1 #!/usr/bin/perl -w

     2 

     3 use strict;

     4 use File::Basename;

     5 use Getopt::Long;

     6 use LWP::Simple;

     7 use HTTP::Status;

     8 use File::Path;

     9 

    10 use lib "/usr/lib/nagios/plugins";

    11 use utils qw (%ERRORS &print_revision &support);

    12 

    13 $ENV{LANG} = "POSIX";

    14 

    15 my $ME      = basename $0;

    16 my $VERSION = "0.2";

    17 my $USAGE   = <<EOF;

    18 Usage: $ME -u | --url

    19        $ME [ -b | --binary ]

    20        $ME [ -p | --path ]

    21        $ME [ -h | --help ]

    22        $ME [ -V | --version ]

    23 EOF

    24 

    25 sub print_help();

    26 sub print_usage();

    27 

    28 sub download($$);

    29 sub verify($);

    30 sub cleanup($);

    31 sub execute($);

    32 

    33 my $opt_url;

    34 my $opt_path   = "/var/tmp/nagios";

    35 my $opt_binary = "/usr/bin/gpg";

    36 

    37 MAIN: {

    38     Getopt::Long::Configure('bundling');

    39     GetOptions(

    40         "u|url=s"    => \$opt_url,

    41         "b|binary=s" => \$opt_binary,

    42         "p|path=s"   => \$opt_path,

    43         "h|help"     => sub { print_help(); exit $ERRORS{OK}; },

    44         "V|version"  => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; }

    45       )

    46       or do {

    47         print $USAGE;

    48         exit $ERRORS{CRITICAL};

    49       };

    50 

    51     unless ($opt_url) {

    52         print $USAGE;

    53         exit $ERRORS{CRITICAL};

    54     }

    55 

    56     download($opt_url, $opt_path);

    57 }

    58 

    59 sub execute($) {

    60     my $run_file = shift;

    61     chmod 0755, $run_file or do {

    62         print "EXEC CRITICAL: Can't chmod $run_file ($!)\n";

    63         cleanup($run_file);

    64         exit $ERRORS{CRITICAL};

    65     };

    66 

    67     my @cmd = ($run_file);

    68 

    69     open(OUTPUT, "-|") or do {

    70         open(STDERR, ">&STDOUT");

    71         system(@cmd);

    72     };

    73 

    74     my $result = <OUTPUT>;

    75 

    76     close(OUTPUT);

    77 

    78     if ($? == -1) {

    79         print "EXEC CRITICAL: Failed to execute: $!\n";

    80         cleanup($run_file);

    81         exit $ERRORS{CRITICAL};

    82     }

    83     elsif ($? & 127) {

    84         printf "EXEC CRITICAL: Child died with signal %d, %s coredump\n",

    85           ($? & 127), ($? & 128) ? 'with' : 'without';

    86         cleanup($run_file);

    87         exit $ERRORS{CRITICAL};

    88     }

    89     else {

    90         my $rc = $? >> 8;

    91         if ($rc == $ERRORS{OK}) {

    92             print "EXEC OK: $result";

    93             cleanup($run_file);

    94             exit $ERRORS{OK};

    95         }

    96         elsif ($rc == $ERRORS{WARNING}) {

    97             print "EXEC WARNING: $result";

    98             cleanup($run_file);

    99             exit $ERRORS{WARNING};

   100         }

   101         elsif ($rc == $ERRORS{CRITICAL}) {

   102             print "EXEC CRITICAL: $result";

   103             cleanup($run_file);

   104             exit $ERRORS{CRITICAL};

   105         }

   106         elsif ($rc == $ERRORS{UNKNOWN}) {

   107             print "EXEC UNKNOWN: $result";

   108             cleanup($run_file);

   109             exit $ERRORS{UNKNOWN};

   110         }

   111         elsif ($rc == $ERRORS{DEPENDENT}) {

   112             print "EXEC DEPENDENT: $result";

   113             cleanup($run_file);

   114             exit $ERRORS{DEPENDENT};

   115         }

   116     }

   117 }

   118 

   119 sub cleanup($) {

   120     my $file = shift;

   121 

   122     if (-f $file) {

   123         unlink $file or do {

   124             print "EXEC WARNING: Can't remove $file ($!)\n";

   125             exit $ERRORS{WARNING};

   126           }

   127     }

   128 }

   129 

   130 sub download($$) {

   131     my $url  = shift;

   132     my $path = shift;

   133 

   134     my $file = basename $url;

   135 

   136     unless (-d $path) {

   137         mkpath($path, { mode => 0700, error => \my $err });

   138         for my $diag (@$err) {

   139             my ($directory, $message) = each %$diag;

   140             print

   141               "EXEC CRITICAL: Can't create directory $directory: $message\n";

   142             exit $ERRORS{CRITICAL};

   143         }

   144     }

   145 

   146     $file = "$path/$file";

   147 

   148     my $rc = getstore($url, $file);

   149     if (is_error($rc)) {

   150         if ($rc == 404) {

   151             print "EXEC OK: $url ", status_message($rc), "\n";

   152             cleanup($file);

   153             exit $ERRORS{OK};

   154         }

   155         else {

   156             print "EXEC CRITICAL: $url ", status_message($rc), "\n";

   157             cleanup($file);

   158             exit $ERRORS{CRITICAL};

   159         }

   160     }

   161 

   162     verify($file);

   163 }

   164 

   165 sub verify($) {

   166     my $file     = shift;

   167     my $dir      = dirname($file);

   168     my $run_file = fileparse($file, qw/\.[^.]*/);

   169 

   170     my $vc = qq{$opt_binary --verify};

   171     my $dc = qq{$opt_binary --batch --yes};

   172 

   173     my @r = qx/$vc $file 2>&1/;

   174     if ($?) {

   175         print "EXEC CRITICAL: @r";

   176         exit $ERRORS{CRITICAL};

   177     }

   178 

   179     @r = qx/$dc $file 2>&1/;

   180     if ($?) {

   181         print "EXEC CRITICAL: @r";

   182         exit $ERRORS{CRITICAL};

   183     }

   184 

   185     execute("$dir/$run_file");

   186 }

   187 

   188 sub print_usage() { print $USAGE }

   189 

   190 sub print_help() {

   191     print_revision($ME, $VERSION);

   192     print <<EOF;

   193 Copyright (c) 2010 Christian Arnold

   194 

   195 This plugin loads a program file via http or https from a

   196 server and verifies its validity based on a gpg key.

   197 

   198 $USAGE

   199     -u, --url

   200         download url for generic script

   201     -b, --binary

   202         path to gpg (default: /usr/bin/gpg)

   203     -p, --path

   204         location for store download script (default: /var/tmp/nagios)

   205     -h, --help

   206         print detailed help screen

   207     -V, --version

   208         print version information

   209 

   210 EOF

   211     support();

   212 }