|
1 #!/usr/bin/perl -w |
|
2 |
|
3 use strict; |
|
4 use File::Basename; |
|
5 use Getopt::Long; |
|
6 use LWP::Simple; |
|
7 use HTTP::Status; |
|
8 use GnuPG qw( :algo ); |
|
9 |
|
10 use lib "/usr/lib/nagios/plugins"; |
|
11 use utils qw (%ERRORS &print_revision &support); |
|
12 |
|
13 my $ME = basename $0; |
|
14 my $VERSION = "0.1"; |
|
15 my $USAGE = <<EOF; |
|
16 Usage: $ME -f <url> -s <url> |
|
17 $ME [ -h | --help ] |
|
18 $ME [ -V | --version ] |
|
19 EOF |
|
20 |
|
21 sub print_help(); |
|
22 sub print_usage(); |
|
23 |
|
24 sub download(); |
|
25 sub verify($$); |
|
26 sub cleanup($$); |
|
27 sub execute($); |
|
28 |
|
29 my $opt_dl_file = ""; |
|
30 my $opt_dl_signature_file = ""; |
|
31 |
|
32 my $dlpath = "/var/tmp/nagios"; |
|
33 my ($file, $signature); |
|
34 |
|
35 MAIN: { |
|
36 Getopt::Long::Configure('bundling'); |
|
37 GetOptions( |
|
38 "f|file=s" => \$opt_dl_file, |
|
39 "s|signature=s" => \$opt_dl_signature_file, |
|
40 "h|help" => sub { print_help(); exit $ERRORS{OK}; }, |
|
41 "V|version" => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; } |
|
42 ); |
|
43 |
|
44 unless ($opt_dl_file) { |
|
45 print $USAGE; |
|
46 exit $ERRORS{"CRITICAL"}; |
|
47 } |
|
48 |
|
49 unless ($opt_dl_signature_file) { |
|
50 print $USAGE; |
|
51 exit $ERRORS{"CRITICAL"}; |
|
52 } |
|
53 |
|
54 download(); |
|
55 } |
|
56 |
|
57 sub execute($) { |
|
58 my $file = shift; |
|
59 chmod 0755, $file or print print "GENERIC WARNING: can't chmod $file\n"; |
|
60 my @cmd = ("$file"); |
|
61 |
|
62 open(OUTPUT, "-|") or do { |
|
63 open(STDERR, ">&STDOUT"); |
|
64 system(@cmd); |
|
65 }; |
|
66 |
|
67 my $result = <OUTPUT>; |
|
68 |
|
69 close(OUTPUT); |
|
70 |
|
71 if ($? == -1) { |
|
72 print "GENERIC CRITICAL: failed to execute: $!\n"; |
|
73 cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; |
|
74 } |
|
75 elsif ($? & 127) { |
|
76 printf "GENERIC CRITICAL: child died with signal %d, %s coredump\n", |
|
77 ($? & 127), ($? & 128) ? 'with' : 'without'; |
|
78 cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; |
|
79 } |
|
80 else { |
|
81 my $rc = $? >> 8; |
|
82 if ($rc == $ERRORS{"OK"}) { |
|
83 print "GENERIC OK: $result"; |
|
84 cleanup($file, $signature), exit $ERRORS{"OK"}; |
|
85 } |
|
86 elsif ($rc == $ERRORS{"WARNING"}) { |
|
87 print "GENERIC WARNING: $result"; |
|
88 cleanup($file, $signature), exit $ERRORS{"WARNING"}; |
|
89 } |
|
90 elsif ($rc == $ERRORS{"CRITICAL"}) { |
|
91 print "GENERIC CRITICAL: $result"; |
|
92 cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; |
|
93 } |
|
94 elsif ($rc == $ERRORS{"UNKNOWN"}) { |
|
95 print "GENERIC UNKNOWN: $result"; |
|
96 cleanup($file, $signature), exit $ERRORS{"UNKNOWN"}; |
|
97 } |
|
98 elsif ($rc == $ERRORS{"DEPENDENT"}) { |
|
99 print "GENERIC DEPENDENT: $result"; |
|
100 cleanup($file, $signature), exit $ERRORS{"DEPENDENT"}; |
|
101 } |
|
102 } |
|
103 } |
|
104 |
|
105 sub cleanup($$) { |
|
106 my $file = shift; |
|
107 my $signature = shift; |
|
108 if (-f $file) { |
|
109 unlink $file or do { |
|
110 print "GENERIC WARNING: can't remove $file\n"; |
|
111 exit $ERRORS{"WARNING"}; |
|
112 } |
|
113 } |
|
114 if (-f $signature) { |
|
115 unlink $signature or do { |
|
116 print "GENERIC CRITICAL: can't remove $signature\n"; |
|
117 exit $ERRORS{"WARNING"}; |
|
118 } |
|
119 } |
|
120 } |
|
121 |
|
122 sub download() { |
|
123 my $dl_file = basename $opt_dl_file; |
|
124 my $dl_signature_file = basename $opt_dl_signature_file; |
|
125 |
|
126 unless (-d $dlpath) { |
|
127 mkdir $dlpath or do { |
|
128 print "GENERIC CRITICAL: can't create directory $dlpath\n"; |
|
129 exit $ERRORS{"CRITICAL"}; |
|
130 } |
|
131 } |
|
132 |
|
133 $file = "$dlpath/$dl_file"; |
|
134 $signature = "$dlpath/$dl_signature_file"; |
|
135 |
|
136 # get script file |
|
137 my $rc = getstore($opt_dl_file, "$file"); |
|
138 if (is_error($rc)) { |
|
139 if ($rc == "404") { |
|
140 print "GENERIC OK: $opt_dl_file ", status_message($rc), "\n"; |
|
141 cleanup($file, $signature), exit $ERRORS{"OK"}; |
|
142 } |
|
143 else { |
|
144 print "GENERIC CRITICAL: SCRIPT $opt_dl_file ", status_message($rc), |
|
145 "\n"; |
|
146 cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; |
|
147 } |
|
148 } |
|
149 |
|
150 # get script signature file |
|
151 $rc = getstore($opt_dl_signature_file, "$signature"); |
|
152 if (is_error($rc)) { |
|
153 if ($rc == "404") { |
|
154 print "GENERIC OK: $opt_dl_signature_file ", status_message($rc), |
|
155 "\n"; |
|
156 cleanup($file, $signature), exit $ERRORS{"OK"}; |
|
157 } |
|
158 else { |
|
159 print "GENERIC CRITICAL: SIGNATURE $opt_dl_signature_file ", |
|
160 status_message($rc), "\n"; |
|
161 cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; |
|
162 } |
|
163 } |
|
164 |
|
165 verify($file, $signature); |
|
166 execute($file); |
|
167 } |
|
168 |
|
169 sub verify($$) { |
|
170 my $file = shift; |
|
171 my $signature = shift; |
|
172 |
|
173 my $gpg = new GnuPG(); |
|
174 eval { $gpg->verify(signature => $signature, file => $file); }; |
|
175 |
|
176 # formating error output |
|
177 if ($@) { |
|
178 $@ =~ /^(.*)\sfrom\s+at.*/; |
|
179 print "GENERIC CRITICAL: $1\n"; |
|
180 cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; |
|
181 } |
|
182 } |
|
183 |
|
184 sub print_usage() { print $USAGE } |
|
185 |
|
186 sub print_help() { |
|
187 print_revision($ME, $VERSION); |
|
188 print <<EOF; |
|
189 Copyright (c) 2010 Christian Arnold |
|
190 |
|
191 This plugin loads a program file via http or https from a |
|
192 server and verifies its validity based on a gpg key. |
|
193 |
|
194 $USAGE |
|
195 -f, --file |
|
196 download url for generic script |
|
197 -s, --signature |
|
198 download url for generic script signature file |
|
199 -h, --help |
|
200 print detailed help screen |
|
201 -V, --version |
|
202 print version information |
|
203 |
|
204 EOF |
|
205 support(); |
|
206 } |