Do not load Python code from YAML files

[mirror/dsa-nagios.git] / dsa-nagios-checks / checks / dsa-check-libs

diff --git a/dsa-nagios-checks/checks/dsa-check-libs b/dsa-nagios-checks/checks/dsa-check-libs
index 77707d9..da26cdc 100755 (executable)
--- a/dsa-nagios-checks/checks/dsa-check-libs
+++ b/dsa-nagios-checks/checks/dsa-check-libs
@@ -30,7 +30,7 @@ $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
 delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
 
 my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2012042101';
+my $VERSION = '0.2015012901';
 
 # nagios exit codes
 my $OK = 0;
@@ -52,15 +52,18 @@ if (!GetOptions (
        '--help'        => \$params->{'help'},
        '--version'     => \$params->{'version'},
        '--quiet'       => \$params->{'quiet'},
+       '--ignore-pid-namespaces'       => \$params->{'ignore_pid_namespaces'},
        '--verbose'     => \$params->{'verbose'},
+       '-v'            => \$params->{'verbose'},
        '--config=s'    => \$params->{'config'},
        )) {
-       dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
+       dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--ignore-pid-namespaces] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
 };
 if ($params->{'help'}) {
-       print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n";
+       print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--ignore-pid-namespaces] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n";
        print "Reports processes that are linked against libraries that no longer exist.\n";
        print "The optional config file can specify ignore rules - see the sample config file.\n";
+       print "Can optionally ignore processes from other PID namespaces.\n";
        exit (0);
 };
 if ($params->{'version'}) {
@@ -141,8 +144,14 @@ sub inVserver() {
 
 my $INVSERVER = inVserver();
 
+my $PID_NS_SUPPORT = (-f '/proc/self/ns/pid');
+my $PID_NS;
+if ($PID_NS_SUPPORT and $params->{'ignore_pid_namespaces'}) {
+       $PID_NS = readlink('/proc/self/ns/pid');
+}
+
 print STDERR "Running $LSOF -n\n" if $params->{'verbose'};
-open (LSOF, "$LSOF -n|") or dief ("Cannot run $LSOF -n: $!\n");
+open (LSOF, "$LSOF -n 2>/dev/null|") or dief ("Cannot run $LSOF -n: $!\n");
 my @lsof=<LSOF>;
 close LSOF;
 if ($CHILD_ERROR) { # program failed
@@ -155,10 +164,15 @@ LINE: for my $line (@lsof)  {
                my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_  and length $_ >1} split /\0/, $line;
                $process = $fields{c};
                $pid     = $fields{p};
-               $user    = $fields{L};
+               $user    = $fields{L} || '<unknown>';
                next;
        }
 
+       if ($PID_NS_SUPPORT and $params->{'ignore_pid_namespaces'}) {
+               my $pidns = readlink('/proc/'.$pid.'/ns/pid');
+               next if (defined $pidns and $PID_NS ne $pidns);
+       }
+
        unless ( $line =~ /^f/ ) {
                dief("UNKNOWN strange line read from lsof\n");
                # don't print it because it contains NULL characters...
@@ -170,6 +184,10 @@ LINE: for my $line (@lsof)  {
        my $inode = $fields{i};
        my $path  = $fields{n};
        if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+               my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+               next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+               next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
                $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
                for my $i (@{$config->{'ignorelist'}}) {
                        my $ignore = eval($i);