Skip to content

Commit

Permalink
Merge branch 'master' into dev-v3
Browse files Browse the repository at this point in the history
  • Loading branch information
Sebastian Wolf committed Nov 10, 2023
2 parents 7ccec23 + a424014 commit 5f03c67
Show file tree
Hide file tree
Showing 8 changed files with 454 additions and 30 deletions.
25 changes: 10 additions & 15 deletions BUILDING.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ This document contains instructions for:

THE BUILD SCRIPT WILL MAKE CHANGES TO THE SYSTEM THAT MAY BE INCOMPATIBLE WITH OTHER SOFTWARE


Building on Windows
===================

Expand Down Expand Up @@ -46,15 +45,15 @@ Building on CentOS 7 is the easiest way to get a working package for all Linux d

In most cases, building on the distribution that is targeted, e.g. building on Ubuntu 20.04 to deploy on Ubuntu 20.04, will work, but the resulting package will not be as portable.

To start, clone the repository in your directory::
To start, clone the repository in your directory:

cd ~
git clone https://github.com/NagiosEnterprises/ncpa
cd ~
git clone https://github.com/NagiosEnterprises/ncpa<<<<<<< HEAD

Now run the setup scripts to install the requirements::

cd ncpa/build
./build.sh
cd ncpa/build
./build.sh

Follow the prompts to setup the system. When running the build.sh script it will setup
the system and build the ncpa binary.
Expand All @@ -63,23 +62,19 @@ the system and build the ncpa binary.
**Install on the target Linux server**
--------------------------------

Copy the resulting ~/ncpa/build/ncpa-3.x.x-x.x86_64.rpm or ncpa_3.x.x-x_amd64.deb to the desired server and install using the appropriate package system:
Copy the resulting ~/ncpa/build/ncpa-3.x.x-x.x86_64.rpm or ncpa_3.x.x-x_amd64.deb to the desired server and install using the appropriate package system:

On CentOS/RHEL/Oracle/Amazon/Rocky::
On CentOs/RHEL::

yum install ./ncpa-3.x.x-1.x86_64.rpm
yum install ./ncpa-3.x.x-1.elx.x86_64.rpm

On Ubuntu 16+/Debian 9+::
On Ubuntu/Debian::

apt install ./ncpa_3.0.0-1._amd64.deb

On Ubuntu 14/Debian 8 (not supported, but may work)::

dpkg --force-depends -i ./ncpa_3.0.0-1._amd64.deb

On OpenSuSE/SLES::

zypper install ./ncpa-3.x.x-1.x86_64.rpm
zypper install ./ncpa_3.0.0-1.x86_64.deb


Building on MacOS
Expand Down
13 changes: 10 additions & 3 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,20 @@ NCPA

The *Nagios Cross-Platform Agent*; a single monitoring agent that installs on all major operating systems. NCPA allows both active checks via check_ncpa.py and passive checks via NRDP. NCPA comes with a built-in web GUI, documentation, websocket graphing, and is secured with SSL by default.

NCPA 3 Beta
---------
The NCPA 3 beta has been released! You can download the beta via the source code in the `dev-v3-beta-01 branch <https://github.com/NagiosEnterprises/ncpa/tree/dev-v3-beta01>`_ or by visiting the `downloads page <https://www.nagios.org/ncpa/#beta-downloads>`_ for installable packages.

Downloads
---------

Current versions:

+---------+-------------+-------------------------------------------------------+
| Current | **3.0.0** | `Downloads <https://www.nagios.org/ncpa/#downloads>`_ |
+---------+-------------+-------------------------------------------------------+
+---------+-------------+------------------------------------------------------------+
| Current | **2.4.1** | `Downloads <https://www.nagios.org/ncpa/#downloads>`_ |
+---------+-------------+------------------------------------------------------------+
| Beta | **3.0.0** | `Downloads <https://www.nagios.org/ncpa/#beta-downloads>`_ |
+---------+-------------+------------------------------------------------------------+

`Older Versions <https://www.nagios.org/ncpa/archive.php>`_

Expand Down Expand Up @@ -78,3 +84,4 @@ While we recommend using the pre-built version above, sometimes you may find the
+------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+
| `Building for Windows <https://github.com/NagiosEnterprises/ncpa/blob/master/BUILDING.rst#building-on-windows>`_ | `Building for Linux <https://github.com/NagiosEnterprises/ncpa/blob/master/BUILDING.rst#building-on-linux>`_ | `Building for Mac OS X <https://github.com/NagiosEnterprises/ncpa/blob/master/BUILDING.rst#building-on-mac-os-x>`_ |
+------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+

42 changes: 34 additions & 8 deletions agent/listener/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

# Set whether or not a request is internal or not
import socket
from hmac import compare_digest

__VERSION__ = ncpa.__VERSION__
__STARTED__ = datetime.datetime.now()
Expand Down Expand Up @@ -162,6 +163,26 @@ def is_network(ip):
logging.debug(e)
return False

# Securely compares strings - byte string or unicode
# Comparison is done via compare_digest() to prevent timing attacks
# If both items evaluate to false, they match. This makes it easier to handle
# empty strings or variables which may have "NoneType"
def secure_compare(item1, item2):
is_match = False

# Convert to unicode, if necessary, both items must have the same encoding
if item1 and not isinstance(item1, unicode):
item1 = item1.decode('utf-8')
if item2 and not isinstance(item2, unicode):
item2 = item2.decode('utf-8')

if item1 and item2 and compare_digest(item1, item2):
is_match = True
elif not item1 and not item2:
is_match = True

return is_match


# ------------------------------
# Authentication Wrappers
Expand Down Expand Up @@ -280,16 +301,17 @@ def requires_token_or_auth(f):
def token_auth_decoration(*args, **kwargs):
ncpa_token = listener.config['iconfig'].get('api', 'community_string')
token = request.values.get('token', None)
token_valid = secure_compare(token, ncpa_token)

# This is an internal call, we don't check
if __INTERNAL__ is True:
pass
elif session.get('logged', False) or token == ncpa_token:
elif session.get('logged', False) or token_valid:
pass
elif token is None:
session['redirect'] = request.url
return redirect(url_for('login'))
elif token != ncpa_token:
elif not token_valid:
return error(msg='Incorrect credentials given.')
return f(*args, **kwargs)

Expand Down Expand Up @@ -369,6 +391,9 @@ def login():
url = session.get('redirect', None)
token = request.values.get('token', None)

token_valid = secure_compare(token, ncpa_token)
token_is_admin = secure_compare(token, admin_password)

template_args = { 'hide_page_links': True,
'message': message,
'url': url,
Expand All @@ -378,9 +403,9 @@ def login():
session['message'] = None

# Do actual authentication check
if token == ncpa_token and not admin_auth_only:
if not admin_auth_only and token_valid:
session['logged'] = True
elif token == admin_password and admin_password is not None:
elif admin_password is not None and token_is_admin:
session['logged'] = True
session['admin_logged'] = True

Expand All @@ -394,10 +419,10 @@ def login():
# Display error messages depending on what was given
if token is not None:
if not admin_auth_only:
if token != ncpa_token or token != admin_password:
if not token_valid and not token_is_admin:
template_args['error'] = 'Invalid token or password.'
else:
if token == ncpa_token:
if token_valid:
template_args['error'] = 'Admin authentication only.'
else:
template_args['error'] = 'Invalid password.'
Expand All @@ -414,15 +439,16 @@ def admin_login():

# Admin password
admin_password = get_config_value('listener', 'admin_password', None)
password = request.values.get('password', None)
password_valid = secure_compare(password, admin_password)

message = session.get('message', None)
password = request.values.get('password', None)
template_args = { 'hide_page_links': False,
'message': message }

session['message'] = None

if password == admin_password and admin_password is not None:
if admin_password is not None and password_valid:
session['admin_logged'] = True
return redirect(url_for('admin'))
elif password is not None:
Expand Down
21 changes: 21 additions & 0 deletions build/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,27 @@ if command -v git > /dev/null; then
echo "GIT_HASH_FILE: $GIT_HASH_FILE"
fi

# Add file with current GIT hash to build
GIT_LONG="Not built under GIT"
GIT_HASH_FILE="NoGIT.githash"

if command -v git > /dev/null; then
GIT_LONG=$(git rev-parse HEAD)
GIT_SHORT=$(git rev-parse --short HEAD)
GIT_UNCOMMITTED=$(git status --untracked-files=no --porcelain)
echo "GIT_UNCOMMITTED: $GIT_UNCOMMITTED"
if [ "$GIT_UNCOMMITTED" ]; then
GIT_LONG="$GIT_LONG++ compiled with uncommitted changes"
GIT_SHORT="$GIT_SHORT++"
fi
GIT_HASH_FILE="git-$GIT_SHORT.githash"
echo "GIT_LONG: $GIT_LONG"
echo "GIT_SHORT: $GIT_SHORT"
echo "GIT_HASH_FILE: $GIT_HASH_FILE"
fi
# ls $AGENT_DIR/*.githash >/dev/null && rm $AGENT_DIR/*.githash
# echo $GIT_LONG > "$AGENT_DIR/$GIT_HASH_FILE"

(
echo -e "\nBuilding NCPA binaries..."
cd $AGENT_DIR
Expand Down
Loading

0 comments on commit 5f03c67

Please sign in to comment.