--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/check_exec.pl	Tue Dec 21 15:19:21 2010 +0100
@@ -0,0 +1,212 @@
+#!/usr/bin/perl -w
+
+use strict;
+use File::Basename;
+use Getopt::Long;
+use LWP::Simple;
+use HTTP::Status;
+use File::Path;
+
+use lib "/usr/lib/nagios/plugins";
+use utils qw (%ERRORS &print_revision &support);
+
+$ENV{LANG} = "POSIX";
+
+my $ME      = basename $0;
+my $VERSION = "0.2";
+my $USAGE   = <<EOF;
+Usage: $ME -u | --url
+       $ME [ -b | --binary ]
+       $ME [ -p | --path ]
+       $ME [ -h | --help ]
+       $ME [ -V | --version ]
+EOF
+
+sub print_help();
+sub print_usage();
+
+sub download($$);
+sub verify($);
+sub cleanup($);
+sub execute($);
+
+my $opt_url;
+my $opt_path   = "/var/tmp/nagios";
+my $opt_binary = "/usr/bin/gpg";
+
+MAIN: {
+    Getopt::Long::Configure('bundling');
+    GetOptions(
+        "u|url=s"    => \$opt_url,
+        "b|binary=s" => \$opt_binary,
+        "p|path=s"   => \$opt_path,
+        "h|help"     => sub { print_help(); exit $ERRORS{OK}; },
+        "V|version"  => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; }
+      )
+      or do {
+        print $USAGE;
+        exit $ERRORS{CRITICAL};
+      };
+
+    unless ($opt_url) {
+        print $USAGE;
+        exit $ERRORS{CRITICAL};
+    }
+
+    download($opt_url, $opt_path);
+}
+
+sub execute($) {
+    my $run_file = shift;
+    chmod 0755, $run_file or do {
+        print "EXEC CRITICAL: Can't chmod $run_file ($!)\n";
+        cleanup($run_file);
+        exit $ERRORS{CRITICAL};
+    };
+
+    my @cmd = ($run_file);
+
+    open(OUTPUT, "-|") or do {
+        open(STDERR, ">&STDOUT");
+        system(@cmd);
+    };
+
+    my $result = <OUTPUT>;
+
+    close(OUTPUT);
+
+    if ($? == -1) {
+        print "EXEC CRITICAL: Failed to execute: $!\n";
+        cleanup($run_file);
+        exit $ERRORS{CRITICAL};
+    }
+    elsif ($? & 127) {
+        printf "EXEC CRITICAL: Child died with signal %d, %s coredump\n",
+          ($? & 127), ($? & 128) ? 'with' : 'without';
+        cleanup($run_file);
+        exit $ERRORS{CRITICAL};
+    }
+    else {
+        my $rc = $? >> 8;
+        if ($rc == $ERRORS{OK}) {
+            print "EXEC OK: $result";
+            cleanup($run_file);
+            exit $ERRORS{OK};
+        }
+        elsif ($rc == $ERRORS{WARNING}) {
+            print "EXEC WARNING: $result";
+            cleanup($run_file);
+            exit $ERRORS{WARNING};
+        }
+        elsif ($rc == $ERRORS{CRITICAL}) {
+            print "EXEC CRITICAL: $result";
+            cleanup($run_file);
+            exit $ERRORS{CRITICAL};
+        }
+        elsif ($rc == $ERRORS{UNKNOWN}) {
+            print "EXEC UNKNOWN: $result";
+            cleanup($run_file);
+            exit $ERRORS{UNKNOWN};
+        }
+        elsif ($rc == $ERRORS{DEPENDENT}) {
+            print "EXEC DEPENDENT: $result";
+            cleanup($run_file);
+            exit $ERRORS{DEPENDENT};
+        }
+    }
+}
+
+sub cleanup($) {
+    my $file = shift;
+
+    if (-f $file) {
+        unlink $file or do {
+            print "EXEC WARNING: Can't remove $file ($!)\n";
+            exit $ERRORS{WARNING};
+          }
+    }
+}
+
+sub download($$) {
+    my $url  = shift;
+    my $path = shift;
+
+    my $file = basename $url;
+
+    unless (-d $path) {
+        mkpath($path, { mode => 0700, error => \my $err });
+        for my $diag (@$err) {
+            my ($directory, $message) = each %$diag;
+            print
+              "EXEC CRITICAL: Can't create directory $directory: $message\n";
+            exit $ERRORS{CRITICAL};
+        }
+    }
+
+    $file = "$path/$file";
+
+    my $rc = getstore($url, $file);
+    if (is_error($rc)) {
+        if ($rc == 404) {
+            print "EXEC OK: $url ", status_message($rc), "\n";
+            cleanup($file);
+            exit $ERRORS{OK};
+        }
+        else {
+            print "EXEC CRITICAL: $url ", status_message($rc), "\n";
+            cleanup($file);
+            exit $ERRORS{CRITICAL};
+        }
+    }
+
+    verify($file);
+}
+
+sub verify($) {
+    my $file     = shift;
+    my $dir      = dirname($file);
+    my $run_file = fileparse($file, qw/\.[^.]*/);
+
+    my $vc = qq{$opt_binary --verify};
+    my $dc = qq{$opt_binary --batch --yes};
+
+    my @r = qx/$vc $file 2>&1/;
+    if ($?) {
+        print "EXEC CRITICAL: @r";
+        exit $ERRORS{CRITICAL};
+    }
+
+    @r = qx/$dc $file 2>&1/;
+    if ($?) {
+        print "EXEC CRITICAL: @r";
+        exit $ERRORS{CRITICAL};
+    }
+
+    execute("$dir/$run_file");
+}
+
+sub print_usage() { print $USAGE }
+
+sub print_help() {
+    print_revision($ME, $VERSION);
+    print <<EOF;
+Copyright (c) 2010 Christian Arnold
+
+This plugin loads a program file via http or https from a
+server and verifies its validity based on a gpg key.
+
+$USAGE
+    -u, --url
+        download url for generic script
+    -b, --binary
+        path to gpg (default: /usr/bin/gpg)
+    -p, --path
+        location for store download script (default: /var/tmp/nagios)
+    -h, --help
+        print detailed help screen
+    -V, --version
+        print version information
+
+EOF
+    support();
+}