Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| #!/bin/sh | |
| # Nagios plugin to check for processes (or QEMU VMs) using deleted libraries or binaries. | |
| # Copyright (C) 2014-2017 Simon Deziel <simon@sdeziel.info> | |
| # This program is free software; you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation; either version 2 of the License, or | |
| # (at your option) any later version. | |
| # | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| # GNU General Public License for more details. | |
| # | |
| # You should have received a copy of the GNU General Public License along | |
| # with this program; if not, write to the Free Software Foundation, Inc., | |
| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
| # XXX: this plugin relies on the check-deleted-libs tool that is available at | |
| # https://github.com/simondeziel/check-deleted-libs or through this PPA: | |
| # https://launchpad.net/~sdeziel/+archive/ubuntu/sdeziel.info | |
| # Explicitly set the PATH to that of ENV_SUPATH in /etc/login.defs and unset | |
| # various other variables. For details, see: | |
| # https://wiki.ubuntu.com/SecurityTeam/AppArmorPolicyReview#Execute_rules | |
| export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
| export ENV= | |
| export CDPATH= | |
| export LC_ALL="C" | |
| STATE_OK=0 | |
| STATE_WARNING=1 | |
| STATE_CRITICAL=2 | |
| STATE_UNKNOWN=3 | |
| MSG_OK="OK" | |
| MSG_WARNING="WARNING" | |
| MSG_CRITICAL="CRITICAL" | |
| MSG_UNKNOWN="UNKNOWN" | |
| SCRIPT_NAME="$(basename "$0")" | |
| GETOPT="/usr/bin/getopt" | |
| check_timeout=10 | |
| multiline="" | |
| CHECK_DELETED_LIBS_ARGS="" | |
| TIMEOUT_BIN="$(/usr/bin/which timeout 2> /dev/null)" | |
| CHECK_DELETED_LIBS="$(/usr/bin/which check-deleted-libs 2>/dev/null)" | |
| p_ok () { | |
| printf "%s\n" "$MSG_OK: $1$multiline" | |
| exit "$STATE_OK" | |
| } | |
| p_warning () { | |
| printf "%s\n" "$MSG_WARNING: $1$multiline" | |
| exit "$STATE_WARNING" | |
| } | |
| p_critical () { | |
| printf "%s\n" "$MSG_CRITICAL: $1$multiline" | |
| exit "$STATE_CRITICAL" | |
| } | |
| p_unknown () { | |
| printf "%s\n" "$MSG_UNKNOWN: $1$multiline" | |
| exit "$STATE_UNKNOWN" | |
| } | |
| output_multilines() { | |
| while [ "$#" -gt 9 ]; do | |
| echo "$1 $2 $3 $4 $5 $6 $7 $8 $9" | |
| shift 9 | |
| done | |
| [ "$#" -ne 0 ] && echo "$@" | |
| } | |
| usage () { | |
| cat << EOF | |
| Usage: | |
| $SCRIPT_NAME [-h] [--qemu-names] [-t timeout] | |
| Options: | |
| -h | |
| Print help screen | |
| --qemu-names | |
| List name of VMs using outdated QEMU | |
| -t | |
| Seconds before execution times out (default: 10) | |
| EOF | |
| } | |
| long_usage () { | |
| cat << EOF | |
| Copyright (c) 2014-2016 Simon Deziel | |
| This plugin checks for processes using deleted libraries | |
| EOF | |
| usage | |
| exit 0 | |
| } | |
| # Check if getopt is available | |
| if [ ! -x "$GETOPT" ]; then | |
| p_unknown "$GETOPT is not available, hint install util-linux" | |
| fi | |
| # Note that we use `"$@"' to let each command-line parameter expand to a | |
| # separate word. The quotes around `$@' are essential! | |
| # We need TEMP as the `eval set --' would nuke the return value of getopt. | |
| TEMP=$($GETOPT -q -s sh -n "$SCRIPT_NAME" -o +ht: -l qemu-names -- "$@") | |
| if [ $? != 0 ]; then | |
| p_unknown "Unknown/invalid argument, see $SCRIPT_NAME -h for help" | |
| fi | |
| # Note the quotes around `$TEMP': they are essential! | |
| eval set -- "$TEMP" | |
| # Parse arguments | |
| while test "$1" != "--"; do case "$1" in | |
| -h) long_usage; shift;; | |
| --qemu-names) CHECK_DELETED_LIBS_ARGS="$1"; shift;; | |
| -t) echo "$2" | grep -qE '^[0-9]+(\.[0-9]+)?$' && check_timeout="$2"; shift 2;; | |
| --) shift ; break;; | |
| *) p_unknown "Internal error";; | |
| esac | |
| done | |
| # Check if /proc/*/maps are readable by testing with PID=1 | |
| cat "/proc/1/maps" >/dev/null 2>&1 || p_unknown "Unable to read /proc/1/maps, are you running $SCRIPT_NAME with root privileges?" | |
| # Check if everything is there to be used | |
| [ -n "$TIMEOUT_BIN" ] || check_timeout="" | |
| [ -x "$CHECK_DELETED_LIBS" ] || p_unknown "check-deleted-libs binary is missing or not executable" | |
| # Enumerate all processes using deleted libs | |
| # shellcheck disable=SC2086 | |
| processes="$($TIMEOUT_BIN $check_timeout "$CHECK_DELETED_LIBS" $CHECK_DELETED_LIBS_ARGS)" | |
| RC="$?" | |
| if [ "$RC" -eq 124 ]; then | |
| p_critical "Plugin timed out after $check_timeout seconds" | |
| elif [ "$RC" -ne 0 ]; then | |
| p_unknown "$SCRIPT_NAME returned $RC" | |
| fi | |
| if [ -z "$processes" ]; then | |
| if [ -n "$CHECK_DELETED_LIBS_ARGS" ]; then | |
| p_ok "No VM using outdated QEMU binary" | |
| else | |
| p_ok "No deleted lib in use" | |
| fi | |
| fi | |
| process_cnt="$(echo "$processes" | wc -w)" | |
| set -f | |
| # shellcheck disable=SC2086 | |
| multiline="$(output_multilines $processes)" | |
| if [ -n "$CHECK_DELETED_LIBS_ARGS" ]; then | |
| p_warning "$process_cnt VMs using outdated QEMU binary: " | |
| else | |
| p_warning "$process_cnt processes using deleted libs: " | |
| fi |