#!/bin/sh
#
# Run check on jails (NRPE output)
# Usage: check
#

# shellcheck source=./includes
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"

return=0
nb_crit=0
nb_warn=0
nb_ok=0
nb_unkn=0
output=""

# Check each jail status

check_jail() {
    jail_name=$1

    jail_path=$(jail_path "${jail_name}")
    cur_time=$(date "+%s")
    last_conn=$(stat --format=%Y "${jail_path}/var/log/lastlog")
    date_diff=$(( (cur_time - last_conn) / (60*60) ))

    check_policy_file=$(current_jail_check_policy_file "${jail_name}")

    if [ -f "${check_policy_file}" ]; then
        local_critical=$(read_numerical_variable "${check_policy_file}" "CRITICAL")
        local_warning=$(read_numerical_variable "${check_policy_file}" "WARNING")
    else
        unset local_critical
        unset local_warning
    fi
    # reset to default values if missing local value
    : ${local_critical:=${CRITICAL}}
    : ${local_warning:=${WARNING}}

    if [ "${local_critical}" -gt "0" ] && [ "${date_diff}" -gt "${local_critical}" ]; then
        nb_crit=$((nb_crit + 1))
        output="${output}CRITICAL - ${jail_name} - ${date_diff} hours (${local_warning}/${local_critical})\n"
        [ "${return}" -le 2 ] && return=2
    elif [ "${local_warning}" -gt "0" ] && [ "${date_diff}" -gt "${local_warning}" ]; then
        nb_warn=$((nb_warn + 1))
        output="${output}WARNING - ${jail_name} - ${date_diff} hours (${local_warning}/${local_critical})\n"
        [ "${return}" -le 1 ] && return=1
    else
        nb_ok=$((nb_ok + 1))
        output="${output}OK - ${jail_name} - ${date_diff} hours (${local_warning}/${local_critical})\n"
    fi
}

for jail_name in $(jails_list); do
    jail_path=$(jail_path "${jail_name}")

    if [ -f "${jail_path}/var/log/lastlog" ]; then
        check_jail "${jail_name}"
    else
        nb_unkn=$((nb_unkn + 1))
        output="${output}UNKNOWN - ${jail_name} doesn't have lastlog !\n"
        [ "${return}" -le 3 ] && return=3
    fi
done

[ "${return}" -ge 0 ] && header="OK"
[ "${return}" -ge 1 ] && header="WARNING"
[ "${return}" -ge 2 ] && header="CRITICAL"
[ "${return}" -ge 3 ] && header="UNKNOWN"

printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"

printf "${output}" | grep -E "^UNKNOWN"
printf "${output}" | grep -E "^CRITICAL"
printf "${output}" | grep -E "^WARNING"
printf "${output}" | grep -E "^OK"

exit "${return}"