-
Notifications
You must be signed in to change notification settings - Fork 2
/
check_unallowed_services.pl
executable file
·114 lines (97 loc) · 2.52 KB
/
check_unallowed_services.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/perl
use strict;
use warnings;
use Socket;
use Getopt::Long;
Getopt::Long::Configure ('auto_version');
Getopt::Long::Configure ('auto_help');
use File::Spec;
use Data::Dumper;
use YAML qw/LoadFile Load/;
use Hash::Merge qw/merge/;
Hash::Merge::set_behavior('RIGHT_PRECEDENT');
use constant ERRORS => {
OK => 0,
WARNING => 1,
CRITICAL => 2,
UNKNOWN => 3,
};
# see pod (TODO) for more information
my $defconfig = Load('
checks:
exceptions:
');
my $host = '127.0.0.1';
my $configfile = $0;
$configfile =~ s/\.pl$//;
$configfile .= '.yml';
my $debug = 0;
my $result = GetOptions(
"host|h|H=s" => \$host,
"configfile|c=s" => \$configfile,
"debug|d=i" => \$debug,
);
$configfile = File::Spec->rel2abs($configfile);
my $lclconfig = {};
$lclconfig = LoadFile($configfile) if -s $configfile;
my $config = merge($defconfig, $lclconfig);
my $errors;
my $ok;
my $maxsrvchars = 0;
foreach(keys %{$config->{checks}}) {
$maxsrvchars = length($_) if length($_) > $maxsrvchars;
my $port = $_;
my $proto = 'tcp';
unless(keys %{$config->{checks}->{$_}}) {
if ($port =~ /\D/) { $port = getservbyname($port, $proto) }
} else {
$proto = $config->{checks}->{$_}->{proto} || $proto;
$port = $config->{checks}->{$_}->{port} || $port;
if ($port =~ /\D/) { $port = getservbyname($port, $proto) }
}
unless($port && $proto) {
$errors->{$_} = 'Could not resolve port and/or protocol';
next;
}
my $iaddr = inet_aton($host);
unless($iaddr) {
$errors->{$_} = "Could not resolv host ('$host')";
next;
}
warn "Checking $_ ($port)" if $debug;
$proto = getprotobyname("tcp");
my $paddr = sockaddr_in($port, $iaddr);
my $con;
eval {
local $SIG{ALRM} = sub { die 'Timed Out'; };
alarm 1;
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "socket: $!";
$con = connect(SOCK, $paddr);
alarm 0;
};
alarm 0;
unless($con) {
$ok->{$_} = 'Seems to be closed!';
} else {
unless($config->{exceptions}->{$host}->{$_}) {
$errors->{$_} = 'Seems to be open!';
} else {
$ok->{$_} = 'Seems to be open but an exception exists!';
}
}
undef $con;
}
my $exitstate = ERRORS->{OK};
print Dumper($errors, $ok) if $debug > 1;
if(keys %{$errors}) {
printf("CRITICAL - %i services found\n", scalar keys %{$errors});
printf(" - %*s: " . $errors->{$_} . "\n", $maxsrvchars, $_) foreach (keys %{$errors});
print "\n";
$exitstate = ERRORS->{CRITICAL};
}
if(keys %{$ok}) {
printf("OK - %i services found\n", scalar keys %{$ok});
printf(" - %*s: " . $ok->{$_} . "\n", $maxsrvchars, $_) foreach (keys %{$ok});
print "\n";
}
exit $exitstate;