Add a new NRPE check : check_packetfilter

2020-07-28 17:45:14 +02:00 · 2020-07-28 17:45:14 +02:00 · 62515ca5b5
parent 05898cc188
commit 62515ca5b5
1 changed files with 40 additions and 0 deletions
--- a/roles/nagios-nrpe/files/plugins_bsd/check_packetfilter.sh
+++ b/roles/nagios-nrpe/files/plugins_bsd/check_packetfilter.sh
@ -0,0 +1,40 @@
+#!/bin/sh
+  
+. /usr/local/libexec/nagios/utils.sh
+
+is_pf_disabled() {
+    if [ -f /etc/rc.conf.local ]; then
+        grep -q "pf=NO" /etc/rc.conf.local
+    else
+        # If /etc/rc.conf.local does not exist, pf cannot be disabled
+        # If 0 then pf is disabled, so if /etc/rc.conf.local does not exist we have to return 1 => pf is not disabled
+        return 1
+    fi
+}
+
+is_pf_started() {
+    pfctl -si | grep -q "Status: Enabled for"
+}
+
+main() {
+    if ! is_pf_disabled; then
+        if is_pf_started; then
+            echo "OK: PacketFilter is enabled and started."
+            exit "${STATE_OK}"
+        else
+            echo "CRITICAL: PacketFilter is enabled but not started."
+            exit "${STATE_CRITICAL}"
+        fi
+    else
+        if is_pf_started; then
+            echo "WARNING: PacketFilter is started but not enabled."
+            exit "${STATE_WARNING}"
+        else
+            echo "CRITICAL: PacketFilter is disabled and not started."
+            exit "${STATE_CRITICAL}"
+        fi
+    fi
+
+}
+
+main