From 98070025ee17db8bac9022c3169ed71a78e01a75 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Fri, 20 Oct 2023 15:55:57 +0200
Subject: [PATCH] checph_status harden sudo command execution + docs

---
 check_ceph_status                   | 14 ++++----------
 docs/20_Checks/check_ceph_status.md | 12 ++++++++++--
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/check_ceph_status b/check_ceph_status
index 61fc8a5..33b567e 100755
--- a/check_ceph_status
+++ b/check_ceph_status
@@ -21,11 +21,12 @@
 # 2023-04-24  v1.4  <axel.hahn@unibe.ch>      update for newer ceph versions
 # 2023-06-19  v1.5  <axel.hahn@unibe.ch>      add help and param support; no more tmpfile
 # 2023-07-27  v1.6  <axel.hahn@unibe.ch>      update help page
+# 2023-10-20  v1.7  <axel.hahn@unibe.ch>      harden sudo command execution
 # ======================================================================
 
 . $(dirname $0)/inc_pluginfunctions
 
-export self_APPVERSION=1.6
+export self_APPVERSION=1.7
 
 initfile="/tmp/ceph-status-not-ok-start-$USER"
 
@@ -45,14 +46,7 @@ line="__________________________________________________________________________
 function showHelp(){
     local _self; _self=$(basename $0)
 cat <<EOF
-______________________________________________________________________
-
-$self_APPNAME 
-v$self_APPVERSION
-
-(c) Institute for Medical Education - University of Bern
-Licence: GNU GPL 3
-______________________________________________________________________
+$( ph.showImlHelpHeader )
 
 Show ceph health status.
 The state of the check switches to warning if HEALTH_WARN was detected
@@ -72,7 +66,7 @@ EOF
 }
 
 function readCephStatus(){
-        if ! data=$( sudo /bin/ceph status 2>&1 ); then
+        if ! data=$( sudo -n /bin/ceph status 2>&1 ); then
                 echo "$data"
                 ph.abort "UNKNOWN: ceph is not available or no sudo permissions to execute ceph commands."
         fi
diff --git a/docs/20_Checks/check_ceph_status.md b/docs/20_Checks/check_ceph_status.md
index 65ad237..abce980 100644
--- a/docs/20_Checks/check_ceph_status.md
+++ b/docs/20_Checks/check_ceph_status.md
@@ -9,16 +9,22 @@ It switches the state in dependency of the HEALTH_* value.
 
 * `ceph` binary and sudo permission on it to get the information
 
+```txt
+icingaclient ALL=(ALL) NOPASSWD: /bin/ceph
+```
+
 ## Syntax
 
 ```txt
 ______________________________________________________________________
 
-CHECK_CEPH_STATUS 
-v1.5
+CHECK_CEPH_STATUS
+v1.7
 
 (c) Institute for Medical Education - University of Bern
 Licence: GNU GPL 3
+
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ceph_status.html
 ______________________________________________________________________
 
 Show ceph health status.
@@ -27,6 +33,8 @@ and is error of other HEALTH values than HEALTH_WARN or HEALTH_OK.
 
 In the output is the complete output of the command "ceph status".
 
+If degraded objects are found it shows the progress of repair process.
+
 SYNTAX:
 check_ceph_status
 
-- 
GitLab