X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-zone-rrsig-expiration-many;h=15305dd96bfbd2e9ccdf927e825dfef08d8af607;hb=1f4c8a27566df24bdc65d8a83334a4a89195ad0a;hp=7e20730d1a28c61d9eb702d8f79f858e366c2edb;hpb=43c33d06c1d3d742bf0b7cd46e1ba5304c8a11fa;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
index 7e20730..15305dd 100755
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
@@ -26,6 +26,8 @@ use warnings;
 use English;
 use Getopt::Long;
 use FindBin qw($Bin);
+use YAML;
+use File::Basename;
 
 my $CHECK = $Bin.'/dsa-check-zone-rrsig-expiration';
 
@@ -57,13 +59,14 @@ sub convert_time {
 	return $ticks;
 }
 
-my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=<nn>] [--critical=<nn>] <indir>\n";
+my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=<nn>] [--critical=<nn>] [--geozonedir=<geodir>] <indir>\n";
 my $params = { 'warn' => '14d', 'critical' => '7d' };
 Getopt::Long::config('bundling');
 GetOptions (
 	'--help' => \$params->{'help'},
 	'--warn=s' => \$params->{'warn'},
 	'--critical=s' => \$params->{'critical'},
+	'--geozonedir=s' => \$params->{'geozonedir'},
 ) or die ($USAGE);
 if ($params->{'help'}) {
         print $USAGE;
@@ -73,19 +76,6 @@ die ($USAGE) unless (scalar @ARGV == 1);
 my $INDIR = shift;
 
 
-my @zones;
-chdir $INDIR or die "chdir $INDIR failed? $!\n";
-opendir INDIR, $INDIR or die ("Cannot opendir $INDIR\n");
-for my $file (readdir INDIR) {
-	next if ( -l "$file" );
-	next unless ( -f "$file" );
-	next if $file =~ /^(dsset|keyset)-/;
-
-	push @zones, $file;
-}
-closedir(INDIR);
-
-
 my $count =
 	{ 'ok' => [],
 	  'warn' => [],
@@ -94,21 +84,57 @@ my $count =
 	  'unsigned' => [],
 	};
 
-my @details;
 
-for my $zone (sort {$a cmp $b} @zones) {
+my @dnsseczones;
+# load list of classic zones that will do DNSSEC
+chdir $INDIR or die "chdir $INDIR failed? $!\n";
+opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
+for my $file (sort {$a cmp $b} (readdir INDIR)) {
+	next if ( -l "$file" );
+	next unless ( -f "$file" );
+	next if $file =~ /^(dsset|keyset)-/;
+
 	my $do_dnssec = 0;
-	open(F, '<', $zone) or die ("Cannot open $zone: $!\n");
+	open(F, '<', $file) or die ("Cannot open $file: $!\n");
 	for (<F>) {
-		if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; }
+		if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; }
 	};
 	close F;
 
-	unless ($do_dnssec) {
-		push @{$count->{'unsigned'}}, $zone;
-		next;
+	if ($do_dnssec) {
+		push @dnsseczones, $file;
+	} else {
+		push @{$count->{'unsigned'}}, $file;
 	};
+}
+closedir(INDIR);
+
+# load list of geodns zones that will do DNSSEC
+if (defined $params->{'geozonedir'}) {
+	chdir $params->{'geozonedir'} or die "chdir $params->{'geozonedir'} failed? $!\n";
+	opendir INDIR, '.' or die ("Cannot opendir $params->{'geozonedir'}\n");
+	for my $file (sort {$a cmp $b} (readdir INDIR)) {
+		next unless $file =~ /\.zone$/;
+
+		open (F, '<', $file) or die "Cannot open $file: $!\n";
+		my ($zc, undef, undef) = Load(join "", (<F>));
+		close F;
+
+		my $zone = basename($file, '.zone');
+
+		if ($zc->{'dnssec'}) {
+			push @dnsseczones, $zone;
+		} else {
+			push @{$count->{'unsigned'}}, $zone;
+		};
+	}
+	closedir(INDIR);
+}
+
+
+my @details;
 
+for my $zone (sort {$a cmp $b} @dnsseczones) {
 
 	open(P, '-|', ($CHECK, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
 	my @p = <P>;