Last active
December 23, 2015 11:38
-
-
Save creshal/ae5568c628a71dd321a8 to your computer and use it in GitHub Desktop.
Tunnel Nagios NRPE over SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# Author: Sven Schwedas <sven.schwedas@tao.at> for TAO Software | |
# Published under MIT license | |
function freeport () { | |
# pick random port to keep collision chance minimal, ideally we don't want | |
# to enter the loop at all | |
pnum=$(shuf -i $(sed 's/\t/-/' /proc/sys/net/ipv4/ip_local_port_range) -n 1) | |
while nc -z 127.0.0.1 $pnum; do | |
let pnum++ | |
done | |
echo $pnum | |
} | |
sshopts='' | |
user=$USER | |
debug=false | |
eargs='' | |
nrpe_port=5666 | |
while getopts 'hH:p:c:U:vut:a:ln' opt; do | |
case $opt in | |
h) | |
echo 'USAGE: check_nrpe_ssh -H host [-p nrpeport] -c cmd [-U sshuser] [-v] [-u] [-t timeout] [-a arg] [-l] [-n]' | |
echo '' | |
echo '-U SSH user (ssh -l $sshuser)' | |
echo '-v Enables SSH verbose mode (ssh -v)' | |
echo '-H, -p, -c, -u, -t, -a, -l, -n: See `check_nrpe -h`' | |
echo 'Note that -n still has to be configured if necessary!' | |
exit | |
;; | |
l) | |
/usr/lib/nagios/plugins/check_nrpe -l | |
exit $? | |
;; | |
H) | |
host=$OPTARG | |
;; | |
p) | |
nrpe_port=$OPTARG | |
;; | |
c) | |
cmd=$OPTARG | |
;; | |
U) | |
user=$OPTARG | |
;; | |
v) | |
debug=true | |
;; | |
u) | |
eargs="$eargs -u" | |
;; | |
t) | |
eargs="$eargs -t $OPTARG" | |
;; | |
a) | |
eargs="$eargs -a $OPTARG" | |
;; | |
n) | |
eargs="$eargs -n" | |
esac | |
done | |
# -f + ExitOn + sleep = ssh backgrounds after establishing a connection, | |
# autocloses after $sleep seconds (unless the port is still in use), or | |
# after the port is closed by consumer | |
port=$(freeport) | |
if $debug; then | |
sshopts="-v" | |
echo "Establishing SSH forwarding on ports $port:$nrpe_port to $user@$host" | |
fi | |
ssh -o 'ExitOnForwardFailure yes' $sshopts -l $user -fL $port:127.0.0.1:$nrpe_port $host 'sleep 5' | |
exec /usr/lib/nagios/plugins/check_nrpe -H localhost -p $port -c $cmd $eargs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's some issue with it, under not reproducible circumstances ssh doesn't exit anyway and can thrash a server over a few days. Currently working around with a cronjob running
killall -u nagios -o 5m ssh
every hour.