#!/usr/libexec/platform-python ##################################### # this file is under Puppet control # # the last change: # # 2014/10/08, Eduard N. # ##################################### """Nagios plugin to check the csf status and updates.""" __title__ = 'check_csf' __version__ = '''2014/10/08, 1.2.2, special version for NC, Eduard N.''' ''' Please pay attention that it's necessary to add following access to sudoers file(s) /usr/sbin/csf -c /usr/sbin/csf -g "special_IP" ''' debug = 0 special_IP = '198.54.118.100' # IP of pm4 #special_IP = '198.54.118.40' # IP of pm4 #special_IP = '162.213.249.250' # IP of pm2 CSF = '/usr/sbin/csf' SUDO = '/usr/bin/sudo' OK = 0 WARNING = 1 CRITICAL = 2 UNKNOWN = 3 import os, re, sys def end(status, message, perfdata=""): """Exits the plugin with first arg as the return code and the second arg as the message to output.""" if perfdata: print( "%s | %s" % (message, perfdata)) else: print( "%s" % message) if status == OK: sys.exit(OK) elif status == WARNING: sys.exit(WARNING) elif status == CRITICAL: sys.exit(CRITICAL) else: sys.exit(UNKNOWN) try: from subprocess import Popen, PIPE, STDOUT except ImportError: end(WARNING, 'This script should be run under Python version more than 2.3') def check_csf_usable(): """Checks that the CSF program and path are correct and usable - that the program exists and is executable, otherwise exits with error.""" if not os.path.exists(CSF): end(UNKNOWN, "%s cannot be found" % CSF) elif not os.path.isfile(CSF): end(UNKNOWN, "%s is not a file" % CSF) elif not os.access(CSF, os.X_OK): end(UNKNOWN, "%s is not executable" % CSF) def check_programm_usable(programm, access = True): """Checks that the SUDO program and path are correct and usable - that the program exists and is executable, otherwise exits with error.""" if not os.path.exists(programm): end(UNKNOWN, "%s cannot be found" % programm) elif not os.path.isfile(programm): end(UNKNOWN, "%s is not a file" % programm) elif access and not os.access(programm, os.X_OK): end(UNKNOWN, "%s is not executable" % programm) import argparse parser = argparse.ArgumentParser(description='csf status') parser.add_argument("-s", "--speсialip", type=str, default="198.54.118.100", help="Default is 198.54.118.100") special_IP = parser.parse_args().speсialip check_programm_usable(SUDO) check_programm_usable(CSF, False) # check of current state of csf re_status_disabled = re.compile('csf and lfd have been disabled') re_status_checkIP = re.compile('^\w*\s*\d*\s*\d*\s*\d*.*\s*ACCEPT\s*\w*\s*.*'+special_IP+'\s*',re.M) cmd = SUDO + ' ' + CSF + ' -g ' + special_IP process = Popen(cmd.split(), stdout=PIPE, stderr=STDOUT, encoding="utf-8" ) output = process.communicate() returncode = process.returncode stdout = output[0] if debug: print (cmd, stdout) if re.match(re_status_disabled, stdout): end(CRITICAL, stdout) elif re.search(re_status_checkIP, stdout): pass else: end(CRITICAL, "Rule set isn't full. Check config and restart csf. " + stdout.strip()) # check new updates re_update_latest = re.compile('csf is already at the latest version') re_update_not_latest = re.compile('A newer version of csf is available') cmd = SUDO + ' ' + CSF + ' -c' process = Popen(cmd.split(), stdout=PIPE, stderr=STDOUT, encoding="utf-8") output = process.communicate() returncode = process.returncode stdout = output[0] if debug: print (cmd, stdout) if re.match(re_update_not_latest, stdout): end(WARNING, stdout) elif re.match(re_update_latest, stdout): end(OK, stdout) else: end(WARNING, stdout)