Service check_nut_plus

discofris · August 19, 2019, 8:42am

Hi all. I’d like to strip something out of the check_nut_plus plugin output.
Running this plugin it generates always this extra line:

Init SSL without certificate database

I know I can enable the extra SSL layer on my NUT client/server setup … but that’s a lot of overhead for my home lab.

Some more details:

Running the plugin directly from cli:
perl check_nut_plus -d ups1@192.168.1.32:3492 -v "ups.load=w>60:c>=70" -D

DEBUG
Init SSL without certificate database
KV3: (w,>,60)
KV3: (c,>=,70)
$VAR1 = {
          'c' => [
                   {
                     'op' => '>=',
                     'value' => '70'
                   }
                 ],
          'w' => [
                   {
                     'value' => '60',
                     'op' => '>'
                   }
                 ]
        };
Cc
ups.load 25 >= 70
Cw
O: ups.load=25
OK: ups.load=25

Running directly the upsc command:
upsc ups1@192.168.1.32:3492

Init SSL without certificate database
battery.charge: 100
battery.runtime: 600
battery.voltage: 13.60
battery.voltage.high: 12
battery.voltage.low: 8
battery.voltage.nominal: 12.0
device.type: ups
driver.name: blazer_usb
driver.parameter.pollinterval: 2
driver.parameter.port: auto
driver.parameter.productid: 5161
driver.parameter.runtimecal: 60,100,360,50
driver.parameter.subdriver: cypress
driver.parameter.synchronous: no
driver.parameter.vendorid: 0665
driver.version: 2.7.4
driver.version.internal: 0.12
input.current.nominal: 3.0
input.frequency: 50.3
input.frequency.nominal: 50
input.voltage: 242.0
input.voltage.fault: 242.0
input.voltage.nominal: 230
output.voltage: 241.4
ups.beeper.status: enabled
ups.delay.shutdown: 30
ups.delay.start: 180
ups.load: 29
ups.productid: 5161
ups.status: OL
ups.temperature: 25.0
ups.type: offline / line interactive
ups.vendorid: 0665

I can remove that line with this command:
/bin/upsc > /dev/stdout 2> /dev/null ups1@192.168.1.32:3492
But I don’t know how to implement this into the perl script …

Resources:
https://exchange.nagios.org/directory/Plugins/Hardware/UPS/check_nut_plus/details
https://webnote.satin-pl.com/public/nut/check_nut_plus.txt

Any help or guidance highly appreciated

blakehartshorn · August 19, 2019, 12:01pm

Does it output that line without the -D flag? I’m reading the manpage for the Nagios check and seeing it doesn’t have an option to ignore certificate warnings. I haven’t written a line of perl in probably 10 years so that code is a mess to me too, but if it’s calling upsc, stderr can likely be redirected to nowhere if you feel like hacking it yourself.

Looks like it really just expects you to have a self signed one in there and not like going to the effort to set up letencrypt or anything like that. I’d just go off the NUT security doc if it were me.

github.com

networkupstools/nut/blob/master/docs/security.txt

Notes on securing NUT
=====================

The NUT Team is very interested in providing the highest security level to its
users.

Many internal and external mechanisms exist to secure NUT. And several steps are
needed to ensure that your NUT setup meets your security requirements.

This chapter will present you these mechanisms, by increasing order of security
level. This means that the more security you need, the more mechanisms you will
have to apply.

NOTE: you may want to have a look at NUT Quality Assurance, since some
topics are related to NUT security and reliability.


[[verifySourceSig]]
How to verify the NUT source code signature
-------------------------------------------

This file has been truncated. show original

discofris · August 19, 2019, 12:23pm

Yes. Without the -D I still have that line.

Exactly, I found out how but I don’t know how to implement this in the Perl code.
This command removes it:
/bin/upsc > /dev/stdout 2> /dev/null ups1@192.168.1.32:3492