-
Notifications
You must be signed in to change notification settings - Fork 0
/
check_flr_health
executable file
·64 lines (56 loc) · 2.82 KB
/
check_flr_health
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env perl
# @author Guy Halse http://orcid.org/0000-0002-9388-8592
# @copyright Copyright (c) 2017, Tertiary Education and Research Network of South Africa
# @license https://github.com/tenet-ac-za/monitoring-plugins/blob/master/LICENSE MIT License
#
use strict;
use warnings;
use Monitoring::Plugin;
use IPC::Open3;
my $np = Monitoring::Plugin->new(
'usage' => 'Usage: %s [ -v|--verbose ] -H <host> -S <secret> [-p <port>] [-t <timeout>]',
'version' => '0.1',
'license' => 'MIT License <https://github.com/tenet-ac-za/monitoring-plugins/blob/master/LICENSE>',
'shortname' => 'FLRS',
'blurb' => "A simple plugin to check an eduroam FLR server",
'url' => 'https://github.com/tenet-ac-za/monitoring-plugins',
'extra' => "
This plugin allows us to monitor radsecproxy running as an eduroam FLR server,
where the server has been configured to respond using replymessage, something
like this:
realm eduroam_flr_healthcheck {
replymessage \"OK additional info\"
}
It is really just a check that the RADIUS proxy is sufficiently
functional to interpret and respond to RADIUS Access-Request packets.
",
);
$np->add_arg('spec' => 'host|H=s', 'help' => 'Hostname to use', 'required' => 1);
$np->add_arg('spec' => 'secret|S=s', 'help' => 'RADIUS secret', 'required' => 1);
$np->add_arg('spec' => 'port|p=i', 'help' => 'Port to use (defaults to 1812)', 'default' => 1812);
$np->add_arg('spec' => 'user|u=s', 'help' => 'Username to send (defaults to anonymous@eduroam_flr_healthcheck)', 'default' => 'anonymous@eduroam_flr_healthcheck');
$np->add_arg('spec' => 'regex|r=s', 'help' => 'Additional regex to match in the Reply-Message (the string "OK" is always checked)');
$np->add_arg('spec' => 'ipv4|4', 'help' => 'Force IPv4 instead of using OS default', 'default' => 0);
$np->add_arg('spec' => 'ipv6|6', 'help' => 'Force IPv6 instead of using OS default', 'default' => 0);
$np->getopts;
my $af_inet = $np->opts->ipv6 ? '-6' : ($np->opts->ipv4 ? '-4' : '--');
alarm $np->opts->timeout;
my $pid = open3(\*CHLD_IN, \*CHLD_OUT, undef, '/usr/bin/radclient', '-x', '-t', $np->opts->timeout, $af_inet, $np->opts->host . ':' . $np->opts->port, 'auth', $np->opts->secret);
printf CHLD_IN "User-Name = \"%s\"\n", $np->opts->user;
printf CHLD_IN "Message-Authenticator = 0x00\n";
close(CHLD_IN);
while (<CHLD_OUT>) {
next unless m/Reply-Message\s*=\s*["'](.*)["']$/;
my $response = $1;
$np->add_message(($response =~ m/^\s*OK\b/ ? OK : WARNING), $response);
if ($np->opts->regex) {
my $regex = $np->opts->regex; $regex = qr/$regex/i;
if ($response !~ m/$regex/) {
$np->add_message(WARNING, "failed to match: " . $np->opts->regex);
}
}
my ($code, $message) = $np->check_messages();
$np->plugin_exit($code, $message);
}
waitpid( $pid, 0 );
$np->plugin_exit(CRITICAL, 'No valid response received');