new check connections_state #13
|
@ -21,6 +21,7 @@
|
||||||
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
||||||
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_mailq
|
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_mailq
|
||||||
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
||||||
|
_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
||||||
validate: 'visudo -cf %s'
|
validate: 'visudo -cf %s'
|
||||||
backup: no
|
backup: no
|
||||||
tags:
|
tags:
|
||||||
|
|
73
roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh
Executable file
73
roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh
Executable file
|
@ -0,0 +1,73 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
STATE=0
|
||||||
|
MAIN_CONNECTION_PINGABLE_IP="31.170.8.95"
|
||||||
|
MAIN_CONNECTION_GATEWAY="IP"
|
||||||
|
MAIN_CONNECTION_IP="IP"
|
||||||
|
SECOND_CONNECTION_PINGABLE_IP="31.170.8.243"
|
||||||
|
INFO_MAIN_CONNECTION="IP - Description"
|
||||||
|
INFO_SECOND_CONNECTION="IP - Description"
|
||||||
|
CURRENT_GATEWAY=$(/usr/bin/netstat -nr | /usr/bin/grep "default" | /usr/bin/awk '{print $2}')
|
||||||
|
|
||||||
|
IS_GATEWAY_IN_FILE=1
|
||||||
|
IS_VPN_USING_MAIN_CONNECTION=1
|
||||||
|
IS_PF_USING_MAIN_CONNECTION=1
|
||||||
|
CHECK_CARP=0
|
||||||
|
|
||||||
|
if [ "${CHECK_CARP}" = 1 ]; then
|
||||||
|
CARP_STATUS=$(/sbin/ifconfig carp0 | /usr/bin/grep "status" | /usr/bin/awk '{print $2}')
|
||||||
|
if [ "$CARP_STATUS" = "backup" ]; then
|
||||||
|
echo "No check, I'm a backup"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
/sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1
|
||||||
|
if [ $? = 0 ]; then
|
||||||
|
if [ "${CURRENT_GATEWAY}" != "${MAIN_CONNECTION_GATEWAY}" ]; then
|
||||||
|
echo "Main connection is UP but not used as gateway !"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Main connection (${INFO_MAIN_CONNECTION}) is down"
|
||||||
|
STATE=2
|
||||||
|
IS_GATEWAY_IN_FILE=0
|
||||||
|
IS_VPN_USING_MAIN_CONNECTION=0
|
||||||
|
IS_PF_USING_MAIN_CONNECTION=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
/sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "Second connection (${INFO_SECOND_CONNECTION}) is down"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then
|
||||||
|
/usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "Main connection is not set in /etc/mygate"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then
|
||||||
|
/sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}"
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "VPN is not using the main connection !"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then
|
||||||
|
/sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}"
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "PF is not using the main connection !"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${STATE}" = 0 ]; then
|
||||||
|
echo "OK - Main connection is UP and used, second connection is UP"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit ${STATE}
|
|
@ -36,3 +36,4 @@ command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445
|
||||||
#command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d
|
#command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d
|
||||||
command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
||||||
|
|||||||
command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf
|
command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf
|
||||||
|
command[check_connections_state]=sudo /usr/local/libexec/nagios/check_connections_state.sh
|
||||||
|
|
Loading…
Reference in a new issue
Uses sudo, should probably be doas
I will open a new Pull Request to replace all sudo occurrences with doas