mirror of
https://github.com/monitoring-plugins/monitoring-plugins.git
synced 2026-02-11 14:53:43 -05:00
66f62dd336
* check_ssh: properly parse a delayed version control string This resolves an issue with SSH servers which do not respond with their version control string as the first thing in the SSH protocol version exchange phase after connection establishment. This patch also makes sure that we disregard a potential comment in the version exchange string to avoid nonsense mismatches. In the future, we might want to add the capability to match against a user specified comment. In addition, the patch largely improves the communication towards the server, which adds better protocol adherence. Of course, new test cases are added to support the trigger and guard against regressions of the bugs solved by this patch. This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945) Signed-off-by: Anton Lofgren <alofgren@op5.com> * check_ssh.t: Fix a few typos Signed-off-by: Anton Lofgren <alofgren@op5.com> * check_ssh: Handle non-alpha software versions This patch fixes a bug where we would reject version control strings that do not contain letters, because the assumption is made that they always do. This is not required by the RFC however, and there exist implementations that do not contain letters. I've also added a few references to the RFC to make the process of parsing the control string more apparent. This fixes op5#8716 (https://bugs.op5.com/view.php?id=8716) Signed-off-by: Anton Lofgren <alofgren@op5.com> * check_ssh: Fix a typo in "remote-protocol parameter remote-protcol -> remote-protocol Signed-off-by: Anton Lofgren <alofgren@op5.com> * Remove unused variable * Formating fixes * Update translations * Remove merge conflict artefact from previous merge * Set fixed include paths * Improve code style to be slightly more readable * Update test cases for different netcat behaviour and reduce sleep time --------- Signed-off-by: Anton Lofgren <alofgren@op5.com> Co-authored-by: Anton Lofgren <alofgren@op5.com>
123 lines
4.8 KiB
Perl
123 lines
4.8 KiB
Perl
#! /usr/bin/perl -w -I ..
|
|
#
|
|
# check_ssh tests
|
|
#
|
|
#
|
|
|
|
use strict;
|
|
use Test::More;
|
|
use NPTest;
|
|
|
|
my $res;
|
|
|
|
# Required parameters
|
|
my $ssh_host = getTestParameter("NP_SSH_HOST",
|
|
"A host providing SSH service",
|
|
"localhost");
|
|
|
|
my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
|
|
"The hostname of system not responsive to network requests",
|
|
"10.0.0.1" );
|
|
|
|
my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID",
|
|
"An invalid (not known to DNS) hostname",
|
|
"nosuchhost" );
|
|
|
|
|
|
plan tests => 14 + 6;
|
|
|
|
SKIP: {
|
|
skip "SSH_HOST must be defined", 6 unless $ssh_host;
|
|
my $result = NPTest->testCmd(
|
|
"./check_ssh -H $ssh_host"
|
|
);
|
|
cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
|
|
like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
|
|
|
|
|
|
$result = NPTest->testCmd(
|
|
"./check_ssh -H $host_nonresponsive -t 2"
|
|
);
|
|
cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
|
|
like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
|
|
|
|
|
|
|
|
$result = NPTest->testCmd(
|
|
"./check_ssh -H $hostname_invalid -t 2"
|
|
);
|
|
cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
|
|
like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
|
|
|
|
|
|
}
|
|
SKIP: {
|
|
|
|
skip "No netcat available", 14 unless (system("which nc > /dev/null") == 0);
|
|
|
|
# netcat on linux (on debian) will just keep the socket open if not advised otherwise
|
|
# therefore we add -q to close it after two seconds after receiving the EOF from input
|
|
my $nc_flags = "-l 5003 -N";
|
|
#A valid protocol version control string has the form
|
|
# SSH-protoversion-softwareversion SP comments CR LF
|
|
#
|
|
# where `comments` is optional, protoversion is the SSH protocol version and
|
|
# softwareversion is an arbitrary string representing the server software version
|
|
open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
|
|
cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
|
|
like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
|
|
close NC;
|
|
|
|
open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
|
|
cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string");
|
|
like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string");
|
|
close NC;
|
|
|
|
open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
|
|
cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
|
|
like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
|
|
close NC;
|
|
|
|
open(NC, "echo 'SSH-' | nc ${nc_flags}|");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
|
|
cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
|
|
like( $res->output, '/^SSH CRITICAL/', "Output OK");
|
|
close NC;
|
|
|
|
open(NC, "echo '' | nc ${nc_flags}|");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
|
|
cmp_ok( $res->return_code, '==', 2, "No version control string received");
|
|
like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
|
|
close NC;
|
|
|
|
open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
|
|
cmp_ok( $res->return_code, '==', 2, "No version control string received");
|
|
like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
|
|
close NC;
|
|
|
|
|
|
#RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
|
|
open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 0.5;
|
|
echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 0.5;
|
|
echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 0.2;
|
|
echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 0.3;
|
|
printf 'EEEEEEEEEEEEEEEEEE'; sleep 0.2;
|
|
printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 0.2;
|
|
echo 'Some\nPrepended\nData\nLines\n'; sleep 0.2;
|
|
echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|");
|
|
sleep 0.1;
|
|
$res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
|
|
cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
|
|
like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
|
|
close NC;
|
|
}
|