mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-12-26 04:33:42 +01:00
Merge pull request #42 from ScriptFanix/master
--nagios: run as a nagios plugin
This commit is contained in:
commit
b04cbc6b85
@ -259,6 +259,11 @@ operators should now what level they want to match against, based on the
|
||||
compatibility level they want to support. Again, refer to
|
||||
https://wiki.mozilla.org/Security/Server_Side_TLS for more information.
|
||||
|
||||
Note on Nagios mode:
|
||||
cipherscan can take more than 10 seconds to complete. To alleviate any timeout
|
||||
issues, you may want to run it outside of nagios, passing data through some
|
||||
temporary file.
|
||||
|
||||
Contributors
|
||||
------------
|
||||
|
||||
|
29
analyze.py
29
analyze.py
@ -304,7 +304,8 @@ def evaluate_all(results):
|
||||
|
||||
return status
|
||||
|
||||
def process_results(data, level=None, do_json=False):
|
||||
def process_results(data, level=None, do_json=False, do_nagios=False):
|
||||
exit_status = 0
|
||||
results = dict()
|
||||
# initialize the failures struct
|
||||
global failures
|
||||
@ -353,6 +354,8 @@ def process_results(data, level=None, do_json=False):
|
||||
print("\nThings that are bad:")
|
||||
for failure in failures['fubar']:
|
||||
print("* " + failure)
|
||||
if do_nagios:
|
||||
exit_status = 2
|
||||
|
||||
# print failures
|
||||
if level != 'none':
|
||||
@ -360,13 +363,17 @@ def process_results(data, level=None, do_json=False):
|
||||
print("\nChanges needed to match the " + level + " level:")
|
||||
for failure in failures[level]:
|
||||
print("* " + failure)
|
||||
if do_nagios and exit_status < 2:
|
||||
exit_status = 1
|
||||
else:
|
||||
for lvl in ['old', 'intermediate', 'modern']:
|
||||
if len(failures[lvl]) > 0:
|
||||
print("\nChanges needed to match the " + lvl + " level:")
|
||||
for failure in failures[lvl]:
|
||||
print("* " + failure)
|
||||
return True
|
||||
if do_nagios and exit_status < 2:
|
||||
exit_status = 1
|
||||
return exit_status
|
||||
|
||||
def build_ciphers_lists(opensslbin):
|
||||
global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors
|
||||
@ -445,8 +452,12 @@ def main():
|
||||
help='output results in json format')
|
||||
parser.add_argument('--ops', dest='operator',
|
||||
help='optional name of the operator\'s team added into the JSON output (for database insertion)')
|
||||
parser.add_argument('--nagios', dest='nagios', action='store_true',
|
||||
help='use nagios-conformant exit codes')
|
||||
args = parser.parse_args()
|
||||
|
||||
mypath = os.path.dirname(os.path.realpath(sys.argv[0]))
|
||||
|
||||
if args.debug:
|
||||
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
|
||||
else:
|
||||
@ -464,18 +475,22 @@ def main():
|
||||
logging.debug('Invoking cipherscan with target: ' + args.target)
|
||||
data=''
|
||||
if args.openssl:
|
||||
data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target])
|
||||
data = subprocess.check_output([mypath + '/cipherscan', '-o', args.openssl, '-j', args.target])
|
||||
else:
|
||||
data = subprocess.check_output(['./cipherscan', '-j', args.target])
|
||||
process_results(data, args.level, args.json)
|
||||
data = subprocess.check_output([mypath + '/cipherscan', '-j', args.target])
|
||||
exit_status=process_results(data, args.level, args.json, args.nagios)
|
||||
else:
|
||||
if os.fstat(args.infile.fileno()).st_size < 2:
|
||||
logging.error("invalid input file")
|
||||
parser.print_help()
|
||||
sys.exit(1)
|
||||
if args.nagios:
|
||||
sys.exit(3)
|
||||
else:
|
||||
sys.exit(1)
|
||||
data = args.infile.readline()
|
||||
logging.debug('Evaluating results from stdin: ' + data)
|
||||
process_results(data, args.level, args.json)
|
||||
exit_status=process_results(data, args.level, args.json, args.nagios)
|
||||
sys.exit(exit_status)
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
Loading…
Reference in New Issue
Block a user