11 my $blurb = 'This Plugin is intended to check validity of TLSA Records'; |
11 my $blurb = 'This Plugin is intended to check validity of TLSA Records'; |
12 my $url = 'http://www.schlittermann.de'; |
12 my $url = 'http://www.schlittermann.de'; |
13 my $author = 'Heike Yvonne Pesch'; |
13 my $author = 'Heike Yvonne Pesch'; |
14 my $email = '<pesch@schlittermann.de>'; |
14 my $email = '<pesch@schlittermann.de>'; |
15 my $usage = <<_; |
15 my $usage = <<_; |
16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] |
16 Usage: %s [-v|--verbose ] [-H <host>] [-t <timeout>] |
17 [ -f|--hostlist=<hostlist> ] |
17 [-c|--critical=<critical threshold>] |
18 [ -c|--critical=<critical threshold> ] |
18 [-w|--warning=<warning threshold>] |
19 [ -w|--warning=<warning threshold> ] |
19 [-p|--port=<portnumber>] |
20 [ -p|--port=<portnumber> ] |
20 [-q|--queryserver=<DNS-Server-IP>] |
21 [ -q|--queryserver=<DNS-Server-IP> ] |
|
22 _ |
21 _ |
23 |
|
24 my $extra = <<_; |
22 my $extra = <<_; |
25 |
23 |
26 NOTICE |
24 NOTICE |
27 If you want to use a hostlist, you have to put entries like this: |
25 If you want to use a hostlist, you have to put entries like this: |
28 |
26 |
63 required => 0, |
59 required => 0, |
64 ); |
60 ); |
65 |
61 |
66 $nagios_tlsa->add_arg( |
62 $nagios_tlsa->add_arg( |
67 spec => 'expiry|e', |
63 spec => 'expiry|e', |
68 help => 'check expiry of Certificate', |
64 help => 'check expiry of certificate', |
69 required => 0, |
65 required => 0, |
70 ); |
66 ); |
71 |
67 |
72 $nagios_tlsa->add_arg( |
68 $nagios_tlsa->add_arg( |
73 spec => 'port|p=i', |
69 spec => 'port|p=i', |
74 help => 'Port of Domain to check the TLSA (default: 443)', |
70 help => 'port of host to check the TLSA (default: 443)', |
75 required => 0, |
71 required => 0, |
76 default => 443, |
72 default => 443, |
77 ); |
73 ); |
78 |
74 |
79 $nagios_tlsa->add_arg( |
75 $nagios_tlsa->add_arg( |
80 spec => 'queryserver|q=s', |
76 spec => 'queryserver|q=s', |
81 required => 0, |
77 required => 0, |
82 help => |
78 help => |
83 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', |
79 'DNS server to ask to check the TLSA (default: defined in resolv.conf)', |
84 |
80 |
85 ); |
81 ); |
86 |
82 |
87 $nagios_tlsa->add_arg( |
83 $nagios_tlsa->add_arg( |
88 spec => 'protocol|P=s', |
84 spec => 'protocol|P=s', |
89 help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', |
85 help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', |
90 required => 0, |
86 required => 0, |
91 default => 'tcp', |
87 default => 'tcp', |
92 ); |
88 ); |
93 |
89 |
94 $nagios_tlsa->add_arg( |
|
95 spec => 'timeout|t=i', |
|
96 help => 'Timeout in seconds for check (default: 120)', |
|
97 required => 0, |
|
98 default => 120, |
|
99 ); |
|
100 |
|
101 $nagios_tlsa->getopts; |
90 $nagios_tlsa->getopts; |
102 |
91 |
103 my $domain = $nagios_tlsa->opts->host; |
92 my $domain = $nagios_tlsa->opts->host; |
104 my $port = $nagios_tlsa->opts->port; |
93 my $port = $nagios_tlsa->opts->port; |
105 my $protocol = $nagios_tlsa->opts->protocol; |
94 my $protocol = $nagios_tlsa->opts->protocol; |
106 my $domainlist = $nagios_tlsa->opts->hostlist; |
95 my $domainlist = $nagios_tlsa->opts->hostlist; |
107 my $expiry = $nagios_tlsa->opts->expiry; |
96 my $expiry = $nagios_tlsa->opts->expiry; |
|
97 my $pattern = '^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)'; |
108 |
98 |
109 if (!$domain && !$domainlist) { |
99 if (!$domain && !$domainlist) { |
110 my $script = basename $0; |
100 my $script = basename $0; |
111 say "Please set -H <domain> or -f <domainlist>\n" |
101 my $excuse = "Please set -H <domain> or -f <domainlist>\n" |
112 . "For all options try $script --help"; |
102 . "For all options try $script --help"; |
113 |
103 |
|
104 say $excuse; |
114 exit 1; |
105 exit 1; |
115 } |
106 } |
116 |
107 |
117 if ($domainlist) { |
108 if ($domainlist) { |
118 get_domains(); |
109 get_domains(); |
119 exit 0; |
110 exit 0; |
120 } |
111 } |
121 |
112 |
122 if ($domain) { |
113 if ($domain) { |
123 |
114 |
124 if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) { |
115 my $pattern = '^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)'; |
|
116 if ($domain =~ /$pattern/gi) { |
125 $domain = $+{domain}; |
117 $domain = $+{domain}; |
126 $port = $+{port}; |
118 $port = $+{port}; |
127 } |
119 } |
128 |
120 |
129 if (not $port or $port eq '') { |
121 if (!$port || $port eq '') { |
130 $port = 443; |
122 $port = 443; |
131 } |
123 } |
132 |
124 |
133 if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { |
125 if (!$protocol || $protocol ne 'tcp' || $protocol ne 'udp') { |
134 $protocol = 'tcp'; |
126 $protocol = 'tcp'; |
135 } |
127 } |
136 |
128 |
137 my $return = |
129 my $return = |
138 Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); |
130 Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); |
142 |
134 |
143 sub get_domains { |
135 sub get_domains { |
144 open(my $filehandle, '<', $domainlist); |
136 open(my $filehandle, '<', $domainlist); |
145 |
137 |
146 while (<$filehandle>) { |
138 while (<$filehandle>) { |
147 if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) { |
139 if (/$pattern/ig) { |
148 $domain = $+{domain}; |
140 $domain = $+{domain}; |
149 |
141 |
150 if ("$+{port}" =~ /^\s*$/) { $port = '443'; } |
142 if ("$+{port}" =~ /^\s*$/) { $port = '443'; } |
151 else { $port = $+{port}; } |
143 else { $port = $+{port}; } |
152 |
144 |