tyler.durden
/
centreon-plugins
mirror of https://github.com/centreon/centreon-plugins.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(core) add snmp tls options (#3711)

This commit is contained in:
qgarnier 2022-06-03 12:05:52 +02:00 committed by GitHub
parent 197e812814
commit 0fa6eee48c
1 changed files with 51 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
centreon-plugins/centreon/plugins/snmp.pm
View File

@ -64,6 +64,11 @@ sub new {
'contextname:s' => { name => 'snmp_context_name' },
'contextengineid:s' => { name => 'snmp_context_engine_id' },
'securityengineid:s' => { name => 'snmp_security_engine_id' },
'snmp-tls-transport:s' => { name => 'snmp_tls_transport' },
'snmp-tls-our-identity:s' => { name => 'snmp_tls_our_identity' },
'snmp-tls-their-identity:s' => { name => 'snmp_tls_their_identity' },
'snmp-tls-their-hostname:s' => { name => 'snmp_tls_their_hostname' },
'snmp-tls-trust-cert:s ' => { name => 'snmp_tls_trust_cert' },
'snmp-errors-exit:s' => { name => 'snmp_errors_exit', default => 'unknown' },
});
$options{options}->add_help(package => __PACKAGE__, sections => 'SNMP OPTIONS');
@ -796,11 +801,12 @@ sub check_options {
$self->{snmp_params}->{SecName} = $options{option_results}->{snmp_security_name} if (defined($options{option_results}->{snmp_security_name}));
# Certificate SNMPv3. Need net-snmp > 5.6
if ($options{option_results}->{host} =~ /^(dtls|tls|ssh).*:/) {
$self->{snmp_params}->{OurIdentity} = $options{option_results}->{snmp_our_identity} if (defined($options{option_results}->{snmp_our_identity}));
$self->{snmp_params}->{TheirIdentity} = $options{option_results}->{snmp_their_identity} if (defined($options{option_results}->{snmp_their_identity}));
$self->{snmp_params}->{TheirHostname} = $options{option_results}->{snmp_their_hostname} if (defined($options{option_results}->{snmp_their_hostname}));
$self->{snmp_params}->{TrustCert} = $options{option_results}->{snmp_trust_cert} if (defined($options{option_results}->{snmp_trust_cert}));
if (defined($options{option_results}->{snmp_tls_transport}) && $options{option_results}->{snmp_tls_transport} =~ /^dtlsudp|tlstcp$/) {
$self->{snmp_params}->{DestHost} = $options{option_results}->{snmp_tls_transport} . ':' . $options{option_results}->{host};
$self->{snmp_params}->{OurIdentity} = $options{option_results}->{snmp_tls_our_identity} if (defined($options{option_results}->{snmp_tls_our_identity}));
$self->{snmp_params}->{TheirIdentity} = $options{option_results}->{snmp_tls_their_identity} if (defined($options{option_results}->{snmp_tls_their_identity}));
$self->{snmp_params}->{TheirHostname} = $options{option_results}->{snmp_tls_their_hostname} if (defined($options{option_results}->{snmp_tls_their_hostname}));
$self->{snmp_params}->{TrustCert} = $options{option_results}->{snmp_tls_trust_cert} if (defined($options{option_results}->{snmp_tls_trust_cert}));
$self->{snmp_params}->{SecLevel} = 'authPriv';
return ;
}
@ -1053,6 +1059,36 @@ Security engine ID
Exit code for SNMP Errors (default: unknown)
=item B<--snmp-tls-transport>
TLS Transport communication used (can be: 'dtlsudp', 'tlstcp').
=item B<--snmp-tls-our-identity>
Our X.509 identity to use, which should either be a fingerprint or the
filename that holds the certificate.
=item B<--snmp-tls-their-identity>
The remote server's identity to connect to, specified as either a
fingerprint or a file name. Either this must be specified, or the
hostname below along with a trust anchor.
=item B<--snmp-tls-their-hostname>
The remote server's hostname that is expected. If their certificate
was signed by a CA then their hostname presented in the certificate
must match this value or the connection fails to be established (to
avoid man-in-the-middle attacks).
=item B<--snmp-tls-trust-cert>
A trusted certificate to use as trust anchor (like a CA certificate)
for verifying a remote server's certificate. If a CA certificate is
used to validate a certificate then the TheirHostname parameter must
also be specified to ensure their presented hostname in the certificate
matches.
=back
=head1 DESCRIPTION