: now able to handle display of bandwidth > 4GBit... 1.2.5i1: diff --git a/agents/windows/plugins/wmic_if.bat b/agents/windows/plugins/wmic_if.bat index 501c892..2192d7e 100644 --- a/agents/windows/plugins/wmic_if.bat +++ b/agents/windows/plugins/wmic_if.bat @@ -1,3 +1,3 @@ @echo off echo ^<^<^<winperf_if:sep^(44^)^>^>^> -wmic path Win32_NetworkAdapter get macaddress,name,netconnectionid,netconnectionstatus /format:csv +wmic path Win32_NetworkAdapter get speed,macaddress,name,netconnectionid,netconnectionstatus /format:csv diff --git a/checks/winperf_if b/checks/winperf_if index a7a7cf6..6035cc3 100644 --- a/checks/winperf_if +++ b/checks/winperf_if @@ -121,6 +121,7 @@ def convert_winperf_if(info): for nr, nic_name in enumerate(nic_names): nic = nics[nic_name] mac_txt = nic.get('MACAddress') + bandwidth = saveint(nic.get('Speed')) if mac_txt: mac = "".join(map(lambda x: chr(int(x, 16)), mac_txt.split(':'))) else: @@ -129,7 +130,7 @@ def convert_winperf_if(info): str(nr + 1), nic_name, "loopback" in nic_name.lower() and '24' or '6', - nic[10], # Aktuelle Bandbreite + bandwidth or nic[10], # Aktuelle Bandbreite # NetConnectionStatus: 2 st up, 7 ist 'not connected'. If the plugin # wmic_if is missing and we have link information we need to assume 'up': nic.get('NetConnectionStatus', '2') == '2' and '1' or '2',

10 years, 6 months

Check_MK Git: check_mk: fixed wording in check manpage of ibm_svc_nodestats .diskio

by Bernd Stroessenreuther

Module: check_mk Branch: master Commit: bbc4e718c9b023bdb588ee265c208a045d58646c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bbc4e718c9b023… Author: Bernd Stroessenreuther <bs(a)mathias-kettner.de> Date: Fri Mar 28 15:06:11 2014 +0100 fixed wording in check manpage of ibm_svc_nodestats.diskio --- checkman/ibm_svc_nodestats.diskio | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkman/ibm_svc_nodestats.diskio b/checkman/ibm_svc_nodestats.diskio index 79e1311..523c197 100644 --- a/checkman/ibm_svc_nodestats.diskio +++ b/checkman/ibm_svc_nodestats.diskio @@ -13,7 +13,7 @@ item: "Drives", "MDisks" or "VDisks" plus the name of the node. inventory: - Creates one check for every Drive, MDisk or VDisk on every node. + Creates one check for Drives, one for MDisks and one for VDisks per node. perfdata: Two values: Throughput read and throughput write in Bytes/sec.

10 years, 6 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits