diff --git a/agent_based/curl.py b/agent_based/curl.py
index 2350da37059427c933af96e75e918c0142f849dc..4d1ecbc2062ee70cb9883b22d18f78f15dea7f47 100644
--- a/agent_based/curl.py
+++ b/agent_based/curl.py
@@ -461,7 +461,7 @@ def check_curl(item, params, section: Dict[str, Any]) -> CheckResult:
if show_session_info and _data.get('TLS_INFO'):
yield Result(state=State.OK, notice=f' ')
- yield Result(state=State.OK, notice=f'TLS/SSL info:')
+ yield Result(state=State.OK, notice=f'TLS/SSL/SSH info:')
for line in _data['TLS_INFO']:
if line:
yield Result(state=State.OK, notice=f'{line}')
diff --git a/agents/bakery/curl.py b/agents/bakery/curl.py
index 048a2bdede3917118f1675d1381bbfe788896fcc..196c6e1a3e38283866c01ddf2abe31888ae0bd60 100755
--- a/agents/bakery/curl.py
+++ b/agents/bakery/curl.py
@@ -44,7 +44,10 @@
# 2022-03-21: fixed handling of limits and sub directories from wato
# 2022-03-24: added options --hostpubmd5, --hostpubsha256, --pubkey
# 2022-03-24: added options --key --passs
+# 2022-03-25: added options --compressed-ssh, --list-only, --use-ascii
+# added options --path-as-is, --ssl-allow-beast, --no-buffer, --no-keepalive, --no-sessionid
#
+
from pathlib import Path
from typing import List, Tuple, Dict
@@ -60,7 +63,7 @@ from cmk.base.cee.plugins.bakery.bakery_api.v1 import (
)
-bakery_version = '20220324.v0.0.6'
+bakery_version = '20220325.v0.0.6'
def get_curl_files(conf: Tuple[str, Dict[str, List[any]]]) -> FileGenerator:
@@ -343,11 +346,22 @@ def get_curl_files(conf: Tuple[str, Dict[str, List[any]]]) -> FileGenerator:
url_settings.pop('cert_verify')
if url_settings.get('advanced_settings'):
- no_apln, no_npn, tcp_fastopen, tcp_nodelay = url_settings['advanced_settings']
+ allow_beast, no_apln, no_buffering, no_npn, no_sessionid, no_keepalive, \
+ path_as_is, tcp_fastopen, tcp_nodelay = url_settings['advanced_settings']
+ if allow_beast:
+ options_array.append(f'--ssl-allow-beast')
if no_apln:
options_array.append(f'--no-alpn')
+ if no_buffering:
+ options_array.append(f'--no-buffer')
if no_npn:
options_array.append(f'--no-npn')
+ if no_sessionid:
+ options_array.append(f'--no-sessionid')
+ if no_keepalive:
+ options_array.append(f'--no-keepalive')
+ if path_as_is:
+ options_array.append(f'--path-as-is')
if tcp_fastopen:
options_array.append(f'--tcp-fastopen')
if tcp_nodelay:
@@ -433,6 +447,12 @@ def get_curl_files(conf: Tuple[str, Dict[str, List[any]]]) -> FileGenerator:
if ftp_ssl_ccc:
options_array.append(f'--ftp-ssl-ccc')
options_array.append(f'--ftp-ssl-ccc-mode {ftp_ssl_ccc_mode}')
+ if ftp_options.get('compressed_ssh'):
+ options_array.append(f'--compressed-ssh')
+ if ftp_options.get('list_only'):
+ options_array.append(f'--list-only')
+ if ftp_options.get('use_ascii'):
+ options_array.append(f'--use-ascii')
url_settings.pop('ftp_settings')
if save_output:
diff --git a/agents/plugins/curl.ps1 b/agents/plugins/curl.ps1
index ba27c302074cb9b8027686dd45268aa8f825afbe..04727a27a02e41f4304b787fb6459f022c0a0e5e 100755
--- a/agents/plugins/curl.ps1
+++ b/agents/plugins/curl.ps1
@@ -5,7 +5,7 @@ Author: thl-cmk[at]outlook[dot]com
URL : https://thl-cmk.hopto.org
Date : 2022-02-10
-based on the work by Christian Wirtz doc[at]snowheaven[dot]de and
+based on the work by Christian Wirtz doc[at]snowheaven[dot]de and Ingo Hambrock
Wrapper around: https://curl.se/
diff --git a/curl.mkp b/curl.mkp
index 3b74d44ce4876c7f8f6965c781178d49acbf3179..cce478135ad49d04e80f3785b9ec19898a7e80f2 100644
Binary files a/curl.mkp and b/curl.mkp differ
diff --git a/packages/curl b/packages/curl
index d589b44c81b24bdacf6b12fe1e009c1809331d87..b9b250c7c9ff7f9f999b6627f4566052b3dc7dde 100644
--- a/packages/curl
+++ b/packages/curl
@@ -5,15 +5,17 @@
'not the monitoring server ;-). Deployment and configuration '
'of the plugin is integrated in the CMK bakery.\n'
'\n'
+ 'The plugin is based on a idea by based on the work by '
+ 'Christian Wirtz doc[at]snowheaven[dot]de and Ingo Hambrock\n'
'This agent plugin for Linux and Windows is build around the '
'curl command line tool from https://curl.se.\n'
'\n'
'The executable is not included in this package. The plugin '
'will use by default the system provided curl executable.\n'
'\n'
- 'Note: this plugin needs a fairly new version of curl to work. '
- 'You can use my CMK package "curl_executable.mkp" to deploy a '
- 'compatible version.\n',
+ 'Note: this plugin needs at leat curl version 7.70.0 from '
+ 'April 29 2020 to work. You can use my CMK package '
+ '"curl_executable.mkp" to deploy a compatible version.\n',
'download_url': 'https://thl-cmk.hopto.org/gitlab/checkmk/vendor-independent/curl',
'files': {'agent_based': ['curl.py'],
'agents': ['bakery/curl.py', 'plugins/curl.sh', 'plugins/curl.ps1'],
@@ -21,7 +23,7 @@
'name': 'curl',
'num_files': 6,
'title': 'cURL agent plugin',
- 'version': '20220324.v0.1.3',
+ 'version': '20220325.v0.1.4',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/wato/curl.py b/web/plugins/wato/curl.py
index 78ec3d0b3698654919edda75a3a9eef82b5579d6..ac451cf05f3a6e2e9c74e877451c67ce9e48ce40 100644
--- a/web/plugins/wato/curl.py
+++ b/web/plugins/wato/curl.py
@@ -62,7 +62,10 @@
# 2022-03-24: added options --hostpubmd5, --hostpubsha256, --pubkey
# 2022-03-24: added options --key --passs
# reworked user_auth section
+# 2022-03-25: added options --compressed-ssh, --list-only, --use-ascii
+# added options --path-as-is, --ssl-allow-beast, --no-buffer, --no-keepalive, --no-sessionid
#
+
import ipaddress
from cmk.gui.i18n import _
from cmk.gui.exceptions import MKUserError
@@ -101,7 +104,7 @@ from cmk.gui.cee.plugins.wato.agent_bakery.rulespecs.utils import (
RulespecGroupMonitoringAgentsAgentPlugins,
)
-bakery_plugin_version = '20220324.v0.0.6'
+bakery_plugin_version = '20220325.v0.0.6'
# unsafe characters https://www.tutorialspoint.com/html/html_url_encoding.htm
forbidden_chars = '"<>#%{}|\^~[]` \''
@@ -393,8 +396,13 @@ _option_advanced_settings = ('advanced_settings',
Tuple(
title='Advanced settings',
elements=[
+ Checkbox('Allow SSL beast security flaw to improve interoperability'),
Checkbox('Disable Application Layer Protocol Negotiation (ALPN)'),
+ Checkbox('Disable buffering of the output stream'),
Checkbox('Disable Next Protocol Negotiation (NPN)'),
+ Checkbox('Disable SSL session-ID reusing'),
+ Checkbox('Disable TCP keep alive on the connection'),
+ Checkbox('Do not squash .. sequences in URL path'),
Checkbox('Use TCP fast open option'),
Checkbox('Use TCP no delay option'),
]
@@ -648,7 +656,7 @@ _option_address_resolution = ('ip_address_resolution',
_option_ftp_settings = ('ftp_settings',
Foldable(
Dictionary(
- title=_('FTP options'),
+ title=_('FTP/SCP/SFTP options'),
elements=[
('ftp_account', TextUnicode(title=_('Account data string')),),
('ftp_alternate_to_user', TextUnicode(title=_('String to replace USER command'))),
@@ -713,9 +721,24 @@ _option_ftp_settings = ('ftp_settings',
)
]
)),
+ ('compressed_ssh', FixedValue(
+ True,
+ title=_('Enable ssh compression'),
+ totext=_('enabled'),
+ )),
+ ('list_only', FixedValue(
+ True,
+ title=_('Enable list only'),
+ totext=_('enabled'),
+ )),
+ ('use_ascii', FixedValue(
+ True,
+ title=_('Enable ASCII transfer'),
+ totext=_('enabled'),
+ )),
],
),
- title=_('Set FTP options'),
+ title=_('Set FTP/SCP/SFTP options'),
))
_option_expected_strings = ('expected_strings',
@@ -982,21 +1005,6 @@ _option_limits = ('limits',
),
title=_('Set connection limits')
))
-_url_limits = ('limits',
- Foldable(
- Dictionary(
- title=_('Limits'),
- elements=[
- _url_limit_rate,
- _url_max_file_size,
- _url_connect_timeout,
- _url_max_time,
- _url_speed_limit,
- _url_speed_time,
- ]
- ),
- title=_('Set connection limits')
- ))
_option_user_agent = ('user_agent',
TextUnicode(
@@ -1106,7 +1114,7 @@ _option_url_settings = ('url_settings',
_url_user_agent,
_url_header_strings,
_url_expected_strings,
- _url_limits,
+ _option_limits,
_option_address_resolution,
_option_ftp_settings,
_option_tls_ssl_version,