f8934c59f9
Squashed commit of the following: commit 621e91d31ac04c7a692fb87a5cdf9235489e75b9 Author: Sven Velt <sven@velt.de> Date: Wed Nov 27 22:31:44 2019 +0100 Decode byte strings to UTF-8 commit 92c878cc8f14d66f54b1ed9d4587f41902e4c537 Author: Sven Velt <sven@velt.de> Date: Wed Nov 27 16:02:54 2019 +0100 2to3, interpreter changed Es werden aber binäre Strings ausgegeben :-/
55 lines
1.8 KiB
Python
Executable file
55 lines
1.8 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
|
|
import os
|
|
import re
|
|
import shlex
|
|
import subprocess
|
|
import sys
|
|
|
|
allowed = [
|
|
##### System informations
|
|
r'^/usr/bin/lsb_release\s+-d$', # Linux
|
|
r'^/(usr/)?bin/uname\s+-mrs$', # Linux, BSD & others
|
|
r'''^/(usr/)?s?bin/awk -F'"' -e '/PRETTY_NAME/{ print \$2; }' /etc/os-release''', # Linux: /etc/os-release via awk for get_os.py
|
|
|
|
##### Complete command lines (Monitoring-Plugins on Debian)
|
|
r'^/usr/lib/nagios/plugins/check_disk -w \d+% -c \d+% -p /[/a-z]*$',
|
|
r'^/usr/lib/nagios/plugins/check_load -w \d+(,\d+,\d+)? -c \d+(,\d+,\d+)?$',
|
|
r'^/usr/lib/nagios/plugins/check_mysql -u [a-z]+ -p [0-9a-zA-Z]+',
|
|
r'^/usr/lib/nagios/plugins/check_mysql_health --user(name)?=[a-z]+ --pass(word)?=[0-9a-zA-Z]+ --mode=[a-z-]+$',
|
|
|
|
##### Simplified/combined (and a little bit less secure)
|
|
|
|
### most Linux distributions (with "sudo" and "doas")
|
|
# r'^/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
|
|
# r'^sudo\s+/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
|
|
# r'^doas\s+/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
|
|
|
|
### *BSD (with "sudo" and "doas")
|
|
# r'^/usr/local/libexec/nagios/check_',
|
|
# r'^sudo\s+/usr/local/libexec/nagios/check_',
|
|
# r'^doas\s+/usr/local/libexec/nagios/check_',
|
|
]
|
|
|
|
cmdline = os.getenv('SSH_ORIGINAL_COMMAND')
|
|
if not cmdline:
|
|
print('This is just a wrapper, no command specified!')
|
|
sys.exit(3)
|
|
|
|
for maybe in allowed:
|
|
if re.match(maybe, cmdline):
|
|
cmdline = shlex.split(cmdline)
|
|
|
|
try:
|
|
cmd = subprocess.Popen(cmdline, stdout=subprocess.PIPE)
|
|
except Exception as exc:
|
|
print('Could not execute plugin ("%s"): %s' % (' '.join(cmdline), exc))
|
|
sys.exit(3)
|
|
else:
|
|
print(cmd.communicate()[0].rstrip().decode('utf-8'))
|
|
sys.exit(cmd.returncode)
|
|
|
|
print('%s: No allowed command found!' % sys.argv[0])
|
|
sys.exit(3)
|
|
|