|
|
@@ -7,12 +7,27 @@ import subprocess
|
|
|
import sys
|
|
|
|
|
|
allowed = [
|
|
|
- r'^/usr/bin/lsb_release\s+-d$',
|
|
|
+ ##### System informations
|
|
|
+ r'^/usr/bin/lsb_release\s+-d$', # Linux
|
|
|
+ r'^/(usr/)?bin/uname\s+-mrs$', # Linux, BSD & others
|
|
|
+
|
|
|
+ ##### Complete command lines (Monitoring-Plugins on Debian)
|
|
|
r'^/usr/lib/nagios/plugins/check_disk -w \d+% -c \d+% -p /[/a-z]*$',
|
|
|
r'^/usr/lib/nagios/plugins/check_load -w \d+(,\d+,\d+)? -c \d+(,\d+,\d+)?$',
|
|
|
r'^/usr/lib/nagios/plugins/check_mysql -u [a-z]+ -p [0-9a-zA-Z]+',
|
|
|
r'^/usr/lib/nagios/plugins/check_mysql_health --user(name)?=[a-z]+ --pass(word)?=[0-9a-zA-Z]+ --mode=[a-z-]+$',
|
|
|
- # r'^/usr/lib/nagios/plugins/check_',
|
|
|
+
|
|
|
+ ##### Simplified/combined (and a little bit less secure)
|
|
|
+
|
|
|
+ ### most Linux distributions (with "sudo" and "doas")
|
|
|
+ # r'^/usr/lib/(nagios/plugins|monitoring-plugins)/check_',
|
|
|
+ # r'^sudo\s+/usr/lib/(nagios/plugins|monitoring-plugins)/check_',
|
|
|
+ # r'^doas\s+/usr/lib/(nagios/plugins|monitoring-plugins)/check_',
|
|
|
+
|
|
|
+ ### *BSD (with "sudo" and "doas")
|
|
|
+ # r'^/usr/local/libexec/nagios/check_',
|
|
|
+ # r'^sudo\s+/usr/local/libexec/nagios/check_',
|
|
|
+ # r'^doas\s+/usr/local/libexec/nagios/check_',
|
|
|
]
|
|
|
|
|
|
cmdline = os.getenv('SSH_ORIGINAL_COMMAND')
|
Sven Velt