Description:
=========================================================== Ubuntu Security Notice USN-698-1 December 22, 2008 nagios vulnerability CVE-2008-5027 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-common 2:1.3-cvs.20050402-8ubuntu8 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
COLLECTD-NAGIOS(1) collectd COLLECTD-NAGIOS(1)NAME
collectd-nagios - Nagios plugin for querying collectd
SYNOPSIS
collectd-nagios -s socket -n value_spec -H hostname [options]
DESCRIPTION
This small program is the glue between collectd and nagios. collectd collects various performance statistics which it provides via the
"unixsock plugin", see collectd-unixsock(5). This program is called by Nagios, connects to the UNIX socket and reads the values from
collectd. It then returns OKAY, WARNING or CRITICAL depending on the values and the ranges provided by Nagios.
ARGUMENTS AND OPTIONS
The following arguments and options are required and understood by collectd-nagios. The order of the arguments generally doesn't matter, as
long as no argument is passed more than once.
-s socket
Path of the UNIX socket opened by collectd's "unixsock plugin".
-n value_spec
The value to read from collectd. The argument is in the form "plugin[-instance]/type[-instance]".
-H hostname
Hostname to query the values for.
-d data_source
Each value_spec may be made of multiple "data sources". With this option you can select one or more data sources. To select multiple
data sources simply specify this option again. If multiple data sources are examined they are handled according to the consolidation
function given with the -g option.
-g none|average|sum
When multiple data sources are selected from a value spec, they can be handled differently depending on this option. The values of the
following meaning:
none
No consolidation if done and the warning and critical regions are applied to each value independently.
average
The warning and critical ranges are applied to the average of all values.
sum The warning and critical ranges are applied to the sum of all values.
percentage
The warning and critical ranges are applied to the ratio (in percent) of the first value and the sum of all values. A warning is
returned if the first value is not defined or if all values sum up to zero.
-c range
-w range
Set the critical (-c) and warning (-w) ranges. These options mostly follow the normal syntax of Nagios plugins. The general format is
"min:max". If a value is smaller than min or bigger than max, a warning or critical status is returned, otherwise the status is
success.
The tilde sign (~) can be used to explicitly specify infinity. If ~ is used as a min value, negative infinity is used. In case of max,
it is interpreted as positive infinity.
If the first character of the range is the at sign (@), the meaning of the range will be inverted. I. e. all values within the range
will yield a warning or critical status, while all values outside the range will result in a success status.
min (and the colon) may be omitted, min is then assumed to be zero. If max (but not the trailing colon) is omitted, max is assumed to
be positive infinity.
-m If this option is given, "Not a Number" (NaN) is treated as critical. By default, the none consolidation reports NaNs as warning. Other
consolidations simply ignore NaN values.
RETURN VALUE
As usual for Nagios plugins, this program writes a short, one line status message to STDOUT and signals success or failure with it's return
value. It exits with a return value of 0 for success, 1 for warning and 2 for critical. If the values are not available or some other error
occurred, it returns 3 for unknown.
SEE ALSO collectd(1), collectd.conf(5), collectd-unixsock(5), <http://nagios.org/>
AUTHOR
Florian Forster <octo at verplant.org>
5.1.0 2012-04-02 COLLECTD-NAGIOS(1)