/[nagios-plugins-perl]/trunk/plugins/check_crl.pl
ViewVC logotype

Contents of /trunk/plugins/check_crl.pl

Parent Directory Parent Directory | Revision Log Revision Log


Revision 162 - (show annotations) (download)
Fri Nov 13 10:57:46 2015 UTC (5 years ago) by racvision
File MIME type: text/plain
File size: 7419 byte(s)
Cosmetic
1 #!/usr/bin/perl -w
2 #
3 # (c) 2005 Stéphane Urbanovski <stephane.urbanovski@ac-nancy-metz.fr>
4 #
5 # This program is free software; you can redistribute it and/or
6 # modify it under the terms of the GNU General Public License
7 # as published by the Free Software Foundation; either version 2
8 # of the License, or (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty
12 # of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # you should have received a copy of the GNU General Public License
16 # along with this program (or with Netsaint); if not, write to the
17 # Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 # Boston, MA 02111-1307, USA
19 #
20 #
21 # $Id: $
22
23 use strict; # should never be differently :-)
24 use warnings;
25
26 use POSIX qw(setlocale floor );
27 use Locale::gettext;
28 use File::Basename; # get basename()
29 use Time::HiRes qw(time); # get microtime
30
31 use Nagios::Plugin;
32
33 use LWP::UserAgent; # http client
34 use HTTP::Request; # used by LWP::UserAgent
35 use HTTP::Status; # to get http err msg
36 use URI;
37
38 use Net::LDAP;
39
40 use Crypt::X509::CRL;
41
42
43 # use Data::Dumper;
44
45
46 # use HTTP::Date;
47
48 # i18n :
49 setlocale(LC_MESSAGES, '');
50 textdomain('nagios-plugins-perl');
51
52
53 '$Revision: 1.0 $' =~ /^.*(\d+.\d+) \$$/; # Use The Revision from RCS/CVS/SVN
54 my $VERSION = $1;
55
56 # Default values :
57 my $TIMEOUT = 30;
58 my $DEBUG = 0;
59
60 # http timing threshold
61 my $warn_t = 10;
62 my $crit_t = 20;
63
64
65 my $np = Nagios::Plugin->new(
66 version => $VERSION,
67 blurb => _gt('Plugin to check a remote SSL CRL'),
68 usage => "Usage: %s -u <url> [-t <timeout>] [ -c|--critical=<threshold> ] [ -w|--warning=<threshold> ]",
69 timeout => $TIMEOUT+1
70 );
71
72 # Parse command line arguments :
73
74 $np->add_arg (
75 spec => 'debug|d',
76 help => _gt('Debug level'),
77 default => 0,
78 required => 0,
79 );
80 $np->add_arg (
81 spec => 'warning|w=i',
82 help => _gt('Warning request time threshold (in seconds)'),
83 required => 0,
84 );
85 $np->add_arg (
86 spec => 'critical|c=i',
87 help => _gt('Critical request time threshold (in seconds)'),
88 default => 5*60,
89 required => 0,
90 );
91
92 $np->add_arg (
93 spec => 'url|u=s',
94 help => _gt('URL of the CRL.'),
95 required => 1,
96 );
97
98 $np->getopts;
99
100 $DEBUG = $np->opts->get('debug');
101
102 # Thresholds :
103 my $opt_w = $np->opts->get('warning');
104 my $opt_c = $np->opts->get('critical');
105
106
107 my $url = $np->opts->get('url');
108 my $uri = new URI->new($url);
109
110 if (! defined($opt_w) ) {
111 $opt_w = $opt_c;
112 }
113
114 if ( ! defined ($url) || $url !~ /(http|ftp|ldap)\:\/\// ) {
115 $np->nagios_die( _gt("Missing url (-u) !") );
116 }
117
118 my $status = UNKNOWN;
119 my $message = 'msg';
120 my $crl = undef;
121 my $timer = undef;
122
123 if ($uri->scheme eq 'http' || $uri->scheme eq 'ftp' ) {
124
125 # Create a LWP user agent object:
126 my $ua = new LWP::UserAgent(
127 'env_proxy' => 0,
128 'timeout' => $TIMEOUT,
129 );
130 $ua->agent(basename($0));
131
132
133 if ( defined($ENV{'http_proxy'}) ) {
134 # Normal http proxy :
135 $ua->proxy(['http'], $ENV{'http_proxy'});
136 # Https must use Crypt::SSLeay https proxy (to use CONNECT method instead of GET)
137 $ENV{'HTTPS_PROXY'} = $ENV{'http_proxy'};
138 }
139
140 # Build and submit an http request :
141 my $request = HTTP::Request->new('GET', $url);
142 $timer = time();
143 my $http_response = $ua->request( $request );
144 $timer = time()-$timer;
145
146
147
148 my $status = $np->check_threshold(
149 'check' => $timer,
150 'warning' => $warn_t,
151 'critical' => $crit_t,
152 );
153
154 $np->add_perfdata(
155 'label' => 't',
156 'value' => sprintf('%.6f',$timer),
157 'min' => 0,
158 'uom' => 's',
159 'threshold' => $np->threshold()
160 );
161
162
163 if ( $http_response->is_error() ) {
164 my $err = $http_response->code." ".status_message($http_response->code)." (".$http_response->message.")";
165 $np->nagios_die( _gt("HTTP error: ").$err );
166
167 } elsif ( ! $http_response->is_success() ) {
168 my $err = $http_response->code." ".status_message($http_response->code)." (".$http_response->message.")";
169 $np->nagios_die( _gt("Internal error: ").$err );
170 }
171
172 # Get crl content ...
173 $crl = $http_response->content;
174
175 } elsif ($uri->scheme eq 'ldap') {
176 my $host = $uri->host;
177 my $port = $uri->port;
178 my ($user, $password);
179 if (defined($uri->userinfo) ) {
180 ($user, $password) = split(":", $uri->userinfo, 2);
181 }
182
183 $timer = time();
184 my $ldap = new Net::LDAP( $host, 'port' => $port, 'timeout' => $TIMEOUT);
185
186 if (!$ldap) {
187 $np->nagios_die( _gt("LDAP connect error: ").$@ );
188 }
189
190 my $mesg;
191 if (defined($user) && defined($password) ) {
192 $mesg = $ldap->bind($user, password => $password);
193 } else {
194 $mesg = $ldap->bind ; # an anonymous bind
195 }
196 $timer = time()-$timer;
197
198 if ($mesg->code) {
199 $np->nagios_die( _gt("LDAP bind error: ").$mesg->error );
200 }
201
202 my $dn = $uri->dn;
203 my @attrs = $uri->attributes;
204 my $scope = $uri->scope || 'base';
205 my $filter = $uri->filter;
206
207 my @opts = ('scope' => $scope);
208
209 if ( $dn ) {
210 push (@opts, 'base' => $dn );
211 logD('base='.$dn);
212 }
213 if ( $filter ) {
214 push (@opts, 'filter' => $filter );
215 logD('filter='.$filter);
216 }
217
218 logD('scope='.$scope);
219
220
221 # on test qu'il n'y a qu'un seul attribut demande pour recupere la crl
222 if ( $#attrs != 0 ) {
223 $np->nagios_die( _gt("No attribut returned !") );
224 }
225 push (@opts, 'attrs' => \@attrs) if @attrs;
226
227 $mesg = $ldap->search(@opts);
228
229 if ( $DEBUG ) {
230 foreach my $entry ($mesg->entries) { $entry->dump; }
231 }
232 logD('count='.$mesg->count);
233
234 if ( $mesg->count == 0 ) {
235 $np->nagios_die( _gt("No CRL returned !") );
236 }
237 $crl = ($mesg->entries)[0]->get_value($attrs[0]);
238
239 if ( ! defined($crl) ) {
240 $np->nagios_die( _gt("No CRL defined !") );
241 }
242 } else {
243 $np->nagios_die( _gt("Invalid url (-u) !") );
244 }
245
246
247 if ($DEBUG) {
248 print "------------------===output===------------------\n$crl\n-----------------------------------------------------\n";
249 };
250
251 ($status, $message) = $np->check_messages();
252
253
254
255 my $decoded = Crypt::X509::CRL->new( crl => $crl );
256 if ( $decoded->error ) {
257 $np->nagios_exit(CRITICAL, _gt("Error on parsing CRL !"));
258 }
259
260 # print Dumper($decoded);
261
262 my $rls = $decoded->revocation_list;
263 my $rlsCount = keys( %{$rls});
264
265 my $issuer = $decoded->issuer_cn;
266 my $num = $decoded->crl_number;
267
268 logD('next_update='.localtime($decoded->next_update));
269 logD('this_update='.localtime($decoded->this_update));
270 logD('issuer='.$issuer);
271 logD('crl_number='.$num);
272 logD('count='.$rlsCount);
273
274
275 $np->add_perfdata(
276 'label' => 'count',
277 'value' => $rlsCount,
278 'min' => 0,
279 );
280
281 my $nexttime = $decoded->next_update - time();
282
283 if ( $nexttime < $opt_c ) {
284 $status = CRITICAL;
285 } elsif ($nexttime < $opt_w ) {
286 $status = WARNING;
287 } else {
288 $status = OK;
289 }
290
291 my $showtime = '' ;
292 my ($h,$m,$s) = (0,0,abs($nexttime)) ;
293 $m = floor($s/60);
294 $s = $s - 60*$m;
295 $h = floor($m/60);
296 $m = $m - 60*$h;
297
298 if ( $h > 0 ) {
299 $showtime .= "$h h $m mn";
300 } else {
301 $showtime .= sprintf ("%d mn %.1f s", $m, $s);
302 }
303
304 if ($nexttime < 0) {
305 $np->add_message($status, sprintf(_gt("CRL n°%i for '%s' is outdated since %s !"),$num,$issuer,$showtime) );
306
307 } else {
308 $np->add_message($status, sprintf(_gt("CRL n°%i for '%s' is up to date for %s."),$num,$issuer,$showtime) );
309
310 }
311
312
313 ($status, $message) = $np->check_messages('join' => '<br/>');
314 $np->nagios_exit($status, $message );
315
316
317 sub logD {
318 print STDERR 'DEBUG: '.$_[0]."\n" if ($DEBUG);
319 }
320 sub logW {
321 print STDERR 'WARNING: '.$_[0]."\n" if ($DEBUG);
322 }
323 # Gettext wrapper
324 sub _gt {
325 return gettext($_[0]);
326 }

Properties

Name Value
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.8