Module: check_mk
Branch: master
Commit: 953c2b1734b2ff472a956db5fd9caf331f327294
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=953c2b1734b2ff…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Aug 21 13:12:42 2014 +0200
#1373 SEC Do not ouput complete command line when datasource programs fail
When executing a datasource program like <tt>agent_vsphere</tt>
fails, then Check_MK used to output the complete command line
as plugin output of the Check_MK active check as part of an error
message. The commandline could contain passwords - however. So this
has now been changed into just outputting the path to the executable
(e.g.
<tt>/omd/sites/mysite/share/check_mk/agents/special/agent_vsphere</tt>).
---
.werks/1373 | 15 +++++++++++++++
ChangeLog | 1 +
modules/check_mk_base.py | 6 ++++--
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/.werks/1373 b/.werks/1373
new file mode 100644
index 0000000..07d43d4
--- /dev/null
+++ b/.werks/1373
@@ -0,0 +1,15 @@
+Title: Do not ouput complete command line when datasource programs fail
+Level: 2
+Component: core
+Class: security
+Compatible: compat
+State: unknown
+Version: 1.2.5i6
+Date: 1408619422
+
+When executing a datasource program like <tt>agent_vsphere</tt>
+fails, then Check_MK used to output the complete command line
+as plugin output of the Check_MK active check as part of an error
+message. The commandline could contain passwords - however. So this
+has now been changed into just outputting the path to the executable
+(e.g.
<tt>/omd/sites/mysite/share/check_mk/agents/special/agent_vsphere</tt>).
diff --git a/ChangeLog b/ChangeLog
index 17f90eb..cf9109b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
1.2.5i6:
Core & Setup:
* 1008 Overall check timeout for Check_MK checks now defaults to CRIT state...
+ * 1373 SEC: Do not ouput complete command line when datasource programs fail...
Checks & Agents:
* 0185 knuerr_rms_humidity, knuerr_rms_temp: Two new Checks to Monitor the
Temperature and the Humidity on Knürr RMS Devices
diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py
index 7d2277e..cd01442 100644
--- a/modules/check_mk_base.py
+++ b/modules/check_mk_base.py
@@ -656,6 +656,8 @@ def get_agent_info(hostname, ipaddress, max_cache_age):
# Get data in case of external program
def get_agent_info_program(commandline):
+ exepath = commandline.split()[0] # for error message, hide options!
+
import subprocess
if opt_verbose:
sys.stderr.write("Calling external program %s\n" % commandline)
@@ -664,11 +666,11 @@ def get_agent_info_program(commandline):
stdout, stderr = p.communicate()
exitstatus = p.returncode
except Exception, e:
- raise MKAgentError("Could not execute '%s': %s" % (commandline,
e))
+ raise MKAgentError("Could not execute '%s': %s" % (exepath,
e))
if exitstatus:
if exitstatus == 127:
- raise MKAgentError("Program '%s' not found (exit code 127)"
% (commandline,))
+ raise MKAgentError("Program '%s' not found (exit code 127)"
% exepath)
else:
raise MKAgentError("Agent exited with code %d: %s" % (exitstatus,
stderr))
return stdout