From c6896ec663df53cf71a442a01b222038f9d8edd5 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 9 Jan 2012 13:59:42 +0000 Subject: Teach nagios-check-libs how to handle ignorelist git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@494 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede --- nagios-check-libs | 60 ++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 12 deletions(-) (limited to 'nagios-check-libs') diff --git a/nagios-check-libs b/nagios-check-libs index abdc3ee..53f87ee 100755 --- a/nagios-check-libs +++ b/nagios-check-libs @@ -1,6 +1,6 @@ -#!/usr/bin/perl -Tw +#!/usr/bin/perl -w -# Copyright (C) 2005, 2006, 2007, 2008 Peter Palfrader +# Copyright (C) 2005, 2006, 2007, 2008, 2012 Peter Palfrader # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -29,7 +29,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; my $LSOF = '/usr/bin/lsof'; -my $VERSION = '0.0.0'; +my $VERSION = '0.1.0'; # nagios exit codes my $OK = 0; @@ -38,6 +38,7 @@ my $CRITICAL = 2; my $UNKNOWN = 3; my $params; +my $config; Getopt::Long::config('bundling'); @@ -51,21 +52,57 @@ if (!GetOptions ( '--version' => \$params->{'version'}, '--quiet' => \$params->{'quiet'}, '--verbose' => \$params->{'verbose'}, + '--config=s' => \$params->{'config'}, )) { - dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet]\n"); + dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=]\n"); }; if ($params->{'help'}) { - print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet]\n"; + print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=]\n"; print "Reports processes that are linked against libraries that no longer exist.\n"; + print "The optional config file can specify ignore rules - see the sample config file.\n"; exit (0); }; if ($params->{'version'}) { print "nagios-check-libs $VERSION\n"; print "nagios check for availability of debian (security) updates\n"; - print "Copyright (c) 2005 Peter Palfrader \n"; + print "Copyright (c) 2005, 2006, 2007, 2008, 2012 Peter Palfrader \n"; exit (0); }; +if (! defined $params->{'config'}) { + $params->{'config'} = '/etc/nagios/check-libs.conf'; +} elsif (! -e $params->{'config'}) { + dief("Config file $params->{'config'} does not exist.\n"); +} + +if (-e $params->{'config'}) { + eval "use YAML::Syck; 1" or dief "you need YAML::Syck (libyaml-syck-perl) to load a config file"; + open(my $fh, '<', $params->{'config'}) or dief "Cannot open config file $params->{'config'}: $!"; + $config = LoadFile($fh); + close($fh); + if (!(ref($config) eq "HASH")) { + dief("Loaded config is not a hash!\n"); + } +} else { + $config = { + 'ignorelist' => [ + '$path =~ m#^/proc/#', + '$path =~ m#^/var/tmp/#', + '$path =~ m#^/SYS#', + '$path =~ m#^/drm$# # xserver stuff', + '$path =~ m#^/dev/zero#', + ] + }; + print $config,"\n"; +} + +if (! exists $config->{'ignorelist'}) { + $config->{'ignorelist'} = []; +} elsif (! (ref($config->{'ignorelist'}) eq 'ARRAY')) { + dief("Config->ignorelist is not an array!\n"); +} + + my %processes; sub getPIDs($$) { @@ -111,14 +148,13 @@ if ($CHILD_ERROR) { # program failed dief("$LSOF -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); }; -for my $line (@lsof) { +LINE: for my $line (@lsof) { my ($process, $pid, $user, $fd, undef, undef, undef, $path, $rest) = split /\s+/, $line; if ($line =~ m/\.dpkg-/ || $line =~ m/path inode=/ || $fd eq 'DEL') { - next if $path =~ m#^/proc/#; - next if $path =~ m#^/var/tmp/#; - next if $path =~ m#^/SYS#; - next if $path =~ m#^/drm$#; # xserver stuff - next if $path =~ m#^/dev/zero#; + for my $i (@{$config->{'ignorelist'}}) { + my $ignore = eval($i); + next LINE if $ignore; + } next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root')); #$processes{$user}->{$process} = [] unless defined $processes{$user}->{$process}; $processes{$user}->{$process}->{$pid} = 1; -- cgit v1.2.3