* pass nwc_health check SNMPv3 args only if needed
check_nwc_health fails if any of the SNMPv3 arguments were passed but
the SNMP version 3 protocol was not requested.
For instance the following works:
check_nwc_health --hostname 192.0.2.3 --mode cpu-load \
--protocol 1 --community public
While the following plugin invocation results in an error:
check_nwc_health --hostname 192.0.2.3 --mode cpu-load \
--protocol 1 --community public \
--username joe --authpassword xxx
The superfluous SNMPv3 arguments may easily get inherited e.g. from host
templates.
* string()ify the result of macro() calls
Always convert results of macro("$nwc_health_protocol$") to strings
so both numbers and strings are correctly recognized.
* Revert "string()ify the result of macro() calls"
This reverts commit 3636b5b4ba.
Wrong method applied to the result of macro().
* string()ify the result of macro() calls
Always convert results of macro("$nwc_health_protocol$") in the
set_if clauses of the nwc_health command arguments to strings.
Both numbers and strings are then correctly recognized as the
nwc_health_protocol argument.
* string()ify the result of macro() calls
Always convert results of macro("$nwc_health_protocol$") in the
set_if clauses of the nwc_health command arguments to strings.
Both numbers and strings are then correctly recognized as the
nwc_health_protocol argument.
Version 2.3 of monitoring plugins did two things:
- change how multiple addresses are expected; no longer a single
argument, with comma separated values, but repeated "-a" argument;
sadly this is incompatible change, and configs need to be changed
manually; this is commit
monitoring-plugins/monitoring-plugins@a03068743f;
- add a "-L" argument that requires all passed addresses to be
matched, which allows for stronger validation (all vs. at least
one); this is commit
monitoring-plugins/monitoring-plugins@fd9a7d2e00;
Both of these were committed a long while ago (2018), but were only
released very recently, in the 2.3 release (December 2020).
I've tried to make the descriptions as good as I could, but not sure
they're very readable, feedback welcome.
Signed-off-by: Iustin Pop <iustin@k1024.org>
To use PKI with nrpe, a CA must be specified and anonymous DH must be disabled.
If client certificates are enforced by nrped, additionally a private cert and key
must be specified. This patch adds all these parameters as well TLS configuration
options to limit the TLS version and crypto parameters:
nrpe_ca - The CA file to use for PKI. Defaults to none.
nrpe_cert - The client cert file to use for PKI. Defaults to none.
nrpe_key - The client key file to use for PKI. Defaults to none.
nrpe_ssl_version - The SSL/TLS version to use. Defaults to TLSv1+.
nrpe_cipher_list - The list of SSL ciphers to use. Default depends on check_nrpe version.
nrpe_dh_opt - Anonymous Diffie Hellman use: 0 = deny, 1 = allow, 2 = force.
Default depends on check_nrpe version.
Alexander A. Klimov
log1-c
C C Magnus Gustavsson
Rostislav Opocensky
Christian Gut
Napsty
Peter Eckel
Peter Eckel
BausPhi
Julian Brost
XnS
Iustin Pop
Lara
Maik Stuebner
MarcusCaepio
Yonas Habteab
Rinck H. Sonnenberg
Jochen Friedrich
Philipp Dorschner
Michael Friedrich
Michal Moravec
Kálmán „KAMI” Szalai
Max Deparade
K0nne