bin/check_tlsa-record
changeset 8 ebb775c59021
child 9 2041bac74e8d
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/check_tlsa-record	Thu May 26 12:27:22 2016 +0200
@@ -0,0 +1,158 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+use feature qw(say);
+use Nagios::Check::DNS::check_tlsa_record;
+use File::Basename;
+use Monitoring::Plugin;
+
+my $ME      = basename $0;
+my $blurb   = 'This Plugin is intendet to check validity of TLSA Record';
+my $url     = 'http://www.schlittermann.de';
+my $author  = 'Heike Yvonne Pesch';
+my $email   = '<pesch@schlittermann.de>';
+my $usage   = 'Usage: %s [ -v|--verbose ] [-H <host>] [-t <timeout>] '
+            . '[ -c|--critical=<critical threshold> ] '
+            . '[ -w|--warning=<warning threshold> ] '
+            . '[ -p|--port=<portnumber> ] '
+            . '[ -q|--queryserver=<DNS-Server-IP> ] ';
+my $extra   = <<_;
+
+NOTICE
+If you want to use a Hostlist, you have to put entrys like this:
+
+host
+host:port
+
+
+EXAMPLES
+$ME -H ssl.schlittermann.de 
+$ME -H hh.schlittermann.de -p25
+$ME -H hh.schlittermann.de:25
+$ME -f hostlist.txt
+
+Author: $author $email
+For more information visit $url
+_
+
+
+my $nagios_tlsa  = Monitoring::Plugin->new(
+  usage   => $usage,
+  blurb   => $blurb,
+  extra   => $extra,
+  url     => $url,
+  plugin  => $ME,
+  timeout => 120,
+
+);
+$nagios_tlsa->add_arg(
+  spec     => 'host|H=s',
+  help     => q|Host/Domain to check|,
+  required => 0,
+);
+
+$nagios_tlsa->add_arg(
+  spec     => 'hostlist|f=s',
+  help     => q|Host/Domainlist in file to check|,
+  required => 0,
+);
+
+$nagios_tlsa->add_arg(
+  spec     => 'expiry|e',
+  help     => q|check expiry of Certificate|,
+  required => 0,
+);
+
+$nagios_tlsa->add_arg(
+  spec     => 'port|p=i',
+  help     => q|Port of Domain to check the TLSA (default: 443)|,
+  required => 0,
+  default  => 443,
+);
+
+$nagios_tlsa->add_arg(
+  spec     => 'queryserver|q=s',
+  required => 0,
+  help     =>
+  q|DNS Server to ask to check the TLSA (default: defined in resolve.conf)|,
+
+);
+
+$nagios_tlsa->add_arg(
+  spec     => 'protocol|P=s',
+  help     => q|Protocol to ask to check the TLSA record of domain (default: tcp)|,
+  required => 0,
+  default  => 'tcp',
+);
+
+$nagios_tlsa->getopts;
+
+my $domain     = $nagios_tlsa->opts->host;
+my $port       = $nagios_tlsa->opts->port;
+my $protocol   = $nagios_tlsa->opts->protocol;
+my $domainlist = $nagios_tlsa->opts->hostlist;
+my $expiry     = $nagios_tlsa->opts->expiry;
+my $pattern    = '^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)';
+
+
+if (!$domain && !$domainlist) {
+    my $script = basename $0;
+    my $excuse = "Please set -H <domain> or -f <domainlist>\n"
+    . "For all options try $script --help";
+
+    say $excuse;
+    exit 1;
+}
+
+if ($domainlist)
+{
+  get_domains();
+  exit 0;
+}
+
+if ($domain)
+{
+
+  my $pattern    = '^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)';
+  if ($domain =~ /$pattern/gi)
+  {
+    $domain = $+{domain};
+    $port   = $+{port};
+  }
+
+  if (!$port || $port eq '')
+  {
+    $port = 443;
+  }
+
+  if (!$protocol || $protocol ne 'tcp' || $protocol ne 'udp')
+  {
+    $protocol = 'tcp';
+  }
+
+  my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
+  say $return;
+}
+
+sub get_domains {
+    open(my $filehandle, '<', $domainlist);
+
+    while (<$filehandle>) {
+        if (/$pattern/ig) {
+            $domain = $+{domain};
+
+            if ("$+{port}" =~ /^\s*$/) { $port = '443'; }
+            else { $port   = $+{port}; }
+
+            my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
+            say $return;
+        }
+        else {
+            die "$domainlist has wrong or malformed content\n";
+        }
+
+    }
+}
+
+# vim: ft=perl ts=2 sw=2