mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
Merge pull request #42 from ScriptFanix/master
--nagios: run as a nagios plugin
This commit is contained in:
commit
b04cbc6b85
@ -259,6 +259,11 @@ operators should now what level they want to match against, based on the
|
|||||||
compatibility level they want to support. Again, refer to
|
compatibility level they want to support. Again, refer to
|
||||||
https://wiki.mozilla.org/Security/Server_Side_TLS for more information.
|
https://wiki.mozilla.org/Security/Server_Side_TLS for more information.
|
||||||
|
|
||||||
|
Note on Nagios mode:
|
||||||
|
cipherscan can take more than 10 seconds to complete. To alleviate any timeout
|
||||||
|
issues, you may want to run it outside of nagios, passing data through some
|
||||||
|
temporary file.
|
||||||
|
|
||||||
Contributors
|
Contributors
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
27
analyze.py
27
analyze.py
@ -304,7 +304,8 @@ def evaluate_all(results):
|
|||||||
|
|
||||||
return status
|
return status
|
||||||
|
|
||||||
def process_results(data, level=None, do_json=False):
|
def process_results(data, level=None, do_json=False, do_nagios=False):
|
||||||
|
exit_status = 0
|
||||||
results = dict()
|
results = dict()
|
||||||
# initialize the failures struct
|
# initialize the failures struct
|
||||||
global failures
|
global failures
|
||||||
@ -353,6 +354,8 @@ def process_results(data, level=None, do_json=False):
|
|||||||
print("\nThings that are bad:")
|
print("\nThings that are bad:")
|
||||||
for failure in failures['fubar']:
|
for failure in failures['fubar']:
|
||||||
print("* " + failure)
|
print("* " + failure)
|
||||||
|
if do_nagios:
|
||||||
|
exit_status = 2
|
||||||
|
|
||||||
# print failures
|
# print failures
|
||||||
if level != 'none':
|
if level != 'none':
|
||||||
@ -360,13 +363,17 @@ def process_results(data, level=None, do_json=False):
|
|||||||
print("\nChanges needed to match the " + level + " level:")
|
print("\nChanges needed to match the " + level + " level:")
|
||||||
for failure in failures[level]:
|
for failure in failures[level]:
|
||||||
print("* " + failure)
|
print("* " + failure)
|
||||||
|
if do_nagios and exit_status < 2:
|
||||||
|
exit_status = 1
|
||||||
else:
|
else:
|
||||||
for lvl in ['old', 'intermediate', 'modern']:
|
for lvl in ['old', 'intermediate', 'modern']:
|
||||||
if len(failures[lvl]) > 0:
|
if len(failures[lvl]) > 0:
|
||||||
print("\nChanges needed to match the " + lvl + " level:")
|
print("\nChanges needed to match the " + lvl + " level:")
|
||||||
for failure in failures[lvl]:
|
for failure in failures[lvl]:
|
||||||
print("* " + failure)
|
print("* " + failure)
|
||||||
return True
|
if do_nagios and exit_status < 2:
|
||||||
|
exit_status = 1
|
||||||
|
return exit_status
|
||||||
|
|
||||||
def build_ciphers_lists(opensslbin):
|
def build_ciphers_lists(opensslbin):
|
||||||
global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors
|
global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors
|
||||||
@ -445,8 +452,12 @@ def main():
|
|||||||
help='output results in json format')
|
help='output results in json format')
|
||||||
parser.add_argument('--ops', dest='operator',
|
parser.add_argument('--ops', dest='operator',
|
||||||
help='optional name of the operator\'s team added into the JSON output (for database insertion)')
|
help='optional name of the operator\'s team added into the JSON output (for database insertion)')
|
||||||
|
parser.add_argument('--nagios', dest='nagios', action='store_true',
|
||||||
|
help='use nagios-conformant exit codes')
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
mypath = os.path.dirname(os.path.realpath(sys.argv[0]))
|
||||||
|
|
||||||
if args.debug:
|
if args.debug:
|
||||||
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
|
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
|
||||||
else:
|
else:
|
||||||
@ -464,18 +475,22 @@ def main():
|
|||||||
logging.debug('Invoking cipherscan with target: ' + args.target)
|
logging.debug('Invoking cipherscan with target: ' + args.target)
|
||||||
data=''
|
data=''
|
||||||
if args.openssl:
|
if args.openssl:
|
||||||
data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target])
|
data = subprocess.check_output([mypath + '/cipherscan', '-o', args.openssl, '-j', args.target])
|
||||||
else:
|
else:
|
||||||
data = subprocess.check_output(['./cipherscan', '-j', args.target])
|
data = subprocess.check_output([mypath + '/cipherscan', '-j', args.target])
|
||||||
process_results(data, args.level, args.json)
|
exit_status=process_results(data, args.level, args.json, args.nagios)
|
||||||
else:
|
else:
|
||||||
if os.fstat(args.infile.fileno()).st_size < 2:
|
if os.fstat(args.infile.fileno()).st_size < 2:
|
||||||
logging.error("invalid input file")
|
logging.error("invalid input file")
|
||||||
parser.print_help()
|
parser.print_help()
|
||||||
|
if args.nagios:
|
||||||
|
sys.exit(3)
|
||||||
|
else:
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
data = args.infile.readline()
|
data = args.infile.readline()
|
||||||
logging.debug('Evaluating results from stdin: ' + data)
|
logging.debug('Evaluating results from stdin: ' + data)
|
||||||
process_results(data, args.level, args.json)
|
exit_status=process_results(data, args.level, args.json, args.nagios)
|
||||||
|
sys.exit(exit_status)
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
main()
|
main()
|
||||||
|
Loading…
Reference in New Issue
Block a user