/usr/share/check_mk/checks/check_mk is in check-mk-server 1.1.12-1ubuntu1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 | #!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# +------------------------------------------------------------------+
# | ____ _ _ __ __ _ __ |
# | / ___| |__ ___ ___| | __ | \/ | |/ / |
# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
# | | |___| | | | __/ (__| < | | | | . \ |
# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
# | |
# | Copyright Mathias Kettner 2010 mk@mathias-kettner.de |
# +------------------------------------------------------------------+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation in version 2. check_mk is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU General Public License for more de-
# ails. You should have received a copy of the GNU General Public
# License along with GNU Make; see the file COPYING. If not, write
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
# Target value for agent's IP access configuration. Only if this
# is not None, the inventory will create services
check_mk_only_from_default = None
def inventory_only_from(info):
if check_mk_only_from_default != None:
for line in info:
if line[0] == "OnlyFrom:":
return [(None, 'check_mk_only_from_default')]
def check_mk_factorize_curly(n):
# factorize 10.0.0.{1,2,3}
if '{' in n:
result = []
iprange = n[n.find('{') + 1:n.find('}')].split(',')
prefix = n[:n.find('{')]
for suffix in iprange:
result.append(prefix + suffix)
return result
else:
return [n]
def check_mk_normalize_network(n):
if '/' in n:
return n
else:
return n + "/32"
def check_only_from(item, param, info):
if param == None:
return (1, "WARN - IP access restriction not monitored for this host")
for line in info:
if line[0] == "OnlyFrom:":
an = []
for n in line[1:]:
an += check_mk_factorize_curly(n)
allowed_nets = map(check_mk_normalize_network, an)
should_nets = map(check_mk_normalize_network, param)
too_much = []
too_few = []
for net in allowed_nets:
if net not in should_nets:
too_much.append(net)
for net in should_nets:
if net not in allowed_nets:
too_few.append(net)
status = 0
infotexts = []
if len(too_much) > 0:
status = 1
infotexts.append("agent allows extra: %s" % (" ".join(too_much)))
if len(too_few) > 0:
status = 1
infotexts.append("agent blocks: %s" % (" ".join(too_few)))
if status == 1:
return (1, "WARN - invalid access configuration: %s" % (", ".join(infotexts)))
else:
return (0, "OK - allowed IP ranges: %s" % (" ".join(allowed_nets)))
return (3, "UNKNOWN - Agent does not send OnlyFrom: header")
check_info['check_mk.only_from'] = (check_only_from, "Check_MK Agent Access", 0, inventory_only_from)
|