Module: check_mk
Branch: master
Commit: 8c991b98ecc54dc8f87c8a4897cc2c4603fc546e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8c991b98ecc54d…
Author: Alexander Wilms <aw(a)mathias-kettner.de>
Date: Thu Dec 13 13:34:55 2018 +0100
Add Windows alert handler example to doc/treasures
Change-Id: I1b2254953aa786bf4859059958c668520ea4c0fa
---
doc/treasures/alert_handler/windows/README | 52 ++++++++++++++++++
doc/treasures/alert_handler/windows/windows_remote | 51 ++++++++++++++++++
.../windows/windows_remote_alert_handler.py | 63 ++++++++++++++++++++++
3 files changed, 166 insertions(+)
diff --git a/doc/treasures/alert_handler/windows/README
b/doc/treasures/alert_handler/windows/README
new file mode 100644
index 0000000..076654b
--- /dev/null
+++ b/doc/treasures/alert_handler/windows/README
@@ -0,0 +1,52 @@
+#.
+# .--Security Warning----------------------------------------------------.
+# | ____ _ _ |
+# | / ___| ___ ___ _ _ _ __(_) |_ _ _ |
+# | \___ \ / _ \/ __| | | | '__| | __| | | | |
+# | ___) | __/ (__| |_| | | | | |_| |_| | |
+# | |____/ \___|\___|\__,_|_| |_|\__|\__, | |
+# | |___/ |
+# | __ __ _ |
+# | \ \ / /_ _ _ __ _ __ (_)_ __ __ _ |
+# | \ \ /\ / / _` | '__| '_ \| | '_ \ / _` | |
+# | \ V V / (_| | | | | | | | | | | (_| | |
+# | \_/\_/ \__,_|_| |_| |_|_|_| |_|\__, | |
+# | |___/ |
+# +----------------------------------------------------------------------+
+# | Use this alert handler at your own risk! |
+# | It can execute arbritrary code with permissions |
+# | of the configured windows user! |
+# '----------------------------------------------------------------------'
+
+
+
+#.
+# .--Installation--------------------------------------------------------.
+# | ___ _ _ _ _ _ |
+# | |_ _|_ __ ___| |_ __ _| | | __ _| |_(_) ___ _ __ |
+# | | || '_ \/ __| __/ _` | | |/ _` | __| |/ _ \| '_ \ |
+# | | || | | \__ \ || (_| | | | (_| | |_| | (_) | | | | |
+# | |___|_| |_|___/\__\__,_|_|_|\__,_|\__|_|\___/|_| |_| |
+# | |
+# +----------------------------------------------------------------------+
+# | |
+# '----------------------------------------------------------------------'
+Check_MK
+1. Copy windows_remote to
/opt/omd/sites/<mysite>/local/share/check_mk/alert_handlers
+2. Copy windows_remote_alert_handler.py to
/opt/omd/sites/<mysite>/local/share/check_mk/web/plugins/wato/
+3. Install pypsrp into <mysite>: su - mystite; pip install pypsrp
+4. Configure the alert handler rule in WATO/Alert Handlers, supply User, Password and
command to execute
+
+Windows
+As user credentials are transferred via network, this alert handler is designed to use
HTTPS as transport mode.
+Therefore you have to enable the WinRM HTTPS listener on windows, at least with a self
signed certificate.
+For simplicity the certificate validation is set to false. To increase security you may
enable validation and use
+valid public certificate chains instead
+
+1. Create a self-signed certificate using administrative powershell:
+ New-SelfSignedCertificate -DnsName <myhostname> -CertStoreLocation
Cert:\LocalMachine\My
+2. Create HTTPS listener and bind certificate to it using administrative cmd:
+ winrm create winrm/config/Listener?Address=*+Transport=HTTPS
@{Hostname="<myhostname>"; CertificateThumbprint="<thumbprint from
step 1>"}
+3. You may need to open the firewall. Also this will work in the NLA profiles
"Domain" and "Private" only!
+
+
diff --git a/doc/treasures/alert_handler/windows/windows_remote
b/doc/treasures/alert_handler/windows/windows_remote
new file mode 100755
index 0000000..c283b85
--- /dev/null
+++ b/doc/treasures/alert_handler/windows/windows_remote
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+# PowerShell Remoting Protocol Client
+
+import os
+import sys
+
+from pypsrp.client import Client
+
+import cmk.password_store
+
+
+def from_environment(env):
+ user = os.environ.get("PARAMETER_RUNAS")
+ password = os.environ.get("PARAMETER_PASSWORD")
+ command = os.environ.get("PARAMETER_COMMAND")
+ address = os.environ.get("ALERT_HOSTADDRESS")
+
+ if not user or not command or not password:
+ sys.stdout.write("Need user, password and command as arguments")
+ sys.exit(3)
+
+ if not address:
+ sys.stdout.write("Environment ALERT_HOSTADDRESS is missing\n")
+ sys.exit(3)
+
+ return user, password, command, address
+
+
+def main(argv=None):
+ if argv is None:
+ argv = sys.argv
+
+ user, password, command, address = from_environment(os.environ)
+
+ if password.startswith("store\t"):
+ password_id = password.split("\t", 1)[1]
+ try:
+ password = cmk.password_store.load().get(password_id)
+ except KeyError:
+ raise Exception("pwstore: Password '%s' does not exist" %
password_id)
+ elif password.startswith("password\t"):
+ password = password.split("\t", 1)[1]
+
+ client = Client(address, username=user, password=password, cert_validation=False)
+ stdout, stderr, rc = client.execute_cmd(command)
+
+ return rc
+
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/doc/treasures/alert_handler/windows/windows_remote_alert_handler.py
b/doc/treasures/alert_handler/windows/windows_remote_alert_handler.py
new file mode 100644
index 0000000..45adc69
--- /dev/null
+++ b/doc/treasures/alert_handler/windows/windows_remote_alert_handler.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# .------------------------------------------------------------------------.
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |_____| |
+# | _____ _ _ |
+# | | ____|_ __ | |_ ___ _ __ _ __ _ __(_)___ ___ |
+# | | _| | '_ \| __/ _ \ '__| '_ \| '__| / __|/ _ \
|
+# | | |___| | | | || __/ | | |_) | | | \__ \ __/ |
+# | |_____|_| |_|\__\___|_| | .__/|_| |_|___/\___| |
+# | |_| |
+# | _____ _ _ _ _ |
+# | | ____|__| (_) |_(_) ___ _ __ |
+# | | _| / _` | | __| |/ _ \| '_ \ |
+# | | |__| (_| | | |_| | (_) | | | | |
+# | |_____\__,_|_|\__|_|\___/|_| |_| |
+# | |
+# |
mathias-kettner.com mathias-kettner.de |
+# '------------------------------------------------------------------------'
+# This file is part of the Check_MK Enterprise Edition (CEE).
+# Copyright by Mathias Kettner and Mathias Kettner GmbH. All rights reserved.
+#
+# Distributed under the Check_MK Enterprise License.
+#
+# You should have received a copy of the Check_MK Enterprise License
+# along with Check_MK. If not, email to mk(a)mathias-kettner.de
+# or write to the postal address provided at
www.mathias-kettner.de
+
+
+register_alert_handler_parameters(
+ "windows_remote",
+ Dictionary(
+ title = _("Remote execution on Windows via WMI"),
+ help = _("This alert handler allows the remote execution of scripts and
programs "
+ "on Windows systems via WMI. Please note that this configuration is
saved "
+ "in clear text (including the password!). We have not made any
influence on "
+ "the security settings of the target Window hosts. If you don't
secure the "
+ "WMI access, the credentials might be used to execute arbitrary
commands on "
+ "the remote system. Use with caution!"),
+ elements = [
+ ("runas", TextAscii(
+ title = _("User to run handler as"),
+ allow_empty = False,
+ regex = re.compile('^[a-zA-Z_][-/a-zA-Z0-9_\\\\]*$'),
+ regex_error = _("Your input does not match the required
format.") \
+ + " " + _("Expected syntax:
[domain/]username")
+ )),
+ ("password", PasswordFromStore(
+ title = _("Password of the user"),
+ allow_empty = False,
+ )),
+ ("command", TextAscii(
+ title = _("Command to execute"),
+ allow_empty = False,
+ )),
+ ],
+ optional_keys = False,
+ )
+)