Tag Archives: release

Nagios Plugins 2.0.3 Released

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.3 has been released and is available for download.

This release is mostly small bug fixes and additional protections against the SUID vulnerability discovered by Dawid Golunski. As we are now using coverity to scan for small bugs, there will be a number of small commits in the near future.

The mailq autodetection commits were reverted as there were issues with parsing performed by the awk script. We decided to use FindBin in lieu of shimming the awk regex. You can try out the proposed FindBin changes in the branch “findbin”.  Expect the branches findbin and timeout_state to be merged into the next major release (2.1.0).

A full list of included enhancements and fixes are listed below:

SECURITY FIXES

  • parse_ini.c – Additional fixes for the SUID plugins vulnerabilities (sreinhardt)
  • Added Gnulib module idpriv-droptemp (weiss)

FIXES

  • check_dns.c – Resolved issues with reverse lookup (sreinhardt)
  • check_dns.c – Changed query types from ALL to ANY (sreinhardt)
  • common.h – Include fixes for esoteric AIX compile issues (emislivec)
  • negate.c – Small fixes from coverity (66479) (66480) (sreinhardt)
  • check_dhcp.c – Small fix from coverity (66488) (sreinhardt)
  • check_http.c – Potential memory leak and overflow fixed from coverity (66514) (sreinhardt)
  • check_ntp.c – Small fix from coverity (66524) (sreinhardt)
  • utils_cmd.c – Small file descriptor fix from coverity (66502) (sreinhardt)
  • check_apt.c – Small fix for from coverity (66531) (sreinhardt)

REVERTS

  • check_mailq – Reverted autodetection commits to avoid awk parsing issues. Autodetection will return in version 2.1.0 as part of the changes in the FindBin branch (abrist)

Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.

Nagios Plugins 2.0.2 Released

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.2 has been released and is available for download.

This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default).  Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.

Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.

A full list of included enhancements and fixes are listed below:

SECURITY FIXES

  • Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts.  Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/  (sreinhardt) (emislivec)

ENHANCEMENTS

  • check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
  • check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
  • check_users – Now compiles in cygwin on windows (Gunnar Beutner)
  • netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)

FIXES

  • check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)

Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.

Nagios Plugins 2.0.1 Released

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.1 has been released and is available for download. This is mostly a maintenance release, focusing on check_dns stability and some bugs in the new check_uptime plugin. A full list of included enhancements and fixes are listed below:

ENHANCEMENTS

  • check_snmp.c – Added thresholds to performance data (jccomputing)
  • check_http.c – Added */* MIME support (Alex Gottschalk)
  • check_mailq.pl – Added autodetection for mailq implementation (evgeni)
  • check_mailq.pl – Added autodetected version to output (evgeni)

FIXES

  • check_dns.c – Record type corrections for default check (sreinhardt)
  • utils.c – Changed comment type – now supported by AIX and should no longer fail compile (hkpatv)
  • check_uptime.c – Fixed timeout option (abrist)
  • check_uptime.c – Fixed help output and updated verbose usage (abrist)
  • check_uptime.c – Removed executable permissions on check_uptime.c (abrist)
  • check_uptime.c – Removed old code (madrisian)
  • check_pgsql.c – Fixed help output (weiss)
  • lib/Makefile.am – Avoid deprecated includes (madrasian)
  • lib/tests/Makefile.am – Avoid deprecated includes (madrasian)
  • plugins/Makefile.am – Avoid deprecated includes (madrasian)
  • check_apt.c – Removed the verbose flag suggestion (skottler)
  • check_oracle.c – Changed regex to compensate for tns string match edge cases (waja)
  • check_snmp.c – Always privides the security name when noAuthPriv is specified (catharsis)

Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.

Nagios Plugins 1.5 Released

The Nagios Plugins Development Team is proud to announce version 1.5 of the Nagios Plugins! This release comes with the new check_dbi plugin written by Sebastian Harl, and includes lots of enhancements and fixes provided by more than forty contributors. Many thanks to all of you!

Special kudos go to Sven Nierlein for fixing numerous bugs, reviewing many pull requests, bringing our test suite back into shape, and setting up automated tests on a variety of platforms. This helped us spotting lots of bugs before the release. Let me also thank Ton Voon for doing the unenviable work of updating the bundled Perl modules; and our newest team member Jan Wagner for all his help with patch review.

See below for a list of major changes. Note that the new check_http version introduces two minor backwards incompatibilities mentioned at the end of that list, so please be sure to check whether they might affect you.

You can get the tarball from our download page.

Enhancements

  • New check_dbi plugin for checking an (SQL) database using DBI
  • Let OpenSSL load its configuration file (see the OPENSSL_config(3) man page)
  • Add performance data to check_apt
  • Add performance data to check_procs
  • Added -4/-6 options to check_dig
  • New check_oracle --connect option to perform real login
  • New check_nagios -t option to override the default timeout
  • New check_disk -f/--freespace-ignore-reserved option to ignore space reserved for root
  • New check_disk -N/--include-type option to limit the filesystem types to check
  • Allow for building the plugins in parallel
  • Add --without-{dbi,ldap,radius} options to ./configure
  • Made Verbose output of check_sensors compliant
  • New switch -E/--extended-perfdata for check_http to print additional performance data
  • New check_http -d option to specify a string to expect within the response headers
  • New check_http -J/-K options for client certificate authentication support
  • Add support for executing queries to check_pgsql
  • Let check_pgsql accept a UNIX socket directory as hostname
  • New check_pgsql -o option to specify additional connection parameters
  • New check_fping -S option to specify the source IP address
  • New check_fping -I option to specify the interface to bind to
  • Let check_fping support IPv6
  • New check_procs -k option to ignore kernel threads (on Linux)
  • Let check_procs use /proc/<PID>/exe (if available) instead of getpid(2), unless -T is specified
  • Let check_mysql support SSL
  • Let check_mysql add perfromance metrics for all checks
  • New check_mysql -f option to specify a client options file
  • New check_mysql -g option to specify a client options group
  • New check_snmp --offset option to allow for adding/substracting an offset value to sensor data
  • Let check_snmp support an arbitrary number of OIDs
  • Let check_ide_smart support NetBSD

Fixes

  • Change the MAIL FROM command generated by check_smtp to be RFC compliant
  • Fix compilation of check_http without SSL support
  • Fix check_snmp reversed threshold ranges (backward-compatibility)
  • Fix check_snmp memory violation when using more than 8 OIDs
  • Fix check_apt security regular expression
  • Fix check_http handling extra header (-k) containing semicolons
  • Fix check_apt handling unknown exit codes from apt-get
  • Fix deprecated imports of check_nmap.py

Warnings

  • check_http behaviour of -k/--header changed since it does not separate multiple headers by semicolons anymore. Use multiple -k switches instead.
  • check_http‘s --proxy_authorization option is now called --proxy-authorization (it was always documented this way)
  • The contrib directory has been removed. These days, sites such as Nagios Exchange serve as much better places for publishing plugins not maintained by the Nagios Plugins Development Team.