check_dbversion_sybase


Note: This plugin just got a simple test. Please consider feedback to improve it. Thank You!

This plugin tests the database software version through querying a specific Sybase ASE database. It can either simply return the version string (discovery mode), or compare it against a blacklist/whitelist version file to determine software version compliance (compliance mode). Since it executes a real database login, it can also be used to determine database up|down.

It requires the database to be set up for accepting network connections and being reachable through that network port from Nagios. The plugin uses the free jTDS JDBC driver, this driver must be installed and found through the Java classpath on the server executing this plugin. (JDBC installation example)

Usage:

java -classpath <path to check_dbversion_sybase.class> check_dbversion_sybase <db-ip> <db-port> <db-instance> <db-user> <db-pwd> [-d]

java -classpath <path to check_dbversion_sybase.class> check_tablespace_sybase <db-ip> <db-port> <db-instance> <db-user> <db-pwd> -f configfile

Options:

<db-ip>
      The IP address of the database server

<db-port>
      The database network port, Sybase typically uses tcp port 5000, or 7100

<db-instance>
      The database instance name

<db-user>
      The database user required for database login

<db-pwd>
      The password of the database user. It can be enclosed in double-quotes to to accept special characters such as ;

-d
      Enable debugging output (optional)

-f configfile
      Compare the returned software version string against a blacklist/whitelist file (optional)

Configuration File Format:

The blacklist/whitelist file for comparing database versions against consists of database version lines separated into 4 columns. The column separator character is defined as '|'. The file can contain comment lines, identified through the first line character '#'.

Column 1 contains one of the following strings 'approved', 'obsolete', 'med-vuln' or 'cri-vuln'. Versions marked 'approved' will return 'OK' (green) in Nagios. The marker 'approved' is meant for versions that are confirmed to be recent, without known vulnerabilities (yet) or otherwise desired by IT networks/management, i.e. for standardization. Versions marked 'obsolete' will return 'WARNING' (yellow). This is is meant for versions that are EOL, but not confirmed vulnerable yet. It is highly undesired to run these versions. Versions marked 'med-vuln' will return 'WARNING' (yellow). This is is meant for versions that are confirmed to have vulnerabilities who are either currently not applicable, or rated low to medium with compensations in place. We desire to upgrade these versions in a planned fashion. Versions marked 'crit-vuln' will return 'CRITICAL' (red). This is is meant for versions that are confirmed to be vulnerable with a high risk of immediate impact data loss or database access is compromised. These versions should be upgraded as soon as possible. Versions that are neither 'approved', 'obsolete' or 'vulnerable' will return 'UNKNOWN' (orange) in Nagios. This is meant as a note to check if this version is OK to run, so it can be categorized.

Column 2 contains the DB vendor string, supported strings are 'sybase', 'db2', 'mssql', 'mysql' and 'oracle'.

Column 3 contains the DB Version string as returned by the plugin. This string must match exactly the plugins returned value. If unsure, run the plugin in discovery mode, i.e. without the -f option. Right now, there is no way to use a wildcard, i.e. to mark all versions 15.5.* as critical, all version variants must have a separate entry.

Column 4 contains a remarks string, i.e. reason for marked 'obsolete'. This column may be left empty, but it is a good idea to use it for information about this particular version, i.e. list vulnerabilities or the vendors end-of-life date.

Configuration File Example:

######################################################################
# Below are the 'approved' versions we explicitly endorse for usage: #
######################################################################
approved|sybase|Adaptive Server Enterprise v15.7 ase157sp101, 3439|Latest Version 15.7 SP1, 6 Jun 2013
approved|mssql|Microsoft SQL Server v9.00.4285.00 SP2|Latest Release 9.00.3175 SP3 + Update 8, February 16th 2010
approved|mysql|MySQL v5.0.67|Novell SLES11 software repository version of MySQL
approved|mysql|MySQL v5.0.26|Novell SLES10 SP3 software repository version of MySQL
approved|db2|DB2 v9.7.0.1 build s091114|Latest Version 9.7 Fixpack 1, Release Date 24 Nov 2009
approved|db2|DB2 v9.7.100.177 build s091114|Latest Windows 64bit Version 9.7 Fixpack 1, Release Date 24 Nov 2009
######################################################################
# Below are the 'obsolete' versions we explicitly disapprove of:     #
######################################################################
obsolete|mssql|Microsoft SQL Server v8.00.2055 SP4|SQL 2000 SP4 mainstream support end 4/8/2008, http://blogs.msdn.com/b/sqlreleaseservices/archive/2008/02/15/end-of-mainstream-support-for-sql-server-2005-sp1-and-sql-server-2000-sp4.aspx
######################################################################
# Below are the 'med-vuln' versions with low to medium criticality   #
######################################################################
med-vuln|db2|DB2 v9.7.0.441 build s090521|Needs 9.7.100.177 (FP-1) Build Level s091114, Release Date 24 Nov 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412182
med-vuln|db2|DB2 v9.5.400.576 build s090429|Needs 9.5.0.5 (FP-5) Build level s091123, Release Date 14 Dec 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412902
med-vuln|db2|DB2 v9.5.0.3 build s081210|Needs 9.5.0.5 (FP-5) Build level s091123, Release Date 14 Dec 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412902
med-vuln|db2|DB2 v9.7.0.0 build s090521|Needs 9.7.0.1 (FP-1) Build Level s091114, Release Date 24 Nov 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412182
med-vuln|sybase|Microsoft SQL Server v9.00.4053.00 SP3|Dec 15,2008 release, missing later patches, http://sqlserverbuilds.blogspot.com/
med-vuln|sybase|Microsoft SQL Server v9.00.3077.00 SP2| SP2 + GDR Hotfix for MS09-004, February 10th 2009, http://sqlserverbuilds.blogspot.com/
med-vuln|sybase|Microsoft SQL Server v9.00.3054.00 SP2|Re-released SP2 + GDR2 Hotfix, April 2008, http://sqlserverbuilds.blogspot.com/
med-vuln|oracle|Oracle v10.2.0.1.0|Vulnerable, latest patch release is v10.2.0.5.0, see http://www.oracle.com/technology/deploy/security/alerts.htm
med-vuln|oracle|Oracle v10.2.0.3.0|Vulnerable, latest patch release is v10.2.0.5.0, see http://www.oracle.com/technology/deploy/security/alerts.htm
######################################################################
# Below are the 'crit-vuln' versions confirmed for high criticality  #
######################################################################

Plugin Usage Example:

The plugin in 'discovery' mode, returns OK if the software version string could be fetched.

susie: ~ # java -classpath /srv/app/nagios/libexec/ check_dbversion_sybase 192.168.1.127
 5000 master sa "p@ssw0rd"  
Version OK: Adaptive Server Enterprise v15.7 ase157sp101, 3439|

The plugin in 'compliance' mode, returns the status depending on the version string definition set in the supplied config file.

susie: ~ # java -classpath /srv/app/nagios/libexec/ check_dbversion_sybase 192.168.1.127
 5000 master sa "p@ssw0rd" -f /srv/app/nagios/libexec/check_dbversion.cfg 
Version OK: Adaptive Server Enterprise v15.7 ase157sp101, 3439|Latest Version 15.7 SP1, 6 Jun 2013

Notes:

The plugin queries Sybase with the "SELECT @@version"command. The Sybase database responds with a version string containing 11 fields, separated by a forward-slash. A string example is below.

Adaptive Server Enterprise/15.7/EBF 21338 SMP SP101 /P/NT (IX86)/Windows 2008 
R2/ase157sp101/3439/32-bit/OPT/Thu Jun 06 12:02:54 2013

The plugin's .java source code file needs to be compiled into Java bytecode before it can be used, i.e. by calling:
javac check_dbversion_sybase.java.

Download:

check_dbversion_sybase.java (8376 Bytes)

Topics:

More Information: