For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

SFTP file existence monitor

Problem this snippet solves:

SFTP file existence monitor

How to use this snippet:

This monitor definition allows for a monitor to connect to a SFTP server and check for the existence of a file using username/password.

Written for a specific implementation where they wouldn't use key pairs, plus it turns out that curl on F5's was compiled with sftp support disabled, so I had to use expect instead.

It's based off of the default sample_monitor.

Create a monitor definition with 3 variables:

$monitor_sftp_USER = Username of SFTP server
$monitor_sftp_PASS = Password for $monitor_sftp_USER
$monitor_sftp_STRING` = String/Filename to search for

I have also written a modified version whereby you can encrypt the password manually using the unit master-key and add that as the password variable, which I can post if wanted.

Code :

#!/bin/sh

#
# (c) Copyright 1996-2006, 2010-2013 F5 Networks, Inc.
#
# This software is confidential and may contain trade secrets that are the
# property of F5 Networks, Inc.  No part of the software may be disclosed
# to other parties without the express written consent of F5 Networks, Inc.
# It is against the law to copy the software.  No part of the software may
# be reproduced, transmitted, or distributed in any form or by any means,
# electronic or mechanical, including photocopying, recording, or information
# storage and retrieval systems, for any purpose without the express written
# permission of F5 Networks, Inc.  Our services are only available for legal
# users of the program, for instance in the event that we extend our services
# by offering the updating of files via the Internet.
#
# @(#) $Id: //depot/maint/bigip12.1.1/tm_daemon/monitors/sample_monitor#1 $
#


#
# these arguments supplied automatically for all external pingers:
# $1 = IP (::ffff:nnn.nnn.nnn.nnn notation or hostname)
# $2 = port (decimal, host byte order)
#
# The following must all be set as variables in the monitor definition
# $monitor_sftp_USER = Username of SFTP server
# $monitor_sftp_PASS = Password for $monitor_sftp_USER
# $monitor_sftp_STRING` = String/Filename to search for
#
# $MONITOR_NAME = name of the monitor
#
# In this sample script, $3 is the regular expression
#

# Name of the pidfile
pidfile="/var/run/$MONITOR_NAME.$1..$2.pid"

# Send signal to the process group to kill our former self and any children
# as external monitors are run with SIGHUP blocked
if [ -f $pidfile ]
then
   kill -9 -`cat $pidfile` > /dev/null 2>&1
fi

echo "$$" > $pidfile

# Remove the IPv6/IPv4 compatibility prefix
node_ip=`echo $1 | sed 's/::ffff://'`

# Using expect and sftp to get directory listing from the server.
# Search the data received for the expected string.
expect -c "
spawn sftp -oStrictHostKeyChecking=no -oPort=$2 $monitor_sftp_USER@$node_ip;
expect \"password:\";
send $monitor_sftp_PASS\r;
expect \"sftp>\";
send \"ls -l\r\";
expect \"sftp>\";
send \"exit\r\" " | grep $monitor_sftp_STRING > /dev/null 

status=$?
if [ $status -eq 0 ]
then
# Remove the pidfile before the script echoes anything to stdout and is killed by bigd
    rm -f $pidfile
    echo "up"
fi

# Remove the pidfile before the script ends
rm -f $pidfile

Tested this on version:

12.1
Updated Jun 06, 2023
Version 2.0
application delivery
external monitor
LTM
sftp

1 Comment

  • Keiron_Shepherd's avatar
    Keiron_Shepherd
    Icon for Employee rankEmployee
    Feb 21, 2024

    Hi 

    Could you share the  version where you can encrypt the password and add that as the password variable? Thanks