new checks
This commit is contained in:
Moritz Rudert (helios)
111
check_libs
111
check_libs
@@ -1,6 +1,7 @@
|
||||
#!/usr/bin/suidperl
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
# Copyright (C) 2005, 2006, 2007, 2008 Peter Palfrader <peter@palfrader.org>
|
||||
# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter@palfrader.org>
|
||||
# 2012 Uli Martens <uli@youam.net>
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining
|
||||
# a copy of this software and associated documentation files (the
|
||||
@@ -24,13 +25,12 @@
|
||||
use strict;
|
||||
use English;
|
||||
use Getopt::Long;
|
||||
use List::Util qw(sum);
|
||||
|
||||
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
|
||||
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
|
||||
|
||||
my $LSOF = '/usr/bin/lsof';
|
||||
my $VERSION = '0.0.0';
|
||||
my $LSOF = '/usr/bin/lsof -F0';
|
||||
my $VERSION = '0.2012042101';
|
||||
|
||||
# nagios exit codes
|
||||
my $OK = 0;
|
||||
@@ -39,6 +39,7 @@ my $CRITICAL = 2;
|
||||
my $UNKNOWN = 3;
|
||||
|
||||
my $params;
|
||||
my $config;
|
||||
|
||||
Getopt::Long::config('bundling');
|
||||
|
||||
@@ -50,22 +51,59 @@ sub dief {
|
||||
if (!GetOptions (
|
||||
'--help' => \$params->{'help'},
|
||||
'--version' => \$params->{'version'},
|
||||
'--quiet' => \$params->{'quiet'},
|
||||
'--verbose' => \$params->{'verbose'},
|
||||
'--config=s' => \$params->{'config'},
|
||||
)) {
|
||||
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose]\n");
|
||||
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
|
||||
};
|
||||
if ($params->{'help'}) {
|
||||
print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose]\n";
|
||||
print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n";
|
||||
print "Reports processes that are linked against libraries that no longer exist.\n";
|
||||
print "The optional config file can specify ignore rules - see the sample config file.\n";
|
||||
exit (0);
|
||||
};
|
||||
if ($params->{'version'}) {
|
||||
print "nagios-check-libs $VERSION\n";
|
||||
print "nagios check for availability of debian (security) updates\n";
|
||||
print "Copyright (c) 2005 Peter Palfrader <peter\@palfrader.org>\n";
|
||||
print "Copyright (c) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter\@palfrader.org>\n";
|
||||
exit (0);
|
||||
};
|
||||
|
||||
if (! defined $params->{'config'}) {
|
||||
$params->{'config'} = '/etc/nagios/check_libs.cfg';
|
||||
} elsif (! -e $params->{'config'}) {
|
||||
dief("Config file $params->{'config'} does not exist.\n");
|
||||
}
|
||||
|
||||
if (-e $params->{'config'}) {
|
||||
eval "use YAML::Syck; 1" or dief "you need YAML::Syck (libyaml-syck-perl) to load a config file";
|
||||
open(my $fh, '<', $params->{'config'}) or dief "Cannot open config file $params->{'config'}: $!";
|
||||
$config = LoadFile($fh);
|
||||
close($fh);
|
||||
if (!(ref($config) eq "HASH")) {
|
||||
dief("Loaded config is not a hash!\n");
|
||||
}
|
||||
} else {
|
||||
$config = {
|
||||
'ignorelist' => [
|
||||
'$path =~ m#^/proc/#',
|
||||
'$path =~ m#^/var/tmp/#',
|
||||
'$path =~ m#^/SYS#',
|
||||
'$path =~ m#^/drm$# # xserver stuff',
|
||||
'$path =~ m#^/dev/zero#',
|
||||
'$path =~ m#^/dev/shm/#',
|
||||
]
|
||||
};
|
||||
}
|
||||
|
||||
if (! exists $config->{'ignorelist'}) {
|
||||
$config->{'ignorelist'} = [];
|
||||
} elsif (! (ref($config->{'ignorelist'}) eq 'ARRAY')) {
|
||||
dief("Config->ignorelist is not an array!\n");
|
||||
}
|
||||
|
||||
|
||||
my %processes;
|
||||
|
||||
sub getPIDs($$) {
|
||||
@@ -78,7 +116,7 @@ sub getProcs($) {
|
||||
return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} }));
|
||||
};
|
||||
sub getUsers() {
|
||||
return join("\n", (map { $_.": ".getProcs($_) } (sort {$a cmp $b} keys %processes)));
|
||||
return join('; ', (map { $_.': '.getProcs($_) } (sort {$a cmp $b} keys %processes)));
|
||||
};
|
||||
sub inVserver() {
|
||||
my ($f, $key);
|
||||
@@ -104,48 +142,57 @@ sub inVserver() {
|
||||
my $INVSERVER = inVserver();
|
||||
|
||||
print STDERR "Running $LSOF -n\n" if $params->{'verbose'};
|
||||
open (LSOF, "$LSOF +c 0 -n|") or dief ("Cannot run $LSOF -n: $!\n");
|
||||
open (LSOF, "$LSOF -n|") or dief ("Cannot run $LSOF -n: $!\n");
|
||||
my @lsof=<LSOF>;
|
||||
close LSOF;
|
||||
if ($CHILD_ERROR) { # program failed
|
||||
dief("$LSOF +c 0 -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
|
||||
dief("$LSOF -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
|
||||
};
|
||||
|
||||
my $sum = 0;
|
||||
my ($process, $pid, $user);
|
||||
LINE: for my $line (@lsof) {
|
||||
if ( $line =~ /^p/ ) {
|
||||
my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
|
||||
$process = $fields{c};
|
||||
$pid = $fields{p};
|
||||
$user = $fields{L};
|
||||
next;
|
||||
}
|
||||
|
||||
for my $line (@lsof) {
|
||||
if ($line =~ m/\.dpkg-/ || $line =~ m/path inode=/ || $line =~ m/ DEL /) {
|
||||
unless ( $line =~ /^f/ ) {
|
||||
dief("UNKNOWN strange line read from lsof\n");
|
||||
# don't print it because it contains NULL characters...
|
||||
}
|
||||
|
||||
# XXX Hotfix: Arch Linux lsof seems to print two PIDs sometimes
|
||||
$line =~ s/^\S+\s+\d+\K\s+\d+//;
|
||||
my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
|
||||
|
||||
my ($process, $pid, $user, undef, undef, undef, undef, $path, $rest) = split /\s+/, $line;
|
||||
next if $path =~ m#^/proc/#;
|
||||
next if $path =~ m#^/var/tmp/#;
|
||||
next if $path =~ m#^/SYS#;
|
||||
next if $path =~ m#^/dev/zero#;
|
||||
next if $path =~ m#^/dev/shm/#;
|
||||
next if $path =~ m#^/home/#;
|
||||
next if $path =~ m#^/var/kunden/mail/#;
|
||||
my $fd = $fields{f};
|
||||
my $inode = $fields{i};
|
||||
my $path = $fields{n};
|
||||
if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
|
||||
for my $i (@{$config->{'ignorelist'}}) {
|
||||
my $ignore = eval($i);
|
||||
next LINE if $ignore;
|
||||
}
|
||||
next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root'));
|
||||
#$processes{$user}->{$process} = [] unless defined $processes{$user}->{$process};
|
||||
if ($processes{$user}->{$process}->{$pid} == 0) {
|
||||
$sum++;
|
||||
};
|
||||
if ( $params->{'verbose'} ) {
|
||||
print STDERR "adding $process($pid) because of [$path]:\n";
|
||||
print STDERR $line;
|
||||
}
|
||||
$processes{$user}->{$process}->{$pid} = 1;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
my $message;
|
||||
my $message='';
|
||||
my $exit = $OK;
|
||||
if (keys %processes) {
|
||||
$exit = $WARNING;
|
||||
$message = "WARNING - ".$sum." processes are using old libs\nThe following processes have libs linked that were upgraded:\n". getUsers();
|
||||
$message = 'The following processes have libs linked that were upgraded: '. getUsers()."\n";
|
||||
} else {
|
||||
$message = 'No upgraded libs linked in running processes';
|
||||
$message = "No upgraded libs linked in running processes\n" unless $params->{'quiet'};
|
||||
};
|
||||
|
||||
print $message,"\n";
|
||||
print $message;
|
||||
exit $exit;
|
||||
|
||||
Reference in New Issue
Block a user