chl
/
scripts-admin-quickndirty-public
1
0
Fork 0
Code Wiki

Commit initial: récupération et tri rapide

This commit is contained in:
Chl 2019-07-23 22:28:09 +02:00
commit a52829f96c
104 changed files with 11892 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile-dnssec-nsec3 Normal file
View File

@ -0,0 +1,15 @@
# For NSEC3 records, we need 8 random bytes, which means a 16 hexa string
SALT := $(shell dd if=/dev/random bs=13 count=1 2>/dev/null | hexdump -v -e '"%02x"' | cut -c 1-16 )
# There's no easy way to know if bind has been reloaded
# after the .signed file has been generated so it will
# always reload actually.
reload: db.*.signed
service bind9 reload
# Ou nsdc rebuild && nsdc reload pour NSD
db.%.signed: db.%
@echo Signing requires a lot of entropy in /dev/random, do not hesitate to load the machine...
# 5356800 seconds = two months of validity
#dnssec-signzone -e +5356800 $^
dnssec-signzone -e +7776000 -o $* -K ../keys/ -3 $(SALT) $^

13
apt-conf-proxy.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
# À utiliser en mettant la ligne suivante dans le fichier : /etc/apt/apt.conf.d/44proxy
# Acquire::http::Proxy-Auto-Detect "/usr/local/share/scripts-admin/apt-conf-proxy.sh";
PROXY_HOST=apt-proxy.example.net
PROXY_PORT=3142
if nc -zw1 $PROXY_HOST $PROXY_PORT 2>/dev/null >/dev/null; then
echo http://$PROXY_HOST:$PROXY_PORT/
else
echo DIRECT
fi

12
fail2ban-mail-nocommand-dirty.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
# Création de la chaîne si elle n'existe pas
iptables-save | grep auth2ban >/dev/null 2>&1 || ( iptables -N auth2ban ; iptables -I INPUT 2 -j auth2ban )
# Vidange
iptables -F auth2ban
# Remplissage
tail -n 3000 /var/log/syslog | grep "did not issue MAIL/EXPN/VRFY/ETRN during connection" | sed -n 's/.*\[\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)\] .*/\1/p' | sort | uniq -c | grep -v "^[[:space:]]*1 " | awk '{ print $2 }' | while read LINE; do
iptables -A auth2ban -s "$LINE" -j DROP
done

83
hooks-git/mantis-filename-commitmsg_pre-receive Executable file
View File

@ -0,0 +1,83 @@
#!/bin/sh
# This pre-receive hook is meant to be put in the main
# repository of the project to detect if a commit follow
# the rule for database updates.
# For example, with the issue #123, second script :
# - adding the file scripts/script_123-2.sql
# - putting the filename in the commit msg for easier retrieval
# When encountering non-UTF8 messages commit, sed may fail.
LANG=C
# Small attemp at making this script portable...
PATH_SCRUTINIZED="scripts"
# We fail on all uncaught errors
# and it helps us transmit error status outside
# of the loops
set -e
while read LINE; do
oldrev="$( echo $LINE | cut -f 1 -d ' ' )"
newrev="$( echo $LINE | cut -f 2 -d ' ' )"
refname="$( echo $LINE | cut -f 3 -d ' ' )"
# We ignore refs/tags and refs/remotes
if ! echo "$refname" | grep "^refs/heads/" >/dev/null; then
continue
fi
# In case oldrev is "000000..."
if [ "$oldrev" = "0000000000000000000000000000000000000000" ]; then
period="$newrev"
else
period="$oldrev..$newrev"
fi
# We loop over each commit to check if they
# put a script file to the scripts/ directory
# without having the following format in the
# first line of the commit message :
# [NNNN-NN-SQL] blabla... bla...
git log --pretty=oneline "$period" -- "$PATH_SCRUTINIZED" | while read COMMIT; do
# Commit metadata extraction
commitsha="$( echo "$COMMIT" | sed 's/^\([^ ]\+\) \(.*\)$/\1/' )"
commitmsg="$( echo "$COMMIT" | sed 's/^\([^ ]\+\) \(.*\)$/\2/' )"
# Listing of files modified by commit
# (git diff-tree will escape tab and other shell-risky characters, but not spaces)
IFS="$( printf "\t\n" )"
for filename in $( git diff-tree --no-commit-id --name-only --root -r "$commitsha" ); do
if echo "$filename" | grep "^$PATH_SCRUTINIZED/script"; then
# Check the filename is well-formed
if ! echo "$filename" | egrep "^$PATH_SCRUTINIZED/script_[0-9]{4,5}-[0-9]{2}.(sql|php)$" >/dev/null; then
echo "check-scripts: nom de fichier non conforme : $filename"
exit 1
fi
# Check the filename matches the commit message
mantis_number="$( echo "$filename" | sed -n 's#.*/script_\([0-9]\+\)-\([0-9]\+\).\(sql\|php\)#\1#p' )"
script_number="$( echo "$filename" | sed -n 's#.*/script_\([0-9]\+\)-\([0-9]\+\).\(sql\|php\)#\2#p' )"
extension="$( echo "$filename" | sed -n 's#.*/script_\([0-9]\+\)-\([0-9]\+\).\(sql\|php\)#\3#p' | tr "a-z" "A-Z" )"
if ! echo $commitmsg | grep "\[$mantis_number-$script_number-$extension\] " >/dev/null; then
echo "check-scripts: message de commit non conforme au script (filename : $filename) ($commitsha) : $commitmsg"
exit 1
fi
fi
done
# Inversely, for every commit message with the correct format, we
# check the matching file exists
if echo "$commitmsg" | egrep "^\[[0-9-]+[A-Z]{3}\]" >/dev/null; then
# Check the filename matches the commit message
mantis_number="$( echo "$commitmsg" | sed -n 's#^\[\([0-9]\{4,5\}\)-\([0-9]\{2\}\)-\(SQL\|PHP\)\] .*#\1#p' )"
script_number="$( echo "$commitmsg" | sed -n 's#^\[\([0-9]\{4,5\}\)-\([0-9]\{2\}\)-\(SQL\|PHP\)\] .*#\2#p' )"
extension="$( echo "$commitmsg" | sed -n 's#^\[\([0-9]\{4,5\}\)-\([0-9]\{2\}\)-\(SQL\|PHP\)\] .*#\3#p' | tr "A-Z" "a-z" )"
if [ -z "$mantis_number" ] || ! git diff-tree --no-commit-id --name-only --root -r "$commitsha" | grep "^$PATH_SCRUTINIZED/script_$mantis_number-$script_number.$extension$" >/dev/null; then
echo "check-scripts: aucun script SQL/PHP correspondant au message de commit ($commitsha) : $commitmsg"
exit 1
fi
fi
done
done

58
hooks-git/simple-php-checks_pre-commit Executable file
View File

@ -0,0 +1,58 @@
#!/bin/sh
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments. The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-commit".
if git rev-parse --verify HEAD >/dev/null 2>&1
then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi
# If you want to allow non-ASCII filenames set this variable to true.
allownonascii=$(git config --bool hooks.allownonascii)
# Redirect output to stderr.
exec 1>&2
# Cross platform projects tend to avoid non-ASCII filenames; prevent
# them from being added to the repository. We exploit the fact that the
# printable range starts at the space character and ends with tilde.
if [ "$allownonascii" != "true" ] &&
# Note that the use of brackets around a tr range is ok here, (it's
# even required, for portability to Solaris 10's /usr/bin/tr), since
# the square bracket bytes happen to fall in the designated range.
test $(git diff --cached --name-only --diff-filter=A -z $against |
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
then
cat <<\EOF
Error: Attempt to add a non-ASCII file name.
This can cause problems if you want to work with people on other platforms.
To be portable it is advisable to rename the file.
If you know what you are doing you can disable this check using:
git config hooks.allownonascii true
EOF
exit 1
fi
# Stop at any uncatched non-zero status
set -e
# If there are whitespace errors, print the offending file names and fail.
git diff-index --check --cached $against --
# PHP checks
echo "Checking PHP syntax (linting)..."
git diff-index --diff-filter=ACMRT --cached --name-only HEAD -- | egrep '\.php$|\.inc$' | xargs --no-run-if-empty -d "\n" -n 1 php -l
echo "Checking PHP CodeStyle..."
git diff-index --diff-filter=ACMRT --cached --name-only HEAD -- | egrep '\.php$|\.inc$' | xargs --no-run-if-empty -d "\n" phpcs --standard=phpcs.xml --extensions=php --ignore=autoload.php --ignore=bootstrap/cache/

11
hooks-git/website-cracra/post-receive Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# Stop on the first error
set -ex
export GIT_WORK_TREE=$GIT_DIR/..
# Theoretically, everything has been checked in the pre-receive hook
# and no local modification should go missing (at worst, there's the
# reflog)
git reset --hard

14
hooks-git/website-cracra/pre-receive Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
# Stop on the first error
set -ex
export GIT_WORK_TREE=$GIT_DIR/..
# Check for diff between the index and the staging area
git diff-index --quiet --cached HEAD --
# Check for diff between the working tree and the staging area
git diff-files --quiet
# No abandoned files
test -z "$( cd "$GIT_WORK_TREE" && GIT_WORK_TREE="$PWD" GIT_DIR="$GIT_WORK_TREE/.git" git --git-dir=.git ls-files --others )"

11
hooks-git/website-cracra/readme.txt Normal file
View File

@ -0,0 +1,11 @@
fr : Ces hooks permettent de mettre à jour un site web statique
directement via git push.
Il faut autoriser le "in place" dans le dépôt Git distant :
[receive]
denyCurrentBranch = ignore
en : Those hooks allow to update a static website directly with
a git push.
You need to allow 'in place' in the remote git repository :
[receive]
denyCurrentBranch = ignore

1130
mini-ap-wifi/launch-wifi-ap-hostapd.conf Normal file
View File

File diff suppressed because it is too large Load Diff

122
mini-ap-wifi/launch-wifi-ap-udhcpd.conf Normal file
View File

@ -0,0 +1,122 @@
# Sample udhcpd configuration file (/etc/udhcpd.conf)
# The start and end of the IP lease block
start 192.168.10.20 #default: 192.168.0.20
end 192.168.10.254 #default: 192.168.0.254
# The interface that udhcpd will use
interface wlan0 #default: eth0
# The maximim number of leases (includes addressesd reserved
# by OFFER's, DECLINE's, and ARP conficts
#max_leases 254 #default: 254
# If remaining is true (default), udhcpd will store the time
# remaining for each lease in the udhcpd leases file. This is
# for embedded systems that cannot keep time between reboots.
# If you set remaining to no, the absolute time that the lease
# expires at will be stored in the dhcpd.leases file.
#remaining yes #default: yes
# The time period at which udhcpd will write out a dhcpd.leases
# file. If this is 0, udhcpd will never automatically write a
# lease file. (specified in seconds)
#auto_time 7200 #default: 7200 (2 hours)
# The amount of time that an IP will be reserved (leased) for if a
# DHCP decline message is received (seconds).
#decline_time 3600 #default: 3600 (1 hour)
# The amount of time that an IP will be reserved (leased) for if an
# ARP conflct occurs. (seconds
#conflict_time 3600 #default: 3600 (1 hour)
# How long an offered address is reserved (leased) in seconds
#offer_time 60 #default: 60 (1 minute)
# If a lease to be given is below this value, the full lease time is
# instead used (seconds).
#min_lease 60 #defult: 60
# The location of the leases file
#lease_file /var/lib/misc/udhcpd.leases #defualt: /var/lib/misc/udhcpd.leases
# The location of the pid file
#pidfile /var/run/udhcpd.pid #default: /var/run/udhcpd.pid
# Everytime udhcpd writes a leases file, the below script will be called.
# Useful for writing the lease file to flash every few hours.
#notify_file #default: (no script)
#notify_file dumpleases # <--- useful for debugging
# The following are bootp specific options, setable by udhcpd.
#siaddr 192.168.0.22 #default: 0.0.0.0
#sname zorak #default: (none)
#boot_file /var/nfs_root #default: (none)
# The remainer of options are DHCP options and can be specifed with the
# keyword 'opt' or 'option'. If an option can take multiple items, such
# as the dns option, they can be listed on the same line, or multiple
# lines. The only option with a default is 'lease'.
#Examles
#opt dns 8.8.8.8 4.4.4.4
# FDN open DNS resolvers
opt dns 80.67.169.12 80.67.169.40
option subnet 255.255.255.0
opt router 192.168.10.2
option lease 864000 # 10 days of seconds
# Currently supported options, for more info, see options.c
#opt subnet
#opt timezone
#opt router
#opt timesrv
#opt namesrv
#opt dns
#opt logsrv
#opt cookiesrv
#opt lprsrv
#opt bootsize
#opt domain
#opt swapsrv
#opt rootpath
#opt ipttl
#opt mtu
#opt broadcast
#opt wins
#opt lease
#opt ntpsrv
#opt tftp
#opt bootfile
#opt wpad
# Static leases map
#static_lease 00:60:08:11:CE:4E 192.168.0.54
#static_lease 00:60:08:11:CE:3E 192.168.0.44

28
mini-ap-wifi/launch-wifi-ap.sh Executable file
View File

@ -0,0 +1,28 @@
#!/bin/sh
ifconfig wlan0 192.168.10.2 netmask 255.255.255.0
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
udhcpd -f -S launch-wifi-ap-udhcpd.conf &
DHCPD_PID="$!"
hostapd ~/launch-wifi-ap-hostapd.conf &
HOSTAPD_PID="$!"
sleep 5
echo
echo
echo "Appuyer sur Entree pour quitter..."
read LINE
kill -2 "$DHCPD_PID"
kill -2 "$HOSTAPD_PID"
# Nettoyage
iptables -t nat -D POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
echo 0 >/proc/sys/net/ipv4/ip_forward
ifconfig wlan0 down

263
nagios/check_apache_access_log.pl Executable file
View File

@ -0,0 +1,263 @@
#!/usr/bin/perl
# This perl script is an adaptation of logtail2 to parse
# Apache access logs.
# I know it's generally preferrable to require and call
# the original instead of forking and risking of not maintaining
# it but logtail is fairly simple and, since logtail2 is not always
# installed and somtimes not even packaged in distributions,
# it simplify deployment.
# TODO: call logtail2 if available ?
# Copyright (C) 2003 Jonathan Middleton <jjm@ixtab.org.uk
# Copyright (C) 2001 Paul Slootman <paul@debian.org>
# This file is part of Logcheck.
# Logcheck is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# Logcheck is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with Logcheck; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
use strict;
use warnings;
use Getopt::Long;
use File::Basename;
use Digest::MD5 qw(md5_hex);
my ($size, $logfile, $offsetfile, @listingLogfiles, @listingOffsetfiles, $key, $firstTimeReading);
# (problems with including utils.pm)
my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
my $TMP_DIR = '/tmp';
my %opts = ();
my %outputCpt = (
'2XX' => 0,
'3XX' => 0,
'403' => 0,
'404' => 0,
'4XX' => 0,
'500' => 0,
'5XX' => 0,
'others' => 0, # other (1XX) and strange things
);
my ($outputTotalCpt) = 0;
my ($outputTotalBandwith) = 0;
# process args and switches
my ($TEST_MODE) = 0;
# When we discover a file for the first time,
# we don't do the count and just mark the position
# for the next time
my ($COUNT_FIRST_READ_CATCHING_UP) = 0;
GetOptions(
'file=s' => \@listingLogfiles,
'even-catch-up' => \$COUNT_FIRST_READ_CATCHING_UP,
'test-mode' => \$TEST_MODE,
);
sub print_from_offset {
my ($filename, $offset) = @_;
# this subroutine prints the contents of the file named $filename,
# starting offset $offset.
#print "print_from_offset $filename, $offset\n";
unless (open(LOGFILE, $filename)) {
print "File $logfile cannot be read: $!\n";
exit $ERRORS{UNKNOWN};
}
seek(LOGFILE, $offset, 0);
while (<LOGFILE>) {
if ($_ =~ /^([[:xdigit:].:]+) (.+) (.+) (\[[[:alnum:]\/:]+ \+[[:digit:]]{4}\]) (".*") ([[:digit:]]{3}) ([[:digit:]]+) "(.*)" "(.*)"$/) {
#We ignore some IP address
next if ($1 eq '::1' or $1 eq '127.0.0.1' or $1 eq '2a01:e35:2ef3:b360::abac:22' or $1 eq '192.168.0.34');
if ($6 >= 200 && $6 < 300) {
++$outputCpt{'2XX'};
} elsif ($6 >= 300 && $6 < 400) {
++$outputCpt{'3XX'};
} elsif ($6 == 403) {
++$outputCpt{'403'};
} elsif ($6 == 404) {
++$outputCpt{'404'};
} elsif ($6 >= 400 && $6 < 500) {
++$outputCpt{'4XX'};
} elsif ($6 == 500) {
++$outputCpt{'500'};
} elsif ($6 >= 500 && $6 < 600) {
++$outputCpt{'5XX'};
} else {
++$outputCpt{'others'};
}
$outputTotalBandwith += $7;
} else {
++$outputCpt{'others'};
}
}
$size = tell LOGFILE;
close LOGFILE;
return $size;
}
sub mtime {
my ($filename) = @_;
my $mtime = 0;
unless (-e $filename && ($mtime = ((stat($filename))[8])) ) {
print STDERR "Cannot get $filename mtime: $!\n";
exit 65;
}
return $mtime;
}
sub inode {
my ($filename) = @_;
my $inode = 0;
unless (-e $filename && ($inode = ((stat($filename))[1])) ) {
print STDERR "Cannot get $filename inode: $!\n";
exit 65;
}
return $inode;
}
sub get_directory_contents {
my ($filename) = @_;
my $dirname = dirname($filename);
unless (opendir(DIR, $dirname)) {
print STDERR "Cannot open directory $dirname: $!\n";
exit 65;
}
my @direntries = readdir(DIR);
closedir DIR;
return @direntries;
}
sub determine_rotated_logfile {
my ($filename,$inode) = @_;
my $rotated_filename;
# this subroutine tries to guess to where a given log file was
# rotated. Its magic is mainly taken from logcheck's logoutput()
# function with dateext magic added.
#print "determine_rotated_logfile $filename $inode\n";
for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
my $func = do $codefile;
if (!$func) {
print STDERR "cannot compile $codefile: $!";
exit 68;
}
$rotated_filename = $func->($filename);
last if $rotated_filename;
}
#if ($rotated_filename) {
# print "rotated_filename $rotated_filename (". inode($rotated_filename). ")\n";
#} else {
# print "no rotated file found\n";
#}
if ($rotated_filename && -e "$rotated_filename" && inode($rotated_filename) == $inode) {
return $rotated_filename;
} else {
return "";
}
}
foreach $logfile (@listingLogfiles) {
my ($inode, $ino, $offset) = (0, 0, 0);
if (! -f $logfile) {
print "File $logfile cannot be read: $!\n";
exit $ERRORS{UNKNOWN};
}
# We generate a unique offset filename
$offsetfile = $TMP_DIR . '/nagios-logtail.' . md5_hex($logfile) . '.offset';
$firstTimeReading = 0;
if (! -f $offsetfile) {
open(OFFSET, ">", $offsetfile);
chmod 0600, $offsetfile;
if (($ino,$size) = (stat($logfile))[1,7]) {
# Unless we care about the historic before the
# first call of this script, we just skip it.
if ($COUNT_FIRST_READ_CATCHING_UP) {
$size = 0;
}
print OFFSET "$ino\n$size\n";
}
close OFFSET;
}
if ($offsetfile) {
# If offset file exists, open and parse it.
if (open(OFFSET, $offsetfile)) {
$_ = <OFFSET>;
if (defined $_) {
chomp $_;
$inode = $_;
$_ = <OFFSET>;
if (defined $_) {
chomp $_;
$offset = $_;
}
}
}
# determine log file inode and size
unless (($ino,$size) = (stat($logfile))[1,7]) {
print "Cannot get $logfile file size: $!\n";
exit $ERRORS{UNKNOWN};
}
if ($inode == $ino) {
# inode is still the same
next if $offset == $size; # short cut
if ($offset > $size) {
$offset = 0;
print "(warning: possible tampering on $logfile) "
}
}
if ($inode != $ino) {
# this is the interesting case: inode has changed.
# So the file might have been rotated. We need to print the
# entire file.
# Additionally, we might want to see whether we can find the
# previous instance of the file and to process it from here.
#print "inode $inode, ino $ino\n";
my $rotatedfile = determine_rotated_logfile($logfile,$inode);
if ( $rotatedfile && ! $firstTimeReading) {
print_from_offset($rotatedfile,$offset);
}
# print the actual file from beginning
$offset = 0;
}
}
$size = print_from_offset($logfile,$offset);
# update offset, unless test mode
unless ($TEST_MODE) {
unless (open(OFFSET, ">", $offsetfile)) {
print STDERR "File $offsetfile cannot be created. Check your permissions: $!\n";
exit 73;
}
print OFFSET "$ino\n$size\n";
close OFFSET;
}
}
# printing results
print "OK|";
foreach $key (sort keys %outputCpt) {
print "'" . $key . "'=" . $outputCpt{$key} . ";;;; "
}
print "'total bandwidth'=" . $outputTotalBandwith . "B;;;;\n";
exit $ERRORS{'OK'};

1
nagios/check_apache_serverstatus.check_commands Normal file
View File

@ -0,0 +1 @@
DATATYPE = GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,GAUGE,COUNTER,COUNTER,GAUGE

155
nagios/check_apache_serverstatus.php Normal file
View File

@ -0,0 +1,155 @@
<?php
#
# The MIT License (MIT)
#
# Copyright (c) 2016 Steffen Schoch - dsb it services GmbH & Co. KG
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#
# Feel free to contact me via email: schoch@dsb-its.net
#
# 2016-01-## schoch - 1.0 - Init...
// Process-Informationen
$opt[1] = " --vertical-label \"Anzahl\" --title \"Apache Server-Status for $hostname\" --lower-limit 0 ";
$ds_name[1] = 'Server-Status';
// Scoreboard to var1 - var11
$def[1] = "DEF:var1=$RRDFILE[16]:$DS[16]:AVERAGE " ;
$def[1] .= "DEF:var2=$RRDFILE[13]:$DS[13]:AVERAGE " ;
$def[1] .= "DEF:var3=$RRDFILE[10]:$DS[10]:AVERAGE " ;
$def[1] .= "DEF:var4=$RRDFILE[12]:$DS[12]:AVERAGE " ;
$def[1] .= "DEF:var5=$RRDFILE[8]:$DS[8]:AVERAGE " ;
$def[1] .= "DEF:var6=$RRDFILE[4]:$DS[4]:AVERAGE " ;
$def[1] .= "DEF:var7=$RRDFILE[3]:$DS[3]:AVERAGE " ;
$def[1] .= "DEF:var8=$RRDFILE[9]:$DS[9]:AVERAGE " ;
$def[1] .= "DEF:var9=$RRDFILE[6]:$DS[6]:AVERAGE " ;
$def[1] .= "DEF:var10=$RRDFILE[7]:$DS[7]:AVERAGE " ;
$def[1] .= "DEF:var11=$RRDFILE[5]:$DS[5]:AVERAGE " ;
// WAIT
$def[1] .= "AREA:var1#ff0000:\"Waiting for connection \":STACK ";
$def[1] .= "GPRINT:var1:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var1:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var1:MAX:\"%4.0lf max\\n\" " ;
// START
$def[1] .= "AREA:var2#FF8000:\"Starting up \":STACK ";
$def[1] .= "GPRINT:var2:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var2:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var2:MAX:\"%4.0lf max\\n\" " ;
// READ
$def[1] .= "AREA:var3#ffff00:\"Reading Request \":STACK ";
$def[1] .= "GPRINT:var3:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var3:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var3:MAX:\"%4.0lf max\\n\" " ;
// SEND
$def[1] .= "AREA:var4#00FF80:\"Sending Reply \":STACK ";
$def[1] .= "GPRINT:var4:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var4:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var4:MAX:\"%4.0lf max\\n\" " ;
// KEEPALIVE
$def[1] .= "AREA:var5#00FFFF:\"Keepalive (read) \":STACK ";
$def[1] .= "GPRINT:var5:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var5:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var5:MAX:\"%4.0lf max\\n\" " ;
// DNS
$def[1] .= "AREA:var6#0080FF:\"DNS Lookup \":STACK ";
$def[1] .= "GPRINT:var6:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var6:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var6:MAX:\"%4.0lf max\\n\" " ;
// CLOSE
$def[1] .= "AREA:var7#0000FF:\"Closing connection \":STACK ";
$def[1] .= "GPRINT:var7:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var7:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var7:MAX:\"%4.0lf max\\n\" " ;
// LOGGING
$def[1] .= "AREA:var8#8000FF:\"Logging \":STACK ";
$def[1] .= "GPRINT:var8:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var8:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var8:MAX:\"%4.0lf max\\n\" " ;
// GRACEFUL
$def[1] .= "AREA:var9#FF00FF:\"Gracefully finishing \":STACK ";
$def[1] .= "GPRINT:var9:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var9:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var9:MAX:\"%4.0lf max\\n\" " ;
// IDLE
$def[1] .= "AREA:var10#FF80FF:\"Idle cleanup of worker \":STACK ";
$def[1] .= "GPRINT:var10:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var10:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var10:MAX:\"%4.0lf max\\n\" " ;
// FREE
$def[1] .= "AREA:var11#D0D0D0:\"Open slot with no current process \":STACK ";
$def[1] .= "GPRINT:var11:LAST:\"%4.0lf last\" " ;
$def[1] .= "GPRINT:var11:AVERAGE:\"%4.0lf avg\" " ;
$def[1] .= "GPRINT:var11:MAX:\"%4.0lf max\\n\" " ;
// Draw last line
if($this->MACRO['TIMET'] != ""){
$def[1] .= "VRULE:".$this->MACRO['TIMET']."#000000:\"Last Service Check \\n\" ";
}
// Request per Second
$opt[2] = " --vertical-label \"Anzahl\" --title \"Apache Requests per Second for $hostname\" --lower-limit 0 ";
$ds_name[2] = 'Server-Status';
$def[2] = "DEF:var12=$RRDFILE[11]:$DS[11]:AVERAGE " ;
$def[2] .= "LINE1:var12#ffae2d:\"Requests per Second \" ";
$def[2] .= "GPRINT:var12:LAST:\"%4.0lf last\" " ;
$def[2] .= "GPRINT:var12:AVERAGE:\"%4.0lf avg\" " ;
$def[2] .= "GPRINT:var12:MAX:\"%4.0lf max\\n\" " ;
// Bytes per Second and Bytes per Request
$opt[3] = " --vertical-label \"Anzahl\" --title \"Apache Bytes per ... for $hostname\" --lower-limit 0 ";
$ds_name[3] = 'Server-Status';
$def[3] = "DEF:var13=$RRDFILE[2]:$DS[2]:AVERAGE " ;
$def[3] .= "DEF:var14=$RRDFILE[1]:$DS[1]:AVERAGE " ;
$def[3] .= "LINE1:var13#db60f7:\"Bytes per Second \" ";
$def[3] .= "GPRINT:var13:LAST:\"%4.0lf last\" " ;
$def[3] .= "GPRINT:var13:AVERAGE:\"%4.0lf avg\" " ;
$def[3] .= "GPRINT:var13:MAX:\"%4.0lf max\\n\" " ;
$def[3] .= "LINE1:var14#5fe27b:\"Bytes per Request \" ";
$def[3] .= "GPRINT:var14:LAST:\"%4.0lf last\" " ;
$def[3] .= "GPRINT:var14:AVERAGE:\"%4.0lf avg\" " ;
$def[3] .= "GPRINT:var14:MAX:\"%4.0lf max\\n\" " ;
$opt[4] = " --vertical-label \"Anzahl\" --title \"Apache Total access and kBytes for $hostname\" --lower-limit 0 ";
$ds_name[4] = 'Server-Status';
$def[4] = "DEF:var15=$RRDFILE[14]:$DS[14]:AVERAGE "
. "DEF:var16=$RRDFILE[15]:$DS[15]:AVERAGE "
. rrd::area('var16', '#004400')
. rrd::line1('var16', '#003300', 'Total_kBytes')
. rrd::gprint('var16', array('LAST', 'AVERAGE', 'MAX'), "%7.2lf %SkB/s")
. rrd::line1('var15', '#999999', 'Total_Accesses')
. rrd::gprint('var15', array('LAST', 'AVERAGE', 'MAX'), "%7.2lf %SHits/s");

328
nagios/check_apache_serverstatus.pl Executable file
View File

@ -0,0 +1,328 @@
#!/usr/bin/perl -w
#
# The MIT License (MIT)
#
# Copyright (c) 2016 Steffen Schoch - dsb it services GmbH & Co. KG
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#
# Feel free to contact me via email: schoch@dsb-its.net
#
# 2018-02-06, sni: 1.2 - fixed some bugs and typos, add some output - Thank you!
# 2016-08-03, schoch: 1.1 - changes for new apache version 2.4.x
# 2016-01-##, schoch: 1.0 - Init...
use strict;
use warnings;
use Data::Dumper;
use Getopt::Long qw(:config bundling); # insert debug for much more infos ;)
# define constants
use constant {
VERSION => '1.0',
# a simple inf variant - works for me ;-)
MAXINT => ~0,
NEGMAXINT => -1 * ~0,
STAT_OK => 0,
STAT_WARNING => 1,
STAT_CRITICAL => 2,
STAT_UNKNOWN => 3
};
# check arguments
my $options = { # define defaults here
'hostname' => 'localhost',
'verbose' => 0,
'wget' => '/usr/bin/wget',
'wget-options' => '-q --no-check-certificate -O-',
};
my $goodOpt = GetOptions(
'v+' => \$options->{'verbose'},
'verbose+' => \$options->{'verbose'},
'V' => \$options->{'version'},
'h' => \$options->{'help'},
'version' => \$options->{'version'},
'help' => \$options->{'help'},
'H=s' => \$options->{'hostname'},
'hostname=s' => \$options->{'hostname'},
'wc=s' => \@{$options->{'warncrit'}},
'warncrit=s' => \@{$options->{'warncrit'}},
'wget' => \$options->{'wget'},
'woptions=s' => \$options->{'wget-options'},
'u=s' => \$options->{'url'},
'url=s' => \$options->{'url'},
);
helpShort() unless $goodOpt;
helpLong() if $options->{'help'};
if($options->{'version'}) {
print 'Version: ', VERSION, "\n";
exit STAT_UNKNOWN;
}
print Data::Dumper->Dump([$options], ['options'])
if $options->{'verbose'};
# warncrit - get start and end for each pair
my $warncrit = {};
foreach my $item (@{$options->{'warncrit'}}) {
if($item =~ m/^([^,]+),([^,]+),([^,]+)$/o) {
$warncrit->{$1} = {'w' => $2, 'c' => $3};
} else {
mydie('Don\'t understand ' . $item);
}
}
print Data::Dumper->Dump([$warncrit], ['warncrit'])
if $options->{'verbose'};
# read stdin complete
local $/;
# which url to use? --url can overwrite the auto-creation
my $url = $options->{'url'}
? $options->{'url'}
: 'http://' . $options->{'hostname'} . '/server-status?auto';
printf "Url: %s\n", $url
if $options->{'verbose'};
# open server info
open PH, sprintf('%s %s %s |',
$options->{'wget'},
$options->{'wget-options'},
$url
) or mydie('Can not open server-status: ' . $!);
# read and cut data
my %lineData = map { (split /:\s*/)[0..1] } split /\n/, <PH>;
close PH;
print Data::Dumper->Dump([\%lineData], ['server-status'])
if $options->{'verbose'};
# Search for "Scoreboard" and analyze...
my $data = {};
if(exists $lineData{'Scoreboard'}) {
$data->{$1}++ while $lineData{'Scoreboard'} =~ m/(.)/og;
} else {
# Not found...
print 'No useful data found';
exit STAT_UNKNOWN;
}
print Data::Dumper->Dump([$data], ['scoreboard'])
if $options->{'verbose'};
# Sum up Scoreboard entries
my $sum = 0;
foreach(keys %$data) {
$sum += $data->{$_};
}
# print result
my $result = $lineData{'ServerMPM'} ? sprintf('MPM=%s', $lineData{'ServerMPM'}) : '';
my $perfData = '';
my @statList = qw(_ S R W K D C L G I .);
my $stats = {
'_' => 'Wait',
'S' => 'Start',
'R' => 'Read',
'W' => 'Send',
'K' => 'Keepalive',
'D' => 'DNS',
'C' => 'Close',
'L' => 'Logging',
'G' => 'Graceful',
'I' => 'Idle',
'.' => 'Free'
};
foreach my $item (@statList) {
$result .= ', ' if $result;
$perfData .= ' ' if $perfData;
$result .= sprintf '%s=%d', $stats->{$item}, ($data->{$item} or 0);
$perfData .= sprintf '%s=%d', $stats->{$item}, ($data->{$item} or 0);
}
$result .= ' ===> Total=' . $sum;
# add server rates - if exisiting (apache => 2.4)
if(
exists $lineData{'ReqPerSec'}
and exists $lineData{'BytesPerSec'}
and exists $lineData{'BytesPerReq'}
) {
$result .= sprintf ' RATES %s=%s, %s=%s, %s=%s',
(map { $_, $lineData{$_} } qw(ReqPerSec BytesPerSec BytesPerReq));
$perfData .= sprintf ' %s=%s %s=%s %s=%s',
(map { $_, $lineData{$_} } qw(ReqPerSec BytesPerSec BytesPerReq));
$perfData .= sprintf ' Total_Accesses=%sc', $lineData{"Total Accesses"};
$perfData .= sprintf ' Total_kBytes=%s', $lineData{"Total kBytes"};
}
# check for warning and critical
my $status = STAT_OK;
foreach my $field (keys %$warncrit) {
printf "checking warn/crit for \"%s\"...\n", $field
if $options->{'verbose'};
# value = if one letter scoreboard, else one of lineData (0 if not found)
my $fieldValue =
$field =~ m/^.$/o ? $data->{$field} || 0 : $lineData{$field} || 0;
printf " value: \"%s\"\n", $fieldValue
if $options->{'verbose'};
my $fieldStatus = checkStatus($fieldValue, $warncrit->{$field});
printf " result: %d\n", $fieldStatus
if $options->{'verbose'};
# last if CRITICAL, save WARNING, ignore OK
if($fieldStatus == STAT_CRITICAL) {
$status = STAT_CRITICAL;
last;
} elsif($fieldStatus == STAT_WARNING) {
$status = STAT_WARNING;
}
}
printf "Check overall status: %d\n", $status
if $options->{'verbose'};
# print result
printf "APACHE SERVER STATUS %s - %s|%s\n",
$status == 0 ? 'OK' : $status == 1
? 'WARNING' : $status == 2
? 'CRITICAL' : 'UNKNOWN',
$result, $perfData;
exit $status;
########### Functions #########################################################
# short help
sub helpShort {
print 'check_apache_serverstatus.pl -H <ip address> [-h] [-v]', "\n",
'[--wc=<field,warning,critical>] [--wget=<path to wget>] ', "\n",
'[--woption=<aditional wget options>] [-u <alternative url>]', "\n";
exit STAT_UNKNOWN;
}
# long help
sub helpLong {
print 'check_apache_serverstatus.pl (', VERSION, ")\n",
'Steffen Schoch <schoch@dsb-its.net>', "\n", "\n",
<<END;
check_apache_serverstatus.pl -H <ip address> [-h] [-v]
[--wc=<field,warning,critical>] [--wget=<path to wget>]
[--woption=<aditional wget options>] [-u <alternative url>]
Check apache server-status and builds performance data. Uses
wget to connect to the apache webserver.
Options:
-h, --help
Print help
-V, --version
Print version
-H, --hostname
Host name or IP address - will be used as
http://<hostname>/server-status. You can overwrite this
url by using -u/--url.
-v, --verbose
Be much more verbose.
--wget
Path to wget. Could also be used to use lynx or something
else instead of wget. Output must be send to stdout.
--woptions
Arguments passed to wget.
-u, --url
Use this url to connect to the apache server-status. Usefull
if the auto generated url out of the hostname is not correct.
--wc=<field,warning,critical>, --warncrit=<field,warning,critical>
Field could be any of the letters of the apache scoreboard or
of the other keys returned by server-status. Can be set multiple
times if you want to check more than one field.
END
exit STAT_UNKNOWN;
}
# die with STAT_UNKNOWN
sub mydie {
print @_, "\n";
exit STAT_UNKNOWN;
}
# checks if value is in defined limits for warning and critical
# see https://nagios-plugins.org/doc/guidelines.html for more details
# ARG1: value
# ARG2: hash with c and w limit
# RET: Nagios-State for this value
sub checkStatus {
my $value = shift;
my $limits = shift;
# first check critical - if not crit, then check warning. If not must be ok
for my $type (qw(c w)) {
printf " checking type %s = %s\n",
$type eq 'c' ? 'critcal' : 'warning',
$limits->{$type}
if $options->{'verbose'};
# Get min/max values, range is inside or outside?
my $inOrOut = 'out';
my $min;
my $max;
if($limits->{$type} =~ m/^(\@?)((~|\d*(\.\d+)?)?:)?(~|\d*(\.\d+)?)?$/o) {
# save min, max and inOrOut
$inOrOut = 'in' if $1;
$min = $3 || 0;
$max = $5 =~ m/^(.+)$/o ? $1 : MAXINT; # $max could be 0...
# neg infinity if ~
($min, $max) = map { $_ eq '~' ? NEGMAXINT : $_ } ($min, $max);
} else {
# Don't understand...
myexit('--> Strange range found: ', $limits->{$type});
}
printf " inside or outside: %s min: %s max: %s\n",
$inOrOut, $min, $max
if $options->{'verbose'};
# check for value outside range. Break if match, else check for inside.
if($inOrOut eq 'out') {
if(!($min < $value && $value < $max)) {
return $type eq 'c' ? STAT_CRITICAL : STAT_WARNING;
}
} elsif($inOrOut eq 'in') {
if($min <= $value && $value <= $max) {
return $type eq 'c' ? STAT_CRITICAL : STAT_WARNING;
}
}
}
# must be OK...
return STAT_OK;
}

89
nagios/check_asterisk_dahdi_channels1.sh Executable file
View File

@ -0,0 +1,89 @@
#!/bin/sh
WARNING_RANGE="9:9"
CRITICAL_RANGE="8:10"
# Note needed in this version of the script
#set -e
PROGPATH=$( echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,' )
REVISION="0.1"
. $PROGPATH/utils.sh
#
# Fonction d'aide
#
usage() {
cat <<EOF
Usage :
$0 -h
$0 [-w warning_range] [-c critical_range]
Valeurs par défaut:
warning_range: $WARNING_RANGE
critical_range: $CRITICAL_RANGE
EOF
}
#
# Gestion des paramètres
#
while getopts hw:c:W:C: f; do
case "$f" in
'h')
usage
exit
;;
'w')
WARNING_RANGE="$OPTARG"
;;
'c')
CRITICAL_RANGE="$OPTARG"
;;
\?)
usage
exit 1
;;
esac
done
#
# Lancement de la commande
#
# Note : on lance les traitements "sûrs" (décompte) ensuite pour
# bien capturer un éventuel échec de la commande
# principale.
# En outre, grep retourne un code d'erreur si aucune
# occurrence n'est trouvée.
RESULT="$( asterisk -rx "dahdi show channels" 2>&1 )"
# Si la commande ne s'est pas correctement executée,
# on renvoie unknown
if [ "$?" -ne 0 ]; then
echo "UNKNOWN : error at command launch : $RESULT"
exit $STATE_UNKNOWN
fi
# Décompte
RESULT="$( printf "%s" "$RESULT" | tail -n +2 | sed 's/^.\{77\}[[:space:]]*//' | grep -c "In Service" )"
# Ventilation selon valeur
RETURN_STATUS=$STATE_OK
RETURN_OUTPUT="OK"
if check_range "$RESULT" "$CRITICAL_RANGE"; then
RETURN_STATUS=$STATE_CRITICAL
RETURN_OUTPUT="CRITICAL"
elif check_range "$RESULT" "$WARNING_RANGE"; then
RETURN_STATUS=$STATE_WARNING
RETURN_OUTPUT="WARNING"
fi
# Affichage final
printf "%s | val=%d;%s;%s\n" "$RETURN_OUTPUT" "$RESULT" "$WARNING_RANGE" "$CRITICAL_RANGE"
exit $RETURN_STATUS

89
nagios/check_asterisk_dahdi_status1.sh Normal file
View File

@ -0,0 +1,89 @@
#!/bin/sh
WARNING_RANGE="4:4"
CRITICAL_RANGE="3:5"
# Note needed in this version of the script
#set -e
PROGPATH=$( echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,' )
REVISION="0.1"
. $PROGPATH/utils.sh
#
# Fonction d'aide
#
usage() {
cat <<EOF
Usage :
$0 -h
$0 [-w warning_range] [-c critical_range]
Valeurs par défaut:
warning_range: $WARNING_RANGE
critical_range: $CRITICAL_RANGE
EOF
}
#
# Gestion des paramètres
#
while getopts hw:c:W:C: f; do
case "$f" in
'h')
usage
exit
;;
'w')
WARNING_RANGE="$OPTARG"
;;
'c')
CRITICAL_RANGE="$OPTARG"
;;
\?)
usage
exit 1
;;
esac
done
#
# Lancement de la commande
#
# Note : on lance les traitements "sûrs" (décompte) ensuite pour
# bien capturer un éventuel échec de la commande
# principale.
# En outre, grep retourne un code d'erreur si aucune
# occurrence n'est trouvée.
RESULT="$( asterisk -rx "dahdi show status" 2>&1 )"
# Si la commande ne s'est pas correctement executée,
# on renvoie unknown
if [ "$?" -ne 0 ]; then
echo "UNKNOWN : error at command launch : $RESULT"
exit $STATE_UNKNOWN
fi
# Décompte
RESULT="$( printf "%s" "$RESULT" | tail -n +2 | sed 's/^.\{41\}[[:space:]]*\([^[:space:]]\+\)[[:space:]]\+.*/\1/' | grep -c "OK" )"
# Ventilation selon valeur
RETURN_STATUS=$STATE_OK
RETURN_OUTPUT="OK"
if check_range "$RESULT" "$CRITICAL_RANGE"; then
RETURN_STATUS=$STATE_CRITICAL
RETURN_OUTPUT="CRITICAL"
elif check_range "$RESULT" "$WARNING_RANGE"; then
RETURN_STATUS=$STATE_WARNING
RETURN_OUTPUT="WARNING"
fi
# Affichage final
printf "%s | val=%d;%s;%s\n" "$RETURN_OUTPUT" "$RESULT" "$WARNING_RANGE" "$CRITICAL_RANGE"
exit $RETURN_STATUS

184
nagios/check_asterisk_sip_peers.sh Executable file
View File

@ -0,0 +1,184 @@
#!/bin/sh
# Note needed in this version of the script
#set -e
PROGPATH=$( echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,' )
REVISION="0.1"
. $PROGPATH/utils.sh
#
# Fonction d'aide
#
usage() {
cat <<EOF
Usage :
$0 -h
$0 [-w warning_monitored_offline_range] [-c critical_monitored_offline_range] [-W warning_total_peers] [-C critical_total_peers]
EOF
}
#
# Gestion des paramètres
#
while getopts hw:c:b:B: f; do
case "$f" in
'h')
usage
exit
;;
#'a')
# WARNING_MONITORED_ONLINE_RANGE="$OPTARG"
# ;;
#'A')
# CRITICAL_MONITORED_ONLINE_RANGE="$OPTARG"
# ;;
'b')
WARNING_MONITORED_OFFLINE_RANGE="$OPTARG"
;;
'B')
CRITICAL_MONITORED_OFFLINE_RANGE="$OPTARG"
;;
'w')
WARNING_TOTAL_RANGE="$OPTARG"
;;
'c')
CRITICAL_TOTAL_RANGE="$OPTARG"
;;
\?)
usage
exit 1
;;
esac
done
#
# Lancement de la commande
#
# Note : on lance les traitements "sûrs" (décompte) ensuite pour
# bien capturer un éventuel échec de la commande
# principale.
# En outre, grep retourne un code d'erreur si aucune
# occurrence n'est trouvée.
RAW_OUTPUT="$( asterisk -rx "sip show peers" 2>&1 )"
# Si la commande ne s'est pas correctement executée,
# on renvoie unknown
if [ "$?" -ne 0 ]; then
echo "UNKNOWN : error at command launch : $RAW_OUTPUT"
exit $STATE_UNKNOWN
fi
# Décompte
RESULT="$( printf "%s" "$RAW_OUTPUT" | tail -n 1 | sed 's/^\([0-9]\+\) sip peers \[Monitored: \([0-9]\+\) online, \([0-9]\+\) offline Unmonitored: \([0-9]\+\) online, \([0-9]\+\) offline\]/\1\t\2\t\3\t\4\t\5/g' )"
VALUE_TOTAL_PEERS="$( printf "%s" "$RESULT" | cut -f 1 )"
VALUE_MONITORED_ONLINE_PEERS="$( printf "%s" "$RESULT" | cut -f 2 )"
VALUE_MONITORED_OFFLINE_PEERS="$( printf "%s" "$RESULT" | cut -f 3 )"
VALUE_UNMONITORED_ONLINE_PEERS="$( printf "%s" "$RESULT" | cut -f 4 )"
VALUE_UNMONITORED_OFFLINE_PEERS="$( printf "%s" "$RESULT" | cut -f 5 )"
# On extrait les lignes qui n'ont pas OK comme statut. Explication des sed :
# - on supprime la première et la dernière ligne
# - on supprime celles qui ont 'OK' en 95 position
# - on ne garde que le premier champ
# - on regroupe sur une ligne en séparant par des virgules
PROBLEMATIC_LINES="$( printf "%s" "$RAW_OUTPUT" | sed '1d;$d' | sed '/.\{94\}OK/d' | sed 's/[[:space:]].*//' | sed -e :a -e 'N; s/\n/, /; ta' )"
# Ventilation selon valeur
RETURN_STATUS=$STATE_OK
RETURN_OUTPUT="OK"
# Warning checks
# - total
if [ -n "$WARNING_TOTAL_RANGE" ]; then
check_range "$VALUE_TOTAL_PEERS" "$WARNING_TOTAL_RANGE"
RET="$?"
if [ "$RET" -eq "2" ]; then
echo "ERROR with WARNING_TOTAL_RANGE"
exit $STATE_UNKNOWN
elif [ "$RET" -eq "0" ]; then
TMP="$VALUE_TOTAL_PEERS total peers"
if [ "$RETURN_STATUS" -ne "$STATE_WARNING" ]; then
RETURN_OUTPUT="$TMP"
else
RETURN_OUTPUT="$RETURN_OUTPUT, $TMP"
fi
RETURN_STATUS=$STATE_WARNING
fi
fi
# - monitored offline
if [ -n "$WARNING_MONITORED_OFFLINE_RANGE" ]; then
check_range "$VALUE_MONITORED_OFFLINE_PEERS" "$WARNING_MONITORED_OFFLINE_RANGE"
RET="$?"
if [ "$RET" -eq "2" ]; then
echo "ERROR with WARNING_MONITORED_OFFLINE_RANGE"
exit $STATE_UNKNOWN
elif [ "$RET" -eq "0" ]; then
TMP="$VALUE_MONITORED_OFFLINE_PEERS monitored offline peers"
if [ "$RETURN_STATUS" -ne "$STATE_WARNING" ]; then
RETURN_OUTPUT="$TMP"
else
RETURN_OUTPUT="$RETURN_OUTPUT, $TMP"
fi
RETURN_STATUS=$STATE_WARNING
fi
fi
# Critical checks (copy-paste from warning + regexp s/CRITICAL/CRITICAL/g)
# - total
if [ -n "$CRITICAL_TOTAL_RANGE" ]; then
check_range "$VALUE_TOTAL_PEERS" "$CRITICAL_TOTAL_RANGE"
RET="$?"
if [ "$RET" -eq "2" ]; then
echo "ERROR with CRITICAL_TOTAL_RANGE"
exit $STATE_UNKNOWN
elif [ "$RET" -eq "0" ]; then
TMP="$VALUE_TOTAL_PEERS total peers"
if [ "$RETURN_STATUS" -ne "$STATE_CRITICAL" ]; then
RETURN_OUTPUT="$TMP"
else
RETURN_OUTPUT="$RETURN_OUTPUT, $TMP"
fi
RETURN_STATUS=$STATE_CRITICAL
fi
fi
# - monitored offline
if [ -n "$CRITICAL_MONITORED_OFFLINE_RANGE" ]; then
check_range "$VALUE_MONITORED_OFFLINE_PEERS" "$CRITICAL_MONITORED_OFFLINE_RANGE"
RET="$?"
if [ "$RET" -eq "2" ]; then
echo "ERROR with CRITICAL_MONITORED_OFFLINE_RANGE"
exit $STATE_UNKNOWN
elif [ "$RET" -eq "0" ]; then
TMP="$VALUE_MONITORED_OFFLINE_PEERS monitored offline peers"
if [ "$RETURN_STATUS" -ne "$STATE_CRITICAL" ]; then
RETURN_OUTPUT="$TMP"
else
RETURN_OUTPUT="$RETURN_OUTPUT, $TMP"
fi
RETURN_STATUS=$STATE_CRITICAL
fi
fi
# Affichage final
# Petit ajout dans l'indication
RETURN_OUTPUT_ADDENDUM=""
if [ -n "$PROBLEMATIC_LINES" ]; then
RETURN_OUTPUT_ADDENDUM="$( printf " (not ok peers : %s)" "$PROBLEMATIC_LINES" )"
fi
printf "%s%s | total=%d;%s;%s monitored_online=%d;%s;%s monitored_offline=%d;%s;%s unmonitored_online=%d;%s;%s unmonitored_offline=%d;%s;%s\n" "$RETURN_OUTPUT" "$RETURN_OUTPUT_ADDENDUM" \
"$VALUE_TOTAL_PEERS" "$WARNING_TOTAL_RANGE" "$CRITICAL_TOTAL_RANGE" \
"$VALUE_MONITORED_ONLINE_PEERS" "$WARNING_MONITORED_ONLINE_RANGE" "$CRITICAL_MONITORED_ONLINE_RANGE" \
"$VALUE_MONITORED_OFFLINE_PEERS" "$WARNING_MONITORED_OFFLINE_RANGE" "$CRITICAL_MONITORED_OFFLINE_RANGE" \
"$VALUE_UNMONITORED_ONLINE_PEERS" "$WARNING_UNMONITORED_ONLINE_RANGE" "$CRITICAL_UNMONITORED_ONLINE_RANGE" \
"$VALUE_UNMONITORED_OFFLINE_PEERS" "$WARNING_UNMONITORED_OFFLINE_RANGE" "$CRITICAL_UNMONITORED_OFFLINE_RANGE"
exit $RETURN_STATUS

434
nagios/check_bind9.pl Executable file
View File

@ -0,0 +1,434 @@
#!/usr/bin/perl
#
# host_check_bind.pl - Nagios BIND9 Monitoring Plugin - Host Check
#
# Indicate compatibility with the Nagios embedded perl interpreter
# nagios: +epn
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
my $COPYRIGHT = q{Copyright (C) 2010};
my $VERSION = q{Version 1.0.0};
my $AUTHOR = q{David Goh <david@goh.id.au> - http://goh.id.au/~david/};
my $SOURCE = q{GIT: http://github.com/thorfi/nagios-bind9-plugin};
my $LICENSE =
q{Licensed as GPLv3 or later - http://www.gnu.org/licenses/gpl.html};
# Force all stderr to stdout
*STDERR = *STDOUT;
#use strict;
#use warnings;