From 2e7e98e81256ac876694e02b8c13a0d16244f033 Mon Sep 17 00:00:00 2001 From: Chl Date: Sat, 7 Aug 2021 16:22:27 +0200 Subject: [PATCH] nagios: add quick dnssec validation check --- nagios/check_dns_quickcheck_dnssec.sh | 76 +++++++++++++++++++++++++++ nagios/etc/73_check-dns.cfg | 3 ++ 2 files changed, 79 insertions(+) create mode 100755 nagios/check_dns_quickcheck_dnssec.sh diff --git a/nagios/check_dns_quickcheck_dnssec.sh b/nagios/check_dns_quickcheck_dnssec.sh new file mode 100755 index 0000000..64e2c22 --- /dev/null +++ b/nagios/check_dns_quickcheck_dnssec.sh @@ -0,0 +1,76 @@ +#!/bin/sh + +# Quick and dirty script around delv + +# Stop on any uncaucht error +set -e + +# Initialization +OUTPUT_EXIT_STATUS=0 +OUTPUT_DETAIL_OK="" +OUTPUT_DETAIL_CRITICAL="" +LOGGER="" + +# +# Help function +# +usage() { + cat </dev/null 2>&1; then + echo "UNKNOWN 'delv' not found." + exit 3 +fi + +if [ -z "$LOGGER" ] && which logger >/dev/null 2>&1; then + LOGGER="logger" +fi + +# +# Gestion des paramètres +# +while getopts hd: f; do + case "$f" in + 'h') + usage + exit + ;; + + 'd') + OUTPUT="$( delv +vtrace "$OPTARG" soa 2>&1 )" + if ! echo "$OUTPUT" | grep "^; fully validated" >/dev/null 2>&1; then + [ -z "$LOGGER" ] || echo "$OUTPUT" | $LOGGER + OUTPUT_DETAIL_CRITICAL="$OUTPUT_DETAIL_CRITICAL $OPTARG" + OUTPUT_EXIT_STATUS=2 + else + OUTPUT_DETAIL_OK="$OUTPUT_DETAIL_OK $OPTARG" + fi + ;; + + \?) + usage + exit 1 + ;; + esac +done + + +case "$OUTPUT_EXIT_STATUS" in + '0') + if [ -z "$OUTPUT_DETAIL_OK" ]; then + OUTPUT_DETAIL_OK=" (no domains tested)" + fi + printf "OK%s\n" "$OUTPUT_DETAIL_OK" + ;; + + '2') + printf "CRITICAL%s\n" "$OUTPUT_DETAIL_CRITICAL" + ;; +esac + +exit "$OUTPUT_EXIT_STATUS" diff --git a/nagios/etc/73_check-dns.cfg b/nagios/etc/73_check-dns.cfg index 7bd075c..803e78f 100644 --- a/nagios/etc/73_check-dns.cfg +++ b/nagios/etc/73_check-dns.cfg @@ -2,6 +2,9 @@ # dont on a la charge command[check_dns_zone_rrsig_examplenet]=/usr/local/share/scripts-admin/nagios/check_zone_rrsig_expiration -W 10 -C 3 -Z example.net +# Commande vérifiant (rapidement) la délégation DNSSEC +command[check_dns_dnssec_validation]=/usr/local/share/scripts-admin/nagios/check_dns_quickcheck_dnssec.sh -d example.com -d example.net + # + validité des noms de domaines command[check_whois]=/usr/local/share/scripts-admin/nagios/check_whois -w 30d -c 10d example.net example.com example.org