Delete snmp_state.py

agent_based/snmp_state.py

-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#
-# License: GNU General Public License v2
-#
-# Author: thl-cmk[at]outlook[dot]com
-# URL   : https://thl-cmk.hopto.org
-# Date  : 2023-06-28
-# File  : snmp_state.py
-
-#
-# Monitor snmp version used by CMK for a host object
-#
-# 2023-06-28: initial release
-# 2023-07-09: added WATO parameters
-# 2023-07-11: added check key length, key complexity,  use of default keys
-# 2023-08-02: renamed from snmp_version to snmp_state
-
-import re
-from typing import List
-from cmk.base.check_api import host_name
-from cmk.base.config import get_config_cache
-from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
-    DiscoveryResult,
-    CheckResult,
-    StringTable,
-)
-
-from cmk.base.plugins.agent_based.agent_based_api.v1 import (
-    register,
-    Service,
-    SNMPTree,
-    Result,
-    State,
-    exists,
-)
-
-
-def _check_key_length(key: str, name: str, min_length: int, state: int):
-    if len(key) < min_length:
-        yield Result(state=State(state), notice=f'{name} length: {len(key)} - below {min_length}')
-    else:
-        yield Result(state=State.OK, notice=f'{name} length: {len(key)}')
-
-
-def _check_default_key(key: str, name: str, default_keys: List[str], state: int):
-    if key.lower() in default_keys:
-        yield Result(state=State(state), notice=f'{name} uses default value')
-
-
-def _check_expected(value, message: str, excepted: List, state: int):
-    if value in excepted:
-        yield Result(state=State.OK, summary=f'{message}: {value}')
-    else:
-        yield Result(state=State(state), summary=f'{message} {value}')
-
-
-def _check_key_complexity(value, message: str, regex: List[str], state: int):
-    _regex = ''.join(regex)
-    if re.search(_regex, value) is not None:
-        yield Result(state=State.OK, notice=f'{message} complexity is met.')
-    else:
-        yield Result(state=State(state), notice=f'{message} complexity is not met')
-
-
-def parse_snmp_state(string_table: StringTable):
-    return string_table
-
-
-def discovery_snmp_state(section) -> DiscoveryResult:
-    yield Service()
-
-
-def check_snmp_state(params, section) -> CheckResult:
-    config_cache = get_config_cache()
-    snmp_host = False
-
-    try:
-        # test for CMK 2.2.x
-        snmp_host = config_cache.is_snmp_host(host_name())
-        snmp_credentials = config_cache._snmp_credentials(host_name())
-        snmp_backend = config_cache.get_snmp_backend(host_name()).value
-        snmp_version1 = config_cache._is_host_snmp_v1(host_name())
-    except AttributeError:
-        # try cmk 2.0.x - 2.1.x
-        host_config = config_cache.get_host_config(host_name())
-        snmp_config = host_config.snmp_config(None)
-        snmp_credentials = snmp_config.credentials
-        snmp_backend = snmp_config.snmp_backend.value
-        snmp_version1 = host_config._is_host_snmp_v1()
-        if snmp_credentials:
-            snmp_host = True
-
-    if snmp_host:
-        snmp_version = '1' if snmp_version1 else '2c' if type(snmp_credentials) is str else '3'
-
-        excepted, state = params['snmp_version']
-        yield from _check_expected(snmp_version, 'Version', excepted, state)
-
-        excepted, state = params['snmp_backend']
-        yield from _check_expected(snmp_backend.lower(), 'Backend', excepted, state)
-
-        if snmp_version == '3':
-            excepted, state = params['v3_level']
-            yield from _check_expected(snmp_credentials[0].lower(), 'Level', excepted, state)
-
-            if len(snmp_credentials) > 2:
-                excepted, state = params['v3_authentication']
-                excepted = list(map(str.upper, excepted))
-                yield from _check_expected(snmp_credentials[1].upper(), 'Authentication', excepted, state)
-
-            try:
-                snmp_encryption = snmp_credentials[4]
-            except IndexError:
-                pass
-            else:
-                excepted, state = params['v3_encryption']
-                excepted = list(map(str.upper, excepted))
-                yield from _check_expected(snmp_encryption.upper(), 'Encryption', excepted, state)
-
-        min_key_length, state_min_key = params['min_key_length']
-        default_keys, state_default_key = params['default_keys']
-        default_keys = list(map(str.lower, default_keys))
-        key_complexity, state_key_complexity = params['key_complexity']
-
-        if snmp_version != '3':
-            message = 'Community string'
-            yield from _check_key_length(snmp_credentials, message, min_key_length, state_min_key)
-            yield from _check_default_key(snmp_credentials, message, default_keys, state_default_key)
-            yield from _check_key_complexity(snmp_credentials,  message, key_complexity, state_key_complexity)
-        else:
-            if len(snmp_credentials) > 2:
-                message = 'Authentication key'
-                yield from _check_key_length(snmp_credentials[3], message, min_key_length, state_min_key)
-                yield from _check_default_key(snmp_credentials[3], message, default_keys, state_default_key)
-                yield from _check_key_complexity(snmp_credentials[3], message, key_complexity, state_key_complexity)
-            if len(snmp_credentials) == 6:
-                message = 'Encryption key'
-                yield from _check_key_length(snmp_credentials[5], message, min_key_length, state_min_key)
-                yield from _check_default_key(snmp_credentials[5], message, default_keys, state_default_key)
-                yield from _check_key_complexity(snmp_credentials[5], message, key_complexity, state_key_complexity)
-                if snmp_credentials[3] != snmp_credentials[5]:
-                    yield Result(state=State.OK, notice=F'Authentication and Encryption key are different')
-                else:
-                    yield Result(
-                        state=State(params['auth_enc_key_identical']),
-                        notice=F'Authentication and Encryption key are identical'
-                    )
-
-    else:
-        yield Result(state=State.OK, summary='No SNMP host')
-
-
-register.snmp_section(
-    name='snmp_state',
-    parse_function=parse_snmp_state,
-    fetch=SNMPTree(
-        base='.1.3.6.1.2.1.1',  # 
-        oids=[
-            '1',  # sysDescr
-        ]),
-    detect=exists('.1.3.6.1.2.1.1.1.0', ),  # sysDescr
-)
-
-register.check_plugin(
-    name='snmp_state',
-    service_name='SNMP State',
-    discovery_function=discovery_snmp_state,
-    check_function=check_snmp_state,
-    check_default_parameters={
-        'snmp_version': (['3', 1]),
-        'v3_level': (['authpriv'], 1),
-        'v3_authentication': (['sha', 'sha-224', 'sha-256', 'sha-384', 'sha-512'], 1),
-        'v3_encryption': (['aes'], 1),
-        'snmp_backend': (['inline', 'classic'], 1),
-        'default_keys': (['Public', 'pRivate'], 1),
-        'min_key_length': (10, 1),
-        'auth_enc_key_identical': 1,
-        'key_complexity': (['(?=.*\\d)', '(?=.*[a-z])', '(?=.*[A-Z])', '(?=.*\\W)', '(?=.{10,})'], 1),
-    },
-    check_ruleset_name='snmp_state',
-)