diff options
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/check_fping.c | 2 | ||||
| -rw-r--r-- | plugins/check_snmp.c | 3 | ||||
| -rw-r--r-- | plugins/sslutils.c | 33 | ||||
| -rw-r--r-- | plugins/t/check_http.t | 43 |
4 files changed, 69 insertions, 12 deletions
diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 46046b4..274dd75 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c | |||
| @@ -105,7 +105,7 @@ main (int argc, char **argv) | |||
| 105 | xasprintf(&option_string, "%s-I %s ", option_string, sourceif); | 105 | xasprintf(&option_string, "%s-I %s ", option_string, sourceif); |
| 106 | 106 | ||
| 107 | #ifdef PATH_TO_FPING6 | 107 | #ifdef PATH_TO_FPING6 |
| 108 | if (address_family == AF_INET6) | 108 | if (address_family != AF_INET && is_inet6_addr(server)) |
| 109 | fping_prog = strdup(PATH_TO_FPING6); | 109 | fping_prog = strdup(PATH_TO_FPING6); |
| 110 | else | 110 | else |
| 111 | fping_prog = strdup(PATH_TO_FPING); | 111 | fping_prog = strdup(PATH_TO_FPING); |
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 9d966fa..62e6b8b 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c | |||
| @@ -418,6 +418,9 @@ main (int argc, char **argv) | |||
| 418 | else if (strstr (response, "INTEGER: ")) { | 418 | else if (strstr (response, "INTEGER: ")) { |
| 419 | show = strstr (response, "INTEGER: ") + 9; | 419 | show = strstr (response, "INTEGER: ") + 9; |
| 420 | } | 420 | } |
| 421 | else if (strstr (response, "OID: ")) { | ||
| 422 | show = strstr (response, "OID: ") + 5; | ||
| 423 | } | ||
| 421 | else if (strstr (response, "STRING: ")) { | 424 | else if (strstr (response, "STRING: ")) { |
| 422 | show = strstr (response, "STRING: ") + 8; | 425 | show = strstr (response, "STRING: ") + 8; |
| 423 | conv = "%.10g"; | 426 | conv = "%.10g"; |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index d0ae474..c9882c6 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -144,7 +144,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 144 | # ifdef USE_OPENSSL | 144 | # ifdef USE_OPENSSL |
| 145 | X509 *certificate=NULL; | 145 | X509 *certificate=NULL; |
| 146 | X509_NAME *subj=NULL; | 146 | X509_NAME *subj=NULL; |
| 147 | char timestamp[50] = ""; | ||
| 147 | char cn[MAX_CN_LENGTH]= ""; | 148 | char cn[MAX_CN_LENGTH]= ""; |
| 149 | |||
| 148 | int cnlen =-1; | 150 | int cnlen =-1; |
| 149 | int status=STATE_UNKNOWN; | 151 | int status=STATE_UNKNOWN; |
| 150 | 152 | ||
| @@ -153,7 +155,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 153 | struct tm stamp; | 155 | struct tm stamp; |
| 154 | float time_left; | 156 | float time_left; |
| 155 | int days_left; | 157 | int days_left; |
| 156 | char timestamp[50] = ""; | 158 | int time_remaining; |
| 157 | time_t tm_t; | 159 | time_t tm_t; |
| 158 | 160 | ||
| 159 | certificate=SSL_get_peer_certificate(s); | 161 | certificate=SSL_get_peer_certificate(s); |
| @@ -207,7 +209,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 207 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | 209 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); |
| 208 | stamp.tm_min = | 210 | stamp.tm_min = |
| 209 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | 211 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); |
| 210 | stamp.tm_sec = 0; | 212 | stamp.tm_sec = |
| 213 | (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); | ||
| 211 | stamp.tm_isdst = -1; | 214 | stamp.tm_isdst = -1; |
| 212 | 215 | ||
| 213 | time_left = difftime(timegm(&stamp), time(NULL)); | 216 | time_left = difftime(timegm(&stamp), time(NULL)); |
| @@ -218,21 +221,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 218 | if (days_left > 0 && days_left <= days_till_exp_warn) { | 221 | if (days_left > 0 && days_left <= days_till_exp_warn) { |
| 219 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); | 222 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); |
| 220 | if (days_left > days_till_exp_crit) | 223 | if (days_left > days_till_exp_crit) |
| 221 | return STATE_WARNING; | 224 | status = STATE_WARNING; |
| 222 | else | 225 | else |
| 223 | return STATE_CRITICAL; | 226 | status = STATE_CRITICAL; |
| 227 | } else if (days_left == 0 && time_left > 0) { | ||
| 228 | if (time_left >= 3600) | ||
| 229 | time_remaining = (int) time_left / 3600; | ||
| 230 | else | ||
| 231 | time_remaining = (int) time_left / 60; | ||
| 232 | |||
| 233 | printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), | ||
| 234 | (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, | ||
| 235 | time_left >= 3600 ? "hours" : "minutes", timestamp); | ||
| 236 | |||
| 237 | if ( days_left > days_till_exp_crit) | ||
| 238 | status = STATE_WARNING; | ||
| 239 | else | ||
| 240 | status = STATE_CRITICAL; | ||
| 224 | } else if (time_left < 0) { | 241 | } else if (time_left < 0) { |
| 225 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 242 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
| 226 | status=STATE_CRITICAL; | 243 | status=STATE_CRITICAL; |
| 227 | } else if (days_left == 0) { | 244 | } else if (days_left == 0) { |
| 228 | printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); | 245 | printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); |
| 229 | if (days_left > days_till_exp_crit) | 246 | if (days_left > days_till_exp_crit) |
| 230 | return STATE_WARNING; | 247 | status = STATE_WARNING; |
| 231 | else | 248 | else |
| 232 | return STATE_CRITICAL; | 249 | status = STATE_CRITICAL; |
| 233 | } else { | 250 | } else { |
| 234 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 251 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
| 235 | status=STATE_OK; | 252 | status = STATE_OK; |
| 236 | } | 253 | } |
| 237 | X509_free(certificate); | 254 | X509_free(certificate); |
| 238 | return status; | 255 | return status; |
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 2539a28..c2caec6 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t | |||
| @@ -6,9 +6,10 @@ | |||
| 6 | 6 | ||
| 7 | use strict; | 7 | use strict; |
| 8 | use Test::More; | 8 | use Test::More; |
| 9 | use POSIX qw/mktime strftime/; | ||
| 9 | use NPTest; | 10 | use NPTest; |
| 10 | 11 | ||
| 11 | plan tests => 30; | 12 | plan tests => 42; |
| 12 | 13 | ||
| 13 | my $successOutput = '/OK.*HTTP.*second/'; | 14 | my $successOutput = '/OK.*HTTP.*second/'; |
| 14 | 15 | ||
| @@ -34,6 +35,8 @@ my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2", | |||
| 34 | "A host providing an index page containing the string 'monitoring'", | 35 | "A host providing an index page containing the string 'monitoring'", |
| 35 | "test.monitoring-plugins.org" ); | 36 | "test.monitoring-plugins.org" ); |
| 36 | 37 | ||
| 38 | my $faketime = -x '/usr/bin/faketime' ? 1 : 0; | ||
| 39 | |||
| 37 | 40 | ||
| 38 | $res = NPTest->testCmd( | 41 | $res = NPTest->testCmd( |
| 39 | "./check_http $host_tcp_http -wt 300 -ct 600" | 42 | "./check_http $host_tcp_http -wt 300 -ct 600" |
| @@ -47,10 +50,10 @@ $res = NPTest->testCmd( | |||
| 47 | like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); | 50 | like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); |
| 48 | 51 | ||
| 49 | $res = NPTest->testCmd( | 52 | $res = NPTest->testCmd( |
| 50 | "./check_http $host_nonresponsive -wt 1 -ct 2" | 53 | "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3" |
| 51 | ); | 54 | ); |
| 52 | cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); | 55 | cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); |
| 53 | cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK"); | 56 | cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); |
| 54 | 57 | ||
| 55 | $res = NPTest->testCmd( | 58 | $res = NPTest->testCmd( |
| 56 | "./check_http $hostname_invalid -wt 1 -ct 2" | 59 | "./check_http $hostname_invalid -wt 1 -ct 2" |
| @@ -112,6 +115,40 @@ SKIP: { | |||
| 112 | $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); | 115 | $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); |
| 113 | cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); | 116 | cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); |
| 114 | 117 | ||
| 118 | # run some certificate checks with faketime | ||
| 119 | SKIP: { | ||
| 120 | skip "No faketime binary found", 12 if !$faketime; | ||
| 121 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); | ||
| 122 | like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); | ||
| 123 | is( $res->return_code, 0, "Catch cert output exit code" ); | ||
| 124 | my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./); | ||
| 125 | if(!defined $year) { | ||
| 126 | die("parsing date failed from: ".$res); | ||
| 127 | } | ||
| 128 | my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; | ||
| 129 | my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); | ||
| 130 | my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); | ||
| 131 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com"); | ||
| 132 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date"); | ||
| 133 | is( $res->return_code, 2, "Output on expire date" ); | ||
| 134 | |||
| 135 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com"); | ||
| 136 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output"); | ||
| 137 | is( $res->return_code, 2, "cert expires in 1 second exit code" ); | ||
| 138 | |||
| 139 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com"); | ||
| 140 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output"); | ||
| 141 | is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); | ||
| 142 | |||
| 143 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com"); | ||
| 144 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output"); | ||
| 145 | is( $res->return_code, 2, "cert expires in 2 hours exit code" ); | ||
| 146 | |||
| 147 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com"); | ||
| 148 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output"); | ||
| 149 | is( $res->return_code, 2, "Certificate expired exit code" ); | ||
| 150 | }; | ||
| 151 | |||
| 115 | $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); | 152 | $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); |
| 116 | like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); | 153 | like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); |
| 117 | like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); | 154 | like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); |