[Pkg-nagios-devel] Bug#761265: Bug#761265: check_ssl_cert: include trusted roots by default
Jan Wagner
waja at cyconet.org
Wed Sep 17 18:12:21 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Daniel,
thanks for taking time and reporting your issue.
Am 12.09.2014 um 10:35 schrieb Daniel Pocock:
> In the file /etc/nagios-plugins/config/ssl_cert.cfg the command
> definition is:
>
> /usr/lib/nagios/plugins/check_ssl_cert -H $HOSTADDRESS$ '$ARG1$'
>
> The default should probably include all the roots on a Debian
> system, like this:
>
> /usr/lib/nagios/plugins/check_ssl_cert -r /etc/ssl/certs -H
> $HOSTADDRESS$ '$ARG1$'
>
>
> and it would be nice to add this extra command check too:
>
> # 'check_ssl_cert_by_root' command definition # ARG2 may be either
> a root certificate PEM file or a directory of trusted roots define
> command{ command_name check_ssl_cert_by_root command_line
> /usr/lib/nagios/plugins/check_ssl_cert -r $ARG2$ -H $HOSTADDRESS$
> '$ARG1$' }
As you may noticed, there are several ways you want to use all those
plugins. You are making yourself suggestions to create various check
commands for different use of one single option. The problem with this
is, this will lead to so many check commands, for many many specific
scenarios, that I've objections against such a strategy.
Within the nagios-plugins package we have so many checks command,
maintaining it over a long run turned out this was not a good choice.
As you may noticed, there is an $ARG1$, which could be used very
universal. For example you could create your own service checks like:
define service {
[...]
check_command check_ssl_cert!-r /etc/ssl/certs
[...]
}
You could specify what ever makes sense for that check plugin within
$ARG1$.
- From this point of view, I would leave the command definition unchanged.
With kind regards, Jan.
- --
Never write mail to <waja at spamfalle.info>, you have been warned!
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V-
PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVBnPAQxwVXtaBlE+AQh9gQ/9GJ91DKmJqjuqboDIGNkBrH5hOUJp9XBE
WHTaUbe25tn4iBoVTuvaqYNVIvGzJy3k9FRdrpqGPBjw+4HFtJ2y4MLU7vrCkaaV
3jNtR8m57xW/203yIx39TsWsNNMyfcjsnebl9DxFfLxPxzjljnOOPoJN9hQaCLbb
//Hf4f4blqWKawnePb1HsBRYZ43DvCej9RCa91+BwODGttP2qOz99Z9nihHT/azk
pH1bWIGH3LrpzpmASideNFY4WUQyrgxOM2gc+t+TSiguQG2sFhABw7w1Ahvt6ati
hen4RGcjEfhdZYWKWfGtEYEMv0x9esm0TNIjlX8szA/m+xgJvFD2407RtdLd+WTG
ptIpdad95QkTtEUWl5U4revqUeb23s3dODZE2kKU3RoWV2xvAs1jr632XsywbCvC
IFCjtzXioFyceEsnOfkEcxAUX5QoPWk4HF+StgG3RTdt0/H4YlN/D7Ft7Keoo+fq
MA9f/th607/Ma5VleBrM6BrQjLQsa1liuKYW4vCJ4e4cndz7ieR0maV5MwJf6KsD
EampkgqdubAk0CHYIiUSeW8DPnDbQNH73NQ/rtG4QI+FyYnS/Zd80r59T6MMTNLE
39VPtHXwbYt5hqSO+ttmCNjSIg/Gz44UZU7sd8OF34DyE8nKo5rGk/iOMJ/N08QD
TNeBqNlZ3ek=
=pVqW
-----END PGP SIGNATURE-----
More information about the Pkg-nagios-devel
mailing list