[pkg-nagios-changes] [Git][nagios-team/pkg-nagios-plugins-contrib][master] 3 commits: check_mongodb: Updating to latest version b33e763
Jan Wagner
gitlab at salsa.debian.org
Tue Feb 5 20:38:49 GMT 2019
Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / pkg-nagios-plugins-contrib
Commits:
71b0bfcf by Jan Wagner at 2019-02-05T19:27:14Z
check_mongodb: Updating to latest version b33e763
- - - - -
4fdfeb3c by Jan Wagner at 2019-02-05T19:42:09Z
check_ssl_cert: Update to 1.81.0
- - - - -
cf52b637 by Jan Wagner at 2019-02-05T19:52:26Z
check_varnish/control: Update to latest upstream commit, no code changes
- - - - -
26 changed files:
- check_mongodb/check_mongodb.py
- check_mongodb/control
- − check_ssl_cert/check_ssl_cert-1.80.1/VERSION
- check_ssl_cert/check_ssl_cert-1.80.1/._COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/._COPYRIGHT
- check_ssl_cert/check_ssl_cert-1.80.1/._Makefile → check_ssl_cert/check_ssl_cert-1.81.0/._Makefile
- check_ssl_cert/check_ssl_cert-1.80.1/._NEWS → check_ssl_cert/check_ssl_cert-1.81.0/._NEWS
- check_ssl_cert/check_ssl_cert-1.80.1/._check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/._check_ssl_cert
- check_ssl_cert/check_ssl_cert-1.80.1/AUTHORS → check_ssl_cert/check_ssl_cert-1.81.0/AUTHORS
- check_ssl_cert/check_ssl_cert-1.80.1/COPYING → check_ssl_cert/check_ssl_cert-1.81.0/COPYING
- check_ssl_cert/check_ssl_cert-1.80.1/COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/COPYRIGHT
- check_ssl_cert/check_ssl_cert-1.80.1/ChangeLog → check_ssl_cert/check_ssl_cert-1.81.0/ChangeLog
- check_ssl_cert/check_ssl_cert-1.80.1/INSTALL → check_ssl_cert/check_ssl_cert-1.81.0/INSTALL
- check_ssl_cert/check_ssl_cert-1.80.1/Makefile → check_ssl_cert/check_ssl_cert-1.81.0/Makefile
- check_ssl_cert/check_ssl_cert-1.80.1/NEWS → check_ssl_cert/check_ssl_cert-1.81.0/NEWS
- check_ssl_cert/check_ssl_cert-1.80.1/README.md → check_ssl_cert/check_ssl_cert-1.81.0/README.md
- check_ssl_cert/check_ssl_cert-1.80.1/TODO → check_ssl_cert/check_ssl_cert-1.81.0/TODO
- + check_ssl_cert/check_ssl_cert-1.81.0/VERSION
- check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert
- check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.1
- check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.spec
- check_ssl_cert/check_ssl_cert-1.80.1/test/cabundle.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cabundle.crt
- check_ssl_cert/check_ssl_cert-1.80.1/test/cacert.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cacert.crt
- check_ssl_cert/check_ssl_cert-1.80.1/test/unit_tests.sh → check_ssl_cert/check_ssl_cert-1.81.0/test/unit_tests.sh
- check_ssl_cert/control
- check_ssl_cert/src
- check_varnish/control
Changes:
=====================================
check_mongodb/check_mongodb.py
=====================================
@@ -155,6 +155,8 @@ def main(argv):
p.add_option('--insecure', action='store_true', dest='insecure', default=False, help="Don't verify SSL/TLS certificates")
p.add_option('--ssl-ca-cert-file', action='store', type='string', dest='ssl_ca_cert_file', default=None, help='Path to Certificate Authority file for SSL')
p.add_option('-f', '--ssl-cert-file', action='store', type='string', dest='cert_file', default=None, help='Path to PEM encoded key and cert for client authentication')
+ p.add_option('-m','--auth-mechanism', action='store', type='choice', dest='auth_mechanism', default=None, help='Auth mechanism used for auth with mongodb',
+ choices=['MONGODB-X509','SCRAM-SHA-256','SCRAM-SHA-1'])
options, arguments = p.parse_args()
host = options.host
@@ -185,6 +187,7 @@ def main(argv):
insecure = options.insecure
ssl_ca_cert_file = options.ssl_ca_cert_file
cert_file = options.cert_file
+ auth_mechanism = options.auth_mechanism
if action == 'replica_primary' and replicaset is None:
return "replicaset must be passed in when using replica_primary check"
@@ -282,7 +285,7 @@ def main(argv):
return check_connect(host, port, warning, critical, perf_data, user, passwd, conn_time)
-def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, replica=None, authdb="admin", insecure=False, ssl_ca_cert_file=None, ssl_cert=None):
+def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, replica=None, authdb="admin", insecure=False, ssl_ca_cert_file=None, ssl_cert=None, auth_mechanism=None):
from pymongo.errors import ConnectionFailure
from pymongo.errors import PyMongoError
import ssl as SSL
@@ -314,7 +317,11 @@ def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, repli
con = pymongo.Connection(host, port, slave_okay=True, network_timeout=10)
# we must authenticate the connection, otherwise we won't be able to perform certain operations
- if ssl_cert and ssl_ca_cert_file and user:
+ if ssl_cert and ssl_ca_cert_file and user and auth_mechanism == 'SCRAM-SHA-256':
+ con.the_database.authenticate(user, mechanism='SCRAM-SHA-256')
+ elif ssl_cert and ssl_ca_cert_file and user and auth_mechanism == 'SCRAM-SHA-1':
+ con.the_database.authenticate(user, mechanism='SCRAM-SHA-1')
+ elif ssl_cert and ssl_ca_cert_file and user and auth_mechanism == 'MONGODB-X509':
con.the_database.authenticate(user, mechanism='MONGODB-X509')
try:
=====================================
check_mongodb/control
=====================================
@@ -1,6 +1,6 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: python-pymongo
-Version: 46d27ab
+Version: b33e763
Homepage: https://github.com/mzupan/nagios-plugin-mongodb
Watch: https://github.com/mzupan/nagios-plugin-mongodb <a class="commit-tease-sha"[^>]*>\s+([0-9a-f]+)\s+</a>
Description: Plugin script to monitor your MongoDB server(s)
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/VERSION deleted
=====================================
@@ -1 +0,0 @@
-1.76.0
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/._COPYRIGHT
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._Makefile → check_ssl_cert/check_ssl_cert-1.81.0/._Makefile
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._NEWS → check_ssl_cert/check_ssl_cert-1.81.0/._NEWS
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/._check_ssl_cert
=====================================
Binary files a/check_ssl_cert/check_ssl_cert-1.80.1/._check_ssl_cert and b/check_ssl_cert/check_ssl_cert-1.81.0/._check_ssl_cert differ
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/AUTHORS → check_ssl_cert/check_ssl_cert-1.81.0/AUTHORS
=====================================
@@ -73,5 +73,10 @@ Thanks:
* Many thanks to Vojtech Horky (https://github.com/vhotspur) for the --format patch
* Many thanks to Markus Frosch (https://github.com/lazyfrosch) for the cleanup patch
* Many thanks to Ricardo Bartels (https://github.com/bb-Ricardo) for the patches fixing unit tests, long output on Linux, extending the issuer checks to the whole chain
-* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch
-* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch
\ No newline at end of file
+* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch and for the CA file and directory support
+* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch
+* Many thanks to sokol-44 (https://github.com/sokol-44) for the HTTP request fix
+* Many thanks to Jonas Meurer (https://github.com/mejo-) for the IMAP / IMAPS fix
+* Many thanks to Mathieu Simon (https://github.com/matsimon) for the IMAPS and POP3S patch
+* Many thanks to Nico (https://github.com/nicox) for the SSLlabs patch
+* Many thanks to barakAtSoluto (https://github.com/barakAtSoluto) for the SSLlabs warning patch
\ No newline at end of file
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/COPYING → check_ssl_cert/check_ssl_cert-1.81.0/COPYING
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/COPYRIGHT
=====================================
@@ -1,6 +1,6 @@
Copyright (c) 2007-2013 ETH Zurich
- Copyright (c) 2007-2018 Matteo Corti
+ Copyright (c) 2007-2019 Matteo Corti
with the following individuals added to the list of Contributing Authors
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/ChangeLog → check_ssl_cert/check_ssl_cert-1.81.0/ChangeLog
=====================================
@@ -1,3 +1,34 @@
+2019-02-01 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: applied patch for the SSLlabs warning
+
+2019-01-16 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: replaced echo -e with printf
+
+2018-12-24 Matteo Corti <corti at macmini.home>
+
+ * check_ssl_cert: Better output in case of errors while using SNI
+
+2018-12-19 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S
+ * check_ssl_cert: Support for SNI and SSL Labs
+
+2018-12-11 Matteo Corti <corti at macmini.home>
+
+ * check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993
+ * check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer
+
+2018-11-07 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: Fixed a problem with IMAP on port 993
+ * check_ssl_cert: fixed a problem with newlines in the HTTP request
+
+2018-11-05 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: CA file and directory support
+
2018-10-19 Matteo Corti <matteo at corti.li>
* check_ssl_cert: Fixed the HTTP request string
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/INSTALL → check_ssl_cert/check_ssl_cert-1.81.0/INSTALL
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/Makefile → check_ssl_cert/check_ssl_cert-1.81.0/Makefile
=====================================
@@ -4,7 +4,7 @@ DIST_DIR=$(PLUGIN)-$(VERSION)
DIST_FILES=AUTHORS COPYING ChangeLog INSTALL Makefile NEWS README.md TODO VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 test
YEAR=`date +"%Y"`
-dist: version_check copyright_check
+dist: version_check
rm -rf $(DIST_DIR) $(DIST_DIR).tar.gz
mkdir $(DIST_DIR)
cp -r $(DIST_FILES) $(DIST_DIR)
@@ -25,12 +25,6 @@ version_check:
grep -q "${VERSION}" NEWS
echo "Version check: OK"
-copyright_check:
- grep -q "(c) Matteo Corti, 2007-$(YEAR)" README.md
- grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti" COPYRIGHT
- grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti <matteo at corti.li>" $(PLUGIN)
- echo "Copyright year check: OK"
-
clean:
rm -f *~
rm -rf rpmroot
@@ -38,9 +32,17 @@ clean:
test: dist
( export SHUNIT2="$$(pwd)/shunit2/shunit2" && cd test && ./unit_tests.sh )
+copyright_check:
+ grep -q "(c) Matteo Corti, 2007-$(YEAR)" README.md
+ grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti" COPYRIGHT
+ grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti <matteo at corti.li>" $(PLUGIN)
+ echo "Copyright year check: OK"
+
rpm: dist
mkdir -p rpmroot/SOURCES rpmroot/BUILD
cp $(DIST_DIR).tar.gz rpmroot/SOURCES
rpmbuild --define "_topdir `pwd`/rpmroot" -ba check_ssl_cert.spec
+
+
.PHONY: install clean test rpm
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/NEWS → check_ssl_cert/check_ssl_cert-1.81.0/NEWS
=====================================
@@ -1,3 +1,10 @@
+2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs
+2019-01-16 Version 1.80.1: Fixed a problem on systems not supporting echo -e
+2018-12-24 Version 1.80.0: Better output in case of errors while using SNI
+2018-12-10 Version 1.79.0: Differentiate between IMAP on port 143 and IMAPS on port 993
+ Fixed a vulnerability in the parsing of the certificate issuer
+2018-11-07 Version 1.78.0: Bug fixes in IMAP and HTTP requests
+2018-11-05 Version 1.77.0: CA file and directory support
2018-10-19 Version 1.76.0: Sends a correct HTTP request
2018-10-18 Version 1.75.0: Allow to specify a client certificate key
2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/README.md → check_ssl_cert/check_ssl_cert-1.81.0/README.md
=====================================
@@ -1,8 +1,7 @@
(c) Matteo Corti, ETH Zurich, 2007-2012
- (c) Matteo Corti, 2007-2018
-
+ (c) Matteo Corti, 2007-2019
see AUTHORS for the complete list of contributors
# check_ssl_cert
@@ -71,9 +70,9 @@ Options:
--openssl path path of the openssl binary to be used
-p,--port port TCP port
-P,--protocol protocol use the specific protocol
- {http|smtp|pop3|imap|ftp|xmpp|irc|ldap}
+ {http|smtp|pop3|pop3s|imap|imaps|ftp|xmpp|irc|ldap}
http: default
- smtp,pop3,imap,ftp,ldap: switch to TLS
+ smtp,pop3,imap,imaps,ftp,ldap: switch to TLS
-s,--selfsigned allows self-signed certificates
--serial serialnum pattern to match the serial number
--sni name sets the TLS SNI (Server Name Indication) extension
@@ -85,6 +84,8 @@ Options:
extension
-r,--rootcert path root certificate or directory to be used for
certificate validation
+ --rootcert-dir path root directory to be used for certificate validation
+ --rootcert-file path root certificate to be used for certificate validation
--rsa cipher selection: force RSA authentication
--temp dir directory where to store the temporary files
--terse terse output
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/TODO → check_ssl_cert/check_ssl_cert-1.81.0/TODO
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.81.0/VERSION
=====================================
@@ -0,0 +1 @@
+1.81.0
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert
=====================================
@@ -10,7 +10,7 @@
# See the INSTALL file for installation instructions
#
# Copyright (c) 2007-2012 ETH Zurich.
-# Copyright (c) 2007-2018 Matteo Corti <matteo at corti.li>
+# Copyright (c) 2007-2019 Matteo Corti <matteo at corti.li>
#
# This module is free software; you can redistribute it and/or modify it
# under the terms of GNU general public license (gpl) version 3.
@@ -19,7 +19,7 @@
################################################################################
# Constants
-VERSION=1.76.0
+VERSION=1.81.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,serial,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -49,94 +49,97 @@ usage() {
echo "Usage: check_ssl_cert -H host [OPTIONS]"
echo
echo "Arguments:"
- echo " -H,--host host server"
+ echo " -H,--host host server"
echo
echo "Options:"
- echo " -A,--noauth ignore authority warnings (expiration only)"
- echo " --altnames matches the pattern specified in -n with alternate"
- echo " names too"
- echo " -C,--clientcert path use client certificate to authenticate"
- echo " --clientpass phrase set passphrase for client certificate."
- echo " -c,--critical days minimum number of days a certificate has to be valid"
- echo " to issue a critical status"
- echo " --curl-bin path path of the curl binary to be used"
- echo " -d,--debug produces debugging output"
- echo " --ecdsa cipher selection: force ECDSA authentication"
- echo " -e,--email address pattern to match the email address contained in the"
- echo " certificate"
- echo " -f,--file file local file path (works with -H localhost only)"
- echo " with -f you can not only pass a x509 certificate file"
- echo " but also a certificate revocation list (CRL) to check"
- echo " the validity period"
- echo " --file-bin path path of the file binary to be used"
- echo " --fingerprint SHA1 pattern to match the SHA1-Fingerprint"
- echo " --force-perl-date force the usage of Perl for date computations"
- echo " --format FORMAT format output template on success, for example"
- echo " \"%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'\""
- echo " -h,--help,-? this help message"
- echo " --ignore-exp ignore expiration date"
- echo " --ignore-ocsp do not check revocation with OCSP"
- echo " --ignore-sig-alg do not check if the certificate was signed with SHA1"
- echo " or MD5"
- echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)"
- echo " -i,--issuer issuer pattern to match the issuer of the certificate"
- echo " --issuer-cert-cache dir directory where to store issuer certificates cache"
- echo " -K,--clientkey path use client certificate key to authenticate"
- echo " -L,--check-ssl-labs grade SSL Labs assessment"
- echo " (please check https://www.ssllabs.com/about/terms.html)"
- echo " --long-output list append the specified comma separated (no spaces) list"
- echo " of attributes to the plugin output on additional lines"
- echo " Valid attributes are:"
- echo " enddate, startdate, subject, issuer, modulus,"
- echo " serial, hash, email, ocsp_uri and fingerprint."
- echo " 'all' will include all the available attributes."
- echo " -n,--cn name pattern to match the CN of the certificate (can be"
- echo " specified multiple times)"
- echo " --no_ssl2 disable SSL version 2"
- echo " --no_ssl3 disable SSL version 3"
- echo " --no_tls1 disable TLS version 1"
- echo " --no_tls1_1 disable TLS version 1.1"
- echo " --no_tls1_2 disable TLS version 1.2"
- echo " -N,--host-cn match CN with the host name"
- echo " -o,--org org pattern to match the organization of the certificate"
- echo " --openssl path path of the openssl binary to be used"
- echo " -p,--port port TCP port"
- echo " -P,--protocol protocol use the specific protocol"
- echo " {http|smtp|pop3|imap|ftp|xmpp|irc|ldap}"
- echo " http: default"
- echo " smtp,pop3,imap,ftp,ldap: switch to TLS"
- echo " -s,--selfsigned allows self-signed certificates"
- echo " --serial serialnum pattern to match the serial number"
- echo " --sni name sets the TLS SNI (Server Name Indication) extension"
- echo " in the ClientHello message to 'name'"
- echo " --ssl2 forces SSL version 2"
- echo " --ssl3 forces SSL version 3"
- echo " --require-ocsp-stapling require OCSP stapling"
- echo " --require-san require the presence of a Subject Alternative Name"
- echo " extension"
- echo " -r,--rootcert path root certificate or directory to be used for"
- echo " certificate validation"
- echo " --rsa cipher selection: force RSA authentication"
- echo " --temp dir directory where to store the temporary files"
- echo " --terse terse output"
- echo " -t,--timeout seconds timeout after the specified time"
- echo " (defaults to 15 seconds)"
- echo " --tls1 force TLS version 1"
- echo " --tls1_1 force TLS version 1.1"
- echo " --tls1_2 force TLS version 1.2"
- echo " --tls1_3 force TLS version 1.3"
- echo " -v,--verbose verbose output"
- echo " -V,--version version"
- echo " -w,--warning days minimum number of days a certificate has to be valid"
- echo " to issue a warning status"
- echo " --xmpphost name specifies the host for the 'to' attribute of the stream element"
+ echo " -A,--noauth ignore authority warnings (expiration only)"
+ echo " --altnames matches the pattern specified in -n with alternate"
+ echo " names too"
+ echo " -C,--clientcert path use client certificate to authenticate"
+ echo " --clientpass phrase set passphrase for client certificate."
+ echo " -c,--critical days minimum number of days a certificate has to be valid"
+ echo " to issue a critical status"
+ echo " --curl-bin path path of the curl binary to be used"
+ echo " -d,--debug produces debugging output"
+ echo " --ecdsa cipher selection: force ECDSA authentication"
+ echo " -e,--email address pattern to match the email address contained in the"
+ echo " certificate"
+ echo " -f,--file file local file path (works with -H localhost only)"
+ echo " with -f you can not only pass a x509 certificate file"
+ echo " but also a certificate revocation list (CRL) to check"
+ echo " the validity period"
+ echo " --file-bin path path of the file binary to be used"
+ echo " --fingerprint SHA1 pattern to match the SHA1-Fingerprint"
+ echo " --force-perl-date force the usage of Perl for date computations"
+ echo " --format FORMAT format output template on success, for example"
+ echo " \"%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'\""
+ echo " -h,--help,-? this help message"
+ echo " --ignore-exp ignore expiration date"
+ echo " --ignore-ocsp do not check revocation with OCSP"
+ echo " --ignore-sig-alg do not check if the certificate was signed with SHA1"
+ echo " or MD5"
+ echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)"
+ echo " -i,--issuer issuer pattern to match the issuer of the certificate"
+ echo " --issuer-cert-cache dir directory where to store issuer certificates cache"
+ echo " -K,--clientkey path use client certificate key to authenticate"
+ echo " -L,--check-ssl-labs grade SSL Labs assessment"
+ echo " (please check https://www.ssllabs.com/about/terms.html)"
+ echo " --check-ssl-labs-warn-grade SSL-Labs grade on which to warn"
+ echo " --long-output list append the specified comma separated (no spaces) list"
+ echo " of attributes to the plugin output on additional lines"
+ echo " Valid attributes are:"
+ echo " enddate, startdate, subject, issuer, modulus,"
+ echo " serial, hash, email, ocsp_uri and fingerprint."
+ echo " 'all' will include all the available attributes."
+ echo " -n,--cn name pattern to match the CN of the certificate (can be"
+ echo " specified multiple times)"
+ echo " --no_ssl2 disable SSL version 2"
+ echo " --no_ssl3 disable SSL version 3"
+ echo " --no_tls1 disable TLS version 1"
+ echo " --no_tls1_1 disable TLS version 1.1"
+ echo " --no_tls1_2 disable TLS version 1.2"
+ echo " -N,--host-cn match CN with the host name"
+ echo " -o,--org org pattern to match the organization of the certificate"
+ echo " --openssl path path of the openssl binary to be used"
+ echo " -p,--port port TCP port"
+ echo " -P,--protocol protocol use the specific protocol"
+ echo " {http|smtp|pop3|pops3s|imap|imaps|ftp|xmpp|irc|ldap}"
+ echo " http: default"
+ echo " smtp,pop3,imap,ftp,ldap: switch to TLS"
+ echo " -s,--selfsigned allows self-signed certificates"
+ echo " --serial serialnum pattern to match the serial number"
+ echo " --sni name sets the TLS SNI (Server Name Indication) extension"
+ echo " in the ClientHello message to 'name'"
+ echo " --ssl2 forces SSL version 2"
+ echo " --ssl3 forces SSL version 3"
+ echo " --require-ocsp-stapling require OCSP stapling"
+ echo " --require-san require the presence of a Subject Alternative Name"
+ echo " extension"
+ echo " -r,--rootcert path root certificate or directory to be used for"
+ echo " certificate validation"
+ echo " --rootcert-dir path root directory to be used for certificate validation"
+ echo " --rootcert-file path root certificate to be used for certificate validation"
+ echo " --rsa cipher selection: force RSA authentication"
+ echo " --temp dir directory where to store the temporary files"
+ echo " --terse terse output"
+ echo " -t,--timeout seconds timeout after the specified time"
+ echo " (defaults to 15 seconds)"
+ echo " --tls1 force TLS version 1"
+ echo " --tls1_1 force TLS version 1.1"
+ echo " --tls1_2 force TLS version 1.2"
+ echo " --tls1_3 force TLS version 1.3"
+ echo " -v,--verbose verbose output"
+ echo " -V,--version version"
+ echo " -w,--warning days minimum number of days a certificate has to be valid"
+ echo " to issue a warning status"
+ echo " --xmpphost name specifies the host for the 'to' attribute of the stream element"
echo
echo "Deprecated options:"
- echo " --days days minimum number of days a certificate has to be valid"
- echo " (see --critical and --warning)"
- echo " --ocsp check revocation via OCSP"
- echo " -S,--ssl version force SSL version (2,3)"
- echo " (see: --ssl2 or --ssl3)"
+ echo " --days days minimum number of days a certificate has to be valid"
+ echo " (see --critical and --warning)"
+ echo " --ocsp check revocation via OCSP"
+ echo " -S,--ssl version force SSL version (2,3)"
+ echo " (see: --ssl2 or --ssl3)"
echo
echo "Report bugs to https://github.com/matteocorti/check_ssl_cert/issues"
echo
@@ -206,7 +209,11 @@ create_temporary_file() {
# $1 error message
critical() {
if [ -n "${HOST}" ] ; then
- tmp=" ${HOST}"
+ if [ -n "${SNI}" ] ; then
+ tmp=" ${SNI}"
+ else
+ tmp=" ${HOST}"
+ fi
fi
remove_temporary_files
printf '%s CRITICAL%s: %s%s%s\n' "${SHORTNAME}" "${tmp}" "$1" "${PERFORMANCE_DATA}" "${LONG_OUTPUT}"
@@ -219,7 +226,11 @@ critical() {
# $1 warning message
warning() {
if [ -n "${HOST}" ] ; then
- tmp=" ${HOST}"
+ if [ -n "${SNI}" ] ; then
+ tmp=" ${SNI}"
+ else
+ tmp=" ${HOST}"
+ fi
fi
remove_temporary_files
printf '%s WARN%s: %s%s%s\n' "${SHORTNAME}" "${tmp}" "$1" "${PERFORMANCE_DATA}" "${LONG_OUTPUT}"
@@ -232,7 +243,11 @@ warning() {
# $1 message
unknown() {
if [ -n "${HOST}" ] ; then
- tmp=" ${HOST}"
+ if [ -n "${SNI}" ] ; then
+ tmp=" ${SNI}"
+ else
+ tmp=" ${HOST}"
+ fi
fi
remove_temporary_files
printf '%s UNKNOWN%s: %s\n' "${SHORTNAME}" "${tmp}" "$1"
@@ -426,6 +441,10 @@ fetch_certificate() {
exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
RET=$?
;;
+ pop3s|imaps)
+ exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
+ RET=$?
+ ;;
xmpp)
exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$XMPPPORT ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
RET=$?
@@ -749,12 +768,20 @@ main() {
;;
-L|--check-ssl-labs)
if [ $# -gt 1 ]; then
- SSL_LAB_ASSESSMENT="$2"
+ SSL_LAB_CRIT_ASSESSMENT="$2"
shift 2
else
unknown "-L|--check-ssl-labs requires an argument"
fi
;;
+ --check-ssl-labs-warn-grade)
+ if [ $# -gt 1 ]; then
+ SSL_LAB_WARN_ASSESTMENT="$2"
+ shift 2
+ else
+ unknown "--check-ssl-labs-warn-grade requires an argument"
+ fi
+ ;;
--serial)
if [ $# -gt 1 ]; then
SERIAL_LOCK="$2"
@@ -832,6 +859,22 @@ main() {
unknown "-r,--rootcert requires an argument"
fi
;;
+ --rootcert-dir)
+ if [ $# -gt 1 ]; then
+ ROOT_CA_DIR="$2"
+ shift 2
+ else
+ unknown "--rootcert-dir requires an argument"
+ fi
+ ;;
+ --rootcert-file)
+ if [ $# -gt 1 ]; then
+ ROOT_CA_FILE="$2"
+ shift 2
+ else
+ unknown "--rootcert-file requires an argument"
+ fi
+ ;;
-C|--clientcert)
if [ $# -gt 1 ]; then
CLIENT_CERT="$2"
@@ -975,6 +1018,32 @@ main() {
fi
+ if [ -n "${ROOT_CA_DIR}" ] ; then
+
+ if [ ! -d "${ROOT_CA_DIR}" ] ; then
+ unknown "${ROOT_CA_DIR} is not a directory";
+ fi
+
+ if [ ! -r "${ROOT_CA_DIR}" ] ; then
+ unknown "Cannot read root directory ${ROOT_CA_DIR}"
+ fi
+
+ ROOT_CA_DIR="-CApath ${ROOT_CA_DIR}"
+ fi
+
+ if [ -n "${ROOT_CA_FILE}" ] ; then
+
+ if [ ! -r "${ROOT_CA_FILE}" ] ; then
+ unknown "Cannot read root certificate ${ROOT_CA_FILE}"
+ fi
+
+ ROOT_CA_FILE="-CAfile ${ROOT_CA_FILE}"
+ fi
+
+ if [ -n "${ROOT_CA_DIR}" ] || [ -n "${ROOT_CA_FILE}" ]; then
+ ROOT_CA="${ROOT_CA_DIR} ${ROOT_CA_FILE}"
+ fi
+
if [ -n "${CLIENT_CERT}" ] ; then
if [ ! -r "${CLIENT_CERT}" ] ; then
@@ -1039,9 +1108,17 @@ main() {
fi
- if [ -n "${SSL_LAB_ASSESSMENT}" ] ; then
- convert_ssl_lab_grade "${SSL_LAB_ASSESSMENT}"
- SSL_LAB_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
+ if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then
+ convert_ssl_lab_grade "${SSL_LAB_CRIT_ASSESSMENT}"
+ SSL_LAB_CRIT_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
+ fi
+
+ if [ -n "${SSL_LAB_WARN_ASSESTMENT}" ] ; then
+ convert_ssl_lab_grade "${SSL_LAB_WARN_ASSESTMENT}"
+ SSL_LAB_WARN_ASSESTMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
+ if ( $SSL_LAB_WARN_ASSESTMENT_NUMERIC < $SSL_LAB_CRIT_ASSESSMENT_NUMERIC ); then
+ unknown "--check-ssl-labs-warn-grade must be greater than -L|--check-ssl-labs"
+ fi
fi
if [ -n "${DEBUG}" ] ; then
@@ -1065,9 +1142,9 @@ main() {
# curl
if [ -z "${CURL_BIN}" ] ; then
- if [ -n "${SSL_LAB_ASSESSMENT}" ] || [ -n "${OCSP}" ] ; then
+ if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ] ; then
if [ -n "${DEBUG}" ] ; then
- echo "[DBG] cURL binary needed. SSL Labs = ${SSL_LAB_ASSESSMENT}, OCSP = ${OCSP}"
+ echo "[DBG] cURL binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}"
echo "[DBG] cURL binary not specified"
fi
check_required_prog curl
@@ -1077,7 +1154,7 @@ main() {
fi
else
if [ -n "${DEBUG}" ] ; then
- echo "[DBG] cURL binary not needed. SSL Labs = ${SSL_LAB_ASSESSMENT}, OCSP = ${OCSP}"
+ echo "[DBG] cURL binary not needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}"
fi
fi
fi
@@ -1258,8 +1335,9 @@ main() {
else
HOST_HEADER="${HOST}"
fi
+
HTTP_REQUEST="HEAD / HTTP/1.1\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\nConnection: close\\n\\n"
-
+
################################################################################
# Fetch the X.509 certificate
@@ -1432,14 +1510,22 @@ main() {
ISSUERS=$(echo "$ISSUERS" | sed 's/\\n/\n/g' | sed -e "s/^.*\\/CN=//" -e "s/^.* CN = //" -e "s/^.*, O = //" -e "s/\\/[A-Za-z][A-Za-z]*=.*\$//" -e "s/, [A-Za-z][A-Za-z]* =.*\$//")
# we just consider the first URI
- # shellcheck disable=SC2086
- ISSUER_URI="$($OPENSSL "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep "CA Issuers" | head -n 1 | sed -e "s/^.*CA Issuers - URI://")"
+ # TODO check SC2016
+ # shellcheck disable=SC2086,SC2016
+ ISSUER_URI="$($OPENSSL "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep "CA Issuers" | head -n 1 | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;$(){}<>`&')"
+ # TODO: should be checked
+ # shellcheck disable=SC2021
if [ -z "${ISSUER_URI}" ] ; then
if [ -n "${VERBOSE}" ] ; then
echo "cannot find the CA Issuers in the certificate: disabling OCSP checks"
fi
OCSP=""
+ elif [ "${ISSUER_URI}" != "$(echo "${ISSUER_URI}" | tr -d '[[:space:]]')" ]; then
+ if [ -n "${VERBOSE}" ] ; then
+ echo "unable to fetch the CA issuer certificate (spaces in URI)"
+ fi
+ OCSP=""
elif ! echo "${ISSUER_URI}" | grep -qi '^http' ; then
if [ -n "${VERBOSE}" ] ; then
echo "unable to fetch the CA issuer certificate (unsupported protocol)"
@@ -1454,7 +1540,7 @@ main() {
echo "checking OCSP stapling"
fi
- exec_with_timeout "$TIMEOUT" "echo '${HTTP_REQUEST}' | openssl s_client -connect ${HOST}:${PORT} ${SERVERNAME} -status 2> /dev/null | grep -A 17 'OCSP response:' > $OCSP_RESPONSE_TMP"
+ exec_with_timeout "$TIMEOUT" "printf '${HTTP_REQUEST}' | openssl s_client -connect ${HOST}:${PORT} ${SERVERNAME} -status 2> /dev/null | grep -A 17 'OCSP response:' > $OCSP_RESPONSE_TMP"
if [ -n "${DEBUG}" ] ; then
sed 's/^/[DBG]\ /' "${OCSP_RESPONSE_TMP}"
@@ -1891,7 +1977,7 @@ EOF
################################################################################
# Check SSL Labs
- if [ -n "${SSL_LAB_ASSESSMENT}" ] ; then
+ if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then
if [ -n "${VERBOSE}" ] ; then
echo "Checking SSL Labs assessment"
@@ -1902,9 +1988,14 @@ EOF
if [ -n "${DEBUG}" ] ; then
echo "[DBG] executing ${CURL_BIN} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST}${IGNORE_SSL_LABS_CACHE}\""
fi
-
- JSON="$(${CURL_BIN} --silent "https://api.ssllabs.com/api/v2/analyze?host=${HOST}${IGNORE_SSL_LABS_CACHE}")"
- CURL_RETURN_CODE=$?
+
+ if [ -n "${SNI}" ] ; then
+ JSON="$(${CURL_BIN} --silent "https://api.ssllabs.com/api/v2/analyze?host=${SNI}${IGNORE_SSL_LABS_CACHE}")"
+ CURL_RETURN_CODE=$?
+ else
+ JSON="$(${CURL_BIN} --silent "https://api.ssllabs.com/api/v2/analyze?host=${HOST}${IGNORE_SSL_LABS_CACHE}")"
+ CURL_RETURN_CODE=$?
+ fi
if [ ${CURL_RETURN_CODE} -ne 0 ] ; then
@@ -1963,11 +2054,15 @@ EOF
convert_ssl_lab_grade "${SSL_LABS_HOST_GRADE}"
SSL_LABS_HOST_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
- add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_ASSESSMENT_NUMERIC}"
+ add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}"
# Check the grade
- if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_ASSESSMENT_NUMERIC}" ] ; then
- critical "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_ASSESSMENT})"
+ if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ] ; then
+ critical "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_CRIT_ASSESSMENT})"
+ elif [ -n "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then
+ if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ] ; then
+ warning "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_WARN_ASSESTMENT})"
+ fi
fi
if [ -n "${DEBUG}" ] ; then
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.1
=====================================
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
-.TH "check_ssl_cert" 1 "October, 2018" "1.76.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "February, 2019" "1.81.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
@@ -87,6 +87,9 @@ use client certificate key to authenticate
.BR "-L,--check-ssl-labs grade"
SSL Labs assestment (please check https://www.ssllabs.com/about/terms.html)
.TP
+.BR " --check-ssl-warn-labs grade"
+SSL Labs grade on which to warn
+.TP
.BR " --long-output" " list"
append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines.
Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
@@ -148,6 +151,14 @@ require the presence of a Subject Alternative Name extension
.BR "-r,--rootcert" " cert"
root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
.TP
+.BR " --rootcert-dir" " dir"
+root directory to be used for certficate validation (passed to openssl's -CApath)
+overrides option -r,--rootcert
+.TP
+.BR " --rootcert-file" " cert"
+root certificate to be used for certficate validation (passed to openssl's -CAfile)
+overrides option -r,--rootcert
+.TP
.BR " --rsa"
cipher selection: force RSA authentication
.TP
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.spec
=====================================
@@ -1,4 +1,4 @@
-%define version 1.76.0
+%define version 1.81.0
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
@@ -45,6 +45,24 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{sourcename}.1*
%changelog
+* Fri Feb 2 2019 Matteo Corti <matteo at corti.li> - 1.81.0-0
+- Updated to 1.81.0
+
+* Wed Jan 16 2019 Matteo Corti <matteo at corti.li> - 1.80.1-0
+- Updated to 1.80.1
+
+* Mon Dec 24 2018 Matteo Corti <matteo at corti.li> - 1.80.0-0
+- Updated to 1.80.0
+
+* Tue Dec 11 2018 Matteo Corti <matteo at corti.li> - 1.79.0-0
+- Updated to 1.79.0
+
+* Thu Nov 7 2018 Matteo Corti <matteo at corti.li> - 1.78.0-0
+- Updated to 1.78.0
+
+* Thu Nov 5 2018 Matteo Corti <matteo at corti.li> - 1.77.0-0
+- Updated to 1.77.0
+
* Thu Oct 19 2018 Matteo Corti <matteo at corti.li> - 1.76.0-0
- Updated to 1.76.0
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/test/cabundle.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cabundle.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/test/cacert.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cacert.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert-1.80.1/test/unit_tests.sh → check_ssl_cert/check_ssl_cert-1.81.0/test/unit_tests.sh
=====================================
@@ -176,7 +176,6 @@ testXMPPHost() {
if [ -z "${TRAVIS+x}" ] ; then
out=$(${SCRIPT} -H prosody.xmpp.is --port 5222 --protocol xmpp --xmpphost xmpp.is)
EXIT_CODE=$?
- echo "DEBUG TEST: code = $EXIT_CODE, out=${out}"
if echo "${out}" | grep -q "s_client' does not support '-xmpphost'" ; then
assertEquals "wrong exit code" ${NAGIOS_UNKNOWN} "${EXIT_CODE}"
else
@@ -204,7 +203,7 @@ testTimeOut() {
testIMAP() {
if [ -z "${TRAVIS+x}" ] ; then
- ${SCRIPT} --rootcert cabundle.crt -H imap.gmail.com --port 993
+ ${SCRIPT} --rootcert cabundle.crt -H imap.gmx.com --port 143 --timeout 30 --protocol imap
EXIT_CODE=$?
assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
else
@@ -212,6 +211,27 @@ testIMAP() {
fi
}
+testIMAPS() {
+ if [ -z "${TRAVIS+x}" ] ; then
+ ${SCRIPT} --rootcert cabundle.crt -H imap.gmail.com --port 993 --timeout 30 --protocol imaps
+ EXIT_CODE=$?
+ assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+ else
+ echo "Skipping IMAP tests on Travis CI"
+ fi
+}
+
+testPOP3S() {
+ if [ -z "${TRAVIS+x}" ] ; then
+ ${SCRIPT} --rootcert cabundle.crt -H pop.gmail.com --port 993 --timeout 30 --protocol pop3s
+ EXIT_CODE=$?
+ assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+ else
+ echo "Skipping POP3S tests on Travis CI"
+ fi
+}
+
+
testSMTP() {
if [ -z "${TRAVIS+x}" ] ; then
${SCRIPT} --rootcert cabundle.crt -H smtp.gmail.com --protocol smtp --port 25 --timeout 60
=====================================
check_ssl_cert/control
=====================================
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: curl, file, openssl
Suggests: expect
-Version: 1.80.1
+Version: 1.81.0
Homepage: https://github.com/matteocorti/check_ssl_cert
Watch: https://github.com/matteocorti/check_ssl_cert/releases check_ssl_cert-([0-9.]+)\.tar\.gz
Description: plugin to check the CA and validity of an
=====================================
check_ssl_cert/src
=====================================
@@ -1 +1 @@
-check_ssl_cert-1.80.1
\ No newline at end of file
+check_ssl_cert-1.81.0/
\ No newline at end of file
=====================================
check_varnish/control
=====================================
@@ -1,6 +1,6 @@
Uploaders: Bernd Zeimetz <bzed at debian.org>
Build-Depends: libvarnishapi-dev [!hurd-i386 !m68k], pkg-config, automake-1.15
-Version: 258c486
+Version: 672523d
Homepage: https://github.com/varnish/varnish-nagios
Watch: https://github.com/varnish/varnish-nagios <a class="commit-tease-sha"[^>]*>\s+([0-9a-f]+)\s+</a>
Description: plugin to monitor varnish instances
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/compare/7bb2be212add228e25f704e8949bc174a3ec104c...cf52b637c79c4bb5bfa948759c7fd0777c3a913a
--
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/compare/7bb2be212add228e25f704e8949bc174a3ec104c...cf52b637c79c4bb5bfa948759c7fd0777c3a913a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20190205/8c55693b/attachment-0001.html>
More information about the pkg-nagios-changes
mailing list