--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/check_exec.pl Tue Dec 21 15:19:21 2010 +0100
@@ -0,0 +1,212 @@
+#!/usr/bin/perl -w
+
+use strict;
+use File::Basename;
+use Getopt::Long;
+use LWP::Simple;
+use HTTP::Status;
+use File::Path;
+
+use lib "/usr/lib/nagios/plugins";
+use utils qw (%ERRORS &print_revision &support);
+
+$ENV{LANG} = "POSIX";
+
+my $ME = basename $0;
+my $VERSION = "0.2";
+my $USAGE = <<EOF;
+Usage: $ME -u | --url
+ $ME [ -b | --binary ]
+ $ME [ -p | --path ]
+ $ME [ -h | --help ]
+ $ME [ -V | --version ]
+EOF
+
+sub print_help();
+sub print_usage();
+
+sub download($$);
+sub verify($);
+sub cleanup($);
+sub execute($);
+
+my $opt_url;
+my $opt_path = "/var/tmp/nagios";
+my $opt_binary = "/usr/bin/gpg";
+
+MAIN: {
+ Getopt::Long::Configure('bundling');
+ GetOptions(
+ "u|url=s" => \$opt_url,
+ "b|binary=s" => \$opt_binary,
+ "p|path=s" => \$opt_path,
+ "h|help" => sub { print_help(); exit $ERRORS{OK}; },
+ "V|version" => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; }
+ )
+ or do {
+ print $USAGE;
+ exit $ERRORS{CRITICAL};
+ };
+
+ unless ($opt_url) {
+ print $USAGE;
+ exit $ERRORS{CRITICAL};
+ }
+
+ download($opt_url, $opt_path);
+}
+
+sub execute($) {
+ my $run_file = shift;
+ chmod 0755, $run_file or do {
+ print "EXEC CRITICAL: Can't chmod $run_file ($!)\n";
+ cleanup($run_file);
+ exit $ERRORS{CRITICAL};
+ };
+
+ my @cmd = ($run_file);
+
+ open(OUTPUT, "-|") or do {
+ open(STDERR, ">&STDOUT");
+ system(@cmd);
+ };
+
+ my $result = <OUTPUT>;
+
+ close(OUTPUT);
+
+ if ($? == -1) {
+ print "EXEC CRITICAL: Failed to execute: $!\n";
+ cleanup($run_file);
+ exit $ERRORS{CRITICAL};
+ }
+ elsif ($? & 127) {
+ printf "EXEC CRITICAL: Child died with signal %d, %s coredump\n",
+ ($? & 127), ($? & 128) ? 'with' : 'without';
+ cleanup($run_file);
+ exit $ERRORS{CRITICAL};
+ }
+ else {
+ my $rc = $? >> 8;
+ if ($rc == $ERRORS{OK}) {
+ print "EXEC OK: $result";
+ cleanup($run_file);
+ exit $ERRORS{OK};
+ }
+ elsif ($rc == $ERRORS{WARNING}) {
+ print "EXEC WARNING: $result";
+ cleanup($run_file);
+ exit $ERRORS{WARNING};
+ }
+ elsif ($rc == $ERRORS{CRITICAL}) {
+ print "EXEC CRITICAL: $result";
+ cleanup($run_file);
+ exit $ERRORS{CRITICAL};
+ }
+ elsif ($rc == $ERRORS{UNKNOWN}) {
+ print "EXEC UNKNOWN: $result";
+ cleanup($run_file);
+ exit $ERRORS{UNKNOWN};
+ }
+ elsif ($rc == $ERRORS{DEPENDENT}) {
+ print "EXEC DEPENDENT: $result";
+ cleanup($run_file);
+ exit $ERRORS{DEPENDENT};
+ }
+ }
+}
+
+sub cleanup($) {
+ my $file = shift;
+
+ if (-f $file) {
+ unlink $file or do {
+ print "EXEC WARNING: Can't remove $file ($!)\n";
+ exit $ERRORS{WARNING};
+ }
+ }
+}
+
+sub download($$) {
+ my $url = shift;
+ my $path = shift;
+
+ my $file = basename $url;
+
+ unless (-d $path) {
+ mkpath($path, { mode => 0700, error => \my $err });
+ for my $diag (@$err) {
+ my ($directory, $message) = each %$diag;
+ print
+ "EXEC CRITICAL: Can't create directory $directory: $message\n";
+ exit $ERRORS{CRITICAL};
+ }
+ }
+
+ $file = "$path/$file";
+
+ my $rc = getstore($url, $file);
+ if (is_error($rc)) {
+ if ($rc == 404) {
+ print "EXEC OK: $url ", status_message($rc), "\n";
+ cleanup($file);
+ exit $ERRORS{OK};
+ }
+ else {
+ print "EXEC CRITICAL: $url ", status_message($rc), "\n";
+ cleanup($file);
+ exit $ERRORS{CRITICAL};
+ }
+ }
+
+ verify($file);
+}
+
+sub verify($) {
+ my $file = shift;
+ my $dir = dirname($file);
+ my $run_file = fileparse($file, qw/\.[^.]*/);
+
+ my $vc = qq{$opt_binary --verify};
+ my $dc = qq{$opt_binary --batch --yes};
+
+ my @r = qx/$vc $file 2>&1/;
+ if ($?) {
+ print "EXEC CRITICAL: @r";
+ exit $ERRORS{CRITICAL};
+ }
+
+ @r = qx/$dc $file 2>&1/;
+ if ($?) {
+ print "EXEC CRITICAL: @r";
+ exit $ERRORS{CRITICAL};
+ }
+
+ execute("$dir/$run_file");
+}
+
+sub print_usage() { print $USAGE }
+
+sub print_help() {
+ print_revision($ME, $VERSION);
+ print <<EOF;
+Copyright (c) 2010 Christian Arnold
+
+This plugin loads a program file via http or https from a
+server and verifies its validity based on a gpg key.
+
+$USAGE
+ -u, --url
+ download url for generic script
+ -b, --binary
+ path to gpg (default: /usr/bin/gpg)
+ -p, --path
+ location for store download script (default: /var/tmp/nagios)
+ -h, --help
+ print detailed help screen
+ -V, --version
+ print version information
+
+EOF
+ support();
+}
--- a/check_generic.pl Tue Dec 14 14:51:46 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,206 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use File::Basename;
-use Getopt::Long;
-use LWP::Simple;
-use HTTP::Status;
-use GnuPG qw( :algo );
-
-use lib "/usr/lib/nagios/plugins";
-use utils qw (%ERRORS &print_revision &support);
-
-my $ME = basename $0;
-my $VERSION = "0.1";
-my $USAGE = <<EOF;
-Usage: $ME -f <url> -s <url>
- $ME [ -h | --help ]
- $ME [ -V | --version ]
-EOF
-
-sub print_help();
-sub print_usage();
-
-sub download();
-sub verify($$);
-sub cleanup($$);
-sub execute($);
-
-my $opt_dl_file = "";
-my $opt_dl_signature_file = "";
-
-my $dlpath = "/var/tmp/nagios";
-my ($file, $signature);
-
-MAIN: {
- Getopt::Long::Configure('bundling');
- GetOptions(
- "f|file=s" => \$opt_dl_file,
- "s|signature=s" => \$opt_dl_signature_file,
- "h|help" => sub { print_help(); exit $ERRORS{OK}; },
- "V|version" => sub { print_revision($ME, $VERSION); exit $ERRORS{OK}; }
- );
-
- unless ($opt_dl_file) {
- print $USAGE;
- exit $ERRORS{"CRITICAL"};
- }
-
- unless ($opt_dl_signature_file) {
- print $USAGE;
- exit $ERRORS{"CRITICAL"};
- }
-
- download();
-}
-
-sub execute($) {
- my $file = shift;
- chmod 0755, $file or print print "GENERIC WARNING: can't chmod $file\n";
- my @cmd = ("$file");
-
- open(OUTPUT, "-|") or do {
- open(STDERR, ">&STDOUT");
- system(@cmd);
- };
-
- my $result = <OUTPUT>;
-
- close(OUTPUT);
-
- if ($? == -1) {
- print "GENERIC CRITICAL: failed to execute: $!\n";
- cleanup($file, $signature), exit $ERRORS{"CRITICAL"};
- }
- elsif ($? & 127) {
- printf "GENERIC CRITICAL: child died with signal %d, %s coredump\n",
- ($? & 127), ($? & 128) ? 'with' : 'without';
- cleanup($file, $signature), exit $ERRORS{"CRITICAL"};
- }
- else {
- my $rc = $? >> 8;
- if ($rc == $ERRORS{"OK"}) {
- print "GENERIC OK: $result";
- cleanup($file, $signature), exit $ERRORS{"OK"};
- }
- elsif ($rc == $ERRORS{"WARNING"}) {
- print "GENERIC WARNING: $result";
- cleanup($file, $signature), exit $ERRORS{"WARNING"};
- }
- elsif ($rc == $ERRORS{"CRITICAL"}) {
- print "GENERIC CRITICAL: $result";
- cleanup($file, $signature), exit $ERRORS{"CRITICAL"};
- }
- elsif ($rc == $ERRORS{"UNKNOWN"}) {
- print "GENERIC UNKNOWN: $result";
- cleanup($file, $signature), exit $ERRORS{"UNKNOWN"};
- }
- elsif ($rc == $ERRORS{"DEPENDENT"}) {
- print "GENERIC DEPENDENT: $result";
- cleanup($file, $signature), exit $ERRORS{"DEPENDENT"};
- }
- }
-}
-
-sub cleanup($$) {
- my $file = shift;
- my $signature = shift;
- if (-f $file) {
- unlink $file or do {
- print "GENERIC WARNING: can't remove $file\n";
- exit $ERRORS{"WARNING"};
- }
- }
- if (-f $signature) {
- unlink $signature or do {
- print "GENERIC CRITICAL: can't remove $signature\n";
- exit $ERRORS{"WARNING"};
- }
- }
-}
-
-sub download() {
- my $dl_file = basename $opt_dl_file;
- my $dl_signature_file = basename $opt_dl_signature_file;
-
- unless (-d $dlpath) {
- mkdir $dlpath or do {
- print "GENERIC CRITICAL: can't create directory $dlpath\n";
- exit $ERRORS{"CRITICAL"};
- }
- }
-
- $file = "$dlpath/$dl_file";
- $signature = "$dlpath/$dl_signature_file";
-
- # get script file
- my $rc = getstore($opt_dl_file, "$file");
- if (is_error($rc)) {
- if ($rc == "404") {
- print "GENERIC OK: $opt_dl_file ", status_message($rc), "\n";
- cleanup($file, $signature), exit $ERRORS{"OK"};
- }
- else {
- print "GENERIC CRITICAL: SCRIPT $opt_dl_file ", status_message($rc),
- "\n";
- cleanup($file, $signature), exit $ERRORS{"CRITICAL"};
- }
- }
-
- # get script signature file
- $rc = getstore($opt_dl_signature_file, "$signature");
- if (is_error($rc)) {
- if ($rc == "404") {
- print "GENERIC OK: $opt_dl_signature_file ", status_message($rc),
- "\n";
- cleanup($file, $signature), exit $ERRORS{"OK"};
- }
- else {
- print "GENERIC CRITICAL: SIGNATURE $opt_dl_signature_file ",
- status_message($rc), "\n";
- cleanup($file, $signature), exit $ERRORS{"CRITICAL"};
- }
- }
-
- verify($file, $signature);
- execute($file);
-}
-
-sub verify($$) {
- my $file = shift;
- my $signature = shift;
-
- my $gpg = new GnuPG();
- eval { $gpg->verify(signature => $signature, file => $file); };
-
- # formating error output
- if ($@) {
- $@ =~ /^(.*)\sfrom\s+at.*/;
- print "GENERIC CRITICAL: $1\n";
- cleanup($file, $signature), exit $ERRORS{"CRITICAL"};
- }
-}
-
-sub print_usage() { print $USAGE }
-
-sub print_help() {
- print_revision($ME, $VERSION);
- print <<EOF;
-Copyright (c) 2010 Christian Arnold
-
-This plugin loads a program file via http or https from a
-server and verifies its validity based on a gpg key.
-
-$USAGE
- -f, --file
- download url for generic script
- -s, --signature
- download url for generic script signature file
- -h, --help
- print detailed help screen
- -V, --version
- print version information
-
-EOF
- support();
-}