From 983f85d2d4f1edb9a0bb2146fe4ed087b43c474c Mon Sep 17 00:00:00 2001 From: Vincent Riquer Date: Tue, 23 Dec 2014 14:51:50 +0100 Subject: [PATCH] --nagios: run as a nagios plugin --- README.md | 5 +++++ analyze.py | 23 ++++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e2ed5b1..d8feb85 100644 --- a/README.md +++ b/README.md @@ -259,6 +259,11 @@ operators should now what level they want to match against, based on the compatibility level they want to support. Again, refer to https://wiki.mozilla.org/Security/Server_Side_TLS for more information. +Note on Nagios mode: +cipherscan can take more than 10 seconds to complete. To alleviate any timeout +issues, you may want to run it outside of nagios, passing data through some +temporary file. + Contributors ------------ diff --git a/analyze.py b/analyze.py index de19ec6..07546ac 100755 --- a/analyze.py +++ b/analyze.py @@ -304,7 +304,8 @@ def evaluate_all(results): return status -def process_results(data, level=None, do_json=False): +def process_results(data, level=None, do_json=False, do_nagios=False): + exit_status = 0 results = dict() # initialize the failures struct global failures @@ -353,6 +354,8 @@ def process_results(data, level=None, do_json=False): print("\nThings that are bad:") for failure in failures['fubar']: print("* " + failure) + if do_nagios: + exit_status = 2 # print failures if level != 'none': @@ -360,13 +363,17 @@ def process_results(data, level=None, do_json=False): print("\nChanges needed to match the " + level + " level:") for failure in failures[level]: print("* " + failure) + if do_nagios and exit_status < 2: + exit_status = 1 else: for lvl in ['old', 'intermediate', 'modern']: if len(failures[lvl]) > 0: print("\nChanges needed to match the " + lvl + " level:") for failure in failures[lvl]: print("* " + failure) - return True + if do_nagios and exit_status < 2: + exit_status = 1 + return exit_status def build_ciphers_lists(opensslbin): global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors @@ -445,6 +452,8 @@ def main(): help='output results in json format') parser.add_argument('--ops', dest='operator', help='optional name of the operator\'s team added into the JSON output (for database insertion)') + parser.add_argument('--nagios', dest='nagios', action='store_true', + help='use nagios-conformant exit codes') args = parser.parse_args() if args.debug: @@ -467,15 +476,19 @@ def main(): data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target]) else: data = subprocess.check_output(['./cipherscan', '-j', args.target]) - process_results(data, args.level, args.json) + exit_status=process_results(data, args.level, args.json, args.nagios) else: if os.fstat(args.infile.fileno()).st_size < 2: logging.error("invalid input file") parser.print_help() - sys.exit(1) + if args.nagios: + sys.exit(3) + else: + sys.exit(1) data = args.infile.readline() logging.debug('Evaluating results from stdin: ' + data) - process_results(data, args.level, args.json) + exit_status=process_results(data, args.level, args.json, args.nagios) + sys.exit(exit_status) if __name__ == "__main__": main()