onevm + onehost: harden sudo command execution

46b6a16e · Hahn Axel (hahn) · d1ffd8f3 · 46b6a16e · 46b6a16e
Commit 46b6a16e authored 1 year ago by Hahn Axel (hahn)
--- a/check_onehost
+++ b/check_onehost
@@ -11,12 +11,13 @@
 # 2023-06-12  v1.1  <axel.hahn@unibe.ch>  show message if no sudo permissions on onehost command exist
 # 2023-08-23  v1.2  <axel.hahn@unibe.ch>  update help; show help without requirements
 # 2023-09-15  v1.3  <axel.hahn@unibe.ch>  add detection for disabled hosts; update texts
+# 2023-10-20  v1.4  <axel.hahn@unibe.ch>  harden sudo command execution
 # ======================================================================
 . $(dirname $0)/inc_pluginfunctions
-self_APPVERSION=1.3
+self_APPVERSION=1.4
 # ----------------------------------------------------------------------
 # functions
@@ -68,7 +69,9 @@ typeset -i iCriticalLimit=$( ph.getValueWithParam 2 c "$@")
 # --- get data
-cmdout=$( sudo onehost list --csv 2>&1 )
+if ! cmdout=$( sudo -n onehost list --csv 2>&1 ); then
+    ph.abort "UNKNOWN: No sudo permissions to execute onehost commands."
+fi
 if ! grep "ID,NAME" <<< "$cmdout" >/dev/null; then
        ph.setStatus "unknown"

--- a/check_onevm
+++ b/check_onevm
@@ -35,12 +35,13 @@
 # 2023-06-12  v1.0  <axel.hahn@unibe.ch>  initial version
 # 2023-06-15  v1.1  <axel.hahn@unibe.ch>  fix output if no vm is running
 # 2023-08-23  v1.2  <axel.hahn@unibe.ch>  update help; show help without requirements
+# 2023-10-20  v1.3  <axel.hahn@unibe.ch>  harden sudo command execution
 # ======================================================================
 . $(dirname $0)/inc_pluginfunctions
-self_APPVERSION=1.2
+self_APPVERSION=1.3
 # new line
 NL="
@@ -94,7 +95,9 @@ esac
 ph.require onehost
 # --- get data
-cmdout=$( sudo onevm list --csv 2>&1 )
+if ! cmdout=$( sudo -n onevm list --csv 2>&1 ); then
+    ph.abort "UNKNOWN: No sudo permissions to execute onehost commands."
+fi
 if ! grep "ID,USER" <<< "$cmdout" >/dev/null; then
        ph.setStatus "unknown"