debian/pkg-monitoring-plugins
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

check_icmp/check_dhcp: Implementing setcap

Browse source
This commit is contained in:
Jan Wagner 2014-07-02 13:54:23 +02:00
parent 9c42541756
commit a6611b1e19
3 changed files with 30 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
debian/README.Debian vendored
View file

@ -65,14 +65,20 @@ example if you're installing nrpe or nsca on a remote host), try the
monitoring-plugins-basic package. monitoring-plugins-basic package.
================================================================================ ================================================================================
plugins needing root privilege plugins needing root privilege or capabilities(7) set
================================================================================ ================================================================================
the check_dhcp, check_icmp and maybe others plugins require root privileges to the check_dhcp, check_icmp and maybe others plugins require root privileges or
run, because of the low-level packet mangling that they perform. capabilities(7) to run, because of the low-level packet mangling that they
but, in the interest of the "safe default", these plugins will not perform. but, in the interest of the "safe default", these plugins will not
be installed with the suid bit set. there are two recommended ways be installed with the suid bit set.
about overriding this on your system: if setcap is able set the necessary capabilities, you are fine. if the setcap
binary is not installed or not able to set the capabilities, you need to
eighter set the capabilities (cap_net_raw+ep) for your own or provide root
privileges.
there are two recommended ways about providing root privilegethis on your
system:
- set the suid bit with dpkg-statoverride: - set the suid bit with dpkg-statoverride:

1
debian/control vendored
View file

@ -38,6 +38,7 @@ Description: Common files for plugins for nagios compatible monitoring
Package: monitoring-plugins-basic Package: monitoring-plugins-basic
Architecture: any Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, monitoring-plugins-common, procps, iputils-ping [linux-any], inetutils-ping (>= 2:1.9-1~) [kfreebsd-any hurd-any], ucf Depends: ${shlibs:Depends}, ${misc:Depends}, monitoring-plugins-common, procps, iputils-ping [linux-any], inetutils-ping (>= 2:1.9-1~) [kfreebsd-any hurd-any], ucf
Recommends: libcap2-bin [linux-any]
Replaces: nagios-plugins-basic (<< 1.6-1~) Replaces: nagios-plugins-basic (<< 1.6-1~)
Breaks: nagios-plugins-basic (<< 1.6-1~) Breaks: nagios-plugins-basic (<< 1.6-1~)
Suggests: nagios3 | icinga Suggests: nagios3 | icinga

17
debian/monitoring-plugins-basic.postinst vendored
View file

@ -4,9 +4,26 @@ set -e
templdir=/usr/share/monitoring-plugins/templates-basic templdir=/usr/share/monitoring-plugins/templates-basic
. /usr/share/monitoring-plugins/dpkg/functions . /usr/share/monitoring-plugins/dpkg/functions
plugindir=/usr/lib/nagios/plugins/
if [ "$1" = "configure" ]; then if [ "$1" = "configure" ]; then
register_cfgs $2 register_cfgs $2
# If we have setcap is installed, try setting cap_net_raw+ep,
# which allows us to make our binaries working without the
# setuid bit
if command -v setcap > /dev/null; then
if setcap cap_net_raw+ep ${plugindir}/check_icmp cap_net_raw+ep ${plugindir}/check_dhcp; then
echo "Setcap for check_icmp and check_dhcp worked!"
else
echo "Setcap for check_icmp and check_dhcp failed." >&2
echo "Please refer README.Debian.gz for using plugins needing" >&2
echo "higher privileges!" >&2
fi
else
echo "Setcap is not installed, please refer README.Debian.gz for using" >&2
echo "plugins needing higher privileges!" >&2
fi
fi fi
#DEBHELPER# #DEBHELPER#