LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00
Code Issues Releases Wiki Activity

--nagios: run as a nagios plugin

Browse Source
This commit is contained in:
Vincent Riquer 2014-12-23 14:51:50 +01:00
parent 818bf29b02
commit 983f85d2d4
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -259,6 +259,11 @@ operators should now what level they want to match against, based on the
compatibility level they want to support. Again, refer to compatibility level they want to support. Again, refer to
https://wiki.mozilla.org/Security/Server_Side_TLS for more information. https://wiki.mozilla.org/Security/Server_Side_TLS for more information.
Note on Nagios mode:
cipherscan can take more than 10 seconds to complete. To alleviate any timeout
issues, you may want to run it outside of nagios, passing data through some
temporary file.
Contributors Contributors
------------ ------------

23
analyze.py
View File

@ -304,7 +304,8 @@ def evaluate_all(results):
return status return status
def process_results(data, level=None, do_json=False): def process_results(data, level=None, do_json=False, do_nagios=False):
exit_status = 0
results = dict() results = dict()
# initialize the failures struct # initialize the failures struct
global failures global failures
@ -353,6 +354,8 @@ def process_results(data, level=None, do_json=False):
print("\nThings that are bad:") print("\nThings that are bad:")
for failure in failures['fubar']: for failure in failures['fubar']:
print("* " + failure) print("* " + failure)
if do_nagios:
exit_status = 2
# print failures # print failures
if level != 'none': if level != 'none':
@ -360,13 +363,17 @@ def process_results(data, level=None, do_json=False):
print("\nChanges needed to match the " + level + " level:") print("\nChanges needed to match the " + level + " level:")
for failure in failures[level]: for failure in failures[level]:
print("* " + failure) print("* " + failure)
if do_nagios and exit_status < 2:
exit_status = 1
else: else:
for lvl in ['old', 'intermediate', 'modern']: for lvl in ['old', 'intermediate', 'modern']:
if len(failures[lvl]) > 0: if len(failures[lvl]) > 0:
print("\nChanges needed to match the " + lvl + " level:") print("\nChanges needed to match the " + lvl + " level:")
for failure in failures[lvl]: for failure in failures[lvl]:
print("* " + failure) print("* " + failure)
return True if do_nagios and exit_status < 2:
exit_status = 1
return exit_status
def build_ciphers_lists(opensslbin): def build_ciphers_lists(opensslbin):
global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors
@ -445,6 +452,8 @@ def main():
help='output results in json format') help='output results in json format')
parser.add_argument('--ops', dest='operator', parser.add_argument('--ops', dest='operator',
help='optional name of the operator\'s team added into the JSON output (for database insertion)') help='optional name of the operator\'s team added into the JSON output (for database insertion)')
parser.add_argument('--nagios', dest='nagios', action='store_true',
help='use nagios-conformant exit codes')
args = parser.parse_args() args = parser.parse_args()
if args.debug: if args.debug:
@ -467,15 +476,19 @@ def main():
data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target]) data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target])
else: else:
data = subprocess.check_output(['./cipherscan', '-j', args.target]) data = subprocess.check_output(['./cipherscan', '-j', args.target])
process_results(data, args.level, args.json) exit_status=process_results(data, args.level, args.json, args.nagios)
else: else:
if os.fstat(args.infile.fileno()).st_size < 2: if os.fstat(args.infile.fileno()).st_size < 2:
logging.error("invalid input file") logging.error("invalid input file")
parser.print_help() parser.print_help()
sys.exit(1) if args.nagios:
sys.exit(3)
else:
sys.exit(1)
data = args.infile.readline() data = args.infile.readline()
logging.debug('Evaluating results from stdin: ' + data) logging.debug('Evaluating results from stdin: ' + data)
process_results(data, args.level, args.json) exit_status=process_results(data, args.level, args.json, args.nagios)
sys.exit(exit_status)
if __name__ == "__main__": if __name__ == "__main__":
main() main()