Syntax cleanup, removed some non-working SUID entries

This commit is contained in:
Emanuel Duss 2020-11-13 11:56:48 +01:00
parent bd1e3ce65d
commit 764b2685bc
16 changed files with 65 additions and 105 deletions

View File

@ -4,26 +4,18 @@ description: |
functions: functions:
command: command:
- code: | - code: |
COMMAND='/usr/bin/id' COMMAND=id
OUTPUT="output_file" OUTPUT=output_file
TF=$(mktemp) TF=$(mktemp)
echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF echo "ProxyCommand $COMMAND | tee $OUTPUT" > $TF
check_by_ssh -F "$TF" -H localhost -C something check_by_ssh -F $TF -H localhost -C something
cat $OUTPUT
suid:
- code: |
COMMAND='/usr/bin/id'
OUTPUT="output_file"
TF=$(mktemp)
echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF
check_by_ssh -F "$TF" -H localhost -C something
cat $OUTPUT cat $OUTPUT
sudo: sudo:
- code: | - code: |
COMMAND='/usr/bin/id' COMMAND=id
OUTPUT="output_file" OUTPUT=output_file
TF=$(mktemp) TF=$(mktemp)
echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF echo "ProxyCommand $COMMAND | tee $OUTPUT" > $TF
check_by_ssh -F "$TF" -H localhost -C something sudo check_by_ssh -F $TF -H localhost -C something
cat $OUTPUT cat $OUTPUT
--- ---

View File

@ -5,13 +5,9 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
check_cups --extra-opts=@"$LFILE" check_cups --extra-opts=@$LFILE
suid:
- code: |
LFILE=file_to_read
./check_cups --extra-opts=@"$LFILE"
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo check_cups --extra-opts=@"$LFILE" sudo check_cups --extra-opts=@$LFILE
--- ---

View File

@ -6,25 +6,17 @@ functions:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
OUTPUT=output_file OUTPUT=output_file
umask 022 check_log -F $LFILE -O $OUTPUT
check_log -F "$LFILE" -O "$OUTPUT" cat $OUTPUT
cat "$OUTPUT"
file-write: file-write:
- code: | - code: |
LFILE=file_to_write LFILE=file_to_write
INPUT=output_file INPUT=output_file
umask 022 check_log -F $INPUT -O $LFILE
check_log -F "$INPUT" -O "$LFILE"
suid:
- code: |
LFILE=file_to_write
INPUT=output_file
umask 022
./check_log -F "$INPUT" -O "$LFILE"
sudo: sudo:
- code: | - code: |
LFILE=file_to_write LFILE=file_to_write
INPUT=output_file INPUT=output_file
umask 022 umask 022
sudo check_log -F "$INPUT" -O "$LFILE" sudo check_log -F $INPUT -O $LFILE
--- ---

View File

@ -5,13 +5,9 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
check_memory --extra-opts=@"$LFILE" check_memory --extra-opts=@$LFILE
suid:
- code: |
LFILE=file_to_read
./check_memory --extra-opts=@"$LFILE"
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo check_memory --extra-opts=@"$LFILE" sudo check_memory --extra-opts=@$LFILE
--- ---

View File

@ -5,13 +5,9 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
check_raid --extra-opts=@"$LFILE" check_raid --extra-opts=@$LFILE
suid:
- code: |
LFILE=file_to_read
./check_raid --extra-opts=@"$LFILE"
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo check_raid --extra-opts=@"$LFILE" sudo check_raid --extra-opts=@$LFILE
--- ---

View File

@ -3,32 +3,24 @@ description: |
This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
functions: functions:
command: command:
- code: | - description: The host example.net must return a certificate via TLS
COMMAND='/usr/bin/id' code: |
OUTPUT="output_file" COMMAND=id
OUTPUT=output_file
TF=$(mktemp) TF=$(mktemp)
echo "$COMMAND | tee \"$OUTPUT\"" > $TF echo "$COMMAND | tee $OUTPUT" > $TF
chmod +x $TF chmod +x $TF
check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS check_ssl_cert --curl-bin $TF -H example.net
cat $OUTPUT
suid:
- code: |
COMMAND='/usr/bin/id'
OUTPUT="output_file"
umask 022
TF=$(mktemp)
echo "$COMMAND | tee \"$OUTPUT\"" > $TF
chmod +x $TF
./check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS
cat $OUTPUT cat $OUTPUT
sudo: sudo:
- code: | - description: The host example.net must return a certificate via TLS
COMMAND='/usr/bin/id' code: |
OUTPUT="output_file" COMMAND=id
umask 022 OUTPUT=output_file
TF=$(mktemp) TF=$(mktemp)
echo "$COMMAND | tee \"$OUTPUT\"" > $TF echo "$COMMAND | tee $OUTPUT" > $TF
chmod +x $TF chmod +x $TF
sudo check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS umask 022
check_ssl_cert --curl-bin $TF -H example.net
cat $OUTPUT cat $OUTPUT
--- ---

View File

@ -5,13 +5,9 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
check_statusfile "$LFILE" check_statusfile $LFILE
suid:
- code: |
LFILE=file_to_read
./check_statusfile "$LFILE"
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo check_statusfile "$LFILE" sudo check_statusfile $LFILE
--- ---

View File

@ -3,13 +3,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
column "$LFILE" column $LFILE
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./column "$LFILE" ./column $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo column "$LFILE" sudo column $LFILE
--- ---

View File

@ -3,7 +3,7 @@ functions:
shell: shell:
- code: | - code: |
ex ex
!/bin/sh !sh
file-write: file-write:
- code: | - code: |
ex file_to_write ex file_to_write
@ -20,9 +20,9 @@ functions:
sudo: sudo:
- code: | - code: |
sudo ex sudo ex
!/bin/sh !sh
limited-suid: suid:
- code: | - code: |
./ex ./ex
!/bin/sh !sh -p
--- ---

View File

@ -4,15 +4,15 @@ functions:
- code: | - code: |
psql psql
\? \?
!/bin/sh !sh
sudo:
- code: |
psql
\?
!/bin/sh
suid: suid:
- code: | - code: |
psql psql
\? \?
!/bin/sh !sh -p
sudo:
- code: |
psql
\?
!sh
--- ---

View File

@ -3,13 +3,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
rev "$LFILE" | rev rev $LFILE | rev
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./rev "$LFILE" | rev ./rev $LFILE | rev
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo rev "$LFILE" | rev sudo rev $LFILE | rev
--- ---

View File

@ -5,13 +5,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
ss -a -F "$LFILE" ss -a -F $LFILE
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./ss -a -F "$LFILE" ./ss -a -F $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo ss -a -F "$LFILE" sudo ss -a -F $LFILE
--- ---

View File

@ -5,13 +5,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
ssh-keyscan -f "$LFILE" ssh-keyscan -f $LFILE
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./ssh-keyscan -f "$LFILE" ./ssh-keyscan -f $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo ssh-keyscan -f "$LFILE" sudo ssh-keyscan -f $LFILE
--- ---

View File

@ -5,13 +5,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
tbl "$LFILE" tbl $LFILE
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./tbl "$LFILE" ./tbl $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo tbl "$LFILE" sudo tbl $LFILE
--- ---

View File

@ -5,13 +5,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
troff "$LFILE" troff $LFILE
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./troff "$LFILE" ./troff $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo troff "$LFILE" sudo troff $LFILE
--- ---

View File

@ -5,13 +5,13 @@ functions:
file-read: file-read:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
xmodmap -v "$LFILE" xmodmap -v $LFILE
suid: suid:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
./xmodmap -v "$LFILE" ./xmodmap -v $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_read LFILE=file_to_read
sudo xmodmap -v "$LFILE" sudo xmodmap -v $LFILE
--- ---