jackbenny/nagios
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Moritz Rudert (helios) 2012-02-12 10:23:57 +01:00
commit 68840f51ec
13 changed files with 1055 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README Normal file
View File

@ -0,0 +1,17 @@
nagios scripts
=============
helios (2009/2010)
check_dns - Nagios check for DNS
check_ssh_no_password_login - patched Nagios check (forked from http://derf.homelinux.org/git/chaosdorf-admin-toolkit/tree/nagios-checks/remote/check_ssh_no_password_login)
check_cert_expire -
check_dns -
check_hddtemp.sh -
check_kernel -
check_kvm -
check_libs -
check_peering_ping -
check_ssh_no_password_login -
forcecommand -
README - this file

56
check_cert_expire Executable file
View File

@ -0,0 +1,56 @@
#!/bin/sh
# Checks if a given cert on disk will expire soon
# Copyright 2009 Peter Palfrader
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
set -u
set -e
# warn if expires within 2 weeks, critical if within a day or already is expired
warn=1209600
crit=86400
if [ "$#" != 1 ]; then
echo "Usage: $0 <certfile>" >&2
exit 3
fi
cert="$1"
if ! [ -r "$cert" ] ; then
echo "Cert file ($cert) does not exist or is not readable" >&2
exit 3
fi
expires=`openssl x509 -enddate -noout < "$cert"`
if openssl x509 -checkend "$warn" -noout < "$cert" ; then
echo "OK: $expires"
exit 0
fi
if openssl x509 -checkend "$crit" -noout < "$cert" ; then
echo "WARN: $expires"
exit 1
fi
echo "CRITICAL: $expires"
exit 2

82
check_dns Executable file
View File

@ -0,0 +1,82 @@
#!/bin/bash
declare -i STATE_OK=0
declare -i STATE_WARNING=1
declare -i STATE_CRITICAL=2
declare -i STATE_UNKNOWN=3
hostopts="-t a"
usage() {
echo "$0 -H [hostname to lookup]"
echo
echo "optional:"
echo " -a [expected IP address]"
echo " -s [DNS server to use]"
echo " -6 to lookup AAAA record"
echo " -4 to lookup A record"
echo " -h to show this"
}
while getopts "h64H:s:a:" OPTION
do
case $OPTION in
h)
usage
exit 0
;;
4)
hostopts="-t a"
;;
6)
hostopts="-t aaaa"
;;
H)
host=$OPTARG
;;
a)
expected=$OPTARG
;;
s)
server=$OPTARG
;;
esac
done
if [ -n "$host" ]; then
lookup=$(host $hostopts $host $server 2>&1)
if [ $? -eq 0 ]; then
error=""
ip=$(echo "$lookup" | tail -n1 | grep -v "has no" | sed 's/ IPv6//' | awk '{ print $4 }')
else
if echo "$lookup" | grep -q "NXDOMAIN"; then
error="Domain $host was not found by the server"
elif echo "$lookup" | grep -q "couldn't get address for "; then
error="$server is an invalid hostname/address"
else
error="an error occured"
fi
fi
if [ -n "$expected" ]; then
if [ "$expected" == "$ip" ]; then
echo "[OK] - $host returns $ip"
exit ${STATE_OK}
else
echo "[CRITICAL] - expected $expected but got $ip"
exit ${STATE_CRITICAL}
fi
fi
if [ -n "$ip" ] && [ -z "$error" ]; then
echo "[OK] - $host returns $ip"
exit ${STATE_OK}
else
echo "[CRITICAL] - $error"
exit ${STATE_CRITICAL}
fi
else
usage
exit ${STATE_CRITICAL}
fi

109
check_hddtemp.sh Executable file
View File

@ -0,0 +1,109 @@
#!/bin/bash
#
# USAGE:
# ./check_hddtemp.sh <device> <warn> <crit>
# Nagios script to get the temperatue of HDD from hddtemp
#
# You may have to let nagios run this script as root
# This is how the sudoers file looks in my debian system:
# nagios ALL=(root) NOPASSWD:/usr/lib/nagios/plugins/check_hddtemp.sh
#
# Version 1.0
OK=0
WARNING=1
CRITICAL=2
UNKNOWN=3
function usage() {
echo "Usage: ./check_hddtemp.sh <device> <warn> <crit>"
}
function check_root() {
# make sure script is running as root
if [ `whoami` != root ]; then
echo "UNKNOWN: please make sure script is running as root"
exit $UNKNOWN
fi
}
function check_arg() {
# make sure you supplied all 3 arguments
if [ $# -ne 3 ]; then
usage
exit $OK
fi
}
function check_device() {
# make sure device is a special block
if [ ! -b $DEVICE ];then
echo "UNKNOWN: $DEVICE is not a block special file"
exit $UNKNOWN
fi
}
function check_warn_vs_crit() {
# make sure CRIT is larger than WARN
if [ $WARN -ge $CRIT ];then
echo "UNKNOWN: WARN value may not be greater than or equal the CRIT value"
exit $UNKNOWN
fi
}
function init() {
check_root
check_arg $*
check_device
check_warn_vs_crit
}
function get_hddtemp() {
# gets temperature and stores it in $HEAT
# and make sure we get a numeric output
if [ -x $HDDTEMP ];then
HEAT=`$HDDTEMP $DEVICE -n 2>/dev/null`
case "$HEAT" in
[0-9]* )
echo "do nothing" > /dev/null
;;
* )
echo "OK: Could not get temperature from: $DEVICE"
exit $OK
;;
esac
else
echo "UNKNOWN: cannot execute $HDDTEMP"
exit $UNKNOWN
fi
}
function check_heat() {
# checks temperature and replies according to $CRIT and $WARN
if [ $HEAT -lt $WARN ];then
echo "OK: Temperature is below warn treshold ($DEVICE is $HEAT)"
exit $OK
elif [ $HEAT -lt $CRIT ];then
echo "WARNING: Temperature is above warn treshold ($DEVICE is $HEAT)"
exit $WARNING
elif [ $HEAT -ge $CRIT ];then
echo "CRITICAL: Temperature is above crit treshold ($DEVICE is $HEAT)"
exit $CRITICAL
else
echo "UNKNOWN: This error message should never occur, if it does happen anyway, get a new cup of coffee and fix the code :)"
exit $UNKNOWN
fi
}
# -- Main -- #
HDDTEMP=/usr/sbin/hddtemp
DEVICE=$1
WARN=$2
CRIT=$3
init $*
get_hddtemp
check_heat

205
check_kernel Executable file
View File

@ -0,0 +1,205 @@
#!/bin/bash
# Check if the running kernel has the same version string as the on-disk
# kernel image.
# Copyright 2008,2009 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010 Uli Martens
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
OK=0;
WARNING=1;
CRITICAL=2;
UNKNOWN=3;
get_offset() {
local file needle
file="$1"
needle="$2"
perl -e '
undef $/;
$i = index(<>, "'"$needle"'");
if ($i < 0) {
exit 1;
};
print $i,"\n"' < "$file"
}
get_avail_linux() {
# This is wrong, but leaves room for when we have to care for machines running
# myfirstunix-image-0.1-dsa-arm
local prefix=linux
local kervers=$(uname -r)
local metavers=''
# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
# Debian uses versions of the form 2.6.29-2-amd64
if [ "${kervers//dsa}" != "$kervers" ]; then
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
else
metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/')
fi
# Attempt to track back to a metapackage failed. bail
if [ "$metavers" = "$kervers" ]; then
return 2
fi
# We're just going to give up if we can't find a matching metapackage
# I tried being strict once, and it just caused a lot of headaches. We'll see how
# being lax does for us
local output=$(apt-cache policy ${prefix}-image-${metavers} 2>/dev/null)
local metaavailvers=$(echo "$output" | grep '^ Candidate:' | awk '{print $2}')
local metainstavers=$(echo "$output" | grep '^ Installed:' | awk '{print $2}')
if [ -z "$metaavailvers" ] || [ "$metaavailvers" = '(none)' ]; then
return 2
fi
if [ -z "$metainstavers" ] || [ "$metainstavers" = '(none)' ]; then
return 2
fi
if [ "$metaavailvers" != "$metainstavers" ] ; then
echo "${prefix}-image-${metavers} $metaavailvers available but $metainstavers installed"
return 1
fi
local imagename=0
# --no-all-versions show shows only the candidate
for vers in $(apt-cache --no-all-versions show ${prefix}-image-${metavers} | sed -n 's/^Depends: //p' | tr ',' '\n' | tr -d ' ' | grep ${prefix}-image | awk '{print $1}' | sort -u); do
if dpkg --compare-versions $vers gt $imagename; then
imagename=$vers
fi
done
if [ -z "$imagename" ] || [ "$imagename" = 0 ]; then
return 2
fi
if [ "$imagename" != "${prefix}-image-${kervers}" ]; then
if dpkg --compare-versions "$imagename" lt "${prefix}-image-${kervers}"; then
return 2
fi
echo "$imagename" != "${prefix}-image-${kervers}"
return 1
fi
local availvrs=$(apt-cache policy ${imagename} 2>/dev/null | grep '^ Candidate' | awk '{print $2}')
local kernelversion=$(apt-cache policy ${prefix}-image-${kervers} 2>/dev/null | grep '^ Installed:' | awk '{print $2}')
if [ "$availvrs" = "$kernelversion" ]; then
return 0
fi
echo "$kernelversion != $availvrs"
return 1
}
get_image_linux() {
local image GZHDR1 GZHDR2 LZHDR off
image="$1"
GZHDR1="\x1f\x8b\x08\x00"
GZHDR2="\x1f\x8b\x08\x08"
LZHDR="\x00\x00\x00\x02\xff"
off=`get_offset "$image" $GZHDR1`
[ "$?" != "0" ] && off="-1"
if [ "$off" -eq "-1" ]; then
off=`get_offset "$image" $GZHDR2`
[ "$?" != "0" ] && off="-1"
fi
if [ "$off" -eq "0" ]; then
zcat < "$image"
return
elif [ "$off" -ne "-1" ]; then
(dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null
return
fi
off=`get_offset "$image" $LZHDR`
[ "$?" != "0" ] && off="-1"
if [ "$off" -ne "-1" ]; then
(dd ibs="$[off-1]" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | lzcat 2>/dev/null
return
fi
echo "ERROR: Unable to extract kernel image." 2>&1
exit 1
}
searched=""
for on_disk in \
"/boot/vmlinuz-`uname -r`"\
"/boot/vmlinux-`uname -r`"\
"/boot/kfreebsd-`uname -r`.gz"; do
if [ -e "$on_disk" ]; then
if [ "${on_disk/vmlinu}" != "$on_disk" ]; then
on_disk_version="`get_image_linux "$on_disk" | strings | grep 'Linux version' | head -n1`"
[ -z "$on_disk_version" ] || break
on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`"
[ -z "$on_disk_version" ] || break
echo "UNKNOWN: Failed to get a version string from image $on_disk"
exit $UNKNOWN
else
on_disk_version="$(zcat $on_disk | strings | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')"
fi
fi
searched="$searched $on_disk"
done
if ! [ -e "$on_disk" ]; then
echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running"
exit $WARNING
fi
if [ "$(uname -s)" = "Linux" ]; then
running_version="`cat /proc/version`"
if [ -z "$running_version" ] ; then
echo "UNKNOWN: Failed to get a version string from running system"
exit $UNKNOWN
fi
if [ "$running_version" != "$on_disk_version" ]; then
echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]"
exit $WARNING
fi
ret="$(get_avail_linux)"
if [ $? = 1 ]; then
echo "WARNING: Kernel needs upgrade [$ret]"
exit $WARNING
fi
else
echo "No support for FreeBSD yet"
exit $OK
fi
echo "OK: Running kernel matches on disk image: [$running_version]"
exit $OK

85
check_kvm Executable file
View File

@ -0,0 +1,85 @@
#!/bin/sh
# check_kvm - Check that a virtual machine is running.
# Written by Karl Rink <krink@csun.edu>
#
#----------------------------------------------------------------------
# COPYRIGHT : 12.2010 California State University, Northridge
#
# AUTHOR : Karl Rink
#
# BELONGS TO : Qemu/Kvm Nagios Integration
#
# DESCRIPTION : Runs "virsh list" and returns the available vms
#
# $Revision: 1.0 $
#
# Permission to use, copy, modify, distribute, and sell this software
# and its documentation for any purpose is hereby granted without fee,
# provided that the above copyright notice appear in all copies and that
# both that copyright notice and this permission notice appear in
# supporting documentation.
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHOR OR SUSE BE LIABLE FOR ANY CLAIM, DAMAGES
# OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#----------------------------------------------------------------------
# Install: Put this script in nagios client directory libexec/check_kvm
# As a nagios nrpe plugin, add the following line to your client nrpe.cfg
# command[virt_check_kvm]=/opt/nagios/libexec/check_kvm
# No sudo is necessary if you simply add nagios user to the libvirt group
# libvirtd:x:118:nagios
PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH
LIST=$(virsh list --all | sed '1,2d' | sed '/^$/d'| awk '{print $2":"$3}')
if [ ! "$LIST" ]; then
EXITVAL=3 #Status 3 = UNKNOWN (orange)
echo "Unknown guests"
exit $EXITVAL
fi
OK=0
WARN=0
CRIT=0
NUM=0
for host in $(echo $LIST)
do
name=$(echo $host | awk -F: '{print $1}')
state=$(echo $host | awk -F: '{print $2}')
NUM=$(expr $NUM + 1)
case "$state" in
running|blocked) OK=$(expr $OK + 1) ;;
paused) WARN=$(expr $WARN + 1) ;;
shutdown|shut*|crashed) CRIT=$(expr $CRIT + 1) ;;
*) CRIT=$(expr $CRIT + 1) ;;
esac
done
if [ "$NUM" -eq "$OK" ]; then
EXITVAL=0 #Status 0 = OK (green)
fi
if [ "$WARN" -gt 0 ]; then
EXITVAL=1 #Status 1 = WARNING (yellow)
fi
if [ "$CRIT" -gt 0 ]; then
EXITVAL=2 #Status 2 = CRITICAL (red)
fi
echo hosts:$NUM OK:$OK WARN:$WARN CRIT:$CRIT - $LIST
exit $EXITVAL

151
check_libs Executable file
View File

@ -0,0 +1,151 @@
#!/usr/bin/suidperl
# Copyright (C) 2005, 2006, 2007, 2008 Peter Palfrader <peter@palfrader.org>
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
use strict;
use English;
use Getopt::Long;
use List::Util qw(sum);
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof';
my $VERSION = '0.0.0';
# nagios exit codes
my $OK = 0;
my $WARNING = 1;
my $CRITICAL = 2;
my $UNKNOWN = 3;
my $params;
Getopt::Long::config('bundling');
sub dief {
print STDERR @_;
exit $UNKNOWN;
}
if (!GetOptions (
'--help' => \$params->{'help'},
'--version' => \$params->{'version'},
'--verbose' => \$params->{'verbose'},
)) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose]\n");
};
if ($params->{'help'}) {
print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose]\n";
print "Reports processes that are linked against libraries that no longer exist.\n";
exit (0);
};
if ($params->{'version'}) {
print "nagios-check-libs $VERSION\n";
print "nagios check for availability of debian (security) updates\n";
print "Copyright (c) 2005 Peter Palfrader <peter\@palfrader.org>\n";
exit (0);
};
my %processes;
sub getPIDs($$) {
my ($user, $process) = @_;
return join(', ', sort keys %{ $processes{$user}->{$process} });
};
sub getProcs($) {
my ($user) = @_;
return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} }));
};
sub getUsers() {
return join("\n", (map { $_.": ".getProcs($_) } (sort {$a cmp $b} keys %processes)));
};
sub inVserver() {
my ($f, $key);
if (-e "/proc/self/vinfo" ) {
$f = "/proc/self/vinfo";
$key = "XID";
} else {
$f = "/proc/self/status";
$key = "s_context";
};
open(F, "< $f") or return 0;
while (<F>) {
my ($k, $v) = split(/: */, $_, 2);
if ($k eq $key) {
close F;
return ($v > 0);
};
};
close F;
return 0;
}
my $INVSERVER = inVserver();
print STDERR "Running $LSOF -n\n" if $params->{'verbose'};
open (LSOF, "$LSOF +c 0 -n|") or dief ("Cannot run $LSOF -n: $!\n");
my @lsof=<LSOF>;
close LSOF;
if ($CHILD_ERROR) { # program failed
dief("$LSOF +c 0 -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
};
my $sum = 0;
for my $line (@lsof) {
if ($line =~ m/\.dpkg-/ || $line =~ m/path inode=/ || $line =~ m/ DEL /) {
# XXX Hotfix: Arch Linux lsof seems to print two PIDs sometimes
$line =~ s/^\S+\s+\d+\K\s+\d+//;
my ($process, $pid, $user, undef, undef, undef, undef, $path, $rest) = split /\s+/, $line;
next if $path =~ m#^/proc/#;
next if $path =~ m#^/var/tmp/#;
next if $path =~ m#^/SYS#;
next if $path =~ m#^/dev/zero#;
next if $path =~ m#^/dev/shm/#;
next if $path =~ m#^/home/#;
next if $path =~ m#^/var/kunden/mail/#;
next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root'));
#$processes{$user}->{$process} = [] unless defined $processes{$user}->{$process};
if ($processes{$user}->{$process}->{$pid} == 0) {
$sum++;
};
$processes{$user}->{$process}->{$pid} = 1;
};
};
my $message;
my $exit = $OK;
if (keys %processes) {
$exit = $WARNING;
$message = "WARNING - ".$sum." processes are using old libs\nThe following processes have libs linked that were upgraded:\n". getUsers();
} else {
$message = 'No upgraded libs linked in running processes';
};
print $message,"\n";
exit $exit;

18
check_mysql_cluster Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
. /usr/lib/nagios/plugins/utils.sh
killall -9 ndb_mgm >/dev/null 2>/dev/null
tmpfile=`mktemp`
ndb_mgm -e show --try-reconnect=1 > $tmpfile 2>/dev/null
if grep -q "Unable to connect " $tmpfile; then
echo "[CRITICAL] unable to connect to mgmt"
exit $STATE_CRITICAL
elif grep -q connected $tmpfile; then
echo "[CRITICAL] not connected: `grep connected $tmpfile | awk '{ printf "%s (%s ", $1, $7 }'`"
exit $STATE_CRITICAL
else
echo "[OK]"
exit $STATE_OK
fi

29
check_peering_ping Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash
declare status=0
declare hosts=0
declare hosts_up=0
ip_bin=`which ip`
excludes="foo"
for i in `$ip_bin address show | grep inet | grep peer | egrep -v "(${excludes})" | awk '{ print $7 }'`; do
iface="$i"
hosts=$(($hosts+1))
ip=`$ip_bin address show dev "$i" | grep inet | awk '{ print $4 }' | awk -F"/" '{ print $1 }'`
if ! ping -W2 -c1 "$ip" >/dev/null; then
status=1
down="${down}${iface} "
else
hosts_up="$(($hosts_up+1))"
fi
done
if [ "$status" -eq 0 ]; then
echo "[OK] $hosts_up of $hosts peerings are up"
else
echo "[CRITICAL] $down"
fi
exit "$status"

208
check_sftp_disk Executable file
View File

@ -0,0 +1,208 @@
#! /bin/bash
PROGNAME="$(basename "$0")"
REVISION="0.1"
. "$(dirname "$0")/utils.sh"
print_usage() {
echo "Usage: $PROGNAME -w <limit> -c <limit> [<options>] <host>"
}
print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo ""
cat <<EOF
This plugin checks remote disk space/quota via SFTP.
Options:
-h, --help
Print detailed help screen
-w, --warning=INTEGER
Exit with WARNING status if less than INTEGER units of disk are free
-w, --warning=PERCENT%
Exit with WARNING status if less than PERCENT of disk space is free
-c, --critical=INTEGER
Exit with CRITICAL status if less than INTEGER units of disk are free
-c, --critical=PERCENT%
Exit with CRITCAL status if less than PERCENT of disk space is free
-W, --iwarning=PERCENT%
Exit with WARNING status if less than PERCENT of inode space is free
-K, --icritical=PERCENT%
Exit with CRITICAL status if less than PERCENT of inode space is free
-p, --path=PATH
Path or partition (may be repeated)
-u, --units=STRING
Choose bytes, kB, MB, GB, TB (default: MB)
-k, --kilobytes
Same as '--units kB'
-m, --megabytes
Same as '--units MB'
-l, --login=USER
Login as USER
-i, --identity=FILE
Use FILE as private keyfile for authentication
EOF
support
exit 0
}
ARGS="$(getopt -o hw:c:W:K:p:u:kmi:l: --long --help,--warning,--critical,--iwarning,--icritical,--path,--units,--kilobytes,--megabytes,--identity -n "$PROGNAME" -- "$@")"
eval set -- "$ARGS"
WARNING=""
CRITICAL=""
IWARNING=""
ICRITICAL=""
REMOTEPATH=""
IDENTITY=""
LOGIN=""
UNIT="MB"
while true; do
case "$1" in
-h|--help)
print_help
exit 0
;;
-w|--warning)
WARNING="$2"
shift
;;
-c|--critical)
CRITICAL="$2"
shift
;;
-W|--iwarning)
IWARNING="$2"
shift
;;
-K|--icritical)
ICRITICAL="$2"
shift
;;
-u|--units)
UNIT="$2"
shift
;;
-k|--kilobytes)
UNIT="kB"
shift
;;
-m|--megabytes)
UNIT="MB"
shift
;;
-p|--path)
REMOTEPATH="$2"
shift
;;
-i|--identity)
IDENTITY="-i $2"
shift
;;
-l|--login)
LOGIN="$2@"
shift
;;
--)
shift
break
;;
*)
echo "Something went wrong while parsing option: $1"
exit $STATE_UNKNOWN
;;
esac
shift
done
if [ $# -ne 1 -o -z "$WARNING" -o -z "$CRITICAL" ] ; then
print_usage
exit $STATE_UNKNOWN
fi
case "$UNIT" in
bytes|b) UNITDIV=1 ;;
kB) UNITDIV=1024 ;;
MB) UNITDIV=1048576 ;;
GB) UNITDIV=1073741824 ;;
TB) UNITDIV=1099511627776 ;;
*) UNITDIV=1048576 ;;
esac
# Sanity checks
if ! [ "${CRITICAL}" -ge 0 ] 2> /dev/null \
&& ! [ "${CRITICAL/\%/}" -ge 0 ] 2> /dev/null; then
echo "Critical threshold (${CRITICAL}) is neither number nor percentage!"
print_help
exit $STATE_UNKNOWN
fi
if ! [ "${WARNING}" -ge 0 ] 2> /dev/null \
&& ! [ "${WARNING/\%/}" -ge 0 ] 2> /dev/null; then
echo "Warning threshold (${WARNING}) is neither number nor percentage!"
print_help
exit $STATE_UNKNOWN
fi
if [ -n "${ICRITICAL}" ] \
&& ! [ "${ICRITICAL}" -ge 0 ] 2> /dev/null \
&& ! [ "${ICRITICAL/\%/}" -ge 0 ] 2> /dev/null; then
echo "ICritical threshold (${ICRITICAL}) is neither number nor percentage!"
print_help
exit $STATE_UNKNOWN
fi
if [ -n "${IWARNING}" ] \
&& ! [ "${IWARNING}" -ge 0 ] 2> /dev/null \
&& ! [ "${IWARNING/\%/}" -ge 0 ] 2> /dev/null; then
echo "IWarning threshold (${IWARNING}) is neither number nor percentage!"
print_help
exit $STATE_UNKNOWN
fi
HOST="$1"
if [ -n "${REMOTEPATH}" ] ; then
CMD="cd ${REMOTEPATH}\ndf\ndf -i"
else
CMD="df\ndf -i"
fi
if ! rawout="$(echo -e "${CMD}" | sftp $IDENTITY -b- "${LOGIN}${HOST}" 2>&1)"; then
echo "$rawout"
exit $STATE_UNKNOWN
fi
rawout="$(echo "$rawout" | grep -v '^sftp> df' | sed -e 's/[[:space:]]\+/ /g')" || exit $STATE_UNKNOWN
# TODO: if one failes, just set UNKNOWN as worst state, not yet exit
iout="$(echo "$rawout" | grep -A1 '^\s*Inodes' | tail -n 1)" #|| { [ -n "${IWARNING}" -o -n "${ICIRITCAL}" ] && exit $STATE_UNKNOWN }
out="$(echo "$rawout" | grep -A1 '^\s*Size' | tail -n 1)" || exit $STATE_UNKNOWN
percentage="$(echo "$out" | cut -d " " -f 6)"
percentage=$((100 - ${percentage/\%/}))
free="$(($(echo "$out" | cut -d " " -f 4) * 1024))"
ifree="$(echo "$iout" | cut -d " " -f 6)"
ifree=$((100 - ${ifree/\%/}))
details="free space: ${HOST} $((${free} / ${UNITDIV})) ${UNIT} (${percentage}% inode=${ifree}%)"
if ( [ "${CRITICAL/\%/}" != "${CRITICAL}" ] && [ "${percentage}" -lt "${CRITICAL/\%/}" ] ) || \
( [ "${CRITICAL/\%/}" = "${CRITICAL}" ] && [ "${free}" -lt "${CRITICAL}" ] ) || \
( [ -n "$ICRITICAL" ] && [ "${ifree}" -lt "${ICRITICAL/\%/}" ] ); then
echo "DISK CRITICAL - $details"
exit $STATE_CRITICAL
fi
if ( [ "${WARNING/\%/}" != "${WARNING}" ] && [ "${percentage}" -lt "${WARNING/\%/}" ] ) || \
( [ "${WARNING/\%/}" = "${WARNING}" ] && [ "${free}" -lt "${WARNING}" ] ) || \
( [ -n "$IWARNING" ] && [ "${ifree}" -lt "${IWARNING/\%/}" ] ); then
echo "DISK WARNING - $details"
exit $STATE_WARNING
fi
echo "DISK OK - $details"
exit $STATE_OK

45
check_ssh_no_password_login Executable file
View File

@ -0,0 +1,45 @@
#!/usr/bin/env perl
# Note: Quite experimental, use with care
use strict;
use warnings;
use Getopt::Std;
use 5.010;
my %opts;
my $port;
getopts('H:p:', \%opts);
if (not $opts{'H'}) {
die("Usage: $0 -H HOST -p port\n");
}
if (not $opts{'p'}) {
$port = "-p22";
} else {
$port = "-p" . $opts{'p'};
}
my $host = $opts{'H'};
my $ssh_cmd = 'ssh ' . $port . ' -o PreferredAuthentications=keyboard-interactive,password'
. ' -o BatchMode=yes -o CheckHostIP=no -o StrictHostKeyChecking=no'
. " -o UserKnownHostsFile=/dev/null -o LogLevel=FATAL"
. " root\@${host} /bin/false 2>&1";
my $output = qx{$ssh_cmd};
my ($accepted) = ($output =~ m/^Permission denied \((.*)\)\./);
if (not $accepted) {
say "Unable to parse ssh output: $output";
exit 3;
}
if ($accepted =~ /password/) {
say "Password login enabled (server accepts $accepted)";
exit 2;
}
else {
say "Password login disabled (server accepts $accepted)";
exit 0;
}

13
check_tomcat_cluster Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
port=31182
. /usr/lib/nagios/plugins/utils.sh
if lsof -i -n -P | grep jsvc | grep $port | grep -q ESTABLISHED; then
echo "[OK]"
exit $STATE_OK
else
echo "[CRITICAL] not connected"
exit $STATE_CRITICAL
fi

37
forcecommand Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env perl
# Copyright © 2010 by Daniel Friesel <derf@chaosdorf.de>
# License: WTFPL:
# 0. You just DO WHAT THE FUCK YOU WANT TO.
#
# SSH forcecommand to be used for nagios ssh checks etc.
# Example line for ssh authorized_keys file:
# command="/usr/local/lib/nagios/forcecommand /etc/nagios/forcecommand.cfg",no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding $key
#
# Configfile format:
# ssh_command = real_command
# Example:
# check_users = /usr/lib/nagios/plugins/check_users -w 5 -c 10
use strict;
use warnings;
my $conffile = shift or die("Usage: $0 <configfile>\n");
my %commands;
my $input = $ENV{'SSH_ORIGINAL_COMMAND'} or die("No command\n");;
open(my $conf, '<', $conffile) or die("Can't open $conffile: $!\n");
while (my $line = <$conf>) {
my ($key, $value) = split(/ \s* = \s* /x, $line);
if ($key and $value) {
$commands{$key} = $value;
}
}
close($conf) or die("Cannot close $conffile: $!\n");
if (exists $commands{$input}) {
exec($commands{$input});
exit 1;
}
die("Unknown command\n");