3 # check_samhain.pl - check to see how many policy violations are reported
4 # by the samhain file integrity checker.
6 # Copyright Rainer Wichmann (2004)
7 # Copyright Martin Zobel-Helas (2008)
10 # This program is free software; you can redistribute it and/or modify
11 # it under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 2 of the License, or
13 # (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with this program; if not, write to the Free Software
22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 ############################################################################
26 # -------------------------------------------------------------------[ Uses ]--
30 use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval);
31 use lib "/usr/lib/nagios/plugins";
32 use utils qw(%ERRORS &print_revision);
35 #my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
36 #sub print_revision ($$);
38 # ----------------------------------------------------[ Function Prototypes ]--
42 sub process_arguments ();
44 # ------------------------------------------------------------[ Environment ]--
50 # -----------------------------------------------------------------[ Global ]--
52 $PROGNAME = "dsa-check-samhain";
53 $SAMHAIN = "/usr/sbin/samhain";
55 # ----------------------------------------------------------------[ options ]--
57 Getopt::Long::Configure('bundling');
58 $status = process_arguments();
60 print "ERROR: processing arguments\n";
61 exit $ERRORS{"UNKNOWN"};
64 # ----------------------------------------------------------------[ timeout ]--
67 print ("ERROR: timed out waiting for $SAMHAIN\n");
68 exit $ERRORS{"WARNING"};
72 # ----------------------------------------------------------[ start samhain ]--
74 if ( defined $SAMHAIN && -x $SAMHAIN ) {
75 if (! open (SHPIPE, "/usr/bin/sudo $SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) {
76 print "ERROR: could not popen $SAMHAIN \n";
77 exit $ERRORS{'UNKNOWN'};
80 print "ERROR: Could not find samhain executable!\n";
81 exit $ERRORS{'UNKNOWN'};
84 # ---------------------------------------------------------[ read from pipe ]--
95 if ($status < $opt_w) {
96 $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)";
97 $state = $ERRORS{'OK'};
98 } elsif ($status >= $opt_w && $status < $opt_c) {
99 $msg = "WARNING: $status policy violations (threshold w=$opt_w)";
100 $state = $ERRORS{'WARNING'};
102 $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)";
103 $state = $ERRORS{'CRITICAL'};
106 # -------------------------------------------------------------[ close pipe ]--
110 # declare an error if we also get a non-zero return code from samhain
115 print "Error closing $SAMHAIN: $!\n" if $verbose;
117 print "$SAMHAIN returned exit status $retval\n" if $verbose;
119 if ($state == $ERRORS{"CRITICAL"}) {
120 $state = $ERRORS{"CRITICAL"};
122 print "ERROR: $SAMHAIN exit status $retval\n";
123 exit $ERRORS{'UNKNOWN'};
127 # -------------------------------------------------------------------[ exit ]--
129 print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n";
133 # ------------------------------------------------------------[ Subroutines ]--
135 sub process_arguments(){
137 ("V" => \$opt_V, "version" => \$opt_V,
138 "h" => \$opt_h, "help" => \$opt_h,
139 "v" => \$opt_v, "verbose" => \$opt_v,
140 "w=i" => \$opt_w, "warning=i" => \$opt_w,
141 "c=i" => \$opt_c, "critical=i" => \$opt_c,
142 "t=i" => \$opt_t, "timeout=i" => \$opt_t
146 print_revision($PROGNAME,'$Revision: 1.0 $ ');
155 if (defined $opt_v ){
159 unless (defined $opt_t) {
160 $opt_t = $utils::TIMEOUT ; # default timeout
161 # $opt_t = $TIMEOUT ;
164 unless (defined $opt_w) {
168 unless (defined $opt_c) {
172 if ( $opt_w > $opt_c) {
173 print "Warning cannot be greater than Critical!\n";
174 exit $ERRORS{'UNKNOWN'};
177 return $ERRORS{'OK'};
181 print "Usage: $PROGNAME [-w <warn>] [-c <crit>] [-t <timeout>]\n";
185 print_revision($PROGNAME, '$Revision: 1.0 $');
186 print "Copyright (c) 2004 Rainer Wichmann
188 This plugin checks the number of policy violations reported by the
189 samhain file intgrity checker
194 -w, --warning=INTEGER
195 Minimum number of policy violations for which a WARNING status will result
196 -c, --critical=INTEGER
197 Minimum number of policy violations for which a CRITICAL status will result
198 -t, --timeout=SECONDS
199 The number of seconds after which a the plugin will timeout
203 Show this help message
205 Show the version of the plugin
210 #sub print_revision ($$) {
211 # my $commandName = shift;
212 # my $pluginRevision = shift;
213 # $pluginRevision =~ s/^\$Revision: //;
214 # $pluginRevision =~ s/ \$\s*$//;
215 # print "$commandName (samhain 2.2.3) $pluginRevision\n";