bin/check_tlsa-record
changeset 14 ddefd02de6c5
parent 13 198dd181ba37
child 16 f5593514ab44
equal deleted inserted replaced
13:198dd181ba37 14:ddefd02de6c5
     5 use feature qw(say);
     5 use feature qw(say);
     6 use Nagios::Check::DNS::check_tlsa_record;
     6 use Nagios::Check::DNS::check_tlsa_record;
     7 use File::Basename;
     7 use File::Basename;
     8 use Monitoring::Plugin;
     8 use Monitoring::Plugin;
     9 
     9 
    10 my $ME      = basename $0;
    10 my $ME     = basename $0;
    11 my $blurb   = 'This Plugin is intended to check validity of TLSA Records';
    11 my $blurb  = 'This Plugin is intended to check validity of TLSA Records';
    12 my $url     = 'http://www.schlittermann.de';
    12 my $url    = 'http://www.schlittermann.de';
    13 my $author  = 'Heike Yvonne Pesch';
    13 my $author = 'Heike Yvonne Pesch';
    14 my $email   = '<pesch@schlittermann.de>';
    14 my $email  = '<pesch@schlittermann.de>';
    15 my $usage   = <<_;
    15 my $usage  = <<_;
    16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] 
    16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] 
    17                          [ -f|--hostlist=<hostlist> ] 
    17                          [ -f|--hostlist=<hostlist> ] 
    18                          [ -c|--critical=<critical threshold> ] 
    18                          [ -c|--critical=<critical threshold> ] 
    19                          [ -w|--warning=<warning threshold> ] 
    19                          [ -w|--warning=<warning threshold> ] 
    20                          [ -p|--port=<portnumber> ] 
    20                          [ -p|--port=<portnumber> ] 
    21                          [ -q|--queryserver=<DNS-Server-IP> ] 
    21                          [ -q|--queryserver=<DNS-Server-IP> ] 
    22 _
    22 _
    23 
    23 
    24 my $extra   = <<_;
    24 my $extra = <<_;
    25 
    25 
    26 NOTICE
    26 NOTICE
    27 If you want to use a hostlist, you have to put entries like this:
    27 If you want to use a hostlist, you have to put entries like this:
    28 
    28 
    29 host
    29 host
    38 
    38 
    39 Author: $author $email
    39 Author: $author $email
    40 For more information visit $url
    40 For more information visit $url
    41 _
    41 _
    42 
    42 
    43 
    43 my $nagios_tlsa = Monitoring::Plugin->new(
    44 my $nagios_tlsa  = Monitoring::Plugin->new(
    44     usage   => $usage,
    45   usage   => $usage,
    45     blurb   => $blurb,
    46   blurb   => $blurb,
    46     extra   => $extra,
    47   extra   => $extra,
    47     url     => $url,
    48   url     => $url,
    48     plugin  => $ME,
    49   plugin  => $ME,
    49     timeout => 120,
    50   timeout => 120,
       
    51 
    50 
    52 );
    51 );
    53 
    52 
    54 #@TODO exit 1 &Co in eigenes die || oh_shit
    53 #@TODO exit 1 &Co in eigenes die || oh_shit
    55 $nagios_tlsa->add_arg(
    54 $nagios_tlsa->add_arg(
    56   spec     => 'host|H=s',
    55     spec     => 'host|H=s',
    57   help     => 'Host/Domain to check',
    56     help     => 'Host/Domain to check',
    58   required => 0,
    57     required => 0,
    59 );
    58 );
    60 
    59 
    61 $nagios_tlsa->add_arg(
    60 $nagios_tlsa->add_arg(
    62   spec     => 'hostlist|f=s',
    61     spec     => 'hostlist|f=s',
    63   help     => 'Host/Domainlist in file to check',
    62     help     => 'Host/Domainlist in file to check',
    64   required => 0,
    63     required => 0,
    65 );
    64 );
    66 
    65 
    67 $nagios_tlsa->add_arg(
    66 $nagios_tlsa->add_arg(
    68   spec     => 'expiry|e',
    67     spec     => 'expiry|e',
    69   help     => 'check expiry of Certificate',
    68     help     => 'check expiry of Certificate',
    70   required => 0,
    69     required => 0,
    71 );
    70 );
    72 
    71 
    73 $nagios_tlsa->add_arg(
    72 $nagios_tlsa->add_arg(
    74   spec     => 'port|p=i',
    73     spec     => 'port|p=i',
    75   help     => 'Port of Domain to check the TLSA (default: 443)',
    74     help     => 'Port of Domain to check the TLSA (default: 443)',
    76   required => 0,
    75     required => 0,
    77   default  => 443,
    76     default  => 443,
    78 );
    77 );
    79 
    78 
    80 $nagios_tlsa->add_arg(
    79 $nagios_tlsa->add_arg(
    81   spec     => 'queryserver|q=s',
    80     spec     => 'queryserver|q=s',
    82   required => 0,
    81     required => 0,
    83   help     =>
    82     help =>
    84   'DNS Server to ask to check the TLSA (default: defined in resolve.conf)',
    83       'DNS Server to ask to check the TLSA (default: defined in resolve.conf)',
    85 
    84 
    86 );
    85 );
    87 
    86 
    88 $nagios_tlsa->add_arg(
    87 $nagios_tlsa->add_arg(
    89   spec     => 'protocol|P=s',
    88     spec => 'protocol|P=s',
    90   help     => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
    89     help => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
    91   required => 0,
    90     required => 0,
    92   default  => 'tcp',
    91     default  => 'tcp',
    93 );
    92 );
    94 
    93 
    95 $nagios_tlsa->add_arg(
    94 $nagios_tlsa->add_arg(
    96   spec     => 'timeout|t=i',
    95     spec     => 'timeout|t=i',
    97   help     => 'Timeout in seconds for check (default: 120)',
    96     help     => 'Timeout in seconds for check (default: 120)',
    98   required => 0,
    97     required => 0,
    99   default  => 120,
    98     default  => 120,
   100 );
    99 );
   101 
   100 
   102 $nagios_tlsa->getopts;
   101 $nagios_tlsa->getopts;
   103 
   102 
   104 my $domain     = $nagios_tlsa->opts->host;
   103 my $domain     = $nagios_tlsa->opts->host;
   108 my $expiry     = $nagios_tlsa->opts->expiry;
   107 my $expiry     = $nagios_tlsa->opts->expiry;
   109 
   108 
   110 if (!$domain && !$domainlist) {
   109 if (!$domain && !$domainlist) {
   111     my $script = basename $0;
   110     my $script = basename $0;
   112     say "Please set -H <domain> or -f <domainlist>\n"
   111     say "Please set -H <domain> or -f <domainlist>\n"
   113     . "For all options try $script --help";
   112       . "For all options try $script --help";
   114 
   113 
   115     exit 1;
   114     exit 1;
   116 }
   115 }
   117 
   116 
   118 if ($domainlist)
   117 if ($domainlist) {
   119 {
   118     get_domains();
   120   get_domains();
   119     exit 0;
   121   exit 0;
       
   122 }
   120 }
   123 
   121 
   124 if ($domain) {
   122 if ($domain) {
   125 
   123 
   126   if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) {
   124     if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) {
   127     $domain = $+{domain};
   125         $domain = $+{domain};
   128     $port   = $+{port};
   126         $port   = $+{port};
   129   }
   127     }
   130 
   128 
   131   if (not $port or $port eq '') {
   129     if (not $port or $port eq '') {
   132     $port = 443;
   130         $port = 443;
   133   }
   131     }
   134 
   132 
   135   if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') {
   133     if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') {
   136     $protocol = 'tcp';
   134         $protocol = 'tcp';
   137   }
   135     }
   138 
   136 
   139   my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
   137     my $return =
   140   say $return;
   138       Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
   141   exit 0;
   139     say $return;
       
   140     exit 0;
   142 }
   141 }
   143 
   142 
   144 sub get_domains {
   143 sub get_domains {
   145     open(my $filehandle, '<', $domainlist);
   144     open(my $filehandle, '<', $domainlist);
   146 
   145 
   147     while (<$filehandle>) {
   146     while (<$filehandle>) {
   148         if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) {
   147         if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) {
   149             $domain = $+{domain};
   148             $domain = $+{domain};
   150 
   149 
   151             if ("$+{port}" =~ /^\s*$/) { $port = '443'; }
   150             if   ("$+{port}" =~ /^\s*$/) { $port = '443'; }
   152             else { $port   = $+{port}; }
   151             else                         { $port = $+{port}; }
   153 
   152 
   154             my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
   153             my $return =
       
   154               Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
   155             say $return;
   155             say $return;
   156         }
   156         }
   157         else {
   157         else {
   158             die "$domainlist has wrong or malformed content\n";
   158             die "$domainlist has wrong or malformed content\n";
   159         }
   159         }