Your IP : 3.14.247.170


Current Path : /lib64/nagios/plugins/nccustom/
Upload File :
Current File : //lib64/nagios/plugins/nccustom/check_extra_accts.py

#!/usr/libexec/platform-python
#
# written by Vladimir Burov, vladimir.burov@namecheap.com
# version: 1.0-3 2017/12/05
# short description: checking accounts that may still in the system after not proper removing by cPanel
# link to documentation: TO-2944
# RPM package: nc-check-excess-accounts
#
# update: RPM package: nc-nrpe-check_extra_accts

import configparser
import argparse
import re
import os
import pwd
import sys
from subprocess import Popen, PIPE

VERSION = '1.0-3 2017/12/05'
CONFIG = ['/usr/share/nc_nagios/check_extra_accts/check_extra_accts_ignore.conf']
DESCRIPTION = "Checking accounts that left in the system after incorrect removing from cPanel.\n" \
              "Config: %s\nVersion %s %s" % (CONFIG[0], VERSION, "vladimir.burov@namecheap.com")
CONFIG = ['/usr/share/nc_nagios/check_extra_accts/check_extra_accts_ignore.conf', '/usr/share/nc_nagios/check_extra_accts/check_extra_accts_regex_ignore.conf']
HOSTNAME = os.uname()[1]
CPANELACCTSCMD = '/usr/sbin/whmapi1 listaccts want=user\,unix_startdate|grep "user:"|awk "{print\$2}"'
SYSTEMACCTSCMD = 'cat /etc/passwd|awk -F: "{print\$1}"|sort'

if __name__ == "__main__":
    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter, description=DESCRIPTION)
    parser.add_argument("-v", "--verbose", default=False, action="store_true", help="more verbose output")
    args = parser.parse_args()
    config = configparser.ConfigParser(allow_no_value=True)
    config.read(CONFIG)
    exclude = [u[0] for u in config.items('default')]
    re_exclude = [r[0] for r in config.items('regex')]
    for pattern in filter(lambda p: not p == 'default', config.sections()):
        if re.match(pattern, HOSTNAME):
            for u in config.items(pattern):
                exclude.append(u[0])

    systemaccts = Popen(SYSTEMACCTSCMD, stdout=PIPE, encoding="utf8", shell=True).stdout.read().rstrip().split('\n')
    cpanelaccts = Popen(CPANELACCTSCMD, stdout=PIPE, encoding="utf8", shell=True).stdout.read().rstrip().split('\n')
    cpanelhomedirs = [os.path.expanduser('~'+u) for u in cpanelaccts]
    nouserhome = []
    cpanelhomesownroot = []
    for homedir in cpanelhomedirs:
        homedir_uid = os.stat(homedir).st_uid
        try:
            if pwd.getpwuid(homedir_uid).pw_name == 'root':
                cpanelhomesownroot.append(homedir)
        except KeyError:
            nouserhome.append(homedir)
    var_cpanel_users = os.listdir('/var/cpanel/users')
    if args.verbose:
        print("Exclude: %s" % (' '.join(exclude)))
        print("RE Exclude: %s" % (' '.join(re_exclude)))
        print("System: %s" % (' '.join(systemaccts)))
        print("cPanel: %s" % (' '.join(cpanelaccts)))
        print("/var/cpanel/users: %s" % (' '.join(var_cpanel_users)))
    excess = [a for a in systemaccts if a not in cpanelaccts and a not in exclude]
    if re_exclude:
        big_re = re.compile('|'.join(re_exclude))
        if filter(big_re.match, excess):
            excess = list(set(excess) - set((filter(big_re.match, excess))))
    excess_var_cpanel_users = [a for a in var_cpanel_users if a not in cpanelaccts and a not in exclude
                               and not a == 'system']
    warn = []
    if excess:
        warn.append("Extra accounts: %s;" % (' '.join(excess)))
        if args.verbose:
            print("Extra: %s" % (' '.join(excess)))
    if excess_var_cpanel_users:
        warn.append("Extra /var/cpanel/users/<file>: %s;" % (' '.join(excess_var_cpanel_users)))
        if args.verbose:
            print("Cpanel account do not exist but /var/cpanel/users/<file> exists: %s"\
                  % (' '.join(excess_var_cpanel_users)))
    if cpanelhomesownroot:
        warn.append("Acct home owned by root: %s;" % (' '.join(cpanelhomesownroot)))
        if args.verbose:
            print("cPanel account home is owned by root: %s" % (' '.join(cpanelhomesownroot)))
    if nouserhome:
        warn.append("Acct home owned by nouser: %s;" % (' '.join(nouserhome)))
        if args.verbose:
            print("cPanel account home is owned by nouser: %s" % (' '.join(nouserhome)))
    if warn:
        print("CRITICAL - %s" % ' '.join(warn))
        sys.exit(2)
    else:
        print("OK - There's no extra accounts")
        sys.exit(0)

?>