Adding check_ipsec
This commit is contained in:
parent
1697637249
commit
7978d99a92
3
check_ipsec/Makefile
Normal file
3
check_ipsec/Makefile
Normal file
|
@ -0,0 +1,3 @@
|
|||
#/usr/bin/make -f
|
||||
|
||||
include ../common.mk
|
194
check_ipsec/check_ipsec
Normal file
194
check_ipsec/check_ipsec
Normal file
|
@ -0,0 +1,194 @@
|
|||
#!/bin/bash
|
||||
# Written By Nicole
|
||||
# Any Comments or Questions please e-mail to ml@nicole-haehnel.de
|
||||
#
|
||||
# Plugin Name: check_ipsec
|
||||
# Version: 2.0
|
||||
# Date: 26/08/2008
|
||||
#
|
||||
# Usage: check_ipsec --tunnels <n>
|
||||
#
|
||||
# gateways.txt file must be located in same directory
|
||||
# and has to look like:
|
||||
# nameofconn1 192.168.0.1
|
||||
# nameofconn2 192.168.1.1
|
||||
#
|
||||
# ------------Defining Variables------------
|
||||
PROGNAME=`basename $0`
|
||||
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
|
||||
REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'`
|
||||
#STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
|
||||
DOWN=""
|
||||
# ---------- Change to your needs ----------
|
||||
PLUGINPATH="/usr/lib64/nagios/plugins"
|
||||
GATEWAYLIST="gateways.txt"
|
||||
IPSECBIN="/usr/sbin/ipsec"
|
||||
FPINGBIN="/usr/sbin/fping"
|
||||
# ping server in network on the other side of the tunnel
|
||||
PINGIP=1 # ping yes or no (1/0)
|
||||
# ------------------------------------------
|
||||
|
||||
. $PROGPATH/utils.sh
|
||||
|
||||
|
||||
# Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST
|
||||
|
||||
if [ $# -eq 0 ];
|
||||
then
|
||||
echo UNKNOWN - missing Arguments. Run check_ipsec --help
|
||||
exit $STATE_UNKNOWN
|
||||
fi
|
||||
|
||||
test -e $IPSECBIN
|
||||
if [ $? -ne 0 ];
|
||||
then
|
||||
echo CRITICAL - $IPSECBIN not exist
|
||||
exit $STATE_CRITICAL
|
||||
else
|
||||
STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
|
||||
fi
|
||||
|
||||
if [ $PINGIP -eq 1 ]
|
||||
then
|
||||
test -e $FPINGBIN
|
||||
if [ $? -ne 0 ];
|
||||
then
|
||||
echo CRITICAL - $FPINGBIN not exist
|
||||
exit $STATE_CRITICAL
|
||||
fi
|
||||
fi
|
||||
|
||||
test -e $PROGPATH/$GATEWAYLIST
|
||||
if [ $? -ne 0 ];
|
||||
then
|
||||
echo CRITICAL - $GATEWAYLIST not exist
|
||||
exit $STATE_CRITICAL
|
||||
fi
|
||||
|
||||
print_usage() {
|
||||
echo "Usage:"
|
||||
echo " $PROGNAME --tunnels <number of configured tunnels>"
|
||||
echo " $PROGNAME --help"
|
||||
echo " $PROGNAME --version"
|
||||
echo " Created by Nicole, questions or problems e-mail ml@nicole-haehnel.de"
|
||||
echo ""
|
||||
}
|
||||
|
||||
print_help() {
|
||||
print_revision $PROGNAME $REVISION
|
||||
echo ""
|
||||
print_usage
|
||||
echo " Checks vpn connection status of an openswan or strongswan installation."
|
||||
echo ""
|
||||
echo " --tunnels <number of configured tunnels>"
|
||||
echo " -T <number of configured tunnels>"
|
||||
echo " provides the tunnel status of the openswan or strongswan installation"
|
||||
echo ""
|
||||
echo " --help"
|
||||
echo " -h"
|
||||
echo " prints this help screen"
|
||||
echo ""
|
||||
echo " --version"
|
||||
echo " -V"
|
||||
echo " Print version and license information"
|
||||
echo ""
|
||||
}
|
||||
|
||||
check_tunnel() {
|
||||
|
||||
if [[ "$STRONG" -eq "1" ]]
|
||||
then
|
||||
eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" | wc -l`
|
||||
else
|
||||
eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "newest IPSEC" | wc -l`
|
||||
fi
|
||||
|
||||
|
||||
if [[ "$eroutes" -eq "$2" ]]
|
||||
then
|
||||
echo "OK - All $2 tunnels are up an running"
|
||||
exit $STATE_OK
|
||||
elif [[ "$eroutes" -gt "$2" ]]
|
||||
then
|
||||
echo "WARNING - More than $2 ($eroutes) tunnels are up an running"
|
||||
exit $STATE_WARNING
|
||||
else
|
||||
echo "CRITICAL - Only $eroutes tunnels from $2 are up an running - $(location)"
|
||||
exit $STATE_CRITICAL
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
location() {
|
||||
|
||||
count=0
|
||||
i=1
|
||||
|
||||
while read line; do
|
||||
|
||||
CONN=`echo $line| awk '{print $1}'`
|
||||
IP=`echo $line| awk '{print $2}'`
|
||||
|
||||
if [[ "$STRONG" -eq "1" ]]
|
||||
then
|
||||
tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e $CONN | wc -l`
|
||||
else
|
||||
tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l`
|
||||
fi
|
||||
|
||||
if [[ "$tunneltest" -eq "0" ]]
|
||||
then
|
||||
count=$[$count+1]
|
||||
DOWN="$DOWN $CONN"
|
||||
fi
|
||||
|
||||
if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]]
|
||||
then
|
||||
alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l`
|
||||
|
||||
if [[ "$alive" -eq "0" ]]
|
||||
then
|
||||
count=$[$count+1]
|
||||
DOWN="$DOWN $CONN (no ping)"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
i=$[$i+1]
|
||||
|
||||
done < $PLUGINPATH/$GATEWAYLIST
|
||||
|
||||
echo $DOWN
|
||||
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
--help)
|
||||
print_help
|
||||
exit $STATE_OK
|
||||
;;
|
||||
-h)
|
||||
print_help
|
||||
exit $STATE_OK
|
||||
;;
|
||||
--version)
|
||||
print_revision $PLUGIN $REVISION
|
||||
exit $STATE_OK
|
||||
;;
|
||||
-V)
|
||||
print_revision $PLUGIN $REVISION
|
||||
exit $STATE_OK
|
||||
;;
|
||||
--tunnels)
|
||||
check_tunnel $1 $2
|
||||
;;
|
||||
-T)
|
||||
check_tunnel $1 $2
|
||||
;;
|
||||
*)
|
||||
print_help
|
||||
exit $STATE_OK
|
||||
|
||||
esac
|
||||
|
6
check_ipsec/control
Normal file
6
check_ipsec/control
Normal file
|
@ -0,0 +1,6 @@
|
|||
Homepage: https://raw.githubusercontent.com/Inuits/monitoring-plugins/master/check_ipsec
|
||||
Watch: https://raw.githubusercontent.com/Inuits/monitoring-plugins/master/check_ipsec # Version: ([0-9.]+)
|
||||
Recommends: monitoring-plugins-common | nagios-plugins-common, fping, strongswan-starter | openswan
|
||||
Version: 2.0
|
||||
Uploaders: Jan Wagner <waja@cyconet.org>
|
||||
Description: plugin checking ipsec connections from open- or stongswan
|
7
check_ipsec/copyright
Normal file
7
check_ipsec/copyright
Normal file
|
@ -0,0 +1,7 @@
|
|||
Copyright (c) 2008 ml@nicole-haehnel.de
|
||||
|
||||
License: N/A
|
||||
|
||||
On Debian systems, the complete text of the GNU General
|
||||
Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
|
||||
|
3
debian/control
vendored
3
debian/control
vendored
|
@ -11,7 +11,7 @@ Vcs-Browser: http://github.com/waja/monitoring-plugins-cyconet
|
|||
Package: monitoring-plugins-cyconet
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}
|
||||
Recommends: ${shlibs:Depends}, ${python:Depends}, libnet-snmp-perl, monitoring-plugins-common | nagios-plugins-common, libtime-modules-perl, libwww-perl, python-argparse, libredis-perl, ruby-redis, libio-socket-inet6-perl, perl-modules, libnet-tftp-perl, libxml-xpath-perl, ${perl:Depends}
|
||||
Recommends: ${shlibs:Depends}, ${python:Depends}, libnet-snmp-perl, monitoring-plugins-common | nagios-plugins-common, libtime-modules-perl, fping, strongswan-starter | openswan, libwww-perl, python-argparse, libredis-perl, ruby-redis, libio-socket-inet6-perl, perl-modules, libnet-tftp-perl, libxml-xpath-perl, ${perl:Depends}
|
||||
Suggests:
|
||||
Enhances: nagios-plugins, nagios-plugins-basic, nagios-plugins-standard
|
||||
Description: Plugins for nagios compatible monitoring systems
|
||||
|
@ -21,6 +21,7 @@ Description: Plugins for nagios compatible monitoring systems
|
|||
.
|
||||
* check_bgp (0.4): plugin to check BGP peer status via SNMP.
|
||||
* check_file: plugin to check file count, size and ages
|
||||
* check_ipsec (2.0): plugin checking ipsec connections from open- or stongswan
|
||||
* check_nginx_status (0.10): plugin checking the nginx_status page report from nginx
|
||||
Tracking Active connections processes, request per second, connections per
|
||||
seconds, Connections status.
|
||||
|
|
16
debian/copyright
vendored
16
debian/copyright
vendored
|
@ -58,6 +58,22 @@ check_file:
|
|||
|
||||
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
check_ipsec:
|
||||
|
||||
The plugin was downloaded from:
|
||||
https://raw.githubusercontent.com/Inuits/monitoring-plugins/master/check_ipsec
|
||||
|
||||
Copyright (c) 2008 ml@nicole-haehnel.de
|
||||
|
||||
License: N/A
|
||||
|
||||
On Debian systems, the complete text of the GNU General
|
||||
Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
|
||||
|
||||
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
check_nginx_status:
|
||||
|
|
Loading…
Reference in a new issue