From 7ae9bbbdc8da38ca32bb27399cafc795531a142d Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Fri, 15 Mar 2024 16:14:29 +0100 Subject: [PATCH] Add option to override exit code if iLo requries patch --- README.md | 8 ++------ hp/ilo/firmware.go | 6 +++--- hp/ilo/firmware_test.go | 6 +++--- main.go | 3 ++- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 809b17d..357943f 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,7 @@ the drive is patched with `firmware update applied`. ## HPE Integrated Lights-Out -Multiple security vulnerabilities have been identified in Integrated Lights-Out 3 (iLO 3), -Integrated Lights-Out 4 (iLO 4), and Integrated Lights-Out 5 (iLO 5) firmware. The vulnerabilities could be remotely -exploited to execute code, cause denial of service, and expose sensitive information. HPE has released updated -firmware to mitigate these vulnerabilities. - -The check will raise a CRITICAL when the Integrated Lights-Out needs to be updated. Below you will find a list with +The check will raise a WARNING when the Integrated Lights-Out needs to be updated. Below you will find a list with the least version of each Integrated Lights-Out version: - HPE iLO 6 v1.56 or later @@ -61,6 +56,7 @@ Arguments: -P, --protocol string SNMP protocol (default "2c") --timeout int SNMP timeout in seconds (default 15) --snmpwalk-file string Read output from snmpwalk +-e, --ilo-exit-state int Exit with specified code if iLO requires patch (default 1) -I, --ignore-ilo-version Don't check the ILO version -D, --ignore-drives Don't check the drive firmware -C, --ignore-controller Don't check the controller firmware diff --git a/hp/ilo/firmware.go b/hp/ilo/firmware.go index 098000f..bcb260a 100644 --- a/hp/ilo/firmware.go +++ b/hp/ilo/firmware.go @@ -53,7 +53,7 @@ func GetIloInformation(client gosnmp.Handler) (ilo *Ilo, err error) { // GetNagiosStatus validates the iLO's data against the known models // in this plugin. -func (ilo *Ilo) GetNagiosStatus() (state int, output string) { +func (ilo *Ilo) GetNagiosStatus(returnStateforPatch int) (state int, output string) { // nolint: ineffassign state = check.Unknown @@ -78,8 +78,8 @@ func (ilo *Ilo) GetNagiosStatus() (state int, output string) { output = fmt.Sprintf("Integrated Lights-Out %s revision %s ", modelInfo.Name, ilo.RomRevision) if !isNewerVersion(modelInfo.FixedRelease, ilo.RomRevision) { - state = check.Critical - output += "- version too old, should be at least " + modelInfo.FixedRelease + state = returnStateforPatch + output += "- Patch available, should be at least " + modelInfo.FixedRelease } else { state = check.OK output += "- version newer than affected" diff --git a/hp/ilo/firmware_test.go b/hp/ilo/firmware_test.go index c239f61..36173c3 100644 --- a/hp/ilo/firmware_test.go +++ b/hp/ilo/firmware_test.go @@ -21,8 +21,8 @@ func TestIlo_GetNagiosStatus(t *testing.T) { ModelID: 9, RomRevision: "1.40", }, - expectedState: check.Critical, - expectedOutput: "too old", + expectedState: check.Warning, + expectedOutput: "Patch available", }, "newer": { ilo: Ilo{ @@ -55,7 +55,7 @@ func TestIlo_GetNagiosStatus(t *testing.T) { for name, tc := range testcases { t.Run(name, func(t *testing.T) { - state, output := tc.ilo.GetNagiosStatus() + state, output := tc.ilo.GetNagiosStatus(1) assert.Equal(t, state, tc.expectedState) assert.Contains(t, output, tc.expectedOutput) }) diff --git a/main.go b/main.go index 7bf8cf6..7d55e43 100644 --- a/main.go +++ b/main.go @@ -53,6 +53,7 @@ func main() { protocol = fs.StringP("protocol", "P", "2c", "SNMP protocol") port = fs.Uint16P("port", "p", 161, "SNMP port") file = fs.String("snmpwalk-file", "", "Read output from snmpwalk") + iloExitState = fs.IntP("ilo-exit-state", "e", 1, "Exit with specified code if iLO requires patch") ignoreIlo = fs.BoolP("ignore-ilo-version", "I", false, "Don't check the ILO version") ignoreDrives = fs.BoolP("ignore-drives", "D", false, "Don't check the drive firmware") ignoreController = fs.BoolP("ignore-controller", "C", false, "Don't check the controller firmware") @@ -122,7 +123,7 @@ func main() { check.ExitError(err) } // Retrieve the status from the iLO and add the result - overall.Add(iloData.GetNagiosStatus()) + overall.Add(iloData.GetNagiosStatus(*iloExitState)) } // Load controller data