From b3751c3f7031b6f428d9a45366d4f26551b13d72 Mon Sep 17 00:00:00 2001
From: William Hirigoyen <whirigoyen+git@evolix.fr>
Date: Fri, 29 Mar 2024 11:27:53 +0100
Subject: [PATCH] =?UTF-8?q?Variables=20priv=C3=A9es=20dans=20common=20+=20?=
 =?UTF-8?q?optim=20lecture=20conf=20NRPE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nagios-nrpe/files/monitoringctl_common | 144 ++++++++++++-------------
 1 file changed, 72 insertions(+), 72 deletions(-)

diff --git a/nagios-nrpe/files/monitoringctl_common b/nagios-nrpe/files/monitoringctl_common
index 70d7167d..f0226bd8 100644
--- a/nagios-nrpe/files/monitoringctl_common
+++ b/nagios-nrpe/files/monitoringctl_common
@@ -13,6 +13,7 @@ readonly debian_major_version
 # If no time limit is provided in CLI or found in file, this value is used
 readonly default_disabled_time="1h"
 
+_nrpe_conf_lines=''  # populated at the end of the file
 
 
 function error() {
@@ -50,8 +51,8 @@ END
 # Fail if argument does not respect format: XwXdXhXmXs, XhX, XmX
 function filter_duration() {
     # $1: duration in format specified above
-    time_regex="^([0-9]+d)?(([0-9]+h(([0-9]+m?)|([0-9]+m([0-9]+s?)?))?)|(([0-9]+m([0-9]+s?)?)?))?$"
-    if [[ "${1}" =~ ${time_regex} ]]; then
+    _time_regex="^([0-9]+d)?(([0-9]+h(([0-9]+m?)|([0-9]+m([0-9]+s?)?))?)|(([0-9]+m([0-9]+s?)?)?))?$"
+    if [[ "${1}" =~ ${_time_regex} ]]; then
         return 0
     fi
     return 1
@@ -74,31 +75,31 @@ function time_to_seconds() {
 # Print re-enable time in secs
 function get_enable_time() {
     # $1: wrapper name
-    disable_file_path="$(get_disable_file_path "${1}")"
-    if [ ! -e "${disable_file_path}" ]; then
+    _disable_file_path="$(get_disable_file_path "${1}")"
+    if [ ! -e "${_disable_file_path}" ]; then
         return
     fi
 
-    enable_secs="$(grep -v -E "^\s*#" "${disable_file_path}" | sed '/^$/d' | head -n1 | awk '/^[0-9]+$/ {print $1}')"
+    _enable_secs="$(grep -v -E "^\s*#" "${_disable_file_path}" | sed '/^$/d' | head -n1 | awk '/^[0-9]+$/ {print $1}')"
     # If file is empty, use file last change date plus default disabled time
-    if [ -z "${enable_secs}" ]; then
-        file_last_change_secs="$(stat -c %Z "${disable_file_path}")"
-        default_disabled_time_secs="$(time_to_seconds "${default_disabled_time}")"
-        enable_secs="$(( file_last_change_secs + default_disabled_time_secs ))"
+    if [ -z "${_enable_secs}" ]; then
+        _file_last_change_secs="$(stat -c %Z "${_disable_file_path}")"
+        _default_disabled_time_secs="$(time_to_seconds "${default_disabled_time}")"
+        _enable_secs="$(( _file_last_change_secs + _default_disabled_time_secs ))"
     fi
-    echo "${enable_secs}"
+    echo "${_enable_secs}"
 }
 
 # Print disable message
 function get_disable_message() {
     # $1: wrapper name
-    disable_file_path="$(get_disable_file_path "${1}")"
-    if [ ! -e "${disable_file_path}" ]; then
+    _disable_file_path="$(get_disable_file_path "${1}")"
+    if [ ! -e "${_disable_file_path}" ]; then
         return
     fi
 
-    disable_msg="$(sed '/^$/d' "${disable_file_path}" | tail -n+2 | tr '\n' ' ' | awk '{$1=$1;print}')"
-    echo "${disable_msg}"
+    _disable_msg="$(sed '/^$/d' "${_disable_file_path}" | tail -n+2 | tr '\n' ' ' | awk '{$1=$1;print}')"
+    echo "${_disable_msg}"
 }
 
 function now_secs() {
@@ -112,40 +113,39 @@ function now_iso() {
 # Print delay before re-enable in secs
 function enable_delay() {
     # $1: re-enable time in secs
-    #now_secs=$(date +"%s")
     echo $(( ${1} - $(now_secs) ))
 }
 
 # Converts delay (in seconds) into human readable duration
 function delay_to_string() {
     # $1: delay in secs
-    delay_days="$(( ${1} /86400 ))"
-    if [ "${delay_days}" -eq 0 ]; then delay_days=""
-    else delay_days="${delay_days}d"; fi
+    _delay_days="$(( ${1} /86400 ))"
+    if [ "${_delay_days}" -eq 0 ]; then _delay_days=""
+    else _delay_days="${_delay_days}d"; fi
 
-    delay_hours="$(( (${1} %86400) /3600 ))"
-    if [ "${delay_hours}" -eq 0 ]; then delay_hours=""
-    else delay_hours="${delay_hours}h"; fi
+    _delay_hours="$(( (${1} %86400) /3600 ))"
+    if [ "${_delay_hours}" -eq 0 ]; then _delay_hours=""
+    else _delay_hours="${_delay_hours}h"; fi
 
-    delay_minutes="$(( ((${1} %86400) %3600) /60 ))"
-    if [ "${delay_minutes}" -eq 0 ]; then delay_minutes=""
-    else delay_minutes="${delay_minutes}m"; fi
+    _delay_minutes="$(( ((${1} %86400) %3600) /60 ))"
+    if [ "${_delay_minutes}" -eq 0 ]; then _delay_minutes=""
+    else _delay_minutes="${_delay_minutes}m"; fi
 
-    delay_seconds="$(( ((${1} %86400) %3600) %60 ))"
-    if [ "${delay_seconds}" -eq 0 ]; then delay_seconds=""
-    else delay_seconds="${delay_seconds}s"; fi
+    _delay_seconds="$(( ((${1} %86400) %3600) %60 ))"
+    if [ "${_delay_seconds}" -eq 0 ]; then _delay_seconds=""
+    else _delay_seconds="${_delay_seconds}s"; fi
 
-    echo "${delay_days}${delay_hours}${delay_minutes}${delay_seconds}"
+    echo "${_delay_days}${_delay_hours}${_delay_minutes}${_delay_seconds}"
 }
 
 function is_disabled() {
     # $1: check name
-    wrapper="$(get_check_wrapper_name "${1}")"
-    disable_file_path="$(get_disable_file_path "${wrapper}")"
-    if [ -e "${disable_file_path}" ]; then
-        enable_time="$(get_enable_time "${wrapper}")"
-        enable_delay="$(enable_delay "${enable_time}")"
-        if [ "${enable_delay}" -le "0" ]; then
+    _wrapper="$(get_check_wrapper_name "${1}")"
+    _disable_file_path="$(get_disable_file_path "${_wrapper}")"
+    if [ -e "${_disable_file_path}" ]; then
+        _enable_time="$(get_enable_time "${_wrapper}")"
+        _enable_delay="$(enable_delay "${_enable_time}")"
+        if [ "${_enable_delay}" -le "0" ]; then
             echo "False"
         else
             echo "True"
@@ -168,7 +168,7 @@ function get_disable_file_path() {
 # and in the same order than NRPE does (taking account that
 # order changes from Deb10)
 function get_nrpe_conf() {
-    _get_conf_from_file "${nrpe_conf_path}"
+    echo "${_nrpe_conf_lines}"
 }
 
 # Private function to recursively get NRPE conf from file
@@ -176,18 +176,18 @@ function _get_conf_from_file() {
     # $1: NRPE conf file (.cfg)
     if [ ! -f "${1}" ]; then return; fi
 
-    conf_lines=$(grep -E -R -v --no-filename "^\s*(#.*|)$" "${1}")
-    while read -r line; do
-        if [[ "${line}" =~ .*'include='.* ]]; then
-            conf_file=$(echo "${line}" | cut -d= -f2)
-            _get_conf_from_file "${conf_file}"
-        elif [[ "${line}" =~ .*'include_dir='.* ]]; then
-            conf_dir=$(echo "${line}" | cut -d= -f2)
-            _get_conf_from_dir "${conf_dir}"
+    _conf_lines=$(grep -E -R -v --no-filename "^\s*(#.*|)$" "${1}")
+    while read -r _line; do
+        if [[ "${_line}" =~ .*'include='.* ]]; then
+            _conf_file=$(echo "${_line}" | cut -d= -f2)
+            _get_conf_from_file "${_conf_file}"
+        elif [[ "${_line}" =~ .*'include_dir='.* ]]; then
+            _conf_dir=$(echo "${_line}" | cut -d= -f2)
+            _get_conf_from_dir "${_conf_dir}"
         else
-            echo "${line}"
+            echo "${_line}"
         fi
-    done <<< "${conf_lines}"
+    done <<< "${_conf_lines}"
 }
 
 # Private function to recursively get NRPE conf from directory
@@ -197,40 +197,38 @@ function _get_conf_from_dir() {
 
     if [ "${debian_major_version}" -ge 10 ]; then
         # From Deb10, NRPE use scandir() with alphasort() function
-        sort_command="sort"
+        _sort_command="sort"
     else
         # Before Deb10, NRPE use loaddir(), like find utility
-        sort_command="cat -"
+        _sort_command="cat -"
     fi
 
     # Add conf files in dir to be processed recursively
-    for file in $(find "${1}" -maxdepth 1 -name "*.cfg" | ${sort_command}); do
-        if [ -f "${file}" ]; then
-            _get_conf_from_file "${file}"
-        elif [ -d "${file}" ]; then
-            _get_conf_from_dir "${file}"
+    for _file in $(find "${1}" -maxdepth 1 -name "*.cfg" | ${_sort_command}); do
+        if [ -f "${_file}" ]; then
+            _get_conf_from_file "${_file}"
+        elif [ -d "${_file}" ]; then
+            _get_conf_from_dir "${_file}"
         fi
     done
 }
 
 # Print the checks that are configured in NRPE
 function get_checks_names() {
-    conf_lines="$(get_nrpe_conf "${nrpe_conf_path}")"
-    echo "${conf_lines}" | grep -E "command\[check_.*\]=" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
+    echo "${_nrpe_conf_lines}" | grep -E "command\[check_.*\]=" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
 }
 
 # Print the commands defined for check $1 in NRPE configuration
 function get_check_commands() {
     # $1: check name
-    conf_lines="$(get_nrpe_conf "${nrpe_conf_path}")"
-    echo "${conf_lines}" | grep -E "command\[check_${1}\]" | cut -d'=' -f2-
+    echo "${_nrpe_conf_lines}" | grep -E "command\[check_${1}\]" | cut -d'=' -f2-
 }
 
 # Print the checks that have no alerts_wrapper in NRPE configuration
 function not_wrapped_checks() {
-    for check in $(get_checks_names); do
-        if ! is_wrapped "${check}"; then
-            echo "${check}"
+    for _check in $(get_checks_names); do
+        if ! is_wrapped "${_check}"; then
+            echo "${_check}"
         fi
     done
 }
@@ -238,8 +236,8 @@ function not_wrapped_checks() {
 # Fail if check is not wrapped
 function is_wrapped() {
     # $1: check name
-    cmd=$(get_check_commands "${1}" | tail -n1)
-    if echo "${cmd}" | grep --quiet --no-messages alerts_wrapper; then
+    _cmd=$(get_check_commands "${1}" | tail -n1)
+    if echo "${_cmd}" | grep --quiet --no-messages alerts_wrapper; then
         return 0
     fi
     return 1
@@ -247,23 +245,22 @@ function is_wrapped() {
 
 # Print the names that are defined in the wrappers of the checks
 function get_wrappers_names() {
-    conf_lines="$(get_nrpe_conf "${nrpe_conf_path}")"
-    echo "${conf_lines}" | grep -s "alerts_wrapper" | awk '{ for (i=1 ; i<=NF; i++) { if ($i ~ /^(-n|--name)$/) { print $(i+1); break } } }' | tr ',' '\n' | sort | uniq
+    echo "${_nrpe_conf_lines}" | grep -s "alerts_wrapper" | awk '{ for (i=1 ; i<=NF; i++) { if ($i ~ /^(-n|--name)$/) { print $(i+1); break } } }' | tr ',' '\n' | sort | uniq
 }
 
 # Print the wrapper name of the check
 function get_check_wrapper_name() {
     # $1: check name
-    cmd=$(get_check_commands "${1}" | tail -n1)
-    if echo "${cmd}" | grep --quiet --no-messages alerts_wrapper; then
-        echo "${cmd}" | awk '/--name/ {match($0, /--name\s*([a-zA-Z0-9_\-]*)\s*/, m); print m[1]}'
+    _cmd=$(get_check_commands "${1}" | tail -n1)
+    if echo "${_cmd}" | grep --quiet --no-messages alerts_wrapper; then
+        echo "${_cmd}" | awk '/--name/ {match($0, /--name\s*([a-zA-Z0-9_\-]*)\s*/, m); print m[1]}'
     fi
 }
 
 function is_check() {
     # $1: check name
-    checks="$(get_checks_names)"
-    if echo "${checks}" | grep --quiet -E "^${1}$"; then
+    _checks="$(get_checks_names)"
+    if echo "${_checks}" | grep --quiet -E "^${1}$"; then
         return 0
     fi
     return 1
@@ -271,8 +268,8 @@ function is_check() {
 
 function is_wrapper() {
     # $1: wrapper name
-    wrappers="$(get_wrappers_names)"
-    if echo "${wrappers}" | grep --quiet -E "^${1}$"; then
+    _wrappers="$(get_wrappers_names)"
+    if echo "${_wrappers}" | grep --quiet -E "^${1}$"; then
         return 0
     fi
     return 1
@@ -281,6 +278,9 @@ function is_wrapper() {
 # Print the checks that name this wrapper
 function get_wrapper_checks() {
     # $1: wrapper name
-    conf_lines="$(get_nrpe_conf "${nrpe_conf_path}")"
-    echo "${conf_lines}" | grep -E "command\[check_.*\]=" | grep -E "\-\-name\s*${1}" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq | xargs
+    echo "${_nrpe_conf_lines}" | grep -E "command\[check_.*\]=" | grep -E "\-\-name\s*${1}" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq | xargs
 }
+
+
+# Load NRPE configuration
+_nrpe_conf_lines="$(_get_conf_from_file "${nrpe_conf_path}")"