Add a way to export labels with content matched by the probe #1284
Conversation
Produces scraping values like these:
```
probe_content{ssh_comments="FreeBSD-20240806",ssh_version="OpenSSH_9.7"} 1
```
Signed-off-by: Lapo Luchini <lapo@lapo.it>
lapo-luchini
force-pushed
the
export_match
branch
from
98d4d8f
to
3a196d0
Compare
|
I wonder if calling |
|
Hey, this opens up blackbox_exporter to export data out from the check results, and that feel like something that we should not be doing because it can be used to exfiltrate data using blackbox_exporter. I share the same concern that @SuperQ mentioned here This use-case feel like more like something that the should be solved by the software itself by exporting the version label in |
|
Those are valid concerns. On the other hand, an attacker would need local access to modify the yaml file to exfiltrate anything but what was "explicitly matched" by the template, an attacker with only network access to blackbox_exporter couldn't do much (but it could use remote targets to query server outside the expected domain, that's true). A node_exporter textfile collector would be another solution, right. I didn't know of osquery, looks interesting, thanks! I'll close this PR for now, maybe I'll write a "security-oriented" more all-around exporter from scratch. |
|
I'm not too concerned about the data exposure here. Like @lapo-luchini says, the exposure values would be up to the admin's regexp. The concern #1098 and similar are the ability to modify the behavior of the probe from the URL params. Since this proposal is entirely contained in the config file, it's safe enough. I think this is actually a reasonably good idea. |
ah I see, I think then it's a non- issue.
that's true, I was under the assumption that node_exporter is already running to monitor these nodes. which might not be the case for everyone so my assumption doesn't hold true. :) let me find some time to give it a through review :) |
It is my case too, but it does not export the running ssh version, so it would need "something else" to add that to a textfile (to the bare minimum, a shell script in cron). Anyways… that's just my use-case, returning to the feature proposal of this PR (which tries to be useful to use-cases different than mine too) I'll wait for a review and make adjustments if needed. Thanks! |
```
# HELP probe_expect_info Explicit content matched
# TYPE probe_expect_info gauge
probe_expect_info{ssh_comments="FreeBSD-20240806",ssh_version="OpenSSH_9.7"} 1
```
Signed-off-by: Lapo Luchini <lapo@lapo.it>
Signed-off-by: Lapo Luchini <lapo@lapo.it>
|
I renamed the metric as requested, and also added some documentation. |
Signed-off-by: Lapo Luchini <lapo@lapo.it>
|
Will do tests tomorrow. |
Signed-off-by: Lapo Luchini <lapo@lapo.it>
This involves an unnecessary copy, but I didn't find the proper way to avoid it. Signed-off-by: Lapo Luchini <lapo@lapo.it>
Signed-off-by: Lapo Luchini <lapo@lapo.it>
|
OK, should be good for review! |
I wanted to create an exporter to check if all my hosts had an updated
sshd(due to recent CVEs) then I resorted to using blackbock exporter by matching the "fixed" version and the timeout:but then again I'd prefer to capture the value as a label and do my checks by coloring the value in Grafana table later on or in alertmanager rules so I did this change instead.
I tried to do it in a generic way so that it can be used also for very different cases when matching part of the protocol chat is useful.
This produces scraping values like these:
BTW: I know no Go, except a advent-of-code example, these are the first Go lines that I wrote.
Feel free to close if uninteresting for the project (though I hope it isn't, to avoid the need to always compile my branch) or suggest what I should change in the PR to have it accepted. Thanks!