Default check UDP failed with unknown service
Closed this issue · 2 comments
Hello,
When default check UDP farmguard is used it decides that backend server status is down even when requested UDP port is up. Command "nmap -sU -p PORT HOST | grep open" does not check return values but expect some exact string values. When nmap returns also service "filtered unknown" status is set as DOWN.
Test environment:
Debian 10 (kernel 4.19.98-1)
Zevenet 5.10.1 Community Edition
nmap 7.70+dfsg1-6
LOGS:
farmguardian[17331]: (INFO) Farm wg-dov-farm - timetocheck 15 - command nmap -sU -p PORT HOST | grep open
farmguardian[17331]: (INFO) Farm wg-dov-farm - server[0] 1.2.3.4:51430 - status fgDOWN - timedout 0 - errorcode 256
farmguardian[17331]: (INFO) Farm wg-dov-farm - server[1] 1.2.3.5:51430 - status fgDOWN - timedout 0 - errorcode 256
TEST:
# nmap -sU -p 51430 1.2.3.4 | grep open
51430/udp open|filtered unknown
# echo $?
0
# nmap -sU -p 51430 1.2.3.4
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-14 14:59 UTC
Nmap scan report for host.example.com (1.2.3.4)
Host is up (0.0018s latency).
PORT STATE SERVICE
51430/udp open|filtered unknown
CUSTOM FIX:
Updated command:
nmap -sU -p PORT HOST | cut -d"|" -f1 | grep open
With this command returns 51430/udp open
and status is set to UP.
Please update decision mechanism from default check UDP output to include also unknown services.
Thank you.
With kind regards,
Jan Gardian
After some investigation farmguard checks are comming from /usr/lib/nagios/plugins
and nmap used in default check_udp is different than system nmap.
I had to create custom command in /usr/lib/nagios/plugins
check_udpcustom
and specify check_udpcustom PORT HOST
in farmguardians.
#!/bin/bash
if (nmap -sU -p $1 $2 | cut -d"|" -f1 | grep open) ; then
exit 0
else
exit 1
fi
Glad to know you used farmguardian with your own script.
we will check check_udp in order to add your proposed changes.
Have a nice day