bin/check_tlsa-record
changeset 16 f5593514ab44
parent 14 ddefd02de6c5
child 40 b0dce1770a15
equal deleted inserted replaced
15:81f7087155cf 16:f5593514ab44
    11 my $blurb  = 'This Plugin is intended to check validity of TLSA Records';
    11 my $blurb  = 'This Plugin is intended to check validity of TLSA Records';
    12 my $url    = 'http://www.schlittermann.de';
    12 my $url    = 'http://www.schlittermann.de';
    13 my $author = 'Heike Yvonne Pesch';
    13 my $author = 'Heike Yvonne Pesch';
    14 my $email  = '<pesch@schlittermann.de>';
    14 my $email  = '<pesch@schlittermann.de>';
    15 my $usage  = <<_;
    15 my $usage  = <<_;
    16 Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] 
    16 Usage: %s [-v|--verbose ] [-H <host>] [-t <timeout>]
    17                          [ -f|--hostlist=<hostlist> ] 
    17 	[-c|--critical=<critical threshold>]
    18                          [ -c|--critical=<critical threshold> ] 
    18 	[-w|--warning=<warning threshold>]
    19                          [ -w|--warning=<warning threshold> ] 
    19 	[-p|--port=<portnumber>]
    20                          [ -p|--port=<portnumber> ] 
    20 	[-q|--queryserver=<DNS-Server-IP>]
    21                          [ -q|--queryserver=<DNS-Server-IP> ] 
       
    22 _
    21 _
    23 
       
    24 my $extra = <<_;
    22 my $extra = <<_;
    25 
    23 
    26 NOTICE
    24 NOTICE
    27 If you want to use a hostlist, you have to put entries like this:
    25 If you want to use a hostlist, you have to put entries like this:
    28 
    26 
    47     url     => $url,
    45     url     => $url,
    48     plugin  => $ME,
    46     plugin  => $ME,
    49     timeout => 120,
    47     timeout => 120,
    50 
    48 
    51 );
    49 );
    52 
       
    53 #@TODO exit 1 &Co in eigenes die || oh_shit
       
    54 $nagios_tlsa->add_arg(
    50 $nagios_tlsa->add_arg(
    55     spec     => 'host|H=s',
    51     spec     => 'host|H=s',
    56     help     => 'Host/Domain to check',
    52     help     => 'Host/Domain to check',
    57     required => 0,
    53     required => 0,
    58 );
    54 );
    63     required => 0,
    59     required => 0,
    64 );
    60 );
    65 
    61 
    66 $nagios_tlsa->add_arg(
    62 $nagios_tlsa->add_arg(
    67     spec     => 'expiry|e',
    63     spec     => 'expiry|e',
    68     help     => 'check expiry of Certificate',
    64     help     => 'check expiry of certificate',
    69     required => 0,
    65     required => 0,
    70 );
    66 );
    71 
    67 
    72 $nagios_tlsa->add_arg(
    68 $nagios_tlsa->add_arg(
    73     spec     => 'port|p=i',
    69     spec     => 'port|p=i',
    74     help     => 'Port of Domain to check the TLSA (default: 443)',
    70     help     => 'port of host to check the TLSA (default: 443)',
    75     required => 0,
    71     required => 0,
    76     default  => 443,
    72     default  => 443,
    77 );
    73 );
    78 
    74 
    79 $nagios_tlsa->add_arg(
    75 $nagios_tlsa->add_arg(
    80     spec     => 'queryserver|q=s',
    76     spec     => 'queryserver|q=s',
    81     required => 0,
    77     required => 0,
    82     help =>
    78     help =>
    83       'DNS Server to ask to check the TLSA (default: defined in resolve.conf)',
    79       'DNS server to ask to check the TLSA (default: defined in resolv.conf)',
    84 
    80 
    85 );
    81 );
    86 
    82 
    87 $nagios_tlsa->add_arg(
    83 $nagios_tlsa->add_arg(
    88     spec => 'protocol|P=s',
    84     spec => 'protocol|P=s',
    89     help => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
    85     help => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
    90     required => 0,
    86     required => 0,
    91     default  => 'tcp',
    87     default  => 'tcp',
    92 );
    88 );
    93 
    89 
    94 $nagios_tlsa->add_arg(
       
    95     spec     => 'timeout|t=i',
       
    96     help     => 'Timeout in seconds for check (default: 120)',
       
    97     required => 0,
       
    98     default  => 120,
       
    99 );
       
   100 
       
   101 $nagios_tlsa->getopts;
    90 $nagios_tlsa->getopts;
   102 
    91 
   103 my $domain     = $nagios_tlsa->opts->host;
    92 my $domain     = $nagios_tlsa->opts->host;
   104 my $port       = $nagios_tlsa->opts->port;
    93 my $port       = $nagios_tlsa->opts->port;
   105 my $protocol   = $nagios_tlsa->opts->protocol;
    94 my $protocol   = $nagios_tlsa->opts->protocol;
   106 my $domainlist = $nagios_tlsa->opts->hostlist;
    95 my $domainlist = $nagios_tlsa->opts->hostlist;
   107 my $expiry     = $nagios_tlsa->opts->expiry;
    96 my $expiry     = $nagios_tlsa->opts->expiry;
       
    97 my $pattern    = '^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)';
   108 
    98 
   109 if (!$domain && !$domainlist) {
    99 if (!$domain && !$domainlist) {
   110     my $script = basename $0;
   100     my $script = basename $0;
   111     say "Please set -H <domain> or -f <domainlist>\n"
   101     my $excuse = "Please set -H <domain> or -f <domainlist>\n"
   112       . "For all options try $script --help";
   102       . "For all options try $script --help";
   113 
   103 
       
   104     say $excuse;
   114     exit 1;
   105     exit 1;
   115 }
   106 }
   116 
   107 
   117 if ($domainlist) {
   108 if ($domainlist) {
   118     get_domains();
   109     get_domains();
   119     exit 0;
   110     exit 0;
   120 }
   111 }
   121 
   112 
   122 if ($domain) {
   113 if ($domain) {
   123 
   114 
   124     if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) {
   115     my $pattern = '^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)';
       
   116     if ($domain =~ /$pattern/gi) {
   125         $domain = $+{domain};
   117         $domain = $+{domain};
   126         $port   = $+{port};
   118         $port   = $+{port};
   127     }
   119     }
   128 
   120 
   129     if (not $port or $port eq '') {
   121     if (!$port || $port eq '') {
   130         $port = 443;
   122         $port = 443;
   131     }
   123     }
   132 
   124 
   133     if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') {
   125     if (!$protocol || $protocol ne 'tcp' || $protocol ne 'udp') {
   134         $protocol = 'tcp';
   126         $protocol = 'tcp';
   135     }
   127     }
   136 
   128 
   137     my $return =
   129     my $return =
   138       Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
   130       Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
   142 
   134 
   143 sub get_domains {
   135 sub get_domains {
   144     open(my $filehandle, '<', $domainlist);
   136     open(my $filehandle, '<', $domainlist);
   145 
   137 
   146     while (<$filehandle>) {
   138     while (<$filehandle>) {
   147         if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) {
   139         if (/$pattern/ig) {
   148             $domain = $+{domain};
   140             $domain = $+{domain};
   149 
   141 
   150             if   ("$+{port}" =~ /^\s*$/) { $port = '443'; }
   142             if   ("$+{port}" =~ /^\s*$/) { $port = '443'; }
   151             else                         { $port = $+{port}; }
   143             else                         { $port = $+{port}; }
   152 
   144