5 use feature qw(say); |
5 use feature qw(say); |
6 use Nagios::Check::DNS::check_tlsa_record; |
6 use Nagios::Check::DNS::check_tlsa_record; |
7 use File::Basename; |
7 use File::Basename; |
8 use Monitoring::Plugin; |
8 use Monitoring::Plugin; |
9 |
9 |
10 my $ME = basename $0; |
10 my $ME = basename $0; |
11 my $blurb = 'This Plugin is intended to check validity of TLSA Records'; |
11 my $blurb = 'This Plugin is intended to check validity of TLSA Records'; |
12 my $url = 'http://www.schlittermann.de'; |
12 my $url = 'http://www.schlittermann.de'; |
13 my $author = 'Heike Yvonne Pesch'; |
13 my $author = 'Heike Yvonne Pesch'; |
14 my $email = '<pesch@schlittermann.de>'; |
14 my $email = '<pesch@schlittermann.de>'; |
15 my $usage = <<_; |
15 my $usage = <<_; |
16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] |
16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] |
17 [ -f|--hostlist=<hostlist> ] |
17 [ -f|--hostlist=<hostlist> ] |
18 [ -c|--critical=<critical threshold> ] |
18 [ -c|--critical=<critical threshold> ] |
19 [ -w|--warning=<warning threshold> ] |
19 [ -w|--warning=<warning threshold> ] |
20 [ -p|--port=<portnumber> ] |
20 [ -p|--port=<portnumber> ] |
21 [ -q|--queryserver=<DNS-Server-IP> ] |
21 [ -q|--queryserver=<DNS-Server-IP> ] |
22 _ |
22 _ |
23 |
23 |
24 my $extra = <<_; |
24 my $extra = <<_; |
25 |
25 |
26 NOTICE |
26 NOTICE |
27 If you want to use a hostlist, you have to put entries like this: |
27 If you want to use a hostlist, you have to put entries like this: |
28 |
28 |
29 host |
29 host |
38 |
38 |
39 Author: $author $email |
39 Author: $author $email |
40 For more information visit $url |
40 For more information visit $url |
41 _ |
41 _ |
42 |
42 |
43 |
43 my $nagios_tlsa = Monitoring::Plugin->new( |
44 my $nagios_tlsa = Monitoring::Plugin->new( |
44 usage => $usage, |
45 usage => $usage, |
45 blurb => $blurb, |
46 blurb => $blurb, |
46 extra => $extra, |
47 extra => $extra, |
47 url => $url, |
48 url => $url, |
48 plugin => $ME, |
49 plugin => $ME, |
49 timeout => 120, |
50 timeout => 120, |
|
51 |
50 |
52 ); |
51 ); |
53 |
52 |
54 #@TODO exit 1 &Co in eigenes die || oh_shit |
53 #@TODO exit 1 &Co in eigenes die || oh_shit |
55 $nagios_tlsa->add_arg( |
54 $nagios_tlsa->add_arg( |
56 spec => 'host|H=s', |
55 spec => 'host|H=s', |
57 help => 'Host/Domain to check', |
56 help => 'Host/Domain to check', |
58 required => 0, |
57 required => 0, |
59 ); |
58 ); |
60 |
59 |
61 $nagios_tlsa->add_arg( |
60 $nagios_tlsa->add_arg( |
62 spec => 'hostlist|f=s', |
61 spec => 'hostlist|f=s', |
63 help => 'Host/Domainlist in file to check', |
62 help => 'Host/Domainlist in file to check', |
64 required => 0, |
63 required => 0, |
65 ); |
64 ); |
66 |
65 |
67 $nagios_tlsa->add_arg( |
66 $nagios_tlsa->add_arg( |
68 spec => 'expiry|e', |
67 spec => 'expiry|e', |
69 help => 'check expiry of Certificate', |
68 help => 'check expiry of Certificate', |
70 required => 0, |
69 required => 0, |
71 ); |
70 ); |
72 |
71 |
73 $nagios_tlsa->add_arg( |
72 $nagios_tlsa->add_arg( |
74 spec => 'port|p=i', |
73 spec => 'port|p=i', |
75 help => 'Port of Domain to check the TLSA (default: 443)', |
74 help => 'Port of Domain to check the TLSA (default: 443)', |
76 required => 0, |
75 required => 0, |
77 default => 443, |
76 default => 443, |
78 ); |
77 ); |
79 |
78 |
80 $nagios_tlsa->add_arg( |
79 $nagios_tlsa->add_arg( |
81 spec => 'queryserver|q=s', |
80 spec => 'queryserver|q=s', |
82 required => 0, |
81 required => 0, |
83 help => |
82 help => |
84 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', |
83 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', |
85 |
84 |
86 ); |
85 ); |
87 |
86 |
88 $nagios_tlsa->add_arg( |
87 $nagios_tlsa->add_arg( |
89 spec => 'protocol|P=s', |
88 spec => 'protocol|P=s', |
90 help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', |
89 help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', |
91 required => 0, |
90 required => 0, |
92 default => 'tcp', |
91 default => 'tcp', |
93 ); |
92 ); |
94 |
93 |
95 $nagios_tlsa->add_arg( |
94 $nagios_tlsa->add_arg( |
96 spec => 'timeout|t=i', |
95 spec => 'timeout|t=i', |
97 help => 'Timeout in seconds for check (default: 120)', |
96 help => 'Timeout in seconds for check (default: 120)', |
98 required => 0, |
97 required => 0, |
99 default => 120, |
98 default => 120, |
100 ); |
99 ); |
101 |
100 |
102 $nagios_tlsa->getopts; |
101 $nagios_tlsa->getopts; |
103 |
102 |
104 my $domain = $nagios_tlsa->opts->host; |
103 my $domain = $nagios_tlsa->opts->host; |
108 my $expiry = $nagios_tlsa->opts->expiry; |
107 my $expiry = $nagios_tlsa->opts->expiry; |
109 |
108 |
110 if (!$domain && !$domainlist) { |
109 if (!$domain && !$domainlist) { |
111 my $script = basename $0; |
110 my $script = basename $0; |
112 say "Please set -H <domain> or -f <domainlist>\n" |
111 say "Please set -H <domain> or -f <domainlist>\n" |
113 . "For all options try $script --help"; |
112 . "For all options try $script --help"; |
114 |
113 |
115 exit 1; |
114 exit 1; |
116 } |
115 } |
117 |
116 |
118 if ($domainlist) |
117 if ($domainlist) { |
119 { |
118 get_domains(); |
120 get_domains(); |
119 exit 0; |
121 exit 0; |
|
122 } |
120 } |
123 |
121 |
124 if ($domain) { |
122 if ($domain) { |
125 |
123 |
126 if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) { |
124 if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) { |
127 $domain = $+{domain}; |
125 $domain = $+{domain}; |
128 $port = $+{port}; |
126 $port = $+{port}; |
129 } |
127 } |
130 |
128 |
131 if (not $port or $port eq '') { |
129 if (not $port or $port eq '') { |
132 $port = 443; |
130 $port = 443; |
133 } |
131 } |
134 |
132 |
135 if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { |
133 if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { |
136 $protocol = 'tcp'; |
134 $protocol = 'tcp'; |
137 } |
135 } |
138 |
136 |
139 my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); |
137 my $return = |
140 say $return; |
138 Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); |
141 exit 0; |
139 say $return; |
|
140 exit 0; |
142 } |
141 } |
143 |
142 |
144 sub get_domains { |
143 sub get_domains { |
145 open(my $filehandle, '<', $domainlist); |
144 open(my $filehandle, '<', $domainlist); |
146 |
145 |
147 while (<$filehandle>) { |
146 while (<$filehandle>) { |
148 if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) { |
147 if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) { |
149 $domain = $+{domain}; |
148 $domain = $+{domain}; |
150 |
149 |
151 if ("$+{port}" =~ /^\s*$/) { $port = '443'; } |
150 if ("$+{port}" =~ /^\s*$/) { $port = '443'; } |
152 else { $port = $+{port}; } |
151 else { $port = $+{port}; } |
153 |
152 |
154 my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port)); |
153 my $return = |
|
154 Nagios::Check::DNS::check_tlsa_record::main(($domain, $port)); |
155 say $return; |
155 say $return; |
156 } |
156 } |
157 else { |
157 else { |
158 die "$domainlist has wrong or malformed content\n"; |
158 die "$domainlist has wrong or malformed content\n"; |
159 } |
159 } |