# HG changeset patch # User Christian Arnold # Date 1292941161 -3600 # Node ID 9b0a5c2b7ebc9cb4fa5909c260a77d36ddb3352c # Parent 9732a762d17c85127ac3ef546a0719a469d9ba97 * now using /usr/bin/gpg * rename to nagios-plugin-exec diff -r 9732a762d17c -r 9b0a5c2b7ebc check_exec.pl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/check_exec.pl Tue Dec 21 15:19:21 2010 +0100 @@ -0,0 +1,212 @@ +#!/usr/bin/perl -w + +use strict; +use File::Basename; +use Getopt::Long; +use LWP::Simple; +use HTTP::Status; +use File::Path; + +use lib "/usr/lib/nagios/plugins"; +use utils qw (%ERRORS &print_revision &support); + +$ENV{LANG} = "POSIX"; + +my $ME = basename $0; +my $VERSION = "0.2"; +my $USAGE = < \$opt_url, + "b|binary=s" => \$opt_binary, + "p|path=s" => \$opt_path, + "h|help" => sub { print_help(); exit $ERRORS{OK}; }, + "V|version" => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; } + ) + or do { + print $USAGE; + exit $ERRORS{CRITICAL}; + }; + + unless ($opt_url) { + print $USAGE; + exit $ERRORS{CRITICAL}; + } + + download($opt_url, $opt_path); +} + +sub execute($) { + my $run_file = shift; + chmod 0755, $run_file or do { + print "EXEC CRITICAL: Can't chmod $run_file ($!)\n"; + cleanup($run_file); + exit $ERRORS{CRITICAL}; + }; + + my @cmd = ($run_file); + + open(OUTPUT, "-|") or do { + open(STDERR, ">&STDOUT"); + system(@cmd); + }; + + my $result = ; + + close(OUTPUT); + + if ($? == -1) { + print "EXEC CRITICAL: Failed to execute: $!\n"; + cleanup($run_file); + exit $ERRORS{CRITICAL}; + } + elsif ($? & 127) { + printf "EXEC CRITICAL: Child died with signal %d, %s coredump\n", + ($? & 127), ($? & 128) ? 'with' : 'without'; + cleanup($run_file); + exit $ERRORS{CRITICAL}; + } + else { + my $rc = $? >> 8; + if ($rc == $ERRORS{OK}) { + print "EXEC OK: $result"; + cleanup($run_file); + exit $ERRORS{OK}; + } + elsif ($rc == $ERRORS{WARNING}) { + print "EXEC WARNING: $result"; + cleanup($run_file); + exit $ERRORS{WARNING}; + } + elsif ($rc == $ERRORS{CRITICAL}) { + print "EXEC CRITICAL: $result"; + cleanup($run_file); + exit $ERRORS{CRITICAL}; + } + elsif ($rc == $ERRORS{UNKNOWN}) { + print "EXEC UNKNOWN: $result"; + cleanup($run_file); + exit $ERRORS{UNKNOWN}; + } + elsif ($rc == $ERRORS{DEPENDENT}) { + print "EXEC DEPENDENT: $result"; + cleanup($run_file); + exit $ERRORS{DEPENDENT}; + } + } +} + +sub cleanup($) { + my $file = shift; + + if (-f $file) { + unlink $file or do { + print "EXEC WARNING: Can't remove $file ($!)\n"; + exit $ERRORS{WARNING}; + } + } +} + +sub download($$) { + my $url = shift; + my $path = shift; + + my $file = basename $url; + + unless (-d $path) { + mkpath($path, { mode => 0700, error => \my $err }); + for my $diag (@$err) { + my ($directory, $message) = each %$diag; + print + "EXEC CRITICAL: Can't create directory $directory: $message\n"; + exit $ERRORS{CRITICAL}; + } + } + + $file = "$path/$file"; + + my $rc = getstore($url, $file); + if (is_error($rc)) { + if ($rc == 404) { + print "EXEC OK: $url ", status_message($rc), "\n"; + cleanup($file); + exit $ERRORS{OK}; + } + else { + print "EXEC CRITICAL: $url ", status_message($rc), "\n"; + cleanup($file); + exit $ERRORS{CRITICAL}; + } + } + + verify($file); +} + +sub verify($) { + my $file = shift; + my $dir = dirname($file); + my $run_file = fileparse($file, qw/\.[^.]*/); + + my $vc = qq{$opt_binary --verify}; + my $dc = qq{$opt_binary --batch --yes}; + + my @r = qx/$vc $file 2>&1/; + if ($?) { + print "EXEC CRITICAL: @r"; + exit $ERRORS{CRITICAL}; + } + + @r = qx/$dc $file 2>&1/; + if ($?) { + print "EXEC CRITICAL: @r"; + exit $ERRORS{CRITICAL}; + } + + execute("$dir/$run_file"); +} + +sub print_usage() { print $USAGE } + +sub print_help() { + print_revision($ME, $VERSION); + print < -s - $ME [ -h | --help ] - $ME [ -V | --version ] -EOF - -sub print_help(); -sub print_usage(); - -sub download(); -sub verify($$); -sub cleanup($$); -sub execute($); - -my $opt_dl_file = ""; -my $opt_dl_signature_file = ""; - -my $dlpath = "/var/tmp/nagios"; -my ($file, $signature); - -MAIN: { - Getopt::Long::Configure('bundling'); - GetOptions( - "f|file=s" => \$opt_dl_file, - "s|signature=s" => \$opt_dl_signature_file, - "h|help" => sub { print_help(); exit $ERRORS{OK}; }, - "V|version" => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; } - ); - - unless ($opt_dl_file) { - print $USAGE; - exit $ERRORS{"CRITICAL"}; - } - - unless ($opt_dl_signature_file) { - print $USAGE; - exit $ERRORS{"CRITICAL"}; - } - - download(); -} - -sub execute($) { - my $file = shift; - chmod 0755, $file or print print "GENERIC WARNING: can't chmod $file\n"; - my @cmd = ("$file"); - - open(OUTPUT, "-|") or do { - open(STDERR, ">&STDOUT"); - system(@cmd); - }; - - my $result = ; - - close(OUTPUT); - - if ($? == -1) { - print "GENERIC CRITICAL: failed to execute: $!\n"; - cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; - } - elsif ($? & 127) { - printf "GENERIC CRITICAL: child died with signal %d, %s coredump\n", - ($? & 127), ($? & 128) ? 'with' : 'without'; - cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; - } - else { - my $rc = $? >> 8; - if ($rc == $ERRORS{"OK"}) { - print "GENERIC OK: $result"; - cleanup($file, $signature), exit $ERRORS{"OK"}; - } - elsif ($rc == $ERRORS{"WARNING"}) { - print "GENERIC WARNING: $result"; - cleanup($file, $signature), exit $ERRORS{"WARNING"}; - } - elsif ($rc == $ERRORS{"CRITICAL"}) { - print "GENERIC CRITICAL: $result"; - cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; - } - elsif ($rc == $ERRORS{"UNKNOWN"}) { - print "GENERIC UNKNOWN: $result"; - cleanup($file, $signature), exit $ERRORS{"UNKNOWN"}; - } - elsif ($rc == $ERRORS{"DEPENDENT"}) { - print "GENERIC DEPENDENT: $result"; - cleanup($file, $signature), exit $ERRORS{"DEPENDENT"}; - } - } -} - -sub cleanup($$) { - my $file = shift; - my $signature = shift; - if (-f $file) { - unlink $file or do { - print "GENERIC WARNING: can't remove $file\n"; - exit $ERRORS{"WARNING"}; - } - } - if (-f $signature) { - unlink $signature or do { - print "GENERIC CRITICAL: can't remove $signature\n"; - exit $ERRORS{"WARNING"}; - } - } -} - -sub download() { - my $dl_file = basename $opt_dl_file; - my $dl_signature_file = basename $opt_dl_signature_file; - - unless (-d $dlpath) { - mkdir $dlpath or do { - print "GENERIC CRITICAL: can't create directory $dlpath\n"; - exit $ERRORS{"CRITICAL"}; - } - } - - $file = "$dlpath/$dl_file"; - $signature = "$dlpath/$dl_signature_file"; - - # get script file - my $rc = getstore($opt_dl_file, "$file"); - if (is_error($rc)) { - if ($rc == "404") { - print "GENERIC OK: $opt_dl_file ", status_message($rc), "\n"; - cleanup($file, $signature), exit $ERRORS{"OK"}; - } - else { - print "GENERIC CRITICAL: SCRIPT $opt_dl_file ", status_message($rc), - "\n"; - cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; - } - } - - # get script signature file - $rc = getstore($opt_dl_signature_file, "$signature"); - if (is_error($rc)) { - if ($rc == "404") { - print "GENERIC OK: $opt_dl_signature_file ", status_message($rc), - "\n"; - cleanup($file, $signature), exit $ERRORS{"OK"}; - } - else { - print "GENERIC CRITICAL: SIGNATURE $opt_dl_signature_file ", - status_message($rc), "\n"; - cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; - } - } - - verify($file, $signature); - execute($file); -} - -sub verify($$) { - my $file = shift; - my $signature = shift; - - my $gpg = new GnuPG(); - eval { $gpg->verify(signature => $signature, file => $file); }; - - # formating error output - if ($@) { - $@ =~ /^(.*)\sfrom\s+at.*/; - print "GENERIC CRITICAL: $1\n"; - cleanup($file, $signature), exit $ERRORS{"CRITICAL"}; - } -} - -sub print_usage() { print $USAGE } - -sub print_help() { - print_revision($ME, $VERSION); - print <