diff --git a/debian/config/check_kernel b/debian/config/check_kernel deleted file mode 100644 index ffb6040d6..000000000 --- a/debian/config/check_kernel +++ /dev/null @@ -1 +0,0 @@ -nagios ALL=(ALL:ALL) NOPASSWD: /etc/icinga2/scripts/check_kernel diff --git a/debian/config/kernel.conf b/debian/config/kernel.conf deleted file mode 100644 index 0f8907379..000000000 --- a/debian/config/kernel.conf +++ /dev/null @@ -1,13 +0,0 @@ -/* - * This check requires the "sudo" and "binutils" packages to be installed. - * You will also need to add the following line to your /etc/sudoers file: - * nagios ALL=(ALL:ALL) NOPASSWD: /etc/icinga2/scripts/check_kernel - */ - -object Service "kernel" { - import "generic-service" - - host_name = "localhost" - check_command = "kernel" -} - diff --git a/debian/control b/debian/control index c0540d518..1d635774a 100644 --- a/debian/control +++ b/debian/control @@ -40,7 +40,7 @@ Description: host and network monitoring system Package: icinga2-common Architecture: all -Depends: adduser, sudo, binutils, ${misc:Depends} +Depends: adduser, lsb-release, ${misc:Depends} Description: host and network monitoring system - common files Icinga 2 is still in development and not ready for production use! . diff --git a/debian/icinga2-common.install b/debian/icinga2-common.install index 7d585b164..a9f72565c 100644 --- a/debian/icinga2-common.install +++ b/debian/icinga2-common.install @@ -1,8 +1,6 @@ debian/tmp/etc/icinga2 debian/tmp/etc/logrotate.d debian/config/apt.conf etc/icinga2/conf.d/hosts/localhost -debian/config/kernel.conf etc/icinga2/conf.d/hosts/localhost -debian/config/check_kernel etc/sudoers.d usr/bin/icinga2-build* usr/bin/icinga2-sign-key usr/sbin/icinga2-*-feature diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt index 030af32fe..0ee812d77 100644 --- a/etc/CMakeLists.txt +++ b/etc/CMakeLists.txt @@ -35,6 +35,7 @@ install_if_not_exists(icinga2/conf.d/hosts/localhost.conf ${CMAKE_INSTALL_SYSCON install_if_not_exists(icinga2/conf.d/hosts/localhost/disk.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) install_if_not_exists(icinga2/conf.d/hosts/localhost/http.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) install_if_not_exists(icinga2/conf.d/hosts/localhost/icinga.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) +install_if_not_exists(icinga2/conf.d/hosts/localhost/kernel.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) install_if_not_exists(icinga2/conf.d/hosts/localhost/load.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) install_if_not_exists(icinga2/conf.d/hosts/localhost/procs.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) install_if_not_exists(icinga2/conf.d/hosts/localhost/ssh.conf ${CMAKE_INSTALL_SYSCONFDIR}/icinga2/conf.d/hosts/localhost) diff --git a/etc/icinga2/conf.d/commands.conf b/etc/icinga2/conf.d/commands.conf index 16c0d63bb..1be51ef6b 100644 --- a/etc/icinga2/conf.d/commands.conf +++ b/etc/icinga2/conf.d/commands.conf @@ -3,7 +3,7 @@ object CheckCommand "kernel" { import "plugin-check-command" - command = [ "sudo", SysconfDir + "/icinga2/scripts/check_kernel" ] + command = [ SysconfDir + "/icinga2/scripts/check_kernel" ] } object NotificationCommand "mail-host-notification" { diff --git a/etc/icinga2/conf.d/hosts/localhost/kernel.conf b/etc/icinga2/conf.d/hosts/localhost/kernel.conf new file mode 100644 index 000000000..234114074 --- /dev/null +++ b/etc/icinga2/conf.d/hosts/localhost/kernel.conf @@ -0,0 +1,7 @@ +object Service "kernel" { + import "generic-service" + + host_name = "localhost" + check_command = "kernel" +} + diff --git a/etc/icinga2/scripts/check_kernel b/etc/icinga2/scripts/check_kernel index 817c11e57..77ad62391 100755 --- a/etc/icinga2/scripts/check_kernel +++ b/etc/icinga2/scripts/check_kernel @@ -1,109 +1,65 @@ #!/bin/bash - -# Check if the running kernel has the same version string as the on-disk -# kernel image. - -# Copyright 2008 Peter Palfrader +# Icinga 2 +# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) # -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. # -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -OK=0; -WARNING=1; -CRITICAL=2; -UNKNOWN=3; +if [ -e /etc/debian_version ]; then + if [ "$(lsb_release -s -i)" = "Debian" ]; then + latest_kernel=$(dpkg-query -W -f='${Version}' linux-image-$(uname -r)) + current_kernel=$(uname -v | awk '{print $4}') -get_offset() { - local file needle + if [ "x$latest_kernel" != "x$current_kernel" ]; then + echo "A kernel upgrade is available: $(uname -r) ($latest_kernel) - currently running: $(uname -r) ($current_kernel)" + exit 2 + fi + else + IFS=$'\n' + for pkginfo in $(dpkg-query -W -f '${Source}\t${Depends}\n' 'linux-image-*'); do + source=$(echo $pkginfo | cut -f1 -d$'\t') + if [ "$source" != "linux-meta" -a "$source" != "linux-latest" ]; then + continue + fi - file="$1" - needle="$2" - perl -e ' - undef $/; - $i = index(<>, "'"$needle"'"); - if ($i < 0) { - exit 1; - }; - print $i,"\n"' < "$file" -} - -get_image() { - local image GZHDR1 GZHDR2 off - - image="$1" - - GZHDR1="\x1f\x8b\x08\x00" - GZHDR2="\x1f\x8b\x08\x08" - - off=`get_offset "$image" $GZHDR1` - [ "$?" != "0" ] && off="-1" - if [ "$off" -eq "-1" ]; then - off=`get_offset "$image" $GZHDR2` - [ "$?" != "0" ] && off="-1" + depends=$(echo $pkginfo | cut -f2 -d$'\t') + IFS=',' + for depend in $depends; do + name=$(echo $depend | awk '{print $1}') + if ! echo $name | grep -E linux-image-[0-9] >/dev/null; then + continue + fi + version=$(echo $depend | cut -f3- -d-) + if [ "$name" != "linux-image-$(uname -r)" ]; then + echo "A kernel upgrade is available: $version - currently running: $(uname -r)" + exit 2 + fi + done + IFS=$'\n' + done fi - if [ "$off" -eq "0" ]; then - zcat < "$image" - return - elif [ "$off" -ne "-1" ]; then - (dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null - return +elif [ -e /etc/redhat-release ]; then + latest_kernel=`rpm -q --last kernel | head -n 1 | awk '{print $1}' | cut -f2- -d-` + current_kernel=`uname -r` + if [ "x$latest_kernel" != "x$current_kernel" ]; then + echo "A kernel upgrade is available: $latest_kernel - currently running: $current_kernel" + exit 2 fi - - echo "ERROR: Unable to extract kernel image." 2>&1 - exit 1 -} - -searched="" -for on_disk in \ - "/boot/vmlinuz-`uname -r`"\ - "/boot/vmlinux-`uname -r`"; do - - if [ -e "$on_disk" ]; then - on_disk_version="`get_image "$on_disk" | strings | grep 'Linux version' | head -n1`" - [ -z "$on_disk_version" ] || break - on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`" - [ -z "$on_disk_version" ] || break - - echo "UNKNOWN: Failed to get a version string from image $on_disk" - exit $UNKNOWN - fi - searched="$searched $on_disk" -done - -if ! [ -e "$on_disk" ]; then - echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running" - exit $WARNING -fi - - -running_version="`cat /proc/version`" -if [ -z "$running_version" ] ; then - echo "UNKNOWN: Failed to get a version string from running system" - exit $UNKNOWN -fi - -on_disk_version_ubuntu="$(echo "$on_disk_version" | sed -r 's/ \([^(]+\)$//')" - -if [ "$running_version" != "$on_disk_version" -a "$running_version" != "$on_disk_version_ubuntu" ]; then - echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]" - exit $WARNING else - echo "OK: Running kernel matches on disk image: [$running_version]" - exit $OK + echo "Unsupported OS/distribution." + exit 3 fi + +echo "Kernel version: `uname -a`" +exit 0