jackbenny/nagios
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new checks

Browse Source
This commit is contained in:
Moritz Rudert (helios) 2013-01-20 18:06:00 +01:00
parent 46ef150932
commit 9e5842723d
7 changed files with 175 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
check_git_status Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
# Copyright © 2010 by Daniel Friesel <derf@chaosdorf.de>
# License: WTFPL:
# 0. You just DO WHAT THE FUCK YOU WANT TO.
#
# You probably need to run this check via sudo. For /etc,
# > nagios ALL=(root) NOPASSWD: /usr/local/lib/nagios/plugins/check_git_status /etc
# should do the job.
REPO="${1}"
if [ -z "${REPO}" -o ! -d "${REPO}" ]
then
echo 'No repo specified or no such repo';
exit 3
fi
cd "${REPO}" || exit 3
if [ -z "$(git ls-files --modified --deleted --others --exclude-standard)" ]
then
echo "No uncommited changes in ${REPO}"
exit 0
else
echo "Uncommited changes in ${REPO}"
exit 1
fi

111
check_libs
View File

@ -1,6 +1,7 @@
#!/usr/bin/suidperl #!/usr/bin/perl -w
# Copyright (C) 2005, 2006, 2007, 2008 Peter Palfrader <peter@palfrader.org> # Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter@palfrader.org>
# 2012 Uli Martens <uli@youam.net>
# #
# Permission is hereby granted, free of charge, to any person obtaining # Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the # a copy of this software and associated documentation files (the
@ -24,13 +25,12 @@
use strict; use strict;
use English; use English;
use Getopt::Long; use Getopt::Long;
use List::Util qw(sum);
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $LSOF = '/usr/bin/lsof'; my $LSOF = '/usr/bin/lsof -F0';
my $VERSION = '0.0.0'; my $VERSION = '0.2012042101';
# nagios exit codes # nagios exit codes
my $OK = 0; my $OK = 0;
@ -39,6 +39,7 @@ my $CRITICAL = 2;
my $UNKNOWN = 3; my $UNKNOWN = 3;
my $params; my $params;
my $config;
Getopt::Long::config('bundling'); Getopt::Long::config('bundling');
@ -50,22 +51,59 @@ sub dief {
if (!GetOptions ( if (!GetOptions (
'--help' => \$params->{'help'}, '--help' => \$params->{'help'},
'--version' => \$params->{'version'}, '--version' => \$params->{'version'},
'--quiet' => \$params->{'quiet'},
'--verbose' => \$params->{'verbose'}, '--verbose' => \$params->{'verbose'},
'--config=s' => \$params->{'config'},
)) { )) {
dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose]\n"); dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
}; };
if ($params->{'help'}) { if ($params->{'help'}) {
print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose]\n"; print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n";
print "Reports processes that are linked against libraries that no longer exist.\n"; print "Reports processes that are linked against libraries that no longer exist.\n";
print "The optional config file can specify ignore rules - see the sample config file.\n";
exit (0); exit (0);
}; };
if ($params->{'version'}) { if ($params->{'version'}) {
print "nagios-check-libs $VERSION\n"; print "nagios-check-libs $VERSION\n";
print "nagios check for availability of debian (security) updates\n"; print "nagios check for availability of debian (security) updates\n";
print "Copyright (c) 2005 Peter Palfrader <peter\@palfrader.org>\n"; print "Copyright (c) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter\@palfrader.org>\n";
exit (0); exit (0);
}; };
if (! defined $params->{'config'}) {
$params->{'config'} = '/etc/nagios/check_libs.cfg';
} elsif (! -e $params->{'config'}) {
dief("Config file $params->{'config'} does not exist.\n");
}
if (-e $params->{'config'}) {
eval "use YAML::Syck; 1" or dief "you need YAML::Syck (libyaml-syck-perl) to load a config file";
open(my $fh, '<', $params->{'config'}) or dief "Cannot open config file $params->{'config'}: $!";
$config = LoadFile($fh);
close($fh);
if (!(ref($config) eq "HASH")) {
dief("Loaded config is not a hash!\n");
}
} else {
$config = {
'ignorelist' => [
'$path =~ m#^/proc/#',
'$path =~ m#^/var/tmp/#',
'$path =~ m#^/SYS#',
'$path =~ m#^/drm$# # xserver stuff',
'$path =~ m#^/dev/zero#',
'$path =~ m#^/dev/shm/#',
]
};
}
if (! exists $config->{'ignorelist'}) {
$config->{'ignorelist'} = [];
} elsif (! (ref($config->{'ignorelist'}) eq 'ARRAY')) {
dief("Config->ignorelist is not an array!\n");
}
my %processes; my %processes;
sub getPIDs($$) { sub getPIDs($$) {
@ -78,7 +116,7 @@ sub getProcs($) {
return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} })); return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} }));
}; };
sub getUsers() { sub getUsers() {
return join("\n", (map { $_.": ".getProcs($_) } (sort {$a cmp $b} keys %processes))); return join('; ', (map { $_.': '.getProcs($_) } (sort {$a cmp $b} keys %processes)));
}; };
sub inVserver() { sub inVserver() {
my ($f, $key); my ($f, $key);
@ -104,48 +142,57 @@ sub inVserver() {
my $INVSERVER = inVserver(); my $INVSERVER = inVserver();
print STDERR "Running $LSOF -n\n" if $params->{'verbose'}; print STDERR "Running $LSOF -n\n" if $params->{'verbose'};
open (LSOF, "$LSOF +c 0 -n|") or dief ("Cannot run $LSOF -n: $!\n"); open (LSOF, "$LSOF -n|") or dief ("Cannot run $LSOF -n: $!\n");
my @lsof=<LSOF>; my @lsof=<LSOF>;
close LSOF; close LSOF;
if ($CHILD_ERROR) { # program failed if ($CHILD_ERROR) { # program failed
dief("$LSOF +c 0 -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); dief("$LSOF -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
}; };
my $sum = 0; my ($process, $pid, $user);
LINE: for my $line (@lsof) {
if ( $line =~ /^p/ ) {
my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
$process = $fields{c};
$pid = $fields{p};
$user = $fields{L};
next;
}
for my $line (@lsof) { unless ( $line =~ /^f/ ) {
if ($line =~ m/\.dpkg-/ || $line =~ m/path inode=/ || $line =~ m/ DEL /) { dief("UNKNOWN strange line read from lsof\n");
# don't print it because it contains NULL characters...
}
# XXX Hotfix: Arch Linux lsof seems to print two PIDs sometimes my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
$line =~ s/^\S+\s+\d+\K\s+\d+//;
my ($process, $pid, $user, undef, undef, undef, undef, $path, $rest) = split /\s+/, $line; my $fd = $fields{f};
next if $path =~ m#^/proc/#; my $inode = $fields{i};
next if $path =~ m#^/var/tmp/#; my $path = $fields{n};
next if $path =~ m#^/SYS#; if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $fd eq 'DEL') {
next if $path =~ m#^/dev/zero#; for my $i (@{$config->{'ignorelist'}}) {
next if $path =~ m#^/dev/shm/#; my $ignore = eval($i);
next if $path =~ m#^/home/#; next LINE if $ignore;
next if $path =~ m#^/var/kunden/mail/#; }
next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root')); next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root'));
#$processes{$user}->{$process} = [] unless defined $processes{$user}->{$process}; if ( $params->{'verbose'} ) {
if ($processes{$user}->{$process}->{$pid} == 0) { print STDERR "adding $process($pid) because of [$path]:\n";
$sum++; print STDERR $line;
}; }
$processes{$user}->{$process}->{$pid} = 1; $processes{$user}->{$process}->{$pid} = 1;
}; };
}; };
my $message; my $message='';
my $exit = $OK; my $exit = $OK;
if (keys %processes) { if (keys %processes) {
$exit = $WARNING; $exit = $WARNING;
$message = "WARNING - ".$sum." processes are using old libs\nThe following processes have libs linked that were upgraded:\n". getUsers(); $message = 'The following processes have libs linked that were upgraded: '. getUsers()."\n";
} else { } else {
$message = 'No upgraded libs linked in running processes'; $message = "No upgraded libs linked in running processes\n" unless $params->{'quiet'};
}; };
print $message,"\n"; print $message;
exit $exit; exit $exit;

9
check_libs.cfg Normal file
View File

@ -0,0 +1,9 @@
---
ignorelist:
- '$path =~ m#^/proc/#'
- '$path =~ m#^/var/tmp/#'
- '$path =~ m#^/SYS#'
- '$path =~ m#^/drm$# # xserver stuff'
- '$path =~ m#^/dev/zero#'
- '$path =~ m#^/dev/shm/#'
# vim:syn=yaml

22
check_lts_release
View File

@ -2,26 +2,26 @@
declare status=0 declare status=0
distribution=`lsb_release -is`
release=`lsb_release -cs`
if ! which lsb_release >/dev/null; then if ! which lsb_release >/dev/null; then
status=1 status=3
error="" error=""
else else
distribution="$(lsb_release -is)"
release="$(lsb_release -cs)"
case "$distribution" in case "$distribution" in
Debian) Debian)
case "$release" in case "$release" in
bo) bo)
status=1 status=2
error="EOL of $release is absolutely expired." error="EOL of $release is absolutely expired."
;; ;;
rex) rex)
status=1 status=2
error="EOL of $release is absolutely expired." error="EOL of $release is absolutely expired."
;; ;;
buzz) buzz)
status=1 status=2
error="EOL of $release is absolutely expired." error="EOL of $release is absolutely expired."
;; ;;
hamm) hamm)
@ -49,7 +49,7 @@ else
status=0 status=0
;; ;;
*) *)
status=1 status=3
error="Release ($release) unknown in script." error="Release ($release) unknown in script."
;; ;;
esac esac
@ -105,7 +105,7 @@ else
exp_date="20170401" exp_date="20170401"
;; ;;
*) *)
status=1 status=3
error="Release ($release) unknown in script." error="Release ($release) unknown in script."
;; ;;
esac esac
@ -117,7 +117,7 @@ else
error="ArchLinux is a rolling release distribution. So no release updates are required." error="ArchLinux is a rolling release distribution. So no release updates are required."
;; ;;
*) *)
status=1 status=3
error="Distribution ($distribution) unknown in script." error="Distribution ($distribution) unknown in script."
;; ;;
esac esac
@ -128,7 +128,7 @@ fi
if [ $status -eq 0 ]; then if [ $status -eq 0 ]; then
if [ -n "$exp_date" ]; then if [ -n "$exp_date" ]; then
if [ "$exp_date" -lt "$(date +%Y%m%d)" ]; then if [ "$exp_date" -lt "$(date +%Y%m%d)" ]; then
status=1 status=2
error="EOL of $release has expired ($(date -d "$exp_date" +%d.%m.%Y))." error="EOL of $release has expired ($(date -d "$exp_date" +%d.%m.%Y))."
else else
error="EOL of $release has not expired ($(date -d "$exp_date" +%d.%m.%Y))." error="EOL of $release has not expired ($(date -d "$exp_date" +%d.%m.%Y))."

32
check_nodejs_freshness Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
node_homepage="http://nodejs.org/download/"
node_bin="node"
[ -n "$1" ] && node_bin="$1"
error=""
local_version="$($node_bin -v 2>/dev/null)"
remote_version="$(wget -q -O - -- $node_homepage | grep 'Current version:' | sed -e 's/<[a-zA-Z\/][^>]*>//g' | sed 's/^ *//g' | sed 's/ $//g' | awk '{ print $3 }')"
if [ -z "$local_version" ]; then
error="could not determine local node.js version"
errcode=1
elif [ -z "$remote_version" ]; then
error="could not determine remote node.js version"
errcode=1
else
if [ "$local_version" != "$remote_version" ]; then
error="local node.js version is not up to date ($local_version vs. $remote_version)"
errcode=2
fi
fi
if [ "$error" != "" ]; then
echo -e "ERROR: $error"
exit $errcode
else
echo "OK: local node.js version is up to date"
exit 0
fi

17
check_rkhunter Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
if [ ! -f /etc/rkhunter.conf ]; then
error="rkhunter.conf not found. So probably rkhunter is not installed!"
status=1
else
error="rkhunter.conf found. So rkhunter is installed."
status=0
fi
if [ "$status" -eq 0 ]; then
echo "[OK] $error"
else
echo "[CRITICAL] $error"
fi
exit "$status"

13
check_tomcat_cluster
View File

@ -1,13 +0,0 @@
#!/bin/bash
port=31182
. /usr/lib/nagios/plugins/utils.sh
if lsof -i -n -P | grep jsvc | grep $port | grep -q ESTABLISHED; then
echo "[OK]"
exit $STATE_OK
else
echo "[CRITICAL] not connected"
exit $STATE_CRITICAL
fi