2017-11-29 10:56:36 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
import os
|
|
|
|
import re
|
|
|
|
import shlex
|
|
|
|
import subprocess
|
|
|
|
import sys
|
|
|
|
|
|
|
|
allowed = [
|
2018-06-11 08:08:04 +00:00
|
|
|
##### System informations
|
|
|
|
r'^/usr/bin/lsb_release\s+-d$', # Linux
|
|
|
|
r'^/(usr/)?bin/uname\s+-mrs$', # Linux, BSD & others
|
2019-12-11 11:43:59 +00:00
|
|
|
r'''^/(usr/)?s?bin/awk -F'"' (-e\s*)?'/PRETTY_NAME/{ print \$2; }' /etc/os-release''', # Linux: /etc/os-release via awk for get_os.py
|
2018-06-11 08:08:04 +00:00
|
|
|
|
|
|
|
##### Complete command lines (Monitoring-Plugins on Debian)
|
2017-11-29 10:56:36 +00:00
|
|
|
r'^/usr/lib/nagios/plugins/check_disk -w \d+% -c \d+% -p /[/a-z]*$',
|
|
|
|
r'^/usr/lib/nagios/plugins/check_load -w \d+(,\d+,\d+)? -c \d+(,\d+,\d+)?$',
|
|
|
|
r'^/usr/lib/nagios/plugins/check_mysql -u [a-z]+ -p [0-9a-zA-Z]+',
|
|
|
|
r'^/usr/lib/nagios/plugins/check_mysql_health --user(name)?=[a-z]+ --pass(word)?=[0-9a-zA-Z]+ --mode=[a-z-]+$',
|
2018-06-11 08:08:04 +00:00
|
|
|
|
|
|
|
##### Simplified/combined (and a little bit less secure)
|
|
|
|
|
|
|
|
### most Linux distributions (with "sudo" and "doas")
|
2019-11-27 21:34:16 +00:00
|
|
|
# r'^/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
|
|
|
|
# r'^sudo\s+/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
|
|
|
|
# r'^doas\s+/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
|
2018-06-11 08:08:04 +00:00
|
|
|
|
|
|
|
### *BSD (with "sudo" and "doas")
|
|
|
|
# r'^/usr/local/libexec/nagios/check_',
|
|
|
|
# r'^sudo\s+/usr/local/libexec/nagios/check_',
|
|
|
|
# r'^doas\s+/usr/local/libexec/nagios/check_',
|
2017-11-29 10:56:36 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
cmdline = os.getenv('SSH_ORIGINAL_COMMAND')
|
2017-11-29 10:57:11 +00:00
|
|
|
if not cmdline:
|
|
|
|
print 'This is just a wrapper, no command specified!'
|
|
|
|
sys.exit(3)
|
2017-11-29 10:56:36 +00:00
|
|
|
|
|
|
|
for maybe in allowed:
|
|
|
|
if re.match(maybe, cmdline):
|
|
|
|
cmdline = shlex.split(cmdline)
|
|
|
|
|
2017-11-29 10:57:11 +00:00
|
|
|
try:
|
|
|
|
cmd = subprocess.Popen(cmdline, stdout=subprocess.PIPE)
|
|
|
|
except Exception, exc:
|
|
|
|
print 'Could not execute plugin ("%s"): %s' % (' '.join(cmdline), exc)
|
|
|
|
sys.exit(3)
|
|
|
|
else:
|
|
|
|
print cmd.communicate()[0].rstrip()
|
|
|
|
sys.exit(cmd.returncode)
|
2017-11-29 10:56:36 +00:00
|
|
|
|
2017-11-29 10:57:11 +00:00
|
|
|
print '%s: No allowed command found!' % sys.argv[0]
|
2017-11-29 10:56:36 +00:00
|
|
|
sys.exit(3)
|
|
|
|
|