perltidy + fix some spelling mistakes...
--- a/Build.PL Mon May 30 16:55:06 2016 +0200
+++ b/Build.PL Mon May 30 22:51:07 2016 +0200
@@ -5,33 +5,33 @@
use Module::Build;
my $build = Module::Build->new(
- module_name => 'Nagios::Check::DNS::check_tlsa_record',
- license => 'perl',
- dist_name => 'nagios-plugin-tlsa-record',
- dist_author => 'Heike Yvonne Pesch <pesch@schlittermann.de>',
- dist_abstract => 'short description',
- dist_version_from => 'lib/Nagios/Check/DNS/check_tlsa_record.pm',
- build_requires => {
- 'Module::Build' => '0.4',
- },
- requires => {
- 'Test::More' => '0.10',
- 'Monitoring::Plugin' => '0.39',
- },
- checks_files => {
- 'bin/check_tlsa-record' => 'nagios/plugins/ius/check_tlsa_record',
- },
- bin_scripts => [glob 'bin/*'],
+ module_name => 'Nagios::Check::DNS::check_tlsa_record',
+ license => 'perl',
+ dist_name => 'nagios-plugin-tlsa-record',
+ dist_author => 'Heike Yvonne Pesch <pesch@schlittermann.de>',
+ dist_abstract => 'short description',
+ dist_version_from => 'lib/Nagios/Check/DNS/check_tlsa_record.pm',
+ build_requires => {
+ 'Module::Build' => '0.4',
+ },
+ requires => {
+ 'Test::More' => '0.10',
+ 'Monitoring::Plugin' => '0.39',
+ },
+ checks_files => {
+ 'bin/check_tlsa-record' => 'nagios/plugins/ius/check_tlsa_record',
+ },
+ bin_scripts => [glob 'bin/*'],
);
if (not defined $build->install_path('nagios')) {
- my $base = do {
- if ($build->installdirs eq 'vendor') { '/usr/lib' }
- elsif (defined $build->install_base) { $build->install_base }
- else { '/usr/local/lib' }
- };
- $build->install_path(nagios => "$base/nagios");
+ my $base = do {
+ if ($build->installdirs eq 'vendor') { '/usr/lib' }
+ elsif (defined $build->install_base) { $build->install_base }
+ else { '/usr/local/lib' }
+ };
+ $build->install_path(nagios => "$base/nagios");
}
$build->bindoc_dirs([@{ $build->bindoc_dirs }, 'blib/nagios/plugins/ius']);
--- a/bin/check_tlsa-record Mon May 30 16:55:06 2016 +0200
+++ b/bin/check_tlsa-record Mon May 30 22:51:07 2016 +0200
@@ -7,12 +7,12 @@
use File::Basename;
use Monitoring::Plugin;
-my $ME = basename $0;
-my $blurb = 'This Plugin is intended to check validity of TLSA Records';
-my $url = 'http://www.schlittermann.de';
-my $author = 'Heike Yvonne Pesch';
-my $email = '<pesch@schlittermann.de>';
-my $usage = <<_;
+my $ME = basename $0;
+my $blurb = 'This Plugin is intended to check validity of TLSA Records';
+my $url = 'http://www.schlittermann.de';
+my $author = 'Heike Yvonne Pesch';
+my $email = '<pesch@schlittermann.de>';
+my $usage = <<_;
Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>]
[ -f|--hostlist=<hostlist> ]
[ -c|--critical=<critical threshold> ]
@@ -21,7 +21,7 @@
[ -q|--queryserver=<DNS-Server-IP> ]
_
-my $extra = <<_;
+my $extra = <<_;
NOTICE
If you want to use a hostlist, you have to put entries like this:
@@ -40,63 +40,62 @@
For more information visit $url
_
-
-my $nagios_tlsa = Monitoring::Plugin->new(
- usage => $usage,
- blurb => $blurb,
- extra => $extra,
- url => $url,
- plugin => $ME,
- timeout => 120,
+my $nagios_tlsa = Monitoring::Plugin->new(
+ usage => $usage,
+ blurb => $blurb,
+ extra => $extra,
+ url => $url,
+ plugin => $ME,
+ timeout => 120,
);
#@TODO exit 1 &Co in eigenes die || oh_shit
$nagios_tlsa->add_arg(
- spec => 'host|H=s',
- help => 'Host/Domain to check',
- required => 0,
+ spec => 'host|H=s',
+ help => 'Host/Domain to check',
+ required => 0,
);
$nagios_tlsa->add_arg(
- spec => 'hostlist|f=s',
- help => 'Host/Domainlist in file to check',
- required => 0,
+ spec => 'hostlist|f=s',
+ help => 'Host/Domainlist in file to check',
+ required => 0,
);
$nagios_tlsa->add_arg(
- spec => 'expiry|e',
- help => 'check expiry of Certificate',
- required => 0,
+ spec => 'expiry|e',
+ help => 'check expiry of Certificate',
+ required => 0,
);
$nagios_tlsa->add_arg(
- spec => 'port|p=i',
- help => 'Port of Domain to check the TLSA (default: 443)',
- required => 0,
- default => 443,
+ spec => 'port|p=i',
+ help => 'Port of Domain to check the TLSA (default: 443)',
+ required => 0,
+ default => 443,
);
$nagios_tlsa->add_arg(
- spec => 'queryserver|q=s',
- required => 0,
- help =>
- 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)',
+ spec => 'queryserver|q=s',
+ required => 0,
+ help =>
+ 'DNS Server to ask to check the TLSA (default: defined in resolve.conf)',
);
$nagios_tlsa->add_arg(
- spec => 'protocol|P=s',
- help => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
- required => 0,
- default => 'tcp',
+ spec => 'protocol|P=s',
+ help => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
+ required => 0,
+ default => 'tcp',
);
$nagios_tlsa->add_arg(
- spec => 'timeout|t=i',
- help => 'Timeout in seconds for check (default: 120)',
- required => 0,
- default => 120,
+ spec => 'timeout|t=i',
+ help => 'Timeout in seconds for check (default: 120)',
+ required => 0,
+ default => 120,
);
$nagios_tlsa->getopts;
@@ -110,35 +109,35 @@
if (!$domain && !$domainlist) {
my $script = basename $0;
say "Please set -H <domain> or -f <domainlist>\n"
- . "For all options try $script --help";
+ . "For all options try $script --help";
exit 1;
}
-if ($domainlist)
-{
- get_domains();
- exit 0;
+if ($domainlist) {
+ get_domains();
+ exit 0;
}
if ($domain) {
- if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) {
- $domain = $+{domain};
- $port = $+{port};
- }
+ if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) {
+ $domain = $+{domain};
+ $port = $+{port};
+ }
+
+ if (not $port or $port eq '') {
+ $port = 443;
+ }
- if (not $port or $port eq '') {
- $port = 443;
- }
+ if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') {
+ $protocol = 'tcp';
+ }
- if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') {
- $protocol = 'tcp';
- }
-
- my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
- say $return;
- exit 0;
+ my $return =
+ Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
+ say $return;
+ exit 0;
}
sub get_domains {
@@ -148,10 +147,11 @@
if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) {
$domain = $+{domain};
- if ("$+{port}" =~ /^\s*$/) { $port = '443'; }
- else { $port = $+{port}; }
+ if ("$+{port}" =~ /^\s*$/) { $port = '443'; }
+ else { $port = $+{port}; }
- my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
+ my $return =
+ Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
say $return;
}
else {
--- a/lib/Nagios/Check/DNS/check_tlsa_record.pm Mon May 30 16:55:06 2016 +0200
+++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm Mon May 30 22:51:07 2016 +0200
@@ -1,9 +1,11 @@
use strict;
use warnings;
use feature qw(say switch);
+
#use if $^V >= v5.0.20 => (experimental => gw(smartmatch));
use experimental qw(smartmatch);
use File::Temp;
+
package Nagios::Check::DNS::check_tlsa_record;
$Nagios::Check::DNS::check_tlsa_record::VERSION = '0.1';
@@ -15,138 +17,119 @@
SUFFIX => '.tmp'
);
-sub main
-{
- my $domain = shift;
- my $port = shift || 443;
- my $protocol = shift || 'tcp';
- my $validate = validate_tsla($domain, $port);
- return "$validate";
-
+sub main {
+ my $domain = shift;
+ my $port = shift || 443;
+ my $protocol = shift || 'tcp';
+ my $validate = validate_tsla($domain, $port, $protocol);
+ return "$validate";
}
-sub dig_tlsa
-{
- my $domain = shift;
- my $port = shift;
- my $protocol = shift || 'tcp';
- my $query = "dig tlsa _$port._$protocol.$domain +short";
- my $dig_return = qx($query);
- return $dig_return;
+sub dig_tlsa {
+ my $domain = shift;
+ my $port = shift;
+ my $protocol = shift || 'tcp';
+ my $query = "dig tlsa _$port._$protocol.$domain +short";
+ my $dig_return = qx($query);
+ return $dig_return;
}
-sub get_cert
-{
- my $domain = shift;
- my $port = shift;
- my $query;
- my $cert;
+sub get_cert {
+ my $domain = shift;
+ my $port = shift;
+ my $query;
+ my $cert;
- if ($port == 25) {
- $query = "openssl s_client -starttls smtp -connect $domain:$port";
-
- }
- else {
- $query = "openssl s_client -connect $domain:$port";
-
- }
- my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile";
- $query = "$query $same";
+ if ($port == 25) {
+ $query = "openssl s_client -starttls smtp -connect $domain:$port";
+
+ }
+ else {
+ $query = "openssl s_client -connect $domain:$port";
+
+ }
+ my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile";
+ $query = "$query $same";
- $cert = qx($query);
- return $cert;
+ $cert = qx($query);
+ return $cert;
}
-
-sub get_tlsa_from_cert
-{
- my $cert = shift;
- my $hashit = shift || 'sha256';
- my $gentlsa = "openssl x509 -in $tempfile -pubkey | "
- . 'openssl rsa -pubin -inform PEM -outform DER 2>/dev/null| '
- . "openssl $hashit";
- #my $cert_tlsa = "echo \"$cert\" | $gentlsa";
-
+sub get_tlsa_from_cert {
+ my $cert = shift;
+ my $hashit = shift || 'sha256';
+ my $gentlsa =
+ "openssl x509 -in $tempfile -pubkey | "
+ . 'openssl rsa -pubin -inform PEM -outform DER 2>/dev/null | '
+ . "openssl $hashit";
- #my $tlsa_record = qx($cert_tlsa) or die "nothing found!\n";
- my $tlsa_record = qx($gentlsa) or die "nothing found!\n";
- $tlsa_record =~ s/^.*= (.*$)/$1/gi;
- $tlsa_record = uc($tlsa_record);
+ my $tlsa_record = qx($gentlsa) or die "nothing found!\n";
+ $tlsa_record =~ s/^.*= (.*$)/$1/gi;
+ $tlsa_record = uc($tlsa_record);
- return $tlsa_record;
+ return $tlsa_record;
}
-sub check_expiry
-{
- my $cert = shift;
- my $check_date = 'openssl x509 -noout -startdate -enddate';
- my $check_expiry = "echo \"$cert\"|$check_date";
- my $expiry = qx($check_expiry);
-
- return "$expiry";
+sub check_expiry {
+ my $cert = shift;
+ my $check_expiry = "openssl x509 -in $cert -noout -startdate -enddate";
+ my $expiry = qx($check_expiry);
+
+ return "$expiry";
}
-sub get_tlsa_match_type
-{
- my $dig_return = shift;
-
- my $tlsa_usage = substr($dig_return, 0, 1);
- my $tlsa_selector = substr($dig_return, 2, 1);
- my $tlsa_match_type = substr($dig_return, 4, 1);
- my $hashit;
+sub get_tlsa_match_type {
+ my $dig_return = shift;
+ my $tlsa_usage = substr($dig_return, 0, 1);
+ my $tlsa_selector = substr($dig_return, 2, 1);
+ my $tlsa_match_type = substr($dig_return, 4, 1);
+ my $hashit;
- for ($tlsa_match_type) {
- when ('0') { die 'certs will be compared directly' }
- when ('1') { $hashit = 'sha256' }
- when ('2') { $hashit = 'sha512' }
- default { $hashit = 'sha256' }
- }
- return $hashit;
-
+ for ($tlsa_match_type) {
+ when ('0') { die 'certs will be compared directly' }
+ when ('1') { $hashit = 'sha256' }
+ when ('2') { $hashit = 'sha512' }
+ default { $hashit = 'sha256' }
+ }
+ return "$hashit";
}
-sub get_dig_tlsa_record
-{
- #my $dig_return = shift;
- my $dig_return = shift;
- my $dig_tlsa = substr($dig_return, 6,);
- $dig_tlsa =~ s/(\S*)\s+(\S*)$/$1$2/;
+sub get_dig_tlsa_record {
+ my $dig_return = shift;
+ my $dig_tlsa = substr($dig_return, 6,);
+ $dig_tlsa =~ s/(\S*)\s+(\S*)$/$1$2/;
- return "$dig_tlsa";
+ return "$dig_tlsa";
}
-sub get_tlsa_usage
-{
- my $dig_return = shift;
- my $tlsa_usage = substr($dig_return, 0, 1);
+sub get_tlsa_usage {
+ my $dig_return = shift;
+ my $tlsa_usage = substr($dig_return, 0, 1);
- return "$tlsa_usage";
+ return "$tlsa_usage";
}
-sub get_tlsa_selector
-{
- my $dig_return = shift;
- my $tlsa_selector = substr($dig_return, 2, 1);
+sub get_tlsa_selector {
+ my $dig_return = shift;
+ my $tlsa_selector = substr($dig_return, 2, 1);
- return "$tlsa_selector";
+ return "$tlsa_selector";
}
-sub validate_tsla
-{
- my $domain = shift;
- my $port = shift;
- my $cert = get_cert($domain, $port);
- my $dig_return = dig_tlsa($domain, $port);
- my $dig_tlsa = get_dig_tlsa_record($dig_return);
- my $cert_tlsa = get_tlsa_from_cert($cert);
+sub validate_tsla {
+ my $domain = shift;
+ my $port = shift;
+ my $protocol = shift;
+ my $cert = get_cert($domain, $port);
+ my $dig_return = dig_tlsa($domain, $port, $protocol);
+ my $dig_tlsa = get_dig_tlsa_record($dig_return);
+ my $cert_tlsa = get_tlsa_from_cert($cert);
- if ("$dig_tlsa" ne "$cert_tlsa")
- {
- return "crtical: TLSA Record for $domain:$port is not valid";
- }
- return "OK: TLSA Record for $domain:$port is valid";
+ if ("$dig_tlsa" ne "$cert_tlsa") {
+ return "CRITICAL: TLSA Record for $domain:$port is not valid";
+ }
+ return "OK: TLSA Record for $domain:$port is valid";
}
-
# vim: ft=perl ts=2 sw=2 foldmethod=indent
1;