|      5 use feature qw(say); |      5 use feature qw(say); | 
|      6 use Nagios::Check::DNS::check_tlsa_record; |      6 use Nagios::Check::DNS::check_tlsa_record; | 
|      7 use File::Basename; |      7 use File::Basename; | 
|      8 use Monitoring::Plugin; |      8 use Monitoring::Plugin; | 
|      9  |      9  | 
|     10 my $ME      = basename $0; |     10 my $ME     = basename $0; | 
|     11 my $blurb   = 'This Plugin is intended to check validity of TLSA Records'; |     11 my $blurb  = 'This Plugin is intended to check validity of TLSA Records'; | 
|     12 my $url     = 'http://www.schlittermann.de'; |     12 my $url    = 'http://www.schlittermann.de'; | 
|     13 my $author  = 'Heike Yvonne Pesch'; |     13 my $author = 'Heike Yvonne Pesch'; | 
|     14 my $email   = '<pesch@schlittermann.de>'; |     14 my $email  = '<pesch@schlittermann.de>'; | 
|     15 my $usage   = <<_; |     15 my $usage  = <<_; | 
|     16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>]  |     16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>]  | 
|     17                          [ -f|--hostlist=<hostlist> ]  |     17                          [ -f|--hostlist=<hostlist> ]  | 
|     18                          [ -c|--critical=<critical threshold> ]  |     18                          [ -c|--critical=<critical threshold> ]  | 
|     19                          [ -w|--warning=<warning threshold> ]  |     19                          [ -w|--warning=<warning threshold> ]  | 
|     20                          [ -p|--port=<portnumber> ]  |     20                          [ -p|--port=<portnumber> ]  | 
|     21                          [ -q|--queryserver=<DNS-Server-IP> ]  |     21                          [ -q|--queryserver=<DNS-Server-IP> ]  | 
|     22 _ |     22 _ | 
|     23  |     23  | 
|     24 my $extra   = <<_; |     24 my $extra = <<_; | 
|     25  |     25  | 
|     26 NOTICE |     26 NOTICE | 
|     27 If you want to use a hostlist, you have to put entries like this: |     27 If you want to use a hostlist, you have to put entries like this: | 
|     28  |     28  | 
|     29 host |     29 host | 
|     38  |     38  | 
|     39 Author: $author $email |     39 Author: $author $email | 
|     40 For more information visit $url |     40 For more information visit $url | 
|     41 _ |     41 _ | 
|     42  |     42  | 
|     43  |     43 my $nagios_tlsa = Monitoring::Plugin->new( | 
|     44 my $nagios_tlsa  = Monitoring::Plugin->new( |     44     usage   => $usage, | 
|     45   usage   => $usage, |     45     blurb   => $blurb, | 
|     46   blurb   => $blurb, |     46     extra   => $extra, | 
|     47   extra   => $extra, |     47     url     => $url, | 
|     48   url     => $url, |     48     plugin  => $ME, | 
|     49   plugin  => $ME, |     49     timeout => 120, | 
|     50   timeout => 120, |         | 
|     51  |     50  | 
|     52 ); |     51 ); | 
|     53  |     52  | 
|     54 #@TODO exit 1 &Co in eigenes die || oh_shit |     53 #@TODO exit 1 &Co in eigenes die || oh_shit | 
|     55 $nagios_tlsa->add_arg( |     54 $nagios_tlsa->add_arg( | 
|     56   spec     => 'host|H=s', |     55     spec     => 'host|H=s', | 
|     57   help     => 'Host/Domain to check', |     56     help     => 'Host/Domain to check', | 
|     58   required => 0, |     57     required => 0, | 
|     59 ); |     58 ); | 
|     60  |     59  | 
|     61 $nagios_tlsa->add_arg( |     60 $nagios_tlsa->add_arg( | 
|     62   spec     => 'hostlist|f=s', |     61     spec     => 'hostlist|f=s', | 
|     63   help     => 'Host/Domainlist in file to check', |     62     help     => 'Host/Domainlist in file to check', | 
|     64   required => 0, |     63     required => 0, | 
|     65 ); |     64 ); | 
|     66  |     65  | 
|     67 $nagios_tlsa->add_arg( |     66 $nagios_tlsa->add_arg( | 
|     68   spec     => 'expiry|e', |     67     spec     => 'expiry|e', | 
|     69   help     => 'check expiry of Certificate', |     68     help     => 'check expiry of Certificate', | 
|     70   required => 0, |     69     required => 0, | 
|     71 ); |     70 ); | 
|     72  |     71  | 
|     73 $nagios_tlsa->add_arg( |     72 $nagios_tlsa->add_arg( | 
|     74   spec     => 'port|p=i', |     73     spec     => 'port|p=i', | 
|     75   help     => 'Port of Domain to check the TLSA (default: 443)', |     74     help     => 'Port of Domain to check the TLSA (default: 443)', | 
|     76   required => 0, |     75     required => 0, | 
|     77   default  => 443, |     76     default  => 443, | 
|     78 ); |     77 ); | 
|     79  |     78  | 
|     80 $nagios_tlsa->add_arg( |     79 $nagios_tlsa->add_arg( | 
|     81   spec     => 'queryserver|q=s', |     80     spec     => 'queryserver|q=s', | 
|     82   required => 0, |     81     required => 0, | 
|     83   help     => |     82     help => | 
|     84   'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', |     83       'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', | 
|     85  |     84  | 
|     86 ); |     85 ); | 
|     87  |     86  | 
|     88 $nagios_tlsa->add_arg( |     87 $nagios_tlsa->add_arg( | 
|     89   spec     => 'protocol|P=s', |     88     spec => 'protocol|P=s', | 
|     90   help     => 'Protocol to ask to check the TLSA record of domain (default: tcp)', |     89     help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', | 
|     91   required => 0, |     90     required => 0, | 
|     92   default  => 'tcp', |     91     default  => 'tcp', | 
|     93 ); |     92 ); | 
|     94  |     93  | 
|     95 $nagios_tlsa->add_arg( |     94 $nagios_tlsa->add_arg( | 
|     96   spec     => 'timeout|t=i', |     95     spec     => 'timeout|t=i', | 
|     97   help     => 'Timeout in seconds for check (default: 120)', |     96     help     => 'Timeout in seconds for check (default: 120)', | 
|     98   required => 0, |     97     required => 0, | 
|     99   default  => 120, |     98     default  => 120, | 
|    100 ); |     99 ); | 
|    101  |    100  | 
|    102 $nagios_tlsa->getopts; |    101 $nagios_tlsa->getopts; | 
|    103  |    102  | 
|    104 my $domain     = $nagios_tlsa->opts->host; |    103 my $domain     = $nagios_tlsa->opts->host; | 
|    108 my $expiry     = $nagios_tlsa->opts->expiry; |    107 my $expiry     = $nagios_tlsa->opts->expiry; | 
|    109  |    108  | 
|    110 if (!$domain && !$domainlist) { |    109 if (!$domain && !$domainlist) { | 
|    111     my $script = basename $0; |    110     my $script = basename $0; | 
|    112     say "Please set -H <domain> or -f <domainlist>\n" |    111     say "Please set -H <domain> or -f <domainlist>\n" | 
|    113     . "For all options try $script --help"; |    112       . "For all options try $script --help"; | 
|    114  |    113  | 
|    115     exit 1; |    114     exit 1; | 
|    116 } |    115 } | 
|    117  |    116  | 
|    118 if ($domainlist) |    117 if ($domainlist) { | 
|    119 { |    118     get_domains(); | 
|    120   get_domains(); |    119     exit 0; | 
|    121   exit 0; |         | 
|    122 } |    120 } | 
|    123  |    121  | 
|    124 if ($domain) { |    122 if ($domain) { | 
|    125  |    123  | 
|    126   if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) { |    124     if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) { | 
|    127     $domain = $+{domain}; |    125         $domain = $+{domain}; | 
|    128     $port   = $+{port}; |    126         $port   = $+{port}; | 
|    129   } |    127     } | 
|    130  |    128  | 
|    131   if (not $port or $port eq '') { |    129     if (not $port or $port eq '') { | 
|    132     $port = 443; |    130         $port = 443; | 
|    133   } |    131     } | 
|    134  |    132  | 
|    135   if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { |    133     if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { | 
|    136     $protocol = 'tcp'; |    134         $protocol = 'tcp'; | 
|    137   } |    135     } | 
|    138  |    136  | 
|    139   my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); |    137     my $return = | 
|    140   say $return; |    138       Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); | 
|    141   exit 0; |    139     say $return; | 
|         |    140     exit 0; | 
|    142 } |    141 } | 
|    143  |    142  | 
|    144 sub get_domains { |    143 sub get_domains { | 
|    145     open(my $filehandle, '<', $domainlist); |    144     open(my $filehandle, '<', $domainlist); | 
|    146  |    145  | 
|    147     while (<$filehandle>) { |    146     while (<$filehandle>) { | 
|    148         if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) { |    147         if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) { | 
|    149             $domain = $+{domain}; |    148             $domain = $+{domain}; | 
|    150  |    149  | 
|    151             if ("$+{port}" =~ /^\s*$/) { $port = '443'; } |    150             if   ("$+{port}" =~ /^\s*$/) { $port = '443'; } | 
|    152             else { $port   = $+{port}; } |    151             else                         { $port = $+{port}; } | 
|    153  |    152  | 
|    154             my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port)); |    153             my $return = | 
|         |    154               Nagios::Check::DNS::check_tlsa_record::main(($domain, $port)); | 
|    155             say $return; |    155             say $return; | 
|    156         } |    156         } | 
|    157         else { |    157         else { | 
|    158             die "$domainlist has wrong or malformed content\n"; |    158             die "$domainlist has wrong or malformed content\n"; | 
|    159         } |    159         } |