check
changeset 5 52faa36ba7f8
parent 4 da08b2a30e06
child 6 aafd8332d7a6
equal deleted inserted replaced
4:da08b2a30e06 5:52faa36ba7f8
     1 #! /usr/bin/perl
     1 #! /usr/bin/perl
       
     2 # source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-amanda-client
     2 
     3 
     3 use 5.010;
     4 use 5.010;
     4 use strict;
     5 use strict;
     5 use warnings;
     6 use warnings;
     6 use Getopt::Long;
     7 use Getopt::Long;
    26 
    27 
    27 sub ok;
    28 sub ok;
    28 sub warning;
    29 sub warning;
    29 sub critical;
    30 sub critical;
    30 sub unknown;
    31 sub unknown;
       
    32 sub verbose;
       
    33 sub unique { my %h; @h{@_} = (); keys %h }
    31 
    34 
    32 $SIG{__DIE__} = sub { unknown @_ unless $^S };
    35 $SIG{__DIE__} = sub { unknown @_ unless $^S };
    33 
    36 
    34 exit main @ARGV;
    37 exit main @ARGV;
    35 
    38 
       
    39 
    36 #----
    40 #----
    37 
    41 
    38 sub main {
    42 sub main {
       
    43     my $opt_verbose = 0;
    39 
    44 
    40     GetOptions(
    45     GetOptions(
    41         'h|help' => sub { pod2usage(-verbose => 1, -exit => 0) },
    46         'h|help' => sub { pod2usage(-verbose => 1, -exit => 0) },
    42         'm|man'  => sub { pod2usage(-verbose => 2, -exit => 0) },
    47         'm|man'  => sub { pod2usage(-verbose => 2, -exit => 0) },
       
    48         'v|verbose' => \$opt_verbose,
    43     ) or pod2usage;
    49     ) or pod2usage;
       
    50 
       
    51     if ($opt_verbose) { *::verbose = sub { say '# ', @_ } }
       
    52     else { *::verbose = sub { } }
       
    53 
    44 
    54 
    45     # test needs to be run as root:* or as backup:backup
    55     # test needs to be run as root:* or as backup:backup
    46     my $USER  = 'backup';
    56     my $USER  = 'backup';
    47     my $CFDIR = '/etc/amanda';
    57     my $CFDIR = '/etc/amanda';
    48 
    58 
    49     # change to backup if still root
    59     # change to backup if still root
    50     su $USER if $> == 0;
    60     su $USER if $> == 0;
    51 
    61 
    52     # amservice needs to be suid root, but executable
    62     # amservice needs to be suid root, but executable
    53     # by the backup user/group
    63     # by the backup user/group
       
    64     verbose q{checking permissions for `amservice'};
    54     eval { check_perms find_tool('amservice'), 04750, 'root', $) }
    65     eval { check_perms find_tool('amservice'), 04750, 'root', $) }
    55       or unknown $@;
    66       or unknown $@;
    56 
    67 
    57     # find the backup sets we know about
    68     # find the backup sets we know about
    58     # here we suppose that it's possible to find strings like
    69     # here we suppose that it's possible to find strings like
    59     # 'conf "foo"' in files named 'amanda-client.conf' below /etc/amanda
    70     # 'conf "foo"' in files named 'amanda-client.conf' below /etc/amanda
    60 
    71 
    61     my @confs = eval { config_names $CFDIR }
    72     verbose qq{find config names from $CFDIR};
       
    73     my @confs = sort +unique eval { config_names $CFDIR }
    62       or unknown $@;
    74       or unknown $@;
    63 
    75 
    64     eval { amchecks @confs } or critical $@;
    76     eval { amchecks @confs } or critical $@;
    65 
    77 
    66     my @dles = eval { amlists @confs } or critical $@;
    78     my @dles = eval { amlists @confs } or critical $@;
    67     ok @dles;
    79     ok 'config: ' .join(', ', @confs), @dles;
    68 
    80 
    69     # never reached
    81     # never reached
    70     return 0;
    82     return 0;
    71 }
    83 }
    72 
    84 
    92     while (my @g = getgrent) {
   104     while (my @g = getgrent) {
    93         push @groups, $g[2] if $user ~~ [split ' ', $g[3]];
   105         push @groups, $g[2] if $user ~~ [split ' ', $g[3]];
    94     }
   106     }
    95     endgrent;
   107     endgrent;
    96     $) = "@groups";
   108     $) = "@groups";
       
   109 
       
   110     verbose "su to $uid:$gid";
    97     setgid $gid;
   111     setgid $gid;
    98     setuid $uid;
   112     setuid $uid;
    99 }
   113 }
   100 
   114 
   101 sub find_tool {
   115 sub find_tool {
   247 
   261 
   248 =item B<-m>|B<--man>
   262 =item B<-m>|B<--man>
   249 
   263 
   250 Show the man page of this tool.
   264 Show the man page of this tool.
   251 
   265 
       
   266 =item B<-v>|B<--verbose>
       
   267 
       
   268 Show what's going only. Many for debugging purpose. (default: off)
       
   269 
   252 =back
   270 =back
   253 
   271 
   254 =head1 PREPARATIONS
   272 =head1 PREPARATIONS
   255 
   273 
   256 In order to make the check working, some preparations needs to be done.
   274 In order to make the check working, some preparations needs to be done.
   291 
   309 
   292 Source can be found at L<https://ssl.schlittermann.de/hg/nagios/nagios-plugin-amanda-client>
   310 Source can be found at L<https://ssl.schlittermann.de/hg/nagios/nagios-plugin-amanda-client>
   293 
   311 
   294 =cut
   312 =cut
   295 
   313 
   296 
   314 # vim:et ts=4 sw=4 aw ai: