# HG changeset patch # User pesch # Date 1464641467 -7200 # Node ID ddefd02de6c55af7ee1642385ce71047f9db357c # Parent 198dd181ba3702666c4d0e96044c47d4cf5eaef5 perltidy + fix some spelling mistakes... diff -r 198dd181ba37 -r ddefd02de6c5 Build.PL --- a/Build.PL Mon May 30 16:55:06 2016 +0200 +++ b/Build.PL Mon May 30 22:51:07 2016 +0200 @@ -5,33 +5,33 @@ use Module::Build; my $build = Module::Build->new( - module_name => 'Nagios::Check::DNS::check_tlsa_record', - license => 'perl', - dist_name => 'nagios-plugin-tlsa-record', - dist_author => 'Heike Yvonne Pesch ', - dist_abstract => 'short description', - dist_version_from => 'lib/Nagios/Check/DNS/check_tlsa_record.pm', - build_requires => { - 'Module::Build' => '0.4', - }, - requires => { - 'Test::More' => '0.10', - 'Monitoring::Plugin' => '0.39', - }, - checks_files => { - 'bin/check_tlsa-record' => 'nagios/plugins/ius/check_tlsa_record', - }, - bin_scripts => [glob 'bin/*'], + module_name => 'Nagios::Check::DNS::check_tlsa_record', + license => 'perl', + dist_name => 'nagios-plugin-tlsa-record', + dist_author => 'Heike Yvonne Pesch ', + dist_abstract => 'short description', + dist_version_from => 'lib/Nagios/Check/DNS/check_tlsa_record.pm', + build_requires => { + 'Module::Build' => '0.4', + }, + requires => { + 'Test::More' => '0.10', + 'Monitoring::Plugin' => '0.39', + }, + checks_files => { + 'bin/check_tlsa-record' => 'nagios/plugins/ius/check_tlsa_record', + }, + bin_scripts => [glob 'bin/*'], ); if (not defined $build->install_path('nagios')) { - my $base = do { - if ($build->installdirs eq 'vendor') { '/usr/lib' } - elsif (defined $build->install_base) { $build->install_base } - else { '/usr/local/lib' } - }; - $build->install_path(nagios => "$base/nagios"); + my $base = do { + if ($build->installdirs eq 'vendor') { '/usr/lib' } + elsif (defined $build->install_base) { $build->install_base } + else { '/usr/local/lib' } + }; + $build->install_path(nagios => "$base/nagios"); } $build->bindoc_dirs([@{ $build->bindoc_dirs }, 'blib/nagios/plugins/ius']); diff -r 198dd181ba37 -r ddefd02de6c5 bin/check_tlsa-record --- a/bin/check_tlsa-record Mon May 30 16:55:06 2016 +0200 +++ b/bin/check_tlsa-record Mon May 30 22:51:07 2016 +0200 @@ -7,12 +7,12 @@ use File::Basename; use Monitoring::Plugin; -my $ME = basename $0; -my $blurb = 'This Plugin is intended to check validity of TLSA Records'; -my $url = 'http://www.schlittermann.de'; -my $author = 'Heike Yvonne Pesch'; -my $email = ''; -my $usage = <<_; +my $ME = basename $0; +my $blurb = 'This Plugin is intended to check validity of TLSA Records'; +my $url = 'http://www.schlittermann.de'; +my $author = 'Heike Yvonne Pesch'; +my $email = ''; +my $usage = <<_; Usage: %s [ -v|--verbose ] -H [-t ] [ -f|--hostlist= ] [ -c|--critical= ] @@ -21,7 +21,7 @@ [ -q|--queryserver= ] _ -my $extra = <<_; +my $extra = <<_; NOTICE If you want to use a hostlist, you have to put entries like this: @@ -40,63 +40,62 @@ For more information visit $url _ - -my $nagios_tlsa = Monitoring::Plugin->new( - usage => $usage, - blurb => $blurb, - extra => $extra, - url => $url, - plugin => $ME, - timeout => 120, +my $nagios_tlsa = Monitoring::Plugin->new( + usage => $usage, + blurb => $blurb, + extra => $extra, + url => $url, + plugin => $ME, + timeout => 120, ); #@TODO exit 1 &Co in eigenes die || oh_shit $nagios_tlsa->add_arg( - spec => 'host|H=s', - help => 'Host/Domain to check', - required => 0, + spec => 'host|H=s', + help => 'Host/Domain to check', + required => 0, ); $nagios_tlsa->add_arg( - spec => 'hostlist|f=s', - help => 'Host/Domainlist in file to check', - required => 0, + spec => 'hostlist|f=s', + help => 'Host/Domainlist in file to check', + required => 0, ); $nagios_tlsa->add_arg( - spec => 'expiry|e', - help => 'check expiry of Certificate', - required => 0, + spec => 'expiry|e', + help => 'check expiry of Certificate', + required => 0, ); $nagios_tlsa->add_arg( - spec => 'port|p=i', - help => 'Port of Domain to check the TLSA (default: 443)', - required => 0, - default => 443, + spec => 'port|p=i', + help => 'Port of Domain to check the TLSA (default: 443)', + required => 0, + default => 443, ); $nagios_tlsa->add_arg( - spec => 'queryserver|q=s', - required => 0, - help => - 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', + spec => 'queryserver|q=s', + required => 0, + help => + 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)', ); $nagios_tlsa->add_arg( - spec => 'protocol|P=s', - help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', - required => 0, - default => 'tcp', + spec => 'protocol|P=s', + help => 'Protocol to ask to check the TLSA record of domain (default: tcp)', + required => 0, + default => 'tcp', ); $nagios_tlsa->add_arg( - spec => 'timeout|t=i', - help => 'Timeout in seconds for check (default: 120)', - required => 0, - default => 120, + spec => 'timeout|t=i', + help => 'Timeout in seconds for check (default: 120)', + required => 0, + default => 120, ); $nagios_tlsa->getopts; @@ -110,35 +109,35 @@ if (!$domain && !$domainlist) { my $script = basename $0; say "Please set -H or -f \n" - . "For all options try $script --help"; + . "For all options try $script --help"; exit 1; } -if ($domainlist) -{ - get_domains(); - exit 0; +if ($domainlist) { + get_domains(); + exit 0; } if ($domain) { - if ($domain =~ /^(?\S*\.[a-z]{2,4}?):{1}(?[0-9]+$)/gi) { - $domain = $+{domain}; - $port = $+{port}; - } + if ($domain =~ /^(?\S*\.[a-z]{2,4}?):{1}(?[0-9]+$)/gi) { + $domain = $+{domain}; + $port = $+{port}; + } + + if (not $port or $port eq '') { + $port = 443; + } - if (not $port or $port eq '') { - $port = 443; - } + if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { + $protocol = 'tcp'; + } - if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') { - $protocol = 'tcp'; - } - - my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); - say $return; - exit 0; + my $return = + Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol)); + say $return; + exit 0; } sub get_domains { @@ -148,10 +147,11 @@ if (/^(?\S*\.[a-z]{2,4}?):{0,1}(?[0-9]*$)/ig) { $domain = $+{domain}; - if ("$+{port}" =~ /^\s*$/) { $port = '443'; } - else { $port = $+{port}; } + if ("$+{port}" =~ /^\s*$/) { $port = '443'; } + else { $port = $+{port}; } - my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port)); + my $return = + Nagios::Check::DNS::check_tlsa_record::main(($domain, $port)); say $return; } else { diff -r 198dd181ba37 -r ddefd02de6c5 lib/Nagios/Check/DNS/check_tlsa_record.pm --- a/lib/Nagios/Check/DNS/check_tlsa_record.pm Mon May 30 16:55:06 2016 +0200 +++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm Mon May 30 22:51:07 2016 +0200 @@ -1,9 +1,11 @@ use strict; use warnings; use feature qw(say switch); + #use if $^V >= v5.0.20 => (experimental => gw(smartmatch)); use experimental qw(smartmatch); use File::Temp; + package Nagios::Check::DNS::check_tlsa_record; $Nagios::Check::DNS::check_tlsa_record::VERSION = '0.1'; @@ -15,138 +17,119 @@ SUFFIX => '.tmp' ); -sub main -{ - my $domain = shift; - my $port = shift || 443; - my $protocol = shift || 'tcp'; - my $validate = validate_tsla($domain, $port); - return "$validate"; - +sub main { + my $domain = shift; + my $port = shift || 443; + my $protocol = shift || 'tcp'; + my $validate = validate_tsla($domain, $port, $protocol); + return "$validate"; } -sub dig_tlsa -{ - my $domain = shift; - my $port = shift; - my $protocol = shift || 'tcp'; - my $query = "dig tlsa _$port._$protocol.$domain +short"; - my $dig_return = qx($query); - return $dig_return; +sub dig_tlsa { + my $domain = shift; + my $port = shift; + my $protocol = shift || 'tcp'; + my $query = "dig tlsa _$port._$protocol.$domain +short"; + my $dig_return = qx($query); + return $dig_return; } -sub get_cert -{ - my $domain = shift; - my $port = shift; - my $query; - my $cert; +sub get_cert { + my $domain = shift; + my $port = shift; + my $query; + my $cert; - if ($port == 25) { - $query = "openssl s_client -starttls smtp -connect $domain:$port"; - - } - else { - $query = "openssl s_client -connect $domain:$port"; - - } - my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile"; - $query = "$query $same"; + if ($port == 25) { + $query = "openssl s_client -starttls smtp -connect $domain:$port"; + + } + else { + $query = "openssl s_client -connect $domain:$port"; + + } + my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile"; + $query = "$query $same"; - $cert = qx($query); - return $cert; + $cert = qx($query); + return $cert; } - -sub get_tlsa_from_cert -{ - my $cert = shift; - my $hashit = shift || 'sha256'; - my $gentlsa = "openssl x509 -in $tempfile -pubkey | " - . 'openssl rsa -pubin -inform PEM -outform DER 2>/dev/null| ' - . "openssl $hashit"; - #my $cert_tlsa = "echo \"$cert\" | $gentlsa"; - +sub get_tlsa_from_cert { + my $cert = shift; + my $hashit = shift || 'sha256'; + my $gentlsa = + "openssl x509 -in $tempfile -pubkey | " + . 'openssl rsa -pubin -inform PEM -outform DER 2>/dev/null | ' + . "openssl $hashit"; - #my $tlsa_record = qx($cert_tlsa) or die "nothing found!\n"; - my $tlsa_record = qx($gentlsa) or die "nothing found!\n"; - $tlsa_record =~ s/^.*= (.*$)/$1/gi; - $tlsa_record = uc($tlsa_record); + my $tlsa_record = qx($gentlsa) or die "nothing found!\n"; + $tlsa_record =~ s/^.*= (.*$)/$1/gi; + $tlsa_record = uc($tlsa_record); - return $tlsa_record; + return $tlsa_record; } -sub check_expiry -{ - my $cert = shift; - my $check_date = 'openssl x509 -noout -startdate -enddate'; - my $check_expiry = "echo \"$cert\"|$check_date"; - my $expiry = qx($check_expiry); - - return "$expiry"; +sub check_expiry { + my $cert = shift; + my $check_expiry = "openssl x509 -in $cert -noout -startdate -enddate"; + my $expiry = qx($check_expiry); + + return "$expiry"; } -sub get_tlsa_match_type -{ - my $dig_return = shift; - - my $tlsa_usage = substr($dig_return, 0, 1); - my $tlsa_selector = substr($dig_return, 2, 1); - my $tlsa_match_type = substr($dig_return, 4, 1); - my $hashit; +sub get_tlsa_match_type { + my $dig_return = shift; + my $tlsa_usage = substr($dig_return, 0, 1); + my $tlsa_selector = substr($dig_return, 2, 1); + my $tlsa_match_type = substr($dig_return, 4, 1); + my $hashit; - for ($tlsa_match_type) { - when ('0') { die 'certs will be compared directly' } - when ('1') { $hashit = 'sha256' } - when ('2') { $hashit = 'sha512' } - default { $hashit = 'sha256' } - } - return $hashit; - + for ($tlsa_match_type) { + when ('0') { die 'certs will be compared directly' } + when ('1') { $hashit = 'sha256' } + when ('2') { $hashit = 'sha512' } + default { $hashit = 'sha256' } + } + return "$hashit"; } -sub get_dig_tlsa_record -{ - #my $dig_return = shift; - my $dig_return = shift; - my $dig_tlsa = substr($dig_return, 6,); - $dig_tlsa =~ s/(\S*)\s+(\S*)$/$1$2/; +sub get_dig_tlsa_record { + my $dig_return = shift; + my $dig_tlsa = substr($dig_return, 6,); + $dig_tlsa =~ s/(\S*)\s+(\S*)$/$1$2/; - return "$dig_tlsa"; + return "$dig_tlsa"; } -sub get_tlsa_usage -{ - my $dig_return = shift; - my $tlsa_usage = substr($dig_return, 0, 1); +sub get_tlsa_usage { + my $dig_return = shift; + my $tlsa_usage = substr($dig_return, 0, 1); - return "$tlsa_usage"; + return "$tlsa_usage"; } -sub get_tlsa_selector -{ - my $dig_return = shift; - my $tlsa_selector = substr($dig_return, 2, 1); +sub get_tlsa_selector { + my $dig_return = shift; + my $tlsa_selector = substr($dig_return, 2, 1); - return "$tlsa_selector"; + return "$tlsa_selector"; } -sub validate_tsla -{ - my $domain = shift; - my $port = shift; - my $cert = get_cert($domain, $port); - my $dig_return = dig_tlsa($domain, $port); - my $dig_tlsa = get_dig_tlsa_record($dig_return); - my $cert_tlsa = get_tlsa_from_cert($cert); +sub validate_tsla { + my $domain = shift; + my $port = shift; + my $protocol = shift; + my $cert = get_cert($domain, $port); + my $dig_return = dig_tlsa($domain, $port, $protocol); + my $dig_tlsa = get_dig_tlsa_record($dig_return); + my $cert_tlsa = get_tlsa_from_cert($cert); - if ("$dig_tlsa" ne "$cert_tlsa") - { - return "crtical: TLSA Record for $domain:$port is not valid"; - } - return "OK: TLSA Record for $domain:$port is valid"; + if ("$dig_tlsa" ne "$cert_tlsa") { + return "CRITICAL: TLSA Record for $domain:$port is not valid"; + } + return "OK: TLSA Record for $domain:$port is valid"; } - # vim: ft=perl ts=2 sw=2 foldmethod=indent 1;