X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-zone-rrsig-expiration;h=a624426cd32084bdfd8665a34be5d678fe0cf5a3;hb=059272a0afb9b0415aac0bf0390bfaf96b520b1d;hp=02fd72b2554f4f0f9db89388a05e8f7b87f263a1;hpb=4e06d92c68c598f7089bccd546d2abc250d68990;p=mirror%2Fdsa-nagios.git diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration index 02fd72b..a624426 100755 --- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration +++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration @@ -41,6 +41,10 @@ # Copyright (c) 2010 Peter Palfrader # - various fixes and cleanups # - do more than one zone +# Copyright (c) 2012 Peter Palfrader +# - add -s option to configure udp packet size. default changed from 4k to 1k +# Copyright (c) 2013 Peter Palfrader +# - add -r option to override initial refs. # usage @@ -76,8 +80,21 @@ use Time::HiRes qw ( gettimeofday tv_interval); use Time::Local; use List::Util qw ( shuffle ); -my %opts = (t=>30); -getopts('hdt:', \%opts); +sub convert_time { + my $in = shift; + my ($ticks, $unit) = ($in =~ /^(\d+)([smhdw]?)$/); + + if ($unit eq 's' || $unit eq '') { } + elsif ($unit eq 'm') { $ticks *= 60; } + elsif ($unit eq 'h') { $ticks *= 60*60; } + elsif ($unit eq 'd') { $ticks *= 60*60*24; } + elsif ($unit eq 'w') { $ticks *= 60*60*24*7; } + else { die "Invalid unit '$unit' in '$in'\n" } + return $ticks; +} + +my %opts = (t=>30, s=>1024); +getopts('hdt:c:w:s:r:', \%opts); usage() unless scalar @ARGV == 1; usage() if $opts{h}; my $zone = $ARGV[0]; @@ -85,8 +102,11 @@ my $zone = $ARGV[0]; my $data; my $start; my $stop; -my $CRIT_DAYS = 3; -my $WARN_DAYS = 7; +my $CRIT = 3 * 3600*24; +my $WARN = 7 * 3600*24; + +$CRIT = convert_time($opts{c}) if defined $opts{c}; +$WARN = convert_time($opts{w}) if defined $opts{w}; my @refs = qw ( a.root-servers.net @@ -103,6 +123,7 @@ k.root-servers.net l.root-servers.net m.root-servers.net ); +@refs = split(/\s*,\s*/, $opts{r}) if (defined $opts{r}); $start = [gettimeofday()]; do_recursion(); @@ -120,7 +141,7 @@ sub do_recursion { print STDERR "sending query for $zone RRSIG to $ns\n" if $opts{d}; $res->nameserver($ns); $res->udp_timeout($opts{t}); - $res->udppacketsize(4096); + $res->udppacketsize($opts{s}); $pkt = $res->send($zone, 'RRSIG'); last if $pkt; } @@ -195,15 +216,15 @@ sub do_analyze { } } critical("$min_ns has expired RRSIGs") if ($min_exp < $NOW); - if ($min_exp - $NOW < ($CRIT_DAYS*86400)) { + if ($min_exp - $NOW < ($CRIT)) { my $ND = sprintf "%3.1f days", ($min_exp-$NOW)/86400; critical("$min_type RRSIG expires in $ND at $min_ns") } - if ($min_exp - $NOW < ($WARN_DAYS*86400)) { + if ($min_exp - $NOW < ($WARN)) { my $ND = sprintf "%3.1f days", ($min_exp-$NOW)/86400; warning("$min_type RRSIG expires in $ND at $min_ns") } - success("No RRSIGs expiring in the next $WARN_DAYS days"); + success(sprintf("No RRSIGs expiring in the next %3.1f days", $WARN/86400)); } sub sigrr_exp_epoch { @@ -253,7 +274,7 @@ sub output { } sub usage { - print STDERR "usage: $0 [-d] [-t=] \n"; + print STDERR "usage: $0 [-d] [-w=] [-c=] [-t=] \n"; exit 3; } @@ -265,7 +286,7 @@ sub send_query { $res->nameserver($server) if $server; $res->udp_timeout($opts{t}); $res->retry(2); - $res->udppacketsize(4096); + $res->udppacketsize($opts{s}); my $pkt = $res->send($qname, $qtype); unless ($pkt) { $res->usevc(1);