extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2024-11-22 07:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed possible injection of traps in trap receiver

Browse Source
This commit is contained in:
Alexey Pustovalov 2024-10-02 00:35:21 +09:00
parent e316e552ac
commit 0015128e15
5 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Dockerfiles/snmptraps/alpine/conf/usr/sbin/zabbix_trap_handler.sh
View File

@ -44,4 +44,19 @@ done
[[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host [[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host
# Header in Zabbix format shouldn't exist anywhere in vars, it is injection
# Must exit with 0
date_regex=$(echo "$ZBX_SNMP_TRAP_DATE_FORMAT" | sed -e 's/^+//g' \
-e 's/%Y/[0-9]\{4\}/g' \
-e 's/%m/[0-9]\{2\}/g' \
-e 's/%d/[0-9]\{2\}/g' \
-e 's/%T/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}/g' \
-e 's/%z/[\+\-][0-9]\{4\}/g' \
-e 's/%H/[0-9]\{2\}/g' \
-e 's/%M/[0-9]\{2\}/g' \
-e 's/%S/[0-9]\{2\}/g')
zbx_trap_regex="$date_regex ZBXTRAP"
echo "$vars" | grep -qE "$zbx_trap_regex" && exit 0
echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE

15
Dockerfiles/snmptraps/centos/conf/usr/sbin/zabbix_trap_handler.sh
View File

@ -44,4 +44,19 @@ done
[[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host [[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host
# Header in Zabbix format shouldn't exist anywhere in vars, it is injection
# Must exit with 0
date_regex=$(echo "$ZBX_SNMP_TRAP_DATE_FORMAT" | sed -e 's/^+//g' \
-e 's/%Y/[0-9]\{4\}/g' \
-e 's/%m/[0-9]\{2\}/g' \
-e 's/%d/[0-9]\{2\}/g' \
-e 's/%T/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}/g' \
-e 's/%z/[\+\-][0-9]\{4\}/g' \
-e 's/%H/[0-9]\{2\}/g' \
-e 's/%M/[0-9]\{2\}/g' \
-e 's/%S/[0-9]\{2\}/g')
zbx_trap_regex="$date_regex ZBXTRAP"
echo "$vars" | grep -qE "$zbx_trap_regex" && exit 0
echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE

15
Dockerfiles/snmptraps/ol/conf/usr/sbin/zabbix_trap_handler.sh
View File

@ -44,4 +44,19 @@ done
[[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host [[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host
# Header in Zabbix format shouldn't exist anywhere in vars, it is injection
# Must exit with 0
date_regex=$(echo "$ZBX_SNMP_TRAP_DATE_FORMAT" | sed -e 's/^+//g' \
-e 's/%Y/[0-9]\{4\}/g' \
-e 's/%m/[0-9]\{2\}/g' \
-e 's/%d/[0-9]\{2\}/g' \
-e 's/%T/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}/g' \
-e 's/%z/[\+\-][0-9]\{4\}/g' \
-e 's/%H/[0-9]\{2\}/g' \
-e 's/%M/[0-9]\{2\}/g' \
-e 's/%S/[0-9]\{2\}/g')
zbx_trap_regex="$date_regex ZBXTRAP"
echo "$vars" | grep -qE "$zbx_trap_regex" && exit 0
echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE

15
Dockerfiles/snmptraps/rhel/conf/usr/sbin/zabbix_trap_handler.sh
View File

@ -44,4 +44,19 @@ done
[[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host [[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host
# Header in Zabbix format shouldn't exist anywhere in vars, it is injection
# Must exit with 0
date_regex=$(echo "$ZBX_SNMP_TRAP_DATE_FORMAT" | sed -e 's/^+//g' \
-e 's/%Y/[0-9]\{4\}/g' \
-e 's/%m/[0-9]\{2\}/g' \
-e 's/%d/[0-9]\{2\}/g' \
-e 's/%T/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}/g' \
-e 's/%z/[\+\-][0-9]\{4\}/g' \
-e 's/%H/[0-9]\{2\}/g' \
-e 's/%M/[0-9]\{2\}/g' \
-e 's/%S/[0-9]\{2\}/g')
zbx_trap_regex="$date_regex ZBXTRAP"
echo "$vars" | grep -qE "$zbx_trap_regex" && exit 0
echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE

15
Dockerfiles/snmptraps/ubuntu/conf/usr/sbin/zabbix_trap_handler.sh
View File

@ -44,4 +44,19 @@ done
[[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host [[ "$ZBX_SNMP_TRAP_USE_DNS" == "true" ]] && ! [[ ${host} =~ \[(.*?)\].*\-\> ]] && sender_addr=$host
# Header in Zabbix format shouldn't exist anywhere in vars, it is injection
# Must exit with 0
date_regex=$(echo "$ZBX_SNMP_TRAP_DATE_FORMAT" | sed -e 's/^+//g' \
-e 's/%Y/[0-9]\{4\}/g' \
-e 's/%m/[0-9]\{2\}/g' \
-e 's/%d/[0-9]\{2\}/g' \
-e 's/%T/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}/g' \
-e 's/%z/[\+\-][0-9]\{4\}/g' \
-e 's/%H/[0-9]\{2\}/g' \
-e 's/%M/[0-9]\{2\}/g' \
-e 's/%S/[0-9]\{2\}/g')
zbx_trap_regex="$date_regex ZBXTRAP"
echo "$vars" | grep -qE "$zbx_trap_regex" && exit 0
echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$sender$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE