mirroir readonly du Gitit wiki.evolix.org (attention, ne rien commiter/merger sur ce dépôt) https://wiki.evolix.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

check_openvpn.pl 5.5 KiB

7 months ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
  1. #!/usr/bin/perl -w
  2. #######################################################################
  3. #
  4. # Copyright (c) 2007 Jaime Gascon Romero <jgascon@gmail.com>
  5. #
  6. # License Information:
  7. # This program is free software; you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation; either version 3 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. # $Id: check_openvpn.pl,v 1.1 2014/09/29 08:39:24 rdessort Exp $
  21. # $Revision: 1.1 $
  22. # Home Site: http://emergeworld.blogspot.com/
  23. # #####################################################################
  24. use diagnostics;
  25. use strict;
  26. use Net::Telnet ();
  27. use Getopt::Long qw(:config no_ignore_case);
  28. use vars qw($PROGNAME $VERSION);
  29. use lib "/usr/local/libexec/nagios/";
  30. use utils qw(%ERRORS);
  31. $PROGNAME = "check_openvpn";
  32. $VERSION = '$Revision: 1.1 $';
  33. $ENV{'PATH'}='';
  34. $ENV{'BASH_ENV'}='';
  35. $ENV{'ENV'}='';
  36. my ($opt_h, $opt_H, $opt_p, $opt_P, $opt_t, $opt_i, $opt_n, $opt_c, $opt_w, $opt_C, $opt_r);
  37. sub print_help ();
  38. sub print_usage ();
  39. GetOptions
  40. ("h" => \$opt_h, "help" => \$opt_h,
  41. "H=s" => \$opt_H, "host=s" => \$opt_H,
  42. "p=i" => \$opt_p, "port=i" => \$opt_p,
  43. "P=s" => \$opt_P, "password=s" => \$opt_P,
  44. "t=i" => \$opt_t, "timeout=i" => \$opt_t,
  45. "i" => \$opt_i, "ip" => \$opt_i,
  46. "n" => \$opt_n, "numeric" => \$opt_n,
  47. "c" => \$opt_c, "critical" => \$opt_c,
  48. "w" => \$opt_w, "warning" => \$opt_w,
  49. "C=s" => \$opt_C, "common_name=s" => \$opt_C,
  50. "r=s" => \$opt_r, "remote_ip=s" => \$opt_r,
  51. ) or exit $ERRORS{'UNKNOWN'};
  52. # default values
  53. unless ( defined $opt_t ) {
  54. $opt_t = 10;
  55. }
  56. if ($opt_h) {print_help(); exit $ERRORS{'OK'};}
  57. if ( ! defined($opt_H) || ! defined($opt_p) ) {
  58. print_usage();
  59. exit $ERRORS{'UNKNOWN'}
  60. }
  61. my @lines;
  62. my @clients;
  63. my @clients_ip;
  64. my $t;
  65. eval {
  66. $t = new Net::Telnet (Timeout => $opt_t,
  67. Port => $opt_p,
  68. Prompt => '/END$/'
  69. );
  70. $t->open($opt_H);
  71. if ( defined $opt_P ) {
  72. $t->waitfor('/ENTER PASSWORD:$/');
  73. $t->print($opt_P);
  74. }
  75. $t->waitfor('/^$/');
  76. @lines = $t->cmd("status 2");
  77. $t->close;
  78. };
  79. if ($@) {
  80. print "OpenVPN Critical: Can't connect to server\n";
  81. exit $ERRORS{'CRITICAL'};
  82. }
  83. if (defined $opt_i || defined $opt_r) {
  84. foreach (@lines) {
  85. if ($_ =~ /CLIENT_LIST,.*,(\d+\.\d+\.\d+\.\d+):\d+,/) {
  86. push @clients_ip, $1;
  87. }
  88. }
  89. if (defined $opt_i) {
  90. print "OpenVPN OK: "."@clients_ip ";
  91. exit $ERRORS{'OK'};
  92. } elsif (defined $opt_r) {
  93. if ( ! grep /\b$opt_r\b/, @clients_ip) {
  94. if (defined $opt_c) {
  95. print "OpenVPN CRITICAL: $opt_r don't found";
  96. exit $ERRORS{'CRITICAL'};
  97. } else {
  98. print "OpenVPN WARNING: $opt_r don't found";
  99. exit $ERRORS{'WARNING'};
  100. }
  101. }
  102. print "OpenVPN OK: "."@clients_ip ";
  103. exit $ERRORS{'OK'};
  104. }
  105. }
  106. foreach (@lines) {
  107. if ($_ =~ /CLIENT_LIST,(.*),\d+\.\d+\.\d+\.\d+:\d+,/) {
  108. push @clients, $1;
  109. }
  110. }
  111. if (defined $opt_C) {
  112. if ( ! grep /\b$opt_C\b/, @clients) {
  113. if (defined $opt_c) {
  114. print "OpenVPN CRITICAL: $opt_C don't found";
  115. exit $ERRORS{'CRITICAL'};
  116. } else {
  117. print "OpenVPN WARNING: $opt_C don't found";
  118. exit $ERRORS{'WARNING'};
  119. }
  120. }
  121. }
  122. if (defined $opt_n) {
  123. print "OpenVPN OK: ".@clients." connected clients.";
  124. exit $ERRORS{'OK'};
  125. }
  126. print "OpenVPN OK: "."@clients ";
  127. exit $ERRORS{'OK'};
  128. #######################################################################
  129. ###### Subroutines ####################################################
  130. sub print_usage() {
  131. print "Usage: $PROGNAME -H | --host <IP or hostname> -p | --port <port number> [-P | --password] <password> [-t | --timeout] <timeout in seconds>
  132. [-i | --ip] [-n | --numeric] [-C | --common_name] <common_name> [-r | --remote_ip] <remote_ip> [-c | --critical] [-w | --warning]\n\n";
  133. print " $PROGNAME [-h | --help]\n";
  134. }
  135. sub print_help() {
  136. print "$PROGNAME $VERSION\n\n";
  137. print "Copyright (c) 2007 Jaime Gascon Romero
  138. Nagios plugin to check the clients connected to a openvpn server.
  139. ";
  140. print_usage();
  141. print "
  142. -H | --host
  143. IP address or hostname of the openvpn server.
  144. -p | --port
  145. Management port interface of the openvpn server.
  146. -P | --password
  147. Password for the management interface of the openvpn server.
  148. -t | --timeout
  149. Timeout for the connection attempt. Optional, default 10 seconds.
  150. Optional parameters
  151. ===================
  152. -i | --ip
  153. Prints the IP address of the remote client instead of the common name.
  154. -n | --numeric
  155. Prints the number of clients connected to the openvpn server.
  156. Matching Parameters
  157. ===================
  158. -C | --common_name
  159. The common name, as it is specified in the client certificate, who is wanted to check.
  160. -r | --remote_ip
  161. The client remote ip address who is wanted to check.
  162. -c | --critical
  163. Exits with CRITICAL status if the client specified by the common name or the remote ip address is not connected.
  164. -w | --warning
  165. Exits with WARNING status if the client specified by the common name or the remote ip address is not connected.
  166. Other Parameters
  167. ================
  168. -h | --help
  169. Show this help.
  170. ";
  171. }
  172. # vim:sts=2:sw=2:ts=2:et