Adding check_ipsec

This commit is contained in:
Jan Wagner 2014-10-23 14:24:07 +02:00
parent 1697637249
commit 7978d99a92
6 changed files with 228 additions and 1 deletions

3
check_ipsec/Makefile Normal file
View file

@ -0,0 +1,3 @@
#/usr/bin/make -f
include ../common.mk

194
check_ipsec/check_ipsec Normal file
View file

@ -0,0 +1,194 @@
#!/bin/bash
# Written By Nicole
# Any Comments or Questions please e-mail to ml@nicole-haehnel.de
#
# Plugin Name: check_ipsec
# Version: 2.0
# Date: 26/08/2008
#
# Usage: check_ipsec --tunnels <n>
#
# gateways.txt file must be located in same directory
# and has to look like:
# nameofconn1 192.168.0.1
# nameofconn2 192.168.1.1
#
# ------------Defining Variables------------
PROGNAME=`basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'`
#STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
DOWN=""
# ---------- Change to your needs ----------
PLUGINPATH="/usr/lib64/nagios/plugins"
GATEWAYLIST="gateways.txt"
IPSECBIN="/usr/sbin/ipsec"
FPINGBIN="/usr/sbin/fping"
# ping server in network on the other side of the tunnel
PINGIP=1 # ping yes or no (1/0)
# ------------------------------------------
. $PROGPATH/utils.sh
# Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST
if [ $# -eq 0 ];
then
echo UNKNOWN - missing Arguments. Run check_ipsec --help
exit $STATE_UNKNOWN
fi
test -e $IPSECBIN
if [ $? -ne 0 ];
then
echo CRITICAL - $IPSECBIN not exist
exit $STATE_CRITICAL
else
STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
fi
if [ $PINGIP -eq 1 ]
then
test -e $FPINGBIN
if [ $? -ne 0 ];
then
echo CRITICAL - $FPINGBIN not exist
exit $STATE_CRITICAL
fi
fi
test -e $PROGPATH/$GATEWAYLIST
if [ $? -ne 0 ];
then
echo CRITICAL - $GATEWAYLIST not exist
exit $STATE_CRITICAL
fi
print_usage() {
echo "Usage:"
echo " $PROGNAME --tunnels <number of configured tunnels>"
echo " $PROGNAME --help"
echo " $PROGNAME --version"
echo " Created by Nicole, questions or problems e-mail ml@nicole-haehnel.de"
echo ""
}
print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo " Checks vpn connection status of an openswan or strongswan installation."
echo ""
echo " --tunnels <number of configured tunnels>"
echo " -T <number of configured tunnels>"
echo " provides the tunnel status of the openswan or strongswan installation"
echo ""
echo " --help"
echo " -h"
echo " prints this help screen"
echo ""
echo " --version"
echo " -V"
echo " Print version and license information"
echo ""
}
check_tunnel() {
if [[ "$STRONG" -eq "1" ]]
then
eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" | wc -l`
else
eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "newest IPSEC" | wc -l`
fi
if [[ "$eroutes" -eq "$2" ]]
then
echo "OK - All $2 tunnels are up an running"
exit $STATE_OK
elif [[ "$eroutes" -gt "$2" ]]
then
echo "WARNING - More than $2 ($eroutes) tunnels are up an running"
exit $STATE_WARNING
else
echo "CRITICAL - Only $eroutes tunnels from $2 are up an running - $(location)"
exit $STATE_CRITICAL
fi
}
location() {
count=0
i=1
while read line; do
CONN=`echo $line| awk '{print $1}'`
IP=`echo $line| awk '{print $2}'`
if [[ "$STRONG" -eq "1" ]]
then
tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e $CONN | wc -l`
else
tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l`
fi
if [[ "$tunneltest" -eq "0" ]]
then
count=$[$count+1]
DOWN="$DOWN $CONN"
fi
if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]]
then
alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l`
if [[ "$alive" -eq "0" ]]
then
count=$[$count+1]
DOWN="$DOWN $CONN (no ping)"
fi
fi
i=$[$i+1]
done < $PLUGINPATH/$GATEWAYLIST
echo $DOWN
}
case "$1" in
--help)
print_help
exit $STATE_OK
;;
-h)
print_help
exit $STATE_OK
;;
--version)
print_revision $PLUGIN $REVISION
exit $STATE_OK
;;
-V)
print_revision $PLUGIN $REVISION
exit $STATE_OK
;;
--tunnels)
check_tunnel $1 $2
;;
-T)
check_tunnel $1 $2
;;
*)
print_help
exit $STATE_OK
esac

6
check_ipsec/control Normal file
View file

@ -0,0 +1,6 @@
Homepage: https://raw.githubusercontent.com/Inuits/monitoring-plugins/master/check_ipsec
Watch: https://raw.githubusercontent.com/Inuits/monitoring-plugins/master/check_ipsec # Version: ([0-9.]+)
Recommends: monitoring-plugins-common | nagios-plugins-common, fping, strongswan-starter | openswan
Version: 2.0
Uploaders: Jan Wagner <waja@cyconet.org>
Description: plugin checking ipsec connections from open- or stongswan

7
check_ipsec/copyright Normal file
View file

@ -0,0 +1,7 @@
Copyright (c) 2008 ml@nicole-haehnel.de
License: N/A
On Debian systems, the complete text of the GNU General
Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".

3
debian/control vendored
View file

@ -11,7 +11,7 @@ Vcs-Browser: http://github.com/waja/monitoring-plugins-cyconet
Package: monitoring-plugins-cyconet Package: monitoring-plugins-cyconet
Architecture: any Architecture: any
Depends: ${misc:Depends} Depends: ${misc:Depends}
Recommends: ${shlibs:Depends}, ${python:Depends}, libnet-snmp-perl, monitoring-plugins-common | nagios-plugins-common, libtime-modules-perl, libwww-perl, python-argparse, libredis-perl, ruby-redis, libio-socket-inet6-perl, perl-modules, libnet-tftp-perl, libxml-xpath-perl, ${perl:Depends} Recommends: ${shlibs:Depends}, ${python:Depends}, libnet-snmp-perl, monitoring-plugins-common | nagios-plugins-common, libtime-modules-perl, fping, strongswan-starter | openswan, libwww-perl, python-argparse, libredis-perl, ruby-redis, libio-socket-inet6-perl, perl-modules, libnet-tftp-perl, libxml-xpath-perl, ${perl:Depends}
Suggests: Suggests:
Enhances: nagios-plugins, nagios-plugins-basic, nagios-plugins-standard Enhances: nagios-plugins, nagios-plugins-basic, nagios-plugins-standard
Description: Plugins for nagios compatible monitoring systems Description: Plugins for nagios compatible monitoring systems
@ -21,6 +21,7 @@ Description: Plugins for nagios compatible monitoring systems
. .
* check_bgp (0.4): plugin to check BGP peer status via SNMP. * check_bgp (0.4): plugin to check BGP peer status via SNMP.
* check_file: plugin to check file count, size and ages * check_file: plugin to check file count, size and ages
* check_ipsec (2.0): plugin checking ipsec connections from open- or stongswan
* check_nginx_status (0.10): plugin checking the nginx_status page report from nginx * check_nginx_status (0.10): plugin checking the nginx_status page report from nginx
Tracking Active connections processes, request per second, connections per Tracking Active connections processes, request per second, connections per
seconds, Connections status. seconds, Connections status.

16
debian/copyright vendored
View file

@ -58,6 +58,22 @@ check_file:
------------------------------------------------------------------------------
check_ipsec:
The plugin was downloaded from:
https://raw.githubusercontent.com/Inuits/monitoring-plugins/master/check_ipsec
Copyright (c) 2008 ml@nicole-haehnel.de
License: N/A
On Debian systems, the complete text of the GNU General
Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
check_nginx_status: check_nginx_status: