1
0
mirror of https://github.com/opinkerfi/nagios-plugins.git synced 2024-12-22 17:13:52 +01:00

check_ad added

This commit is contained in:
Páll Guðjón Sigurðsson 2010-04-08 15:07:18 +00:00
parent 86363180f0
commit af94960a58
4 changed files with 541 additions and 0 deletions

Binary file not shown.

View File

@ -0,0 +1,164 @@
<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>check_ad - Nagios NRPE Plugin for Dell Hardware Check</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:" />
</head>
<body style="background-color: white">
<p><a name="__index__"></a></p>
<!-- INDEX BEGIN -->
<!--
<ul>
<li><a href="#name">NAME</a></li>
<li><a href="#synopsis">SYNOPSIS</a></li>
<li><a href="#description">DESCRIPTION</a></li>
<li><a href="#options">OPTIONS</a></li>
<li><a href="#exit_values">EXIT VALUES</a></li>
<li><a href="#author">AUTHOR</a></li>
<li><a href="#see_also">SEE ALSO</a></li>
<li><a href="#copyright">COPYRIGHT</a></li>
<li><a href="#version">VERSION</a></li>
<li><a href="#changelog">CHANGELOG</a></li>
</ul>
-->
<!-- INDEX END -->
<p>
</p>
<h1><a name="name">NAME</a></h1>
<p>check_ad - Nagios NRPE plugin for Active Directory health check</p>
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<p><strong>check_ad</strong> [<strong>--dc</strong>] [<strong>--member</strong>] [<strong>--noeventlog</strong>] [<strong>--nokerberos</strong>][<strong>--help</strong>]</p>
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
<p><strong>check_ad</strong> works as a Nagios NRPE plugin for Active Directory health check.</p>
<p>
</p>
<hr />
<h1><a name="options">OPTIONS</a></h1>
<dl>
<dt><strong><a name="item__2d_2ddc"><strong>--dc</strong></a></strong>
<dd>
<p>Checks domain controller functionality by using <em>dcdiag</em> tool from Windows Support Tools. Following dcdiag tests are performed :</p>
</dd>
<dd>
<pre>
services, replications, advertising, fsmocheck, ridmanager, machineaccount, kccevent, frssysvol (post-Windows 2000 only), frsevent (post-Windows 2000 only),</pre>
</dd>
</li>
<dt><strong><a name="item__2d_2dmember"><strong>--member</strong></a></strong>
<dd>
<p>Checks domain member functionality by using <em>netdiag</em> tool from Windows Support Tools. Following netdiag tests are performed :</p>
</dd>
<dd>
<pre>
member, netbt, dns, dsgetdc, ldap, kerberos</pre>
</dd>
</li>
<dt><strong><a name="item__2d_2dnoeventlog"><strong>--noeventlog</strong></a></strong>
<dd>
<p>Don't run the dc tests kccevent and frsevent, since their 24-hour scope may not be too relevant for Nagios.</p>
</dd>
</li>
<dt><strong><a name="item__2d_2dnokerberos"><strong>--nokerberos</strong></a></strong>
<dd>
<p>Don't run the member test kerberos due to netdiag bug (See Microsoft KB870692)</p>
</dd>
</li>
<dt><strong><a name="item__2d_2dhelp"><strong>--help</strong></a></strong>
<dd>
<p>Produces help message.</p>
</dd>
</li>
</dl>
<p>
</p>
<hr />
<h1><a name="exit_values">EXIT VALUES</a></h1>
<pre>
0 OK
1 WARNING
2 CRITICAL
3 UNKNOWN</pre>
<p>
</p>
<hr />
<h1><a name="author">AUTHOR</a></h1>
<p>Tevfik Karagulle <a href="http://www.itefix.no">http://www.itefix.no</a></p>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
<dl>
<dt><strong><a name="item_nagios_web_site_http_3a_2f_2fwww_2enagios_2eorg">Nagios web site <a href="http://www.nagios.org">http://www.nagios.org</a></a></strong>
<dt><strong><a name="item_nagios_nrpe_documentation_http_3a_2f_2fnagios_2eso">Nagios NRPE documentation <a href="http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf">http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf</a></a></strong>
<dt><strong><a name="item_dcdiag_documentation_http_3a_2f_2ftechnet2_2emicro">DCDIAG documentation <a href="http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e66-8d18-17f83c5e4e6c1033.mspx">http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e66-8d18-17f83c5e4e6c1033.mspx</a></a></strong>
<dt><strong><a name="item_netdiag_documentation_http_3a_2f_2ftechnet2_2emicr">NETDIAG documentation <a href="http://technet2.microsoft.com/windowsserver/en/library/cf4926db-87ea-4f7a-9806-0b54e1c00a771033.mspx">http://technet2.microsoft.com/windowsserver/en/library/cf4926db-87ea-4f7a-9806-0b54e1c00a771033.mspx</a></a></strong>
</dl>
<p>
</p>
<hr />
<h1><a name="copyright">COPYRIGHT</a></h1>
<p>This program is distributed under the Artistic License. <a href="http://www.opensource.org/licenses/artistic-license.php">http://www.opensource.org/licenses/artistic-license.php</a></p>
<p>
</p>
<hr />
<h1><a name="version">VERSION</a></h1>
<p>Version 1.4, January 2009</p>
<p>
</p>
<hr />
<h1><a name="changelog">CHANGELOG</a></h1>
<dl>
<dt><strong><a name="item_changes_from_1_2e3">changes from 1.3</a></strong>
<dd>
<pre>
- Windows 2008 support (checks are done in lowercase only)
- Dropped member test 'trust' as it requires domain admin privileges thus introducing a security weakness.
- Introducing option 'nokerberos' due to netdiag bug (see Microsoft KB870692)</pre>
</dd>
<dt><strong><a name="item_changes_from_1_2e2">changes from 1.2</a></strong>
<dd>
<pre>
- Add command line option 'noeventlog'.</pre>
</dd>
<dt><strong><a name="item_changes_from_1_2e1">changes from 1.1</a></strong>
<dd>
<pre>
- Support for Windows 2000 domains
- Use CRITICAL instead of ERROR</pre>
</dd>
<dt><strong><a name="item_changes_from_1_2e0">changes from 1.0</a></strong>
<dd>
<pre>
- remove sysevent test as it can be many other event producers than active directory.</pre>
</dd>
</dl>
</body>
</html>

View File

@ -0,0 +1,301 @@
#####################
#
# check_ad.pl - Nagios NRPE plugin to test Active Directory functionality
#
# This plugin requires tools netdiag and dcdiag from Support Tools
#
# This program is distributed under the Artistic License.
# (http://www.opensource.org/licenses/artistic-license.php)
# Copyright 2007-2009, Tevfik Karagulle, ITeF!x Consulting (http://itefix.no)
use strict;
use warnings;
use Getopt::Long;
use Win32;
our $VERSION = "1.4";
our $OK = 0;
our $WARNING = 1;
our $CRITICAL = 2;
our $UNKNOWN = 3;
our %status_text = (
$OK => "OK",
$WARNING => "WARNING",
$CRITICAL => "CRITICAL",
$UNKNOWN => "UNKNOWN"
);
our $is2000 = (Win32::GetOSName() eq 'Win2000');
our $member = 0;
our $dc = 0;
our $help = 0;
our $eventlog = 1; # take kccevent/frsevent into test set
our $kerbtest = 1; # take kerberos into test set
GetOptions (
"member" => \$member,
"dc" => \$dc,
"eventlog!" => \$eventlog,
"kerberos!" => \$kerbtest,
"help" => \$help
) || PrintUsage();
# Form netdiag/dcdiag command arguments
our $netdiagcmd = "netdiag /test:dns /test:dsgetdc /test:ldap";
our $dcdiagcmd = "dcdiag /test:services /test:replications /test:advertising /test:fsmocheck /test:ridmanager /test:machineaccount";
# add post-2000 spesific dcdiag tests
$dcdiagcmd .= (not $is2000) ? " /test:frssysvol" : "";
# add eventlog tests if requested
$dcdiagcmd .= ($eventlog) ? ($is2000 ? " /test:kccevent" : " /test:frsevent /test:kccevent") : "";
# add kerberos test if requested
$netdiagcmd .= ($kerbtest) ? " /test:kerberos" : "";
$member && MemberTests();
$dc && DcTests();
$help && PrintUsage();
#### SUBROUTINES ####
#### MemberTests ####
sub MemberTests
{
open NETDIAG, "$netdiagcmd |" or ExitProgram ($UNKNOWN, "Could not open command pipe!");
my ($member, $netbt, $dns, $dc, $kerberos, $ldap) = (0, 0, 0, 0, 0);
my $warning = "";
my $fatal = "";
my $global_result = 0;
while (<NETDIAG>)
{
chomp; $_ = lc;
$global_result = 1 if /global results:/; # Only interested in warning and/or fatal messages for global results.
$member = 1 if /domain membership test . . . . . . : passed/;
$netbt = 1 if /netbt transports test. . . . . . . : passed/;
$dns = 1 if /dns test . . . . . . . . . . . . . : passed/;
$dc = 1 if /dc discovery test. . . . . . . . . : passed/;
$ldap = 1 if /ldap test. . . . . . . . . . . . . : passed/;
$kerberos = 1 if /kerberos test. . . . . . . . . . . . . : passed/ and $kerbtest;
$warning .= "$_ " if /warning/ and $global_result;
$fatal .= "$_ " if /fatal/ and $global_result;
}
my $status_ok = $member && $netbt && $dns && $dc && $ldap;
$status_ok &&= $kerberos if $kerbtest;
my $status_text = "Domain membership OK, NetBT transport OK, DNS OK, DC Discovery OK, LDAP OK";
$status_text .= ", Kerberos OK" if $kerbtest;
ExitProgram ($CRITICAL, $fatal) if $fatal ne "";
ExitProgram ($WARNING, $warning) if $warning ne "";
ExitProgram ($OK, $status_text)
if ($member && $netbt && $dns && $dc && $ldap);
ExitProgram ($UNKNOWN, "No information is available.");
}
##### DcTests #####
sub DcTests
{
open DCDIAG, "$dcdiagcmd |" or ExitProgram ($UNKNOWN, "Could not open command pipe!");
my ($connectivity, $services, $replications, $advertising, $fsmo, $rid, $machine, $frssysvol, $frsevent, $kccevent) =
(0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
my $warning = "";
my $fatal = "";
while (<DCDIAG>)
{
chomp; $_ = lc;
$connectivity = 1 if /passed test connectivity/;
$services = 1 if /passed test services/;
$replications = 1 if /passed test replications/;
$advertising = 1 if /passed test advertising/;
$fsmo = 1 if /passed test fsmocheck/;
$rid = 1 if /passed test ridmanager/;
$machine = 1 if /passed test machineaccount/;
$frssysvol = 1 if /passed test frssysvol/ and not $is2000;
$frsevent = 1 if /passed test frsevent/ and not $is2000;
$kccevent = 1 if /passed test kccevent/;
$warning .= "$_ " if /warning/;
$fatal .= "$_ " if /failed/;
}
my $status_ok = $connectivity && $services && $replications && $advertising && $fsmo && $rid && $machine;
$status_ok &&= $frssysvol if not $is2000;
$status_ok &&= $frsevent if not $is2000 and $eventlog;
$status_ok &&= $kccevent if $eventlog;
my $status_text = "Connectivity OK, Services OK, Replications OK, Advertising OK, Fsmo OK, Rid Manager OK, Machine account OK";
$status_text .= ", FRS Sysvol OK" if not $is2000;
$status_text .= ", FRS Event OK" if not $is2000 and $eventlog;
$status_text .= ", KCC Event OK" if $eventlog;
ExitProgram ($CRITICAL, $fatal) if $fatal ne "";
ExitProgram ($WARNING, $warning) if $warning ne "";
ExitProgram ($OK, $status_text) if $status_ok;
ExitProgram ($UNKNOWN, "No information is available.");
}
##### PrintUsage #####
sub PrintUsage
{
print "
check_ad - Nagios NRPE Plugin for Active Directory Health Check
Version 1.4, Copyright 2007-2009, http://itefix.no
Usage:
check_ad [--dc] [--member] [--noeventlog] [--nokerberos][--help]
Options:
--dc
Checks domain controller functionality by using dcdiag tool from
Windows Support Tools. Following dcdiag tests are performed :
services, replications, advertising, fsmocheck, ridmanager, machineaccount, kccevent, frssysvol (post-Windows 2000 only), frsevent (post-Windows 2000 only),
--member
Checks domain member functionality by using netdiag tool from
Windows Support Tools. Following netdiag tests are performed :
member, netbt, dns, dsgetdc, ldap, kerberos
--noeventlog
Don't run the dc tests kccevent and frsevent, since their 24-hour
scope may not be too relevant for Nagios.
--nokerberos
Don't run the member test kerberos due to netdiag bug (See Microsoft
KB870692)
--help
Produces help message.
";
}
##### ExitProgram #####
sub ExitProgram
{
my ($exitcode, $message) = @_;
my $lcomp = "AD";
print "$lcomp $status_text{$exitcode} - $message";
exit ($exitcode);
}
__END__
=head1 NAME
check_ad - Nagios NRPE plugin for Active Directory health check
=head1 SYNOPSIS
B<check_ad> [B<--dc>] [B<--member>] [B<--noeventlog>] [B<--nokerberos>][B<--help>]
=head1 DESCRIPTION
B<check_ad> works as a Nagios NRPE plugin for Active Directory health check.
=head1 OPTIONS
=over 4
=item B<--dc>
Checks domain controller functionality by using I<dcdiag> tool from Windows Support Tools. Following dcdiag tests are performed :
services, replications, advertising, fsmocheck, ridmanager, machineaccount, kccevent, frssysvol (post-Windows 2000 only), frsevent (post-Windows 2000 only),
=item B<--member>
Checks domain member functionality by using I<netdiag> tool from Windows Support Tools. Following netdiag tests are performed :
member, netbt, dns, dsgetdc, ldap, kerberos
=item B<--noeventlog>
Don't run the dc tests kccevent and frsevent, since their 24-hour scope may not be too relevant for Nagios.
=item B<--nokerberos>
Don't run the member test kerberos due to netdiag bug (See Microsoft KB870692)
=item B<--help>
Produces help message.
=back
=head1 EXIT VALUES
0 OK
1 WARNING
2 CRITICAL
3 UNKNOWN
=head1 AUTHOR
Tevfik Karagulle L<http://www.itefix.no>
=head1 SEE ALSO
=over 4
=item Nagios web site L<http://www.nagios.org>
=item Nagios NRPE documentation L<http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf>
=item DCDIAG documentation L<http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e66-8d18-17f83c5e4e6c1033.mspx>
=item NETDIAG documentation L<http://technet2.microsoft.com/windowsserver/en/library/cf4926db-87ea-4f7a-9806-0b54e1c00a771033.mspx>
=back
=head1 COPYRIGHT
This program is distributed under the Artistic License. L<http://www.opensource.org/licenses/artistic-license.php>
=head1 VERSION
Version 1.4, January 2009
=head1 CHANGELOG
=over 4
=item changes from 1.3
- Windows 2008 support (checks are done in lowercase only)
- Dropped member test 'trust' as it requires domain admin privileges thus introducing a security weakness.
- Introducing option 'nokerberos' due to netdiag bug (see Microsoft KB870692)
=item changes from 1.2
- Add command line option 'noeventlog'.
=item changes from 1.1
- Support for Windows 2000 domains
- Use CRITICAL instead of ERROR
=item changes from 1.0
- remove sysevent test as it can be many other event producers than active directory.
=back
=cut

View File

@ -0,0 +1,76 @@
NAME
check_ad - Nagios NRPE plugin for Active Directory health check
SYNOPSIS
check_ad [--dc] [--member] [--noeventlog] [--nokerberos][--help]
DESCRIPTION
check_ad works as a Nagios NRPE plugin for Active Directory health check.
OPTIONS
--dc
Checks domain controller functionality by using *dcdiag* tool from
Windows Support Tools. Following dcdiag tests are performed :
services, replications, advertising, fsmocheck, ridmanager, machineaccount, kccevent, frssysvol (post-Windows 2000 only), frsevent (post-Windows 2000 only),
--member
Checks domain member functionality by using *netdiag* tool from
Windows Support Tools. Following netdiag tests are performed :
member, netbt, dns, dsgetdc, ldap, kerberos
--noeventlog
Don't run the dc tests kccevent and frsevent, since their 24-hour
scope may not be too relevant for Nagios.
--nokerberos
Don't run the member test kerberos due to netdiag bug (See Microsoft
KB870692)
--help
Produces help message.
EXIT VALUES
0 OK
1 WARNING
2 CRITICAL
3 UNKNOWN
AUTHOR
Tevfik Karagulle <http://www.itefix.no>
SEE ALSO
Nagios web site <http://www.nagios.org>
Nagios NRPE documentation
<http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf>
DCDIAG documentation
<http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e6
6-8d18-17f83c5e4e6c1033.mspx>
NETDIAG documentation
<http://technet2.microsoft.com/windowsserver/en/library/cf4926db-87ea-4f7
a-9806-0b54e1c00a771033.mspx>
COPYRIGHT
This program is distributed under the Artistic License.
<http://www.opensource.org/licenses/artistic-license.php>
VERSION
Version 1.4, January 2009
CHANGELOG
changes from 1.3
- Windows 2008 support (checks are done in lowercase only)
- Dropped member test 'trust' as it requires domain admin privileges thus introducing a security weakness.
- Introducing option 'nokerberos' due to netdiag bug (see Microsoft KB870692)
changes from 1.2
- Add command line option 'noeventlog'.
changes from 1.1
- Support for Windows 2000 domains
- Use CRITICAL instead of ERROR
changes from 1.0
- remove sysevent test as it can be many other event producers than active directory.