nagios: add check_glue_records.sh
This commit is contained in:
parent
7e971a5c76
commit
90a94aa61a
1 changed files with 138 additions and 0 deletions
138
nagios/check_glue_records.sh
Executable file
138
nagios/check_glue_records.sh
Executable file
|
@ -0,0 +1,138 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Small script to check that all servers behind the glue records :
|
||||||
|
# - are reachable (IPv4 and IPv6 alike),
|
||||||
|
# - show the same SOA record.
|
||||||
|
# GPL v3+
|
||||||
|
|
||||||
|
# Stop at the first non-catched error
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Output
|
||||||
|
OUTPUT_EXIT_STATUS=0
|
||||||
|
OUTPUT_DETAIL_OK=""
|
||||||
|
OUTPUT_DETAIL_WARNING=""
|
||||||
|
OUTPUT_DETAIL_CRITICAL=""
|
||||||
|
#OUTPUT_PERFDATA=""
|
||||||
|
|
||||||
|
# Defaults
|
||||||
|
CHECK_SOA=1
|
||||||
|
|
||||||
|
# For monitoring plugins
|
||||||
|
PROGPATH=$( echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,' )
|
||||||
|
REVISION="0.1"
|
||||||
|
|
||||||
|
# Include check_range()
|
||||||
|
. $PROGPATH/utils.sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# Help function
|
||||||
|
#
|
||||||
|
usage() {
|
||||||
|
cat <<EOF
|
||||||
|
Usage :
|
||||||
|
$0 [-sS] domain.com [[-sS] domain.net] ...
|
||||||
|
|
||||||
|
-s : don't check for SOA records discrepancies
|
||||||
|
-S : nevermind, do check for SOA discrepancies (default)
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# Some early checks
|
||||||
|
if ! which dig >/dev/null 2>&1 ; then
|
||||||
|
echo "UNKNOWN 'dig' not found"
|
||||||
|
exit $STATE_UNKNOWN
|
||||||
|
fi
|
||||||
|
|
||||||
|
# We loop until there is no more parameters, be it
|
||||||
|
# either options or domains
|
||||||
|
while [ "$#" -gt 0 ]; do
|
||||||
|
# Parameters management
|
||||||
|
while getopts hsS OPT; do
|
||||||
|
case "$OPT" in
|
||||||
|
'h')
|
||||||
|
usage
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
|
||||||
|
's')
|
||||||
|
CHECK_SOA=0;
|
||||||
|
;;
|
||||||
|
|
||||||
|
'S')
|
||||||
|
CHECK_SOA=1;
|
||||||
|
;;
|
||||||
|
|
||||||
|
\?)
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
shift $( expr $OPTIND - 1 )
|
||||||
|
DOMAIN="$1"
|
||||||
|
shift
|
||||||
|
|
||||||
|
# Exit if no domain has been specified
|
||||||
|
# (it's kind of weird and I don't like it)
|
||||||
|
if [ -z "$DOMAIN" ]; then
|
||||||
|
echo "UNKNOWN: no domain tested."
|
||||||
|
exit $STATE_UNKNOWN
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get the TLD of the domain (example.net -> net)
|
||||||
|
TLD="$( echo "$DOMAIN" | sed 's/[^.]*\.\([^.]\)/\1/' )"
|
||||||
|
# ...and get one random server for this TLD
|
||||||
|
NS_TLD="$( dig +short "$TLD" NS | sort -R | tail -n 1 )"
|
||||||
|
|
||||||
|
# Query this TLD server on our domain and loop on each IP address "additionally"
|
||||||
|
# given, aka. the glue records
|
||||||
|
LIST_IP_NS_SERVERS="$( dig +norec +nocomments +noquestion +nostats +nocmd @"$NS_TLD" "$DOMAIN" NS | sed -n 's/.*IN[[:space:]]\+\(A\|AAAA\)[[:space:]]\+\(.*\)$/\2/p' )"
|
||||||
|
for IPADDR in $LIST_IP_NS_SERVERS; do
|
||||||
|
# Query our server
|
||||||
|
OUTPUT=$( dig @"$IPADDR" $DOMAIN SOA +short 2>&1 )
|
||||||
|
if [ "$?" -eq 0 ]; then
|
||||||
|
# The server responded, store the SOA for later analyze
|
||||||
|
LIST_SOA="$( printf "%s\n%s" "$LIST_SOA" "$OUTPUT" | grep -v "^$" )"
|
||||||
|
else
|
||||||
|
# No response ?
|
||||||
|
if [ "$OUTPUT_EXIT_STATUS" -ne $STATE_CRITICAL ]; then
|
||||||
|
OUTPUT_DETAIL_CRITICAL="Problematic server behind IP"
|
||||||
|
OUTPUT_EXIT_STATUS=$STATE_CRITICAL
|
||||||
|
fi
|
||||||
|
OUTPUT_DETAIL_CRITICAL="$OUTPUT_DETAIL_CRITICAL $IPADDRESS"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Check that SOA records are all the same
|
||||||
|
if [ "$CHECK_SOA" -ne 0 ] && [ "$OUTPUT_EXIT_STATUS" -ne "$STATE_CRITICAL" ] && [ "$( echo "$LIST_SOA" | uniq | wc -l )" -ne 1 ]; then
|
||||||
|
OUTPUT_EXIT_STATUS=$STATE_WARNING
|
||||||
|
OUTPUT_DETAIL_WARNING="SOA records discrepancies for domain $DOMAIN : $LIST_SOA"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clean up after each domain
|
||||||
|
unset LIST_SOA
|
||||||
|
OUTPUT_DETAIL_OK="$OUTPUT_DETAIL_OK $DOMAIN"
|
||||||
|
done
|
||||||
|
|
||||||
|
case "$OUTPUT_EXIT_STATUS" in
|
||||||
|
'0')
|
||||||
|
printf "OK%s" "$OUTPUT_DETAIL_OK"
|
||||||
|
;;
|
||||||
|
'1')
|
||||||
|
printf "WARNING %s" "$OUTPUT_DETAIL_WARNING"
|
||||||
|
;;
|
||||||
|
'2')
|
||||||
|
printf "CRITICAL %s" "$OUTPUT_DETAIL_CRITICAL"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf "UNKNOWN"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Perfdata
|
||||||
|
#printf "|%s\n" "$OUTPUT_PERFDATA"
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
# Exit with return status
|
||||||
|
exit $OUTPUT_EXIT_STATUS
|
Loading…
Reference in a new issue