Skip to content
Snippets Groups Projects
Commit 510af91f authored by Mark Harrison's avatar Mark Harrison
Browse files

Merge pull request #11 from seriv/master 

support for HOSTS ALLOW/DENY in resmon.conf and fix regexp check in nagios plugin to match '^$'
parents 994c44e9 d6ffeb10
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/Resmon/Config.pm
+ 25
0
View file @ 510af91f
......@@ -5,6 +5,23 @@ use warnings;
use Sys::Hostname;
sub split_ip_list {
# this code is taken from Marcel Gruenauer's <marcel@cpan.org> CPAN module Net::IP::Match
my $string = shift;
my $allow = shift;
my (@result,$quad,$bits,$matchbits,$int,$mask);
for (split (/\s*[,\s]\s*/, $string)) {
($quad, $bits) = m!^(\d+\.\d+\.\d+\.\d+)(?:/(\d+))?!g;
$bits = 32 unless (defined($bits) && $bits ne '');
$matchbits = 32 - $bits;
$int = unpack("N", pack("C4", split(/\./,$quad)));
$mask = $int >> $matchbits;
push @result => {mask => $mask, bits => $matchbits, allow => $allow};
print STDERR "mask=$mask,bits=$matchbits,allow=$allow\n";
}
return \@result;
}
sub new {
my $class = shift;
my $filename = shift;
......@@ -130,6 +147,14 @@ sub new {
elsif(/\s*AUTHPASS\s+(\S+)\s*;\s*/) {
$self->{authpass} = $1;
next;
}
elsif(/\s*HOSTS\s+ALLOW\s+([^;]+)\s*;\s*/) {
push (@{$self->{hostsallow}}, @{split_ip_list($1,1)});
next;
}
elsif(/\s*HOSTS\s+DENY\s+([^;]+)\s*;\s*/) {
push (@{$self->{hostsallow}}, @{split_ip_list($1,0)});
next;
} elsif(/\s*INCLUDE\s+(\S+)\s*;\s*/) {
my $incglob = $1;
......
lib/Resmon/Status.pm
+ 21
0
View file @ 510af91f
......@@ -441,6 +441,8 @@ sub serve_http_on {
my $port = shift;
$self->{authuser} = shift;
$self->{authpass} = shift;
my $hostsallow = shift;
if(!defined($ip) || $ip eq '' || $ip eq '*') {
$ip = INADDR_ANY;
} else {
......@@ -469,6 +471,25 @@ sub serve_http_on {
while(1) {
my $client = $handle->accept;
next unless $client;
my $hersockaddr = getpeername($client);
my ($port, $iaddr) = sockaddr_in($hersockaddr);
my $denied;
for my $el (@{$hostsallow}) {
my $tmp = unpack("N",$iaddr);
$tmp = $tmp >> $el->{bits} if $el->{bits};
if ($tmp == $el->{mask}) {
$denied = !$el->{allow};
last;
}
}
if ($denied) {
my $response = "<html><head><title>IP denied</title></head>" .
"<body><h1>IP denied</h1></body></html>";
$client->print(http_header(401, length($response), 'text/html', $denied));
$client->print($response . "\r\n");
$client->close();
next
};
my $req;
my $proto;
my $close_connection;
......
resmon
+ 1
1
View file @ 510af91f
......@@ -84,7 +84,7 @@ my $list = [];
$status = Resmon::Status->new($config->{statusfile});
$status->open();
$status->serve_http_on($config->{interface}, $config->{port},
$config->{authuser}, $config->{authpass})
$config->{authuser}, $config->{authpass}, $config->{hostsallow})
if($config->{port});
while(1) {
......
resmon.conf.sample
+ 9
0
View file @ 510af91f
......@@ -3,6 +3,15 @@ PORT 81;
STATUSFILE /var/run/resmon-status.txt;
TIMEOUT 10;
HOSTS ALLOW 10.80.116.112, 127.0.0.1;
# HOSTS {ALLOW/DENY} lists are the coma or blank separated lists of
# a dotted decimal IPv4 addresses of the form a.b.c.d. to match incoming machine’s IP address exactly,
# or an 'ipaddr/n' where ipaddr is the IP address and n is the number of one bits in the netmask.
# the first match gives the result, if nothing matches IP is allowed.
HOSTS DENY 10.80.117.128/25
HOSTS ALLOW 10.80.116.0/23
HOSTS DENY 0.0.0.0/0;
# Resmon health check. Shows the hostname, svn revision and
# any problems with modules or the configuration file.
Core::Resmon {
......
resources/check_resmon_metric
+ 3
0
View file @ 510af91f
......@@ -374,6 +374,9 @@ eval {
}
if (defined $regex) {
if (!defined($value)) {
$value = '';
}
if ($value =~ /$regex/) {
$state = "OK";
} else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment