This fixes an issue that appears when running check_procs over NRPE,
where the default shell is configured to (for example) dash, as is the
case on Debian.
dash (and tcsh, and mksh, and probably others), when invoked with -c forks an additional process
to execute the argument string. Contrast this with bash, which does not
do this, provided that the argument string simply can be exec()'d as-is.
To demonstrate:
$ bash -c pstree
init─┬ ..
...
├─sshd─-─sshd───pstree
versus
$ dash -c pstree
init─┬ ..
...
├─sshd─-─sshd───dash───pstree
The consequence of this fork is that the following invocation:
/opt/plugins/check_procs -a init
will result in this output:
PROCS OK: 2 processes with args 'init' | processes=2;;;0;
because the check_procs, in addition to finding the actual init process,
finds its parent shell as well.
This example is a bit contrived, but I think it illustrates the
point.
This wouldn't really be a problem, and normally isn't, if it weren't
for the fact that NRPE uses a call to popen() which does exactly the
above (executes '/bin/sh -c ...'), causing inconsistent behaviour
between distributions and much confusion for end users.
The argument may be made that the dash process spawned by NRPE is just a
process like any other, and should therefore be included in the process
count just like any other. However, this is not very intuitive, because
of the previously mentioned inconsistencies.
The argument might also well be made that we're _never_ interested in the
immediate ancestor of the plugin, and while it is unknown how many
installations have already made the necessary modifications to their
setups to make up for the fact that the plugin behaves the way it does,
it is not deemed worthwhile to entertain such workarounds.
Thus, this patch ignores the parent process.
See also these bug reports:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626913http://sourceforge.net/p/nagiosplug/bugs/512/https://github.com/nagios-plugins/nagios-plugins/issues/999https://bugs.op5.com/view.php?id=4398
if check_imap expects a string that never occurs, it currently waits forever
because thats how the imap protocoll works. Use a receive timeout in that case
so we can exit early with a proper error message.
check_load parses load from the uptime command if no proc filesystem is available. Seems
like there are at least 2 different uptime outputs.
linux:
20:44:34 up 25 days, 2:07, 13 users, load average: 0.13, 0.17, 0.22
freebsd 8:
8:44PM up 4:29, 1 user, load averages: 0.00, 0.00, 0.00
older netcats do not understand -p, they expect host and port as additional argument.
This is backwards compatibel to newer clients. Also support netcat instead of nc.
The np_expect_match() function now returns one of three possible states
instead of just TRUE or FALSE:
- NP_MATCH_SUCCESS
- NP_MATCH_FAILURE
- NP_MATCH_RETRY
The NP_MATCH_RETRY state indicates that matching might succeed if
np_expect_match() is called with a longer input string. This allows
check_tcp to decide whether it makes sense to wait for additional data
from the server.
Closing the connection because the bytes received are less than the
buffer size assumes that all the bytes will be received in one go. This
is not always true!
The check_http option "--proxy_authorization" is now called
"--proxy-authorization" instead. It was always documented this way, and
we don't usually use underscores in option names.
This reverts the changes to plugins/common.h applied by commit
a20611d435.
- Clang defines __GNUC__.
- The new name of the __attribute__ parameter was misleading.
* 'master' of https://github.com/ozamosi/nagios-plugins:
check_snmp: Close potential for using uninitialized memory
check_snmp: Dynamically grow all data structures
Conflicts:
plugins/check_snmp.c
Commit bd78299056 reintroduced support for
inverse threshold ranges such as "2:1", but it broke standard thresholds
such as "1:2" (by converting this range into "1") or "1:" (by converting
this range into "@:2"). This commit fixes those two bugs, plus an
off-by-one error while computing the number of bytes to allocate when
handling inverse thresholds (two additional bytes were allocated where
three were required to hold '@' and ':' and '\0'). While at it, we also
check whether malloc(3) succeeded.
We use OpenSSL (or GnuTLS) with blocking semantics, and we don't want
SSL_read(3) or SSL_write(3) calls to return SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE (see #3614716).
Do not also accept the new -f/--file and -g/--group options as
positional arguments (especially not prior to "db_pass" and "db", as
that would break backward compatibility).
