diff options
| -rw-r--r-- | .travis.yml | 1 | ||||
| -rw-r--r-- | THANKS.in | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_breeze.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_disk_smb.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_file_age.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_flexlm.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_ifoperstatus.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_ifstatus.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_ircd.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_mailq.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_mssql.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_netdns.pl | 3 | ||||
| -rwxr-xr-x | plugins-scripts/check_rpc.pl | 1 | ||||
| -rwxr-xr-x | plugins-scripts/check_wave.pl | 1 | ||||
| -rw-r--r-- | plugins/check_fping.c | 2 | ||||
| -rw-r--r-- | plugins/check_snmp.c | 3 | ||||
| -rw-r--r-- | plugins/sslutils.c | 33 | ||||
| -rw-r--r-- | plugins/t/check_http.t | 43 |
18 files changed, 72 insertions, 25 deletions
diff --git a/.travis.yml b/.travis.yml index 11cc0611..c892eb21 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,6 +13,7 @@ install: - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix libhttp-daemon-ssl-perl - sudo apt-get install -qq --no-install-recommends slapd ldap-utils - sudo apt-get install -qq --no-install-recommends autoconf automake + - sudo apt-get install -qq --no-install-recommends faketime before_script: - tools/setup @@ -335,3 +335,4 @@ Jonas Genannt Nick Peelman Sebastian Herbszt Christopher Schultz +Matthias Hähnel diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl index 1a3aceba..12a60ee6 100755 --- a/plugins-scripts/check_breeze.pl +++ b/plugins-scripts/check_breeze.pl @@ -6,7 +6,6 @@ use Getopt::Long; use vars qw($opt_V $opt_h $opt_w $opt_c $opt_H $opt_C $PROGNAME); use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw(%ERRORS &print_revision &support &usage); $PROGNAME = "check_breeze"; diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 4805434f..99948a41 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -26,7 +26,6 @@ use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_ use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support &usage); sub print_help (); diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index 4415fdf4..15330f71 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl @@ -27,7 +27,6 @@ use File::stat; use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw (%ERRORS &print_revision &support); sub print_help (); diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl index 5f3ed598..49d674d4 100755 --- a/plugins-scripts/check_flexlm.pl +++ b/plugins-scripts/check_flexlm.pl @@ -37,7 +37,6 @@ use Getopt::Long; use vars qw($opt_V $opt_h $opt_F $opt_t $verbose $PROGNAME); use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw(%ERRORS &print_revision &support &usage); $PROGNAME="check_flexlm"; diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index cf2c7b58..1a7fbba4 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -37,7 +37,6 @@ use POSIX; use strict; use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use Net::SNMP; diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index 6ec71d14..2c76d0c8 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -35,7 +35,6 @@ use POSIX; use strict; use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use Net::SNMP; diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl index 6d40cf5a..afedfb95 100755 --- a/plugins-scripts/check_ircd.pl +++ b/plugins-scripts/check_ircd.pl @@ -51,7 +51,6 @@ use vars qw($opt_V $opt_h $opt_t $opt_p $opt_H $opt_w $opt_c $verbose); use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support &usage); # ----------------------------------------------------[ Function Prototypes ]-- diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index 417c4bf7..3086e94a 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -33,7 +33,6 @@ use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t $opt_s %srcdomains %dstdomains); use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw(%ERRORS &print_revision &support &usage ); my ($sudo); diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index 1f387884..a436a8ff 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl @@ -31,7 +31,6 @@ use DBD::Sybase; use Getopt::Long; use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use strict; diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl index 59c81a90..af1456be 100755 --- a/plugins-scripts/check_netdns.pl +++ b/plugins-scripts/check_netdns.pl @@ -29,8 +29,7 @@ use Getopt::Long; use Net::DNS; use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; -use utils ; +use utils; my $PROGNAME = "check_netdns"; diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl index b1c61471..cbdeceb4 100755 --- a/plugins-scripts/check_rpc.pl +++ b/plugins-scripts/check_rpc.pl @@ -22,7 +22,6 @@ use strict; use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use vars qw($PROGNAME); my ($verbose,@proto,%prognum,$host,$response,$prognum,$port,$cmd,$progver,$state); diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl index ee0fda4d..979416e0 100755 --- a/plugins-scripts/check_wave.pl +++ b/plugins-scripts/check_wave.pl @@ -5,7 +5,6 @@ use strict; use FindBin; use lib "$FindBin::Bin"; -use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use vars qw($PROGNAME); use Getopt::Long; diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 46046b4f..274dd753 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -105,7 +105,7 @@ main (int argc, char **argv) xasprintf(&option_string, "%s-I %s ", option_string, sourceif); #ifdef PATH_TO_FPING6 - if (address_family == AF_INET6) + if (address_family != AF_INET && is_inet6_addr(server)) fping_prog = strdup(PATH_TO_FPING6); else fping_prog = strdup(PATH_TO_FPING); diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 9d966faa..62e6b8b3 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -418,6 +418,9 @@ main (int argc, char **argv) else if (strstr (response, "INTEGER: ")) { show = strstr (response, "INTEGER: ") + 9; } + else if (strstr (response, "OID: ")) { + show = strstr (response, "OID: ") + 5; + } else if (strstr (response, "STRING: ")) { show = strstr (response, "STRING: ") + 8; conv = "%.10g"; diff --git a/plugins/sslutils.c b/plugins/sslutils.c index d0ae4741..c9882c69 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -144,7 +144,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ # ifdef USE_OPENSSL X509 *certificate=NULL; X509_NAME *subj=NULL; + char timestamp[50] = ""; char cn[MAX_CN_LENGTH]= ""; + int cnlen =-1; int status=STATE_UNKNOWN; @@ -153,7 +155,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ struct tm stamp; float time_left; int days_left; - char timestamp[50] = ""; + int time_remaining; time_t tm_t; certificate=SSL_get_peer_certificate(s); @@ -207,7 +209,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); stamp.tm_min = (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); - stamp.tm_sec = 0; + stamp.tm_sec = + (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); stamp.tm_isdst = -1; time_left = difftime(timegm(&stamp), time(NULL)); @@ -218,21 +221,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; + } else if (days_left == 0 && time_left > 0) { + if (time_left >= 3600) + time_remaining = (int) time_left / 3600; + else + time_remaining = (int) time_left / 60; + + printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), + (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, + time_left >= 3600 ? "hours" : "minutes", timestamp); + + if ( days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; } else if (time_left < 0) { printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); status=STATE_CRITICAL; } else if (days_left == 0) { - printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); + printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; } else { printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); - status=STATE_OK; + status = STATE_OK; } X509_free(certificate); return status; diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 2539a289..c2caec60 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -6,9 +6,10 @@ use strict; use Test::More; +use POSIX qw/mktime strftime/; use NPTest; -plan tests => 30; +plan tests => 42; my $successOutput = '/OK.*HTTP.*second/'; @@ -34,6 +35,8 @@ my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org" ); +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; + $res = NPTest->testCmd( "./check_http $host_tcp_http -wt 300 -ct 600" @@ -47,10 +50,10 @@ $res = NPTest->testCmd( like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./check_http $host_nonresponsive -wt 1 -ct 2" + "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3" ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); -cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK"); +cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); $res = NPTest->testCmd( "./check_http $hostname_invalid -wt 1 -ct 2" @@ -112,6 +115,40 @@ SKIP: { $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); + # run some certificate checks with faketime + SKIP: { + skip "No faketime binary found", 12 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); + like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); + is( $res->return_code, 0, "Catch cert output exit code" ); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./); + if(!defined $year) { + die("parsing date failed from: ".$res); + } + my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; + my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); + my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date"); + is( $res->return_code, 2, "Output on expire date" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output"); + is( $res->return_code, 2, "cert expires in 1 second exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output"); + is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output"); + is( $res->return_code, 2, "cert expires in 2 hours exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output"); + is( $res->return_code, 2, "Certificate expired exit code" ); + }; + $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); |