return critical status for open ports
return warning status for closed ports
change nmap default options
--- a/check_scan.pl Wed Jul 04 09:37:04 2012 +0200
+++ b/check_scan.pl Wed Jul 04 12:04:26 2012 +0200
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
-# Copyright (C) 2011 Christian Arnold
+# Copyright (C) 2012 Christian Arnold
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -22,6 +22,7 @@
use File::Basename;
use Getopt::Long;
use Pod::Usage;
+use Data::Dumper;
delete @ENV{ grep /^LC_/ => keys %ENV };
$ENV{LANG} = "C";
@@ -29,7 +30,7 @@
sub version($$);
sub scan($$$);
-sub report(@);
+sub report($$);
my %ERRORS = (
OK => 0,
@@ -41,11 +42,11 @@
my $ME = basename $0;
my $NAME = "SCAN";
-my $VERSION = "0.2";
+my $VERSION = "0.5";
my %opt = (
host => "localhost",
- options => "-sT -sU -r -p1-65535",
+ options => "-sS -sU -r -p1-65535",
exceptions => "22/tcp"
);
@@ -60,8 +61,9 @@
"V|version" => sub { version( $ME, $VERSION ); exit $ERRORS{OK}; }
) or pod2usage( -verbose => 1, -exitval => $ERRORS{CRITICAL} );
- my @openports = scan( $opt{host}, $opt{options}, $opt{exceptions} );
- report(@openports);
+ my ( $opened, $closed ) =
+ scan( $opt{host}, $opt{options}, $opt{exceptions} );
+ report( $opened, $closed );
}
sub version($$) {
@@ -79,8 +81,9 @@
sub scan($$$) {
my ( $host, $options, $exceptions ) = @_;
- my @scan = grep { /^\d+\/.*\s+open/ } `nmap $options $host`;
+ my @scan = grep { /^\d+\// } `nmap $options $host`;
my @openports;
+ my @closedports;
my @exceptions;
if ($exceptions) {
@@ -93,17 +96,43 @@
}
chomp($port);
$port =~ s/\s+/ /g;
- push @openports, $port;
+ push @openports, $port if ( $port =~ /^\d+\/tcp|udp\s+open\s+/ );
+ push @closedports, $port if ( $port =~ /^\d+\/tcp|udp\s+closed\s+/ );
}
- return @openports;
+ return ( \@openports, \@closedports );
}
-sub report(@) {
- my @openports = @_;
+sub report($$) {
+ my $opened = shift;
+ my $closed = shift;
+
+ my @opened = @$opened;
+ my @closed = @$closed;
- if (@openports) {
- say "$NAME WARNING: " . join( "; ", @openports );
+ if (@opened) {
+ if ( $opt{exceptions} ) {
+ say "$NAME CRITICAL: "
+ . join( "; ", @opened )
+ . " (exceptions: $opt{exceptions})";
+ }
+ else {
+ say "$NAME CRITICAL: "
+ . join( "; ", @opened )
+ . " (exceptions: $opt{exceptions})";
+ }
+ exit $ERRORS{CRITICAL};
+ }
+
+ if (@closed) {
+ if ( $opt{exceptions} ) {
+ say "$NAME WARNING: "
+ . join( "; ", @closed )
+ . " (exceptions: $opt{exceptions})";
+ }
+ else {
+ say "$NAME WARNING: " . join( "; ", @closed );
+ }
exit $ERRORS{WARNING};
}
@@ -140,7 +169,7 @@
=item B<-o>|B<--options>
-Nmap options for scan, must be specified in quotes. (default: '-sT -sU -r -p1-65535')
+Nmap options for scan, must be specified in quotes. (default: '-sS -sU -r -p1-65535')
=item B<-e>|B<--exceptions>
@@ -167,7 +196,7 @@
=head1 VERSION
-This man page is current for version 0.2 of B<check_scan>.
+This man page is current for version 0.5 of B<check_scan>.
=head1 AUTHOR
--- a/debian/changelog Wed Jul 04 09:37:04 2012 +0200
+++ b/debian/changelog Wed Jul 04 12:04:26 2012 +0200
@@ -1,3 +1,11 @@
+nagios-plugin-scan (0.5) stable; urgency=low
+
+ * return critical status for open ports
+ * return warning status for closed ports
+ * change nmap default options
+
+ -- Christian Arnold <arnold@schlittermann.de> Wed, 04 Jul 2012 11:57:59 +0200
+
nagios-plugin-scan (0.4) stable; urgency=low
* fix lintian warnings (debhelper-but-no-misc-depends)