Your IP : 3.142.198.108
#!/usr/libexec/platform-python
#####################################
# this file is under Puppet control #
# the last change: #
# 2014/10/08, Eduard N. #
#####################################
"""Nagios plugin to check the csf status and updates."""
__title__ = 'check_csf'
__version__ = '''2014/10/08, 1.2.2,
special version for NC, Eduard N.'''
'''
Please pay attention that it's necessary to add following access to sudoers file(s)
/usr/sbin/csf -c
/usr/sbin/csf -g "special_IP"
'''
debug = 0
special_IP = '198.54.118.100' # IP of pm4
#special_IP = '198.54.118.40' # IP of pm4
#special_IP = '162.213.249.250' # IP of pm2
CSF = '/usr/sbin/csf'
SUDO = '/usr/bin/sudo'
OK = 0
WARNING = 1
CRITICAL = 2
UNKNOWN = 3
import os, re, sys
def end(status, message, perfdata=""):
"""Exits the plugin with first arg as the return code and the second arg as the message to output."""
if perfdata:
print( "%s | %s" % (message, perfdata))
else:
print( "%s" % message)
if status == OK:
sys.exit(OK)
elif status == WARNING:
sys.exit(WARNING)
elif status == CRITICAL:
sys.exit(CRITICAL)
else:
sys.exit(UNKNOWN)
try:
from subprocess import Popen, PIPE, STDOUT
except ImportError:
end(WARNING, 'This script should be run under Python version more than 2.3')
def check_csf_usable():
"""Checks that the CSF program and path are correct and usable - that the program exists and is executable, otherwise exits with error."""
if not os.path.exists(CSF):
end(UNKNOWN, "%s cannot be found" % CSF)
elif not os.path.isfile(CSF):
end(UNKNOWN, "%s is not a file" % CSF)
elif not os.access(CSF, os.X_OK):
end(UNKNOWN, "%s is not executable" % CSF)
def check_programm_usable(programm, access = True):
"""Checks that the SUDO program and path are correct and usable - that the program exists and is executable, otherwise exits with error."""
if not os.path.exists(programm):
end(UNKNOWN, "%s cannot be found" % programm)
elif not os.path.isfile(programm):
end(UNKNOWN, "%s is not a file" % programm)
elif access and not os.access(programm, os.X_OK):
end(UNKNOWN, "%s is not executable" % programm)
import argparse
parser = argparse.ArgumentParser(description='csf status')
parser.add_argument("-s", "--speсialip", type=str, default="198.54.118.100", help="Default is 198.54.118.100")
special_IP = parser.parse_args().speсialip
check_programm_usable(SUDO)
check_programm_usable(CSF, False)
# check of current state of csf
re_status_disabled = re.compile('csf and lfd have been disabled')
re_status_checkIP = re.compile('^\w*\s*\d*\s*\d*\s*\d*.*\s*ACCEPT\s*\w*\s*.*'+special_IP+'\s*',re.M)
cmd = SUDO + ' ' + CSF + ' -g ' + special_IP
process = Popen(cmd.split(), stdout=PIPE, stderr=STDOUT, encoding="utf-8" )
output = process.communicate()
returncode = process.returncode
stdout = output[0]
if debug: print (cmd, stdout)
if re.match(re_status_disabled, stdout):
end(CRITICAL, stdout)
elif re.search(re_status_checkIP, stdout):
pass
else:
end(CRITICAL, "Rule set isn't full. Check config and restart csf. " + stdout.strip())
# check new updates
re_update_latest = re.compile('csf is already at the latest version')
re_update_not_latest = re.compile('A newer version of csf is available')
cmd = SUDO + ' ' + CSF + ' -c'
process = Popen(cmd.split(), stdout=PIPE, stderr=STDOUT, encoding="utf-8")
output = process.communicate()
returncode = process.returncode
stdout = output[0]
if debug: print (cmd, stdout)
if re.match(re_update_not_latest, stdout):
end(WARNING, stdout)
elif re.match(re_update_latest, stdout):
end(OK, stdout)
else:
end(WARNING, stdout)