###################################################################### # check_dbversion.cfg is the configuration file for the database # # version check plugin check_dbversion_ios. It is best placed into # # /libexec or etc/objects. This file white- and blacklists # # version strings returned by a DB query. # # # # This file needs to be readable for nagios, i.e. the nagios user. # # # # File format: # # approval category|DB-type|DB-Version|remarks # # Comment lines must start with the character '#' at the beginning. # # # # Column 1: string 'approved', 'obsolete', 'med-vuln' or 'cri-vuln' # # # # Versions marked 'approved' will return 'OK' (green) in Nagios. # # 'approved' is meant for versions that are confirmed to be recent, # # without known vulnerabilities (yet) or otherwise desired by IT # # networks/management, i.e. for standardization. # # # # Versions marked 'obsolete' will return 'WARNING' (yellow). This is # # is meant for versions that are EOL, but not confirmed vulnerable # # yet. It is highly undesired to run these versions. # # # # Versions marked 'med-vuln' will return 'WARNING' (yellow). This is # # is meant for versions that are confirmed to have vulnerabilities # # who are either currently not applicable, or rated low to medium # # with compensations in place. We desire to upgrade these Versions # # in a planned fashion. # # # # Versions marked 'crit-vuln' will return 'CRITICAL' (red). This is # # is meant for versions that are confirmed to be vulnerable with a # # high risk off immediate impact such as device down or compromised. # # These versions should be upgraded as soon as possible. # # # # Versions that are neither 'approved', 'obsolete' or 'vulnerable' # # will return 'UNKNOWN' (orange) in Nagios. This is meant as a note # # to check if this version is OK to run, so it can be categorized. # # # # Column 2: DB type string, supported are these types below: # # 'db2' IBM's DB2 databases (v9x and above) # # 'mssql' Microsoft's MS-SQL server databases (2005 and above) # # 'mysql' MySQL databases (v5xx) # # 'oracle' Oracle databases (10g and above) # # 'sybase' Sybase ASE databases (v15xx and above) # # # # Column 3: DB Version string, must match the plugins returned value # # If unsure, run the plugin in discovery mode, i.e. without the -f # # option. # # Right now, there is no way to use a wildcard, i.e. to mark all # # versions 9.5.0.* as critical, all version variants must have a # # separate entry. # # # # Column 4: remarks string, i.e. reason for marked 'obsolete' # # This column may be left empty. # # # # Examples: # # approved|db2|DB2 v9.5.0.5 build s091123|Latest Version 9.5 FP 5 # # med-vuln|oracle|Oracle v10.2.0.3.0|Vulnerable, last is 10.2.0.5.0 # # # ###################################################################### # Below are the 'approved' versions we explicitly endorse for usage: # ###################################################################### approved|db2|DB2 v9.5.0.5 build s091123|Latest Version 9.5 Fixpack 5, Release Date 14 Dec 2009 approved|mssql|Microsoft SQL Server v9.00.4285.00 SP2|Latest Release 9.00.3175 SP3 + Update 8, February 16th 2010 approved|mysql|MySQL v5.0.67|Novell SLES11 software repository version of MySQL approved|mysql|MySQL v5.0.26|Novell SLES10 SP3 software repository version of MySQL approved|db2|DB2 v9.7.0.1 build s091114|Latest Version 9.7 Fixpack 1, Release Date 24 Nov 2009 approved|db2|DB2 v9.7.100.177 build s091114|Latest Windows 64bit Version 9.7 Fixpack 1, Release Date 24 Nov 2009 ###################################################################### # Below are the 'obsolete' versions we explicitly disapprove of: # ###################################################################### ###################################################################### # Below are the 'med-vuln' versions with low to medium criticality # ###################################################################### med-vuln|db2|DB2 v9.7.0.441 build s090521|Needs 9.7.100.177 (FP-1) Build Level s091114, Release Date 24 Nov 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412182 med-vuln|db2|DB2 v9.5.400.576 build s090429|Needs 9.5.0.5 (FP-5) Build level s091123, Release Date 14 Dec 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412902 med-vuln|db2|DB2 v9.5.0.3 build s081210|Needs 9.5.0.5 (FP-5) Build level s091123, Release Date 14 Dec 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412902 med-vuln|db2|DB2 v9.7.0.0 build s090521|Needs 9.7.0.1 (FP-1) Build Level s091114, Release Date 24 Nov 2009, vulnerabilities listed here: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21412182 med-vuln|mssql|Microsoft SQL Server v9.00.3077.00 SP2| SP2 + GDR Hotfix for MS09-004, February 10th 2009, http://sqlserverbuilds.blogspot.com/ med-vuln|mssql|Microsoft SQL Server v9.00.3054.00 SP2|Re-released SP2 + GDR2 Hotfix, April 2008, http://sqlserverbuilds.blogspot.com/ med-vuln|oracle|Oracle v10.2.0.1.0|Vulnerable, latest patch release is v10.2.0.5.0, see http://www.oracle.com/technology/deploy/security/alerts.htm med-vuln|oracle|Oracle v10.2.0.3.0|Vulnerable, latest patch release is v10.2.0.5.0, see http://www.oracle.com/technology/deploy/security/alerts.htm ###################################################################### # Below are the 'crit-vuln' versions confirmed for high criticality # ###################################################################### ###################################################################### # End of check_dbversion.cfg # ######################################################################