Monitoring/ssh-wrapper-for-monitoring
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add some more paths/regex to allowed commands

Browse source
This commit is contained in:
Sven Velt 2018-06-11 10:08:04 +02:00
parent eef01a1064
commit 0cf34f23ae
1 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
ssh-wrapper.py
View file

@ -7,12 +7,27 @@ import subprocess
import sys import sys
allowed = [ allowed = [
r'^/usr/bin/lsb_release\s+-d$', ##### System informations
r'^/usr/bin/lsb_release\s+-d$', # Linux
r'^/(usr/)?bin/uname\s+-mrs$', # Linux, BSD & others
##### Complete command lines (Monitoring-Plugins on Debian)
r'^/usr/lib/nagios/plugins/check_disk -w \d+% -c \d+% -p /[/a-z]*$', r'^/usr/lib/nagios/plugins/check_disk -w \d+% -c \d+% -p /[/a-z]*$',
r'^/usr/lib/nagios/plugins/check_load -w \d+(,\d+,\d+)? -c \d+(,\d+,\d+)?$', r'^/usr/lib/nagios/plugins/check_load -w \d+(,\d+,\d+)? -c \d+(,\d+,\d+)?$',
r'^/usr/lib/nagios/plugins/check_mysql -u [a-z]+ -p [0-9a-zA-Z]+', r'^/usr/lib/nagios/plugins/check_mysql -u [a-z]+ -p [0-9a-zA-Z]+',
r'^/usr/lib/nagios/plugins/check_mysql_health --user(name)?=[a-z]+ --pass(word)?=[0-9a-zA-Z]+ --mode=[a-z-]+$', r'^/usr/lib/nagios/plugins/check_mysql_health --user(name)?=[a-z]+ --pass(word)?=[0-9a-zA-Z]+ --mode=[a-z-]+$',
# r'^/usr/lib/nagios/plugins/check_',
##### Simplified/combined (and a little bit less secure)
### most Linux distributions (with "sudo" and "doas")
# r'^/usr/lib/(nagios/plugins|monitoring-plugins)/check_',
# r'^sudo\s+/usr/lib/(nagios/plugins|monitoring-plugins)/check_',
# r'^doas\s+/usr/lib/(nagios/plugins|monitoring-plugins)/check_',
### *BSD (with "sudo" and "doas")
# r'^/usr/local/libexec/nagios/check_',
# r'^sudo\s+/usr/local/libexec/nagios/check_',
# r'^doas\s+/usr/local/libexec/nagios/check_',
] ]
cmdline = os.getenv('SSH_ORIGINAL_COMMAND') cmdline = os.getenv('SSH_ORIGINAL_COMMAND')