1 #!/usr/bin/perl -w

     2 

     3 #    Copyright (C) 2011  Christian Arnold

     4 #

     5 #    This program is free software: you can redistribute it and/or modify

     6 #    it under the terms of the GNU General Public License as published by

     7 #    the Free Software Foundation, either version 3 of the License, or

     8 #    (at your option) any later version.

     9 #

    10 #    This program is distributed in the hope that it will be useful,

    11 #    but WITHOUT ANY WARRANTY; without even the implied warranty of

    12 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

    13 #    GNU General Public License for more details.

    14 #

    15 #    You should have received a copy of the GNU General Public License

    16 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.

    17 #

    18 #    Christian Arnold <arnold@schlittermann.de>

    19 

    20 use 5.010;

    21 use strict;

    22 use File::Basename;

    23 use Getopt::Long;

    24 use Pod::Usage;

    25 

    26 delete @ENV{ grep /^LC_/ => keys %ENV };

    27 $ENV{LANG}   = "C";

    28 $ENV{LC_ALL} = "C";

    29 

    30 sub version($$);

    31 sub scan($$$);

    32 sub report(@);

    33 

    34 my %ERRORS = (

    35     OK        => 0,

    36     WARNING   => 1,

    37     CRITICAL  => 2,

    38     UNKNOWN   => 3,

    39     DEPENDENT => 4

    40 );

    41 

    42 my $ME      = basename $0;

    43 my $NAME    = "SCAN";

    44 my $VERSION = "0.1";

    45 

    46 my %opt = (

    47     host       => "localhost",

    48     options    => "-sT -sU -r -p1-65535",

    49     exceptions => "22/tcp"

    50 );

    51 

    52 MAIN: {

    53     Getopt::Long::Configure('bundling');

    54     GetOptions(

    55         "o|options=s"    => \$opt{options},

    56         "H|host=s"       => \$opt{host},

    57         "e|exceptions=s" => \$opt{exceptions},

    58         "h|help" => sub { pod2usage( -verbose => 1, -exitval => $ERRORS{OK} ) },

    59         "m|man" => sub { pod2usage( -verbose => 2, -exitval => $ERRORS{OK} ) },

    60         "V|version" => sub { version( $ME, $VERSION ); exit $ERRORS{OK}; }

    61     ) or pod2usage( -verbose => 1, -exitval => $ERRORS{CRITICAL} );

    62 

    63     my @openports = scan( $opt{host}, $opt{options}, $opt{exceptions} );

    64     report(@openports);

    65 }

    66 

    67 sub version($$) {

    68     my ( $progname, $version ) = @_;

    69 

    70     say <<_VERSION;

    71 $progname version $version

    72 Copyright (C) 2012 by Christian Arnold and Schlittermann internet & unix support.

    73 

    74 $ME comes with ABSOLUTELY NO WARRANTY. This is free software,

    75 and you are welcome to redistribute it under certain conditions.

    76 See the GNU General Public Licence for details.

    77 _VERSION

    78 }

    79 

    80 sub scan($$$) {

    81     my ( $host, $options, $exceptions ) = @_;

    82     my @scan = grep { /^\d+\// } `nmap $options $host`;

    83     my @openports;

    84     my @exceptions;

    85 

    86     if ($exceptions) {

    87         @exceptions = split( /,/, $exceptions );

    88     }

    89 

    90   PORTS: foreach my $port (@scan) {

    91         foreach my $exceptions (@exceptions) {

    92             next PORTS if ( $port =~ /^$exceptions/ );

    93         }

    94         chomp($port);

    95         $port =~ s/\s+/ /g;

    96         push @openports, $port;

    97     }

    98 

    99     return @openports;

   100 }

   101 

   102 sub report(@) {

   103     my @openports = @_;

   104 

   105     if (@openports) {

   106         say "$NAME WARNING: " . join( "; ", @openports );

   107         exit $ERRORS{WARNING};

   108     }

   109 

   110     if ( $opt{exceptions} ) {

   111         say "$NAME OK: no open ports (exceptions: $opt{exceptions})";

   112     }

   113     else {

   114         say "$NAME OK: no open ports";

   115     }

   116     exit $ERRORS{OK};

   117 }

   118 

   119 __END__

   120 

   121 =head1 NAME

   122 

   123 check_scan - nagios plugin to run port scan

   124 

   125 =head1 SYNOPSIS

   126 

   127 check_scan [B<-H>|B<--host>]

   128 

   129 check_scan [B<-o>|B<--options>]

   130 

   131 check_scan [B<-e>|B<--exceptions>]

   132 

   133 =head1 OPTIONS

   134 

   135 =over

   136 

   137 =item B<-H>|B<--host>

   138 

   139 Host or ip to scan. (default: localhost)

   140 

   141 =item B<-o>|B<--options>

   142 

   143 Nmap options for scan, must be specified in quotes. (default: '-sT -sU -r -p1-65535')

   144 

   145 =item B<-e>|B<--exceptions>

   146 

   147 No warning is generated if any of these ports open. Multiple ports can

   148 be specified separated by commas (22/tcp,25/tcp,53/udp,...). (default: 22/tcp)

   149 

   150 =item B<-h>|B<--help>

   151 

   152 Print detailed help screen.

   153 

   154 =item B<-m>|B<--man>

   155 

   156 Print manual page.

   157 

   158 =item B<-V>|B<--version>

   159 

   160 Print version information.

   161 

   162 =back

   163 

   164 =head1 DESCRIPTION

   165 

   166 This nagios plugin scans hosts with nmap.

   167 

   168 =head1 VERSION

   169 

   170 This man page is current for version 0.1 of B<check_scan>.

   171 

   172 =head1 AUTHOR

   173 

   174 Written by Christian Arnold L<arnold@schlittermann.de>

   175 

   176 =head1 COPYRIGHT

   177 

   178 Copyright (C) 2012 by Christian Arnold and Schlittermann internet & unix support.

   179 This is free software, and you are welcome to redistribute it under certain conditions.

   180 See the GNU General Public Licence for details.

   181 

   182 =cut