[Qa-jenkins-scm] [jenkins.debian.net] 01/01: updated to ba573051 from git://anonscm.debian.org/mirror/dsa-nagios.git - thanks DSA
Holger Levsen
holger at moszumanska.debian.org
Fri Nov 27 12:55:13 UTC 2015
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository jenkins.debian.net.
commit c8b3d6c07b21cabcdd300ec491564c24ae516c30
Author: Holger Levsen <holger at layer-acht.org>
Date: Fri Nov 27 13:55:06 2015 +0100
updated to ba573051 from git://anonscm.debian.org/mirror/dsa-nagios.git - thanks DSA
---
.../bpi0-armhf-rb/usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../bpi0-armhf-rb/usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../hb0-armhf-rb/usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../hb0-armhf-rb/usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
hosts/jenkins/usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../jenkins/usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
hosts/jenkins/usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../usr/local/sbin/nagios-check-libs | 12 +++++--
.../wbd0-armhf-rb/usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../wbd0-armhf-rb/usr/local/sbin/nagios-check-libs | 12 +++++--
.../wbq0-armhf-rb/usr/local/bin/dsa-check-packages | 27 ++++++++++++--
.../usr/local/bin/dsa-check-running-kernel | 41 +++++++++++-----------
.../wbq0-armhf-rb/usr/local/sbin/nagios-check-libs | 12 +++++--
45 files changed, 810 insertions(+), 390 deletions(-)
diff --git a/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/bpi0-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/bpi0-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/bpi0-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/bpi0-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/cbxi4pro0-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/cbxi4pro0-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/cbxi4pro0-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/cbxi4pro0-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/hb0-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/hb0-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/hb0-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/hb0-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages b/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages
+++ b/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/jenkins-test-vm/usr/local/bin/dsa-check-running-kernel b/hosts/jenkins-test-vm/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/jenkins-test-vm/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/jenkins-test-vm/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/jenkins-test-vm/usr/local/sbin/nagios-check-libs b/hosts/jenkins-test-vm/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/jenkins-test-vm/usr/local/sbin/nagios-check-libs
+++ b/hosts/jenkins-test-vm/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/jenkins/usr/local/bin/dsa-check-packages b/hosts/jenkins/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/jenkins/usr/local/bin/dsa-check-packages
+++ b/hosts/jenkins/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/jenkins/usr/local/bin/dsa-check-running-kernel b/hosts/jenkins/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/jenkins/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/jenkins/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/jenkins/usr/local/sbin/nagios-check-libs b/hosts/jenkins/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/jenkins/usr/local/sbin/nagios-check-libs
+++ b/hosts/jenkins/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/odxu4-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/odxu4-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/odxu4-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/odxu4-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/odxu4-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages
+++ b/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/profitbricks-build1-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build1-amd64/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/profitbricks-build1-amd64/usr/local/sbin/nagios-check-libs
+++ b/hosts/profitbricks-build1-amd64/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages
+++ b/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs
+++ b/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages
+++ b/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/profitbricks-build3-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build3-amd64/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/profitbricks-build3-amd64/usr/local/sbin/nagios-check-libs
+++ b/hosts/profitbricks-build3-amd64/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages
+++ b/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/profitbricks-build4-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build4-amd64/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/profitbricks-build4-amd64/usr/local/sbin/nagios-check-libs
+++ b/hosts/profitbricks-build4-amd64/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages
+++ b/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/profitbricks-build5-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build5-amd64/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/profitbricks-build5-amd64/usr/local/sbin/nagios-check-libs
+++ b/hosts/profitbricks-build5-amd64/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-packages
+++ b/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs
+++ b/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/rpi2b-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/rpi2b-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/rpi2b-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/rpi2b-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/wbd0-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/wbd0-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/wbd0-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/wbd0-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
diff --git a/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages
index 3ea088d..28844e5 100755
--- a/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages
+++ b/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
chomp(@lines);
my $pkgname = undef;
+ my $candidate_found = 0;
while (defined($line = shift @lines)) {
if ($line =~ /^([^ ]*):$/) {
# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
# For squeeze systems (no m-a), apt-cache policy output
# is all different.
$pkgname = $1;
+ $candidate_found = 0;
if ($has_arch) {
my $from_list = shift @installed_packages;
next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
} elsif ($line =~ /^ +Installed: (.*)$/) {
# etch dpkg -l does not print epochs, so use this info, it's better
$installed->{$pkgname}{'installed'} = $1;
+ # initialize security-update
+ $installed->{$pkgname}{'security-update'} = 0;
} elsif ($line =~ /^ +Candidate: (.*)$/) {
$installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
+ # check if the next lines show the sources of our candidate
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
+ $candidate_found = 1;
+ }
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+ $installed->{$pkgname}{'security-update'} = 1;
} elsif ($line =~ /^ +\*\*\*/) {
$line = shift @lines;
my @l = split(/ +/, $line);
$installed->{$pkgname}{'origin'} = $l[2];
+ $candidate_found = 0;
}
}
- my (%current, %obsolete, %outofdate);
+ my (%current, %obsolete, %outofdate, %security_outofdate);
for my $pkgname (keys %$installed) {
my $pkg = $installed->{$pkgname};
@@ -151,7 +163,11 @@ sub get_packages {
}
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
+ if ($pkg->{'security-update'}) {
+ $security_outofdate{$pkgname} = $pkg;
+ } else {
+ $outofdate{$pkgname} = $pkg;
+ }
next;
};
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
$pkgs{'current'} = \%current;
$pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'security_outofdate'} = \%security_outofdate;
$pkgs{'obsolete'} = \%obsolete;
return \%pkgs;
}
@@ -298,6 +315,12 @@ my @reportform = (
'short' => "%d pc",
'perf' => "prg_conf=%d;1;;0",
'status' => 'WARNING' },
+ { 'key' => 'security_outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d packages with outstanding security updates: %s",
+ 'short' => "%d security-updates",
+ 'perf' => "security_outdated=%d;;1;0",
+ 'status' => 'CRITICAL' },
);
my @longout;
diff --git a/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-running-kernel b/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-running-kernel
index 1157480..80f45bf 100755
--- a/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-running-kernel
+++ b/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-running-kernel
@@ -3,7 +3,7 @@
# Check if the running kernel has the same version string as the on-disk
# kernel image.
-# Copyright 2008,2009,2011 Peter Palfrader
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
@@ -37,13 +37,13 @@ get_offset() {
file="$1"
needle="$2"
+
perl -e '
undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
}
get_avail() {
@@ -58,7 +58,7 @@ get_avail() {
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9].[0-9]+-[A-Za-z0-9\.]+-(.*)/\1/')
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
elif [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
@@ -129,13 +129,12 @@ cat_vmlinux() {
filter="$3"
hdroff="$4"
- off=`get_offset "$image" $header`
- if [ "$?" != 0 ]; then
- # not found, exit
- return 1
- fi
-
- (dd ibs="$((off+$hdroff))" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
}
get_image_linux() {
@@ -144,13 +143,13 @@ get_image_linux() {
image="$1"
# gzip compressed image
- if cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0; then return; fi
- if cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0; then return; fi
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
# lzma compressed image
- if cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1; then return; fi
- if cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1; then return; fi
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
# xz compressed image
- if cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0; then return; fi
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
@@ -163,9 +162,9 @@ freebsd_check_running_version() {
local r="$(uname -r)"
local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
- local q='@\(#\)FreeBSD '"$r $v"
+ local q='@(#)FreeBSD '"$r $v"
- if zcat "$imagefile" | $STRINGS | egrep -q "$q"; then
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
echo "OK"
else
echo "not OK"
diff --git a/hosts/wbq0-armhf-rb/usr/local/sbin/nagios-check-libs b/hosts/wbq0-armhf-rb/usr/local/sbin/nagios-check-libs
index 977605d..77b3780 100755
--- a/hosts/wbq0-armhf-rb/usr/local/sbin/nagios-check-libs
+++ b/hosts/wbq0-armhf-rb/usr/local/sbin/nagios-check-libs
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter at palfrader.org>
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter at palfrader.org>
# 2012 Uli Martens <uli at youam.net>
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
# nagios exit codes
my $OK = 0;
@@ -53,6 +53,7 @@ if (!GetOptions (
'--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
@@ -169,7 +170,12 @@ LINE: for my $line (@lsof) {
my $fd = $fields{f};
my $inode = $fields{i};
my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
for my $i (@{$config->{'ignorelist'}}) {
my $ignore = eval($i);
next LINE if $ignore;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git
More information about the Qa-jenkins-scm
mailing list