diff options
Diffstat (limited to 'nagios-plugins-contrib-24.20190301~bpo9+1/check_checksums/check_checksums')
-rwxr-xr-x | nagios-plugins-contrib-24.20190301~bpo9+1/check_checksums/check_checksums | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_checksums/check_checksums b/nagios-plugins-contrib-24.20190301~bpo9+1/check_checksums/check_checksums new file mode 100755 index 0000000..74a97c2 --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_checksums/check_checksums @@ -0,0 +1,110 @@ +#!/bin/bash +# +# check_checksums - Nagios plugin to check file checksums +# against (local, not 100% secure) lists. +# Supports md5 sha1 sha224 sha256 sha384 sha512 checksums. +# +# +# Copyright (C) 2013 Bernd Zeimetz <b.zeimetz@conova.com> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +umask 077 + +if [ $# -gt 0 ]; then + case $1 in + -h|--help|help) + cat << __EOH__ +$0 - Nagios plugin to check file checksums +------------------------------------------ +The plugin supports md5 sha1 sha224 sha256 sha384 sha512 checksums. +As the lists are stored local it is not 100% secure. + +Usage: + For each file you want to monitor write the current checksum + into the stored file list. Use the checksum tool you prefer, + probably depending on your CPU power. + + sha512sum /path/to/the/file >> /etc/nagios/check_checksums.sha512 + sha384sum /path/to/the/file >> /etc/nagios/check_checksums.sha384 + sha256sum /path/to/the/file >> /etc/nagios/check_checksums.sha256 + sha224sum /path/to/the/file >> /etc/nagios/check_checksums.sha224 + sha1sum /path/to/the/file >> /etc/nagios/check_checksums.sha1 + md5sum /path/to/the/file >> /etc/nagios/check_checksums.md5 + + Set useful file permissions: + chown root:nagios /etc/nagios/check_checksums.* + chmod 0640 /etc/nagios/check_checksums.* + + Run + $0 + in nrpe or nagios to check if the checksums are still the same. + It will return UNKNOWN if there is no checksum file at all. + + To update *ALL* stored checksums please run + /usr/lib/nagios/update_checksums + and all checksum files will be updated. A copy of the original file will + be stored in /etc/nagios. + +__EOH__ + exit 3 + ;; + esac +fi + +if dpkg --compare-versions `dpkg-query -W coreutils | awk '{print $2}'` ge 8.13; then + STRICT="--strict" +else + STRICT="" +fi + +RET=3 +OUT="UNKNOWN" +tmp_out=`mktemp` +tmp_err=`mktemp` +trap "rm -f ${tmp_out} ${tmp_err}" EXIT + +for t in md5 sha1 sha224 sha256 sha384 sha512; do + fname="/etc/nagios/check_checksums.${t}" + tool="${t}sum" + if [ -f ${fname} ]; then + if [ ${RET} -eq 3 ]; then + RET=0 + OUT="OK" + fi + ${tool} --quiet ${STRICT} --check ${fname} 1>>${tmp_out} 2>>${tmp_err} + err=$? + + if [ ${err} -gt 0 ]; then + RET=2 + OUT="CRITICAL" + fi + fi +done + +if [ $RET -eq 0 ]; then + echo "OK - all checksums verified | failed=0;1;1;0;" +else + echo -n "${OUT} - " + sed 's,WARNING: ,,' ${tmp_err} | tr '\n' '/' | sed 's,/$,,' + echo + cat ${tmp_out} + count=`wc -l ${tmp_out} | awk '{print $1}'` + echo "| failed=${count};1;1;0;" + /usr/bin/logger -p user.err -t check_checksums -f ${tmp_out} +fi +rm -f ${tmp_out} ${tmp_err} + +exit ${RET} + |