From 1d79eba153506c39336617e0046a61aee4eccc9c Mon Sep 17 00:00:00 2001 From: qgarnier Date: Mon, 15 Nov 2021 16:35:33 +0100 Subject: [PATCH] enh(core): add snmp strong authentication and privacy (net-snmp 5.9.1) --- centreon/plugins/snmp.pm | 12 ++++++------ os/linux/local/mode/discoverysnmpv3.pm | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/centreon/plugins/snmp.pm b/centreon/plugins/snmp.pm index 19ade326b..8442b9d08 100644 --- a/centreon/plugins/snmp.pm +++ b/centreon/plugins/snmp.pm @@ -814,8 +814,8 @@ sub check_options { $self->{output}->option_exit(); } $options{option_results}->{snmp_auth_protocol} = uc($options{option_results}->{snmp_auth_protocol}); - if ($options{option_results}->{snmp_auth_protocol} ne 'MD5' && $options{option_results}->{snmp_auth_protocol} ne 'SHA') { - $self->{output}->add_option_msg(short_msg => 'Wrong authentication protocol. Must be MD5 or SHA.'); + if ($options{option_results}->{snmp_auth_protocol} !~ /^(?:MD5|SHA|SHA224|SHA256|SHA384|SHA512)$/) { + $self->{output}->add_option_msg(short_msg => 'Wrong authentication protocol.'); $self->{output}->option_exit(); } @@ -832,8 +832,8 @@ sub check_options { } $options{option_results}->{snmp_priv_protocol} = uc($options{option_results}->{snmp_priv_protocol}); - if ($options{option_results}->{snmp_priv_protocol} ne 'DES' && $options{option_results}->{snmp_priv_protocol} ne 'AES') { - $self->{output}->add_option_msg(short_msg => 'Wrong privacy protocol. Must be DES or AES.'); + if ($options{option_results}->{snmp_priv_protocol} !~ /^(?:DES|AES|AES192|AES192C|AES256|AES256C)$/) { + $self->{output}->add_option_msg(short_msg => 'Wrong privacy protocol.'); $self->{output}->option_exit(); } if ($user_activate == 0) { @@ -1007,7 +1007,7 @@ Authentication protocol pass phrase. =item B<--authprotocol> -Authentication protocol (MD5|SHA) +Authentication protocol: MD5|SHA. Since net-snmp 5.9.1: SHA224|SHA256|SHA384|SHA512. =item B<--privpassphrase> @@ -1015,7 +1015,7 @@ Privacy protocol pass phrase =item B<--privprotocol> -Privacy protocol (DES|AES) +Privacy protocol: DES|AES. Since net-snmp 5.9.1: AES192|AES192C|AES256|AES256C. =item B<--contextname> diff --git a/os/linux/local/mode/discoverysnmpv3.pm b/os/linux/local/mode/discoverysnmpv3.pm index 98423f0e1..ab26425fc 100644 --- a/os/linux/local/mode/discoverysnmpv3.pm +++ b/os/linux/local/mode/discoverysnmpv3.pm @@ -78,8 +78,8 @@ sub check_options { $self->{output}->option_exit(); } $self->{option_results}->{snmp_auth_protocol} = uc($self->{option_results}->{snmp_auth_protocol}); - if ($self->{option_results}->{snmp_auth_protocol} ne 'MD5' && $self->{option_results}->{snmp_auth_protocol} ne 'SHA') { - $self->{output}->add_option_msg(short_msg => 'Wrong authentication protocol. Must be MD5 or SHA.'); + if ($self->{option_results}->{snmp_auth_protocol} !~ /^(?:MD5|SHA|SHA224|SHA256|SHA384|SHA512)$/) { + $self->{output}->add_option_msg(short_msg => 'Wrong authentication protocol.'); $self->{output}->option_exit(); } $self->{snmp}->set_snmp_connect_params(SecLevel => 'authNoPriv'); @@ -94,8 +94,8 @@ sub check_options { $self->{output}->option_exit(); } $self->{option_results}->{snmp_priv_protocol} = uc($self->{option_results}->{snmp_priv_protocol}); - if ($self->{option_results}->{snmp_priv_protocol} ne 'DES' && $self->{option_results}->{snmp_priv_protocol} ne 'AES') { - $self->{output}->add_option_msg(short_msg => 'Wrong privacy protocol. Must be DES or AES.'); + if ($self->{option_results}->{snmp_priv_protocol} !~ /^(?:DES|AES|AES192|AES192C|AES256|AES256C)$/) { + $self->{output}->add_option_msg(short_msg => 'Wrong privacy protocol.'); $self->{output}->option_exit(); } if ($user_activate == 0) {