nagios: add quick dnssec validation check

nagios/check_dns_quickcheck_dnssec.sh

@@ -0,0 +1,76 @@
+#!/bin/sh
+
+# Quick and dirty script around delv
+
+# Stop on any uncaucht error
+set -e
+
+# Initialization
+OUTPUT_EXIT_STATUS=0
+OUTPUT_DETAIL_OK=""
+OUTPUT_DETAIL_CRITICAL=""
+LOGGER=""
+
+#
+# Help function
+#
+usage() {
+	cat <<EOF
+Usage:
+  $0 -d example.net
+  $0 -h            (this help output)
+EOF
+}
+
+if ! which delv >/dev/null 2>&1; then
+	echo "UNKNOWN 'delv' not found."
+	exit 3
+fi
+
+if [ -z "$LOGGER" ] && which logger >/dev/null 2>&1; then
+	LOGGER="logger"
+fi
+
+#
+# Gestion des paramètres
+#
+while getopts hd: f; do
+	case "$f" in
+		'h')
+			usage
+			exit
+			;;
+
+		'd')
+			OUTPUT="$( delv +vtrace "$OPTARG" soa 2>&1 )"
+			if ! echo "$OUTPUT" | grep "^; fully validated" >/dev/null 2>&1; then
+				[ -z "$LOGGER" ] || echo "$OUTPUT" | $LOGGER
+				OUTPUT_DETAIL_CRITICAL="$OUTPUT_DETAIL_CRITICAL $OPTARG"
+				OUTPUT_EXIT_STATUS=2
+			else
+				OUTPUT_DETAIL_OK="$OUTPUT_DETAIL_OK $OPTARG"
+			fi
+			;;
+
+		\?)
+			usage
+			exit 1
+			;;
+	esac
+done
+
+
+case "$OUTPUT_EXIT_STATUS" in
+	'0')
+		if [ -z "$OUTPUT_DETAIL_OK" ]; then
+			OUTPUT_DETAIL_OK=" (no domains tested)"
+		fi
+		printf "OK%s\n" "$OUTPUT_DETAIL_OK"
+		;;
+
+	'2')
+		printf "CRITICAL%s\n" "$OUTPUT_DETAIL_CRITICAL"
+		;;
+esac
+
+exit "$OUTPUT_EXIT_STATUS"

nagios/etc/73_check-dns.cfg

@@ -2,6 +2,9 @@
 # dont on a la charge
 command[check_dns_zone_rrsig_examplenet]=/usr/local/share/scripts-admin/nagios/check_zone_rrsig_expiration -W 10 -C 3 -Z example.net
 
+# Commande vérifiant (rapidement) la délégation DNSSEC
+command[check_dns_dnssec_validation]=/usr/local/share/scripts-admin/nagios/check_dns_quickcheck_dnssec.sh -d example.com -d example.net
+
 # + validité des noms de domaines
 command[check_whois]=/usr/local/share/scripts-admin/nagios/check_whois -w 30d -c 10d example.net example.com example.org