|
|
- #!/usr/bin/perl -w
-
- #######################################################################
- #
- # Copyright (c) 2007 Jaime Gascon Romero <jgascon@gmail.com>
- #
- # License Information:
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation; either version 3 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
- # $Id: check_openvpn.pl,v 1.1 2014/09/29 08:39:24 rdessort Exp $
- # $Revision: 1.1 $
- # Home Site: http://emergeworld.blogspot.com/
- # #####################################################################
-
- use diagnostics;
- use strict;
- use Net::Telnet ();
- use Getopt::Long qw(:config no_ignore_case);
- use vars qw($PROGNAME $VERSION);
- use lib "/usr/local/libexec/nagios/";
- use utils qw(%ERRORS);
-
- $PROGNAME = "check_openvpn";
- $VERSION = '$Revision: 1.1 $';
-
- $ENV{'PATH'}='';
- $ENV{'BASH_ENV'}='';
- $ENV{'ENV'}='';
-
- my ($opt_h, $opt_H, $opt_p, $opt_P, $opt_t, $opt_i, $opt_n, $opt_c, $opt_w, $opt_C, $opt_r);
-
- sub print_help ();
- sub print_usage ();
-
- GetOptions
- ("h" => \$opt_h, "help" => \$opt_h,
- "H=s" => \$opt_H, "host=s" => \$opt_H,
- "p=i" => \$opt_p, "port=i" => \$opt_p,
- "P=s" => \$opt_P, "password=s" => \$opt_P,
- "t=i" => \$opt_t, "timeout=i" => \$opt_t,
- "i" => \$opt_i, "ip" => \$opt_i,
- "n" => \$opt_n, "numeric" => \$opt_n,
- "c" => \$opt_c, "critical" => \$opt_c,
- "w" => \$opt_w, "warning" => \$opt_w,
- "C=s" => \$opt_C, "common_name=s" => \$opt_C,
- "r=s" => \$opt_r, "remote_ip=s" => \$opt_r,
- ) or exit $ERRORS{'UNKNOWN'};
-
- # default values
- unless ( defined $opt_t ) {
- $opt_t = 10;
- }
-
- if ($opt_h) {print_help(); exit $ERRORS{'OK'};}
-
- if ( ! defined($opt_H) || ! defined($opt_p) ) {
- print_usage();
- exit $ERRORS{'UNKNOWN'}
- }
-
- my @lines;
- my @clients;
- my @clients_ip;
- my $t;
-
- eval {
- $t = new Net::Telnet (Timeout => $opt_t,
- Port => $opt_p,
- Prompt => '/END$/'
- );
- $t->open($opt_H);
- if ( defined $opt_P ) {
- $t->waitfor('/ENTER PASSWORD:$/');
- $t->print($opt_P);
- }
- $t->waitfor('/^$/');
- @lines = $t->cmd("status 2");
- $t->close;
- };
-
- if ($@) {
- print "OpenVPN Critical: Can't connect to server\n";
- exit $ERRORS{'CRITICAL'};
- }
-
-
- if (defined $opt_i || defined $opt_r) {
- foreach (@lines) {
- if ($_ =~ /CLIENT_LIST,.*,(\d+\.\d+\.\d+\.\d+):\d+,/) {
- push @clients_ip, $1;
- }
- }
- if (defined $opt_i) {
- print "OpenVPN OK: "."@clients_ip ";
- exit $ERRORS{'OK'};
- } elsif (defined $opt_r) {
- if ( ! grep /\b$opt_r\b/, @clients_ip) {
- if (defined $opt_c) {
- print "OpenVPN CRITICAL: $opt_r don't found";
- exit $ERRORS{'CRITICAL'};
- } else {
- print "OpenVPN WARNING: $opt_r don't found";
- exit $ERRORS{'WARNING'};
- }
- }
- print "OpenVPN OK: "."@clients_ip ";
- exit $ERRORS{'OK'};
- }
- }
-
- foreach (@lines) {
- if ($_ =~ /CLIENT_LIST,(.*),\d+\.\d+\.\d+\.\d+:\d+,/) {
- push @clients, $1;
- }
- }
-
- if (defined $opt_C) {
- if ( ! grep /\b$opt_C\b/, @clients) {
- if (defined $opt_c) {
- print "OpenVPN CRITICAL: $opt_C don't found";
- exit $ERRORS{'CRITICAL'};
- } else {
- print "OpenVPN WARNING: $opt_C don't found";
- exit $ERRORS{'WARNING'};
- }
- }
- }
-
-
- if (defined $opt_n) {
- print "OpenVPN OK: ".@clients." connected clients.";
- exit $ERRORS{'OK'};
- }
-
- print "OpenVPN OK: "."@clients ";
- exit $ERRORS{'OK'};
-
- #######################################################################
- ###### Subroutines ####################################################
-
- sub print_usage() {
- print "Usage: $PROGNAME -H | --host <IP or hostname> -p | --port <port number> [-P | --password] <password> [-t | --timeout] <timeout in seconds>
- [-i | --ip] [-n | --numeric] [-C | --common_name] <common_name> [-r | --remote_ip] <remote_ip> [-c | --critical] [-w | --warning]\n\n";
- print " $PROGNAME [-h | --help]\n";
- }
-
- sub print_help() {
- print "$PROGNAME $VERSION\n\n";
- print "Copyright (c) 2007 Jaime Gascon Romero
-
- Nagios plugin to check the clients connected to a openvpn server.
-
- ";
- print_usage();
- print "
- -H | --host
- IP address or hostname of the openvpn server.
-
- -p | --port
- Management port interface of the openvpn server.
-
- -P | --password
- Password for the management interface of the openvpn server.
-
- -t | --timeout
- Timeout for the connection attempt. Optional, default 10 seconds.
-
-
- Optional parameters
- ===================
-
- -i | --ip
- Prints the IP address of the remote client instead of the common name.
-
- -n | --numeric
- Prints the number of clients connected to the openvpn server.
-
-
- Matching Parameters
- ===================
-
- -C | --common_name
- The common name, as it is specified in the client certificate, who is wanted to check.
-
- -r | --remote_ip
- The client remote ip address who is wanted to check.
-
- -c | --critical
- Exits with CRITICAL status if the client specified by the common name or the remote ip address is not connected.
-
- -w | --warning
- Exits with WARNING status if the client specified by the common name or the remote ip address is not connected.
-
-
- Other Parameters
- ================
-
- -h | --help
- Show this help.
- ";
-
- }
-
- # vim:sts=2:sw=2:ts=2:et
|