Page 2 of 2
Re: check_http unable to use pass with "!"
Posted: Wed Jun 06, 2018 9:29 am
by scottwilkerson
Re: check_http unable to use pass with "!"
Posted: Wed Jun 06, 2018 10:11 am
by nagiosEngie
Hello Everybody (your greatness included
),
tested the script proposed and it works. BUT, (unfortunatly there always is one):
I tried the script and authentication works I get:
OK: Authentication Successful (and thats good)
I then tried to insert a wrong user so to check if i get a CRITICAL message, but I sill get
OK: Authentication Successful (and that's not good) is the session somehow cashed or some other contraption.
How can this be solved?
I also tested the sting search (-s option) and it works with right and wrong pass.
Thanks
Sandro
Re: check_http unable to use pass with "!"
Posted: Wed Jun 06, 2018 11:02 am
by scottwilkerson
I looked at the script and there is no caching. You can add the -v flag to get verbose output including the the curl command it is using, this would allow you ti run the command directly and see what the server is returning.
Are you 100% sure this server don't respond without authentication?
Re: check_http unable to use pass with "!"
Posted: Thu Jun 07, 2018 2:57 am
by nagiosEngie
Hello Scott,
here is the output with the -v option enabled. I used a wrong pass and user and the exit code is still 0.
From what I understand there is a HTTP/1.1 401 Unauthorized message so the script is able to see that authentication fails but exit code is still 0.
Server without authentication will respond with a HTTP ERROR 401 page with chrome.
It will return an empty page with internet explorer.
File attached
Sandro
Re: check_http unable to use pass with "!"
Posted: Thu Jun 07, 2018 3:27 am
by nagiosEngie
Hello,
line 131 of the script:
if [[ "$curloutput" == *'401 - Unauthorized'* ]]; then....etc.
in the debug message:
HTTP/1.1 401 Unauthorized
There is no dash "-"
If I correct this I will get the right result with the wrong password ie. CRITICAL Authentication failed.
BUT (there it is) if I use the correct password I will still get the same message.
So I had a look at the debug message I get when I use a correct password and I do not know why, but a HTTP/1.1 401 Unauthorized will appear in the debug message although the transaction is successfull.
So the problem is the string we grep "HTTP/1.1 401 Unauthorized" that appears in both cases.
I guess we have to choose some other string to grep for unsucccssesfull authentication.
There is also a wrong string in a second check "Couldn't resolve host" I get "Could not resolve host".
I this code works for me:
if [[ "$curloutput" == *'401 Unauthorized'* && "$curloutput" == *'NTLM handshake rejected'* ]]; then
authmsg='Authentication Failed!'
adjust_exit 2
elif [[ "$curloutput" == *"Could not resolve host"* ]]; then
authmsg='Unable to resolve host, please check DNS!'
adjust_exit 2
else
authmsg='Authentication Successful'
adjust_exit 0
I attached the corrected script that works inmy case.
Is it possible I get different messages based on different version of IIS?
SAndro
Re: check_http unable to use pass with "!"
Posted: Thu Jun 07, 2018 9:00 am
by scottwilkerson
nagiosEngie wrote:Is it possible I get different messages based on different version of IIS?
Maybe, but it might also be the application.
It is actually strange that you are getting the following with it actually works
That sounds like the applications is not outputting the correct code.
I'm glad you were able to work out a solution, and thanks for sharing for others!