Create readme.md

:D

check_hpssacli/nagios-okplugin-check_hpssacli.spec

@@ -2,7 +2,7 @@
 
 Summary:	A Nagios plugin to check HP Array with hpssacli
 Name:		nagios-okplugin-check_hpssacli
-Version:	1
+Version:	1.1
 Release:	1%{?dist}
 License:	GPLv2+
 Group:		Applications/System

check_service.sh/check_service.sh

@@ -0,0 +1,349 @@
+#!/usr/bin/env bash
+set -o pipefail
+
+# Author: Jon Schipp
+# 2015-03-09 [Pascal Hegy] - Add sudo for linux
+# 2015-03-09 [Pascal Hegy] - Change USER variable to USERNAME to avoid the use and confusion with the USER env variable
+# 2017-08-30 [Roberto Leibman] - Reordered checks to make sure dead and inactive get checked first
+# 2018-04-25 [Robin Gierse] - Update check via systemctl for Linux with grep to produce better output for systemctl
+# 2019-03-15 [nem / liberodark] - Add support for check all failed services in linux
+
+########
+# Examples:
+
+# 1.) List services for osx
+# $ ./check_service.sh -l -o osx
+#
+# 2.) Check status of SSH service on a linux machine
+# $ ./check_service.sh -o linux -s sshd
+
+# 3.) Manually select service management tool and service
+# $ ./check_service.sh -o linux -t "service rsyslog status"
+# Exemple for check all failed services
+# $ ./check_service.sh -o linux -t "systemctl list-units --state=failed"
+
+# Nagios Exit Codes
+OK=0
+WARNING=1
+CRITICAL=2
+UNKNOWN=3
+
+# Weather or not we can trust the exit code from the service management tool.
+# Defaults to 0, put to 1 for systemd.  Otherwise we must rely on parsing the
+# output from the service management tool.
+TRUST_EXIT_CODE=0
+
+usage()
+{
+cat <<EOF
+
+Check status of system services for Linux, FreeBSD, OSX, and AIX.
+
+     Options:
+        -s <service>    Specify service name
+        -l              List services
+        -o <os>         OS type, "linux/osx/freebsd/aix"
+        -u <user>       User if you need to ``sudo -u'' for launchctl (def: nagios, linux and osx only)
+        -t <tool>       Manually specify service management tool (def: autodetect) with status and service
+                        e.g. ``-t "service nagios status"''
+
+
+EOF
+}
+
+argcheck() {
+# if less than n argument
+if [ $ARGC -lt $1 ]; then
+        echo "Missing arguments! Use \`\`-h'' for help."
+        exit 1
+fi
+}
+
+os_check() {
+if [ "$OS" == null ]; then
+	unamestr=$(uname)
+        if [[ $unamestr == 'Linux' ]]; then
+                OS='linux'
+        elif [[ $unamestr == 'FreeBSD' ]]; then
+               OS='freebsd'
+        elif [[ $unamestr == 'Darwin' ]]; then
+               OS='osx'	       
+        else
+                echo "OS not recognized, Use \`-o\` and specify the OS as an argument"
+                exit 3
+        fi
+fi
+}
+
+
+
+determine_service_tool() {
+if [[ $OS == linux ]]; then
+        if command -v systemctl >/dev/null 2>&1; then
+                SERVICETOOL="systemctl status $SERVICE | grep -i Active"
+                LISTTOOL="systemctl"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME systemctl status $SERVICE"
+                    LISTTOOL="sudo -u $USERNAME systemctl"
+                fi
+		TRUST_EXIT_CODE=1
+        elif command -v service >/dev/null 2>&1; then
+                SERVICETOOL="service $SERVICE status"
+                LISTTOOL="service --status-all"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME service $SERVICE status"
+                    LISTTOOL="sudo -u $USERNAME service --status-all"
+                fi
+        elif command -v initctl >/dev/null 2>&1; then
+                SERVICETOOL="status $SERVICE"
+                LISTTOOL="initctl list"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME status $SERVICE"
+                    LISTTOOL="sudo -u $USERNAME initctl list"
+                fi
+        elif command -v chkconfig >/dev/null 2>&1; then
+                SERVICETOOL=chkconfig
+                LISTTOOL="chkconfig --list"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME chkconfig"
+                    LISTTOOL="sudo -u $USERNAME chkconfig --list"
+                fi
+        elif [ -f /etc/init.d/$SERVICE ] || [ -d /etc/init.d ]; then
+                SERVICETOOL="/etc/init.d/$SERVICE status | tail -1"
+                LISTTOOL="ls -1 /etc/init.d/"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME /etc/init.d/$SERVICE status | tail -1"
+                    LISTTOOL="sudo -u $USERNAME ls -1 /etc/init.d/"
+                fi
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+
+if [[ $OS == freebsd ]]; then
+        if command -v service >/dev/null 2>&1; then
+                SERVICETOOL="service $SERVICE status"
+                LISTTOOL="service -l"
+        elif [ -f /etc/rc.d/$SERVICE ] || [ -d /etc/rc.d ]; then
+                SERVICETOOL="/etc/rc.d/$SERVICE status"
+                LISTTOOL="ls -1 /etc/rc.d/"
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+
+if [[ $OS == osx ]]; then
+        if [ -f /usr/sbin/serveradmin >/dev/null 2>&1 ] && serveradmin list | grep "$SERVICE" 2>&1 >/dev/null; then
+                SERVICETOOL="serveradmin status $SERVICE"
+                LISTTOOL="serveradmin list"
+        elif [ -f /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin >/dev/null 2>&1 ] && \
+               /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin list | \
+                grep "$SERVICE" 2>&1 >/dev/null; then
+                SERVICETOOL="/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin status $SERVICE"
+                LISTTOOL="/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin list"
+        elif command -v launchctl >/dev/null 2>&1; then
+                SERVICETOOL="launchctl list | grep -v ^- | grep $SERVICE || echo $SERVICE not running! "
+                LISTTOOL="launchctl list"
+                if [ $USERNAME ]; then
+                        SERVICETOOL="sudo -u $USERNAME launchctl list | grep -v ^- | grep $SERVICE || echo $SERVICE not running! "
+                        LISTTOOL="sudo -u $USERNAME launchctl list"
+                fi
+        elif command -v service >/dev/null 2>&1; then
+                SERVICETOOL="service --test-if-configured-on $SERVICE"
+                LISTTOOL="service list"
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+
+if [[ $OS == aix ]]; then
+        if command -v lssrc >/dev/null 2>&1; then
+                SERVICETOOL="lssrc -s $SERVICE | grep -v Subsystem"
+                LISTTOOL="lssrc -a"
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+}
+
+ARGC=$#
+LIST=0
+MANUAL=0
+OS=null
+SERVICETOOL=null
+LISTTOOL=null
+SERVICE=".*"
+#USERNAME=nagios
+
+argcheck 1
+
+while getopts "hls:o:t:u:" OPTION
+do
+     case $OPTION in
+         h)
+             usage
+             exit 0
+             ;;
+         l)
+             LIST=1
+             ;;
+         s)
+             SERVICE="$OPTARG"
+             ;;
+         o)
+             if [[ "$OPTARG" == linux ]]; then
+                     OS="$OPTARG"
+             elif [[ "$OPTARG" == osx ]]; then
+                     OS="$OPTARG"
+             elif [[ "$OPTARG" == freebsd ]]; then
+                     OS="$OPTARG"
+             elif [[ "$OPTARG" == aix ]]; then
+                     OS="$OPTARG"
+             else
+                     echo "Unknown type!"
+                     exit 1
+             fi
+             ;;
+         t)
+             MANUAL=1
+             MANUALSERVICETOOL="$OPTARG"
+             ;;
+         u)
+             USERNAME="$OPTARG"
+             ;;
+         \?)
+             exit 1
+             ;;
+     esac
+done
+
+os_check
+
+if [ $MANUAL -eq 1 ]; then
+SERVICETOOL=$MANUALSERVICETOOL
+else
+determine_service_tool
+fi
+
+# -l conflicts with -t                                                                                                                                                   
+if [ $MANUAL -eq 1 ] && [ $LIST -eq 1 ]; then
+    echo "Options conflict: \`\`-t'' and \`\`-l''"
+    exit 2
+fi
+
+if [ $LIST -eq 1 ]; then
+        if [[ $LISTTOOL != null ]]; then
+                $LISTTOOL
+                exit 0
+        else
+                echo "OS not specified! Use \`\`-o''"
+                exit 2
+        fi
+fi
+
+# Check the status of a service
+STATUS_MSG=$(eval "$SERVICETOOL" 2>&1)
+EXIT_CODE=$?
+
+## Exit code from the service tool - if it's non-zero, we should
+## probably return CRITICAL.  (though, in some cases UNKNOWN would
+## probably be more appropriate)
+[ $EXIT_CODE -ne 0 ] && echo "$STATUS_MSG" && exit $CRITICAL
+
+## For systemd and most systems, $EXIT_CODE can be trusted - if it's 0, the service is running.
+## Ref https://github.com/jonschipp/nagios-plugins/issues/15
+[ $TRUST_EXIT_CODE -eq 1 ] && [ $EXIT_CODE -eq 0 ] && echo "$STATUS_MSG" && exit $OK 
+
+case $STATUS_MSG in
+
+*stop*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*STOPPED*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*not*running*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*NOT*running*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*NOT*RUNNING*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+#*inactive*)
+#        echo "$STATUS_MSG"
+#        exit $CRITICAL
+#        ;;
+*dead*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*running*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*RUNNING*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*SUCCESS*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*[eE]rr*)
+        echo "Error in command: $STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[fF]ailed*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[eE]nable*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*[dD]isable*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[cC]annot*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[aA]ctive*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*Subsystem*not*on*file)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+[1-9][1-9]*)
+        echo "$SERVICE running: $STATUS_MSG"
+        exit $OK
+        ;;
+"")
+	echo "$SERVICE is not running: no output from service command"
+	exit $CRITICAL
+	;;
+*)
+        echo "Unknown status: $STATUS_MSG"
+        echo "Is there a typo in the command or service configuration?: $STATUS_MSG"
+        exit $UNKNOWN
+        ;;
+*0\ loaded*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+esac
+

check_service.sh/nagios-plugins-check_service.spec

@@ -0,0 +1,48 @@
+%define debug_package %{nil}
+
+Summary:	A Nagios plugin to check services on Linux servers
+Name:		nagios-plugins-check_service
+Version:	0
+Release:	1%{?dist}
+License:	GPLv2+
+Group:		Applications/System
+URL:		https://github.com/jonschipp/nagios-plugins/blob/master/check_service.sh
+Source0:	http://opensource.ok.is/trac/browser/nagios-plugins/check_service/releases/nagios-plugins-check_service-%{version}.tar.gz
+Requires:	nrpe
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Packager:	Gardar Thorsteinsson <gardar@ok.is>
+BuildArch:	noarch
+
+%description
+Check status of system services for Linux, FreeBSD, OSX, and AIX.
+
+%prep
+%setup -q
+perl -pi -e "s|/usr/lib/|%{_libdir}/|g" nrpe.d/check_service.cfg
+perl -pi -e "s|/usr/lib64/|%{_libdir}/|g" nrpe.d/check_service.cfg
+
+%build
+
+
+%install
+rm -rf %{buildroot}
+install -D -p -m 0755 check_service.sh %{buildroot}%{_libdir}/nagios/plugins/check_service.sh
+install -D -p -m 0755 nrpe.d/check_service.cfg %{buildroot}/etc/nrpe.d/check_service.cfg
+
+%clean
+rm -rf %{buildroot}
+
+%post
+/sbin/service nrpe reload
+
+%files
+%defattr(-,root,root,-)
+#%doc README LICENSE
+%{_libdir}/nagios/plugins/*
+/etc/nrpe.d/check_service.cfg
+
+
+%changelog
+* Tue Apr 21 2020  <gardar@ok.is> 0.1-1
+- Initial packaging
+

check_service.sh/nrpe.d/check_service.cfg

@@ -0,0 +1 @@
+command[check_service]=/usr/lib/nagios/plugins/check_service.sh

check_snmp/check_snmp_cpfw.pl

@@ -5,6 +5,9 @@
 # Author  : Patrick Proy (patrick at proy.org)
 # Help : http://nagios.manubulon.com
 # Licence : GPL - http://www.fsf.org/licenses/gpl.txt
+# Patch 1.2.1c
+# Author : monitoreo.osi@uchile.cl
+# Desc:  warn/crit threshold to conns/seg check
 # TODO : 
 # - check sync method
 #################################################################
@@ -19,6 +22,7 @@ use Getopt::Long;
 # Nagios specific
 
 use lib "/usr/local/nagios/libexec";
+#use lib "/usr/lib/nagios/plugins"; # use in ubugtu
 use utils qw(%ERRORS $TIMEOUT);
 #my $TIMEOUT = 15;
 #my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
@@ -26,87 +30,90 @@ use utils qw(%ERRORS $TIMEOUT);
 ########### SNMP Datas ########### 
 
 ###### FW data
-my $policy_state	= "1.3.6.1.4.1.2620.1.1.1.0"; # "Installed"
+my $policy_state     = "1.3.6.1.4.1.2620.1.1.1.0";        # Installed
-my $policy_name		= "1.3.6.1.4.1.2620.1.1.2.0"; # Installed policy name
+my $policy_name      = "1.3.6.1.4.1.2620.1.1.2.0";        # Installed policy name
-my $connections		= "1.3.6.1.4.1.2620.1.1.25.3.0"; # number of connections
+my $connections      = "1.3.6.1.4.1.2620.1.1.25.3.0";     # Number of connections
-#my $connections_peak	= "1.3.6.1.4.1.2620.1.1.25.4.0"; # peak number of connections
+my $connectionsSR    = "1.3.6.1.4.1.2620.1.1.26.11.6.0" ; # FwConnectionsStatConnectionRate aka connx/seg
-my @fw_checks 		= ($policy_state,$policy_name,$connections);
+my $connectionsPeak  = "1.3.6.1.4.1.2620.1.1.25.4.0";     # Peak number of connections
+my @fw_checks        = ($policy_state,$policy_name,$connections,$connectionsSR,$connectionsPeak);
 
 ###### SVN data
-my $svn_status		= "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status
+my $svn_status    = "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status
-my %svn_checks		= ($svn_status,"OK");
+my %svn_checks    = ($svn_status,"OK");
-my %svn_checks_n	= ($svn_status,"SVN status");
+my %svn_checks_n  = ($svn_status,"SVN status");
-my @svn_checks_oid	= ($svn_status);
+my @svn_checks_oid  = ($svn_status);
 
 ###### HA data
 
-my $ha_active		= "1.3.6.1.4.1.2620.1.5.5.0"; 	# "yes"
+my $ha_active       = "1.3.6.1.4.1.2620.1.5.5.0";       # "yes"
-my $ha_state		= "1.3.6.1.4.1.2620.1.5.6.0"; 	# "active" / "standby"
+my $ha_state        = "1.3.6.1.4.1.2620.1.5.6.0";       # "active" / "standby"
-my $ha_block_state	= "1.3.6.1.4.1.2620.1.5.7.0"; 	#"OK" : ha blocking state
+my $ha_status       = "1.3.6.1.4.1.2620.1.5.102.0";     # "OK" : ha status
-my $ha_status		= "1.3.6.1.4.1.2620.1.5.102.0"; # "OK" : ha status
+my $ha_block_state  = "1.3.6.1.4.1.2620.1.5.7.0";       # "OK" : ha blocking state
 
-my %ha_checks		=( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK");
+my %ha_checks       =( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK");
-my %ha_checks_stand	=( $ha_active,"yes",$ha_state,"standby",$ha_block_state,"OK",$ha_status,"OK");
+my %ha_checks_stand =( $ha_active,"yes",$ha_state,"standby",$ha_block_state,"OK",$ha_status,"OK");
-my %ha_checks_n		=( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status");
+my %ha_checks_n     =( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status");
-my @ha_checks_oid	=( $ha_active,$ha_state,$ha_block_state,$ha_status);
+my @ha_checks_oid   =( $ha_active,$ha_state,$ha_block_state,$ha_status);
 
-my $ha_mode		= "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only"/"High Availability (Active Up)" : ha Working mode
+my $ha_mode         = "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only"/"High Availability (Active Up)" : ha Working mode
+my $ha_tables       = "1.3.6.1.4.1.2620.1.5.13.1";  # ha status table
+my $ha_tables_index = ".1";
+my $ha_tables_name  = ".2";
+my $ha_tables_state = ".3"; # "OK"
+my $ha_tables_prbdesc = ".6"; # Description if state is != "OK"
 
-my $ha_tables		= "1.3.6.1.4.1.2620.1.5.13.1"; 	# ha status table
+#my @ha_table_check = ("Synchronization","Filter","cphad","fwd"); # process to check
-my $ha_tables_index	= ".1";
-my $ha_tables_name	= ".2";
-my $ha_tables_state	= ".3"; # "OK"
-my $ha_tables_prbdesc	= ".6"; # Description if state is != "OK"
-
-#my @ha_table_check	= ("Synchronization","Filter","cphad","fwd"); # process to check
 
 ####### MGMT data
 
-my $mgmt_status		= "1.3.6.1.4.1.2620.1.7.5.0";	# "active" : management status
+my $mgmt_status   = "1.3.6.1.4.1.2620.1.7.5.0";       # "active" : management status
-my $mgmt_alive		= "1.3.6.1.4.1.2620.1.7.6.0";   # 1 : management is alive if 1
+my $mgmt_alive    = "1.3.6.1.4.1.2620.1.7.6.0";       # 1 : management is alive if 1
-my $mgmt_stat_desc	= "1.3.6.1.4.1.2620.1.7.102.0"; # Management status description
+my $mgmt_stat_desc  = "1.3.6.1.4.1.2620.1.7.102.0";   # Management status description
-my $mgmt_stats_desc_l	= "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description
+my $mgmt_stats_desc_l = "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description
 
-my %mgmt_checks		= ($mgmt_status,"active",$mgmt_alive,"1");
+my %mgmt_checks   = ($mgmt_status,"active",$mgmt_alive,"1");
-my %mgmt_checks_n	= ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive");
+my %mgmt_checks_n = ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive");
-my @mgmt_checks_oid	= ($mgmt_status,$mgmt_alive);
+my @mgmt_checks_oid = ($mgmt_status,$mgmt_alive);
 
 #################################### Globals ##############################""
 
-my $Version='1.2.1';
+my $Version='1.2.1b';
 
-my $o_host = 	undef; 		# hostname
+my $o_host =  undef;      # hostname
-my $o_community = undef; 	# community
+my $o_community = undef;  # community
-my $o_version2	=undef;		# Version 2
+my $o_version2  = undef;  # Version 2
-my $o_port = 	161; 		# port
+my $o_port =  161;        # port
-my $o_help=	undef; 		# wan't some help ?
+my $o_help= undef;        # wan't some help ?
-my $o_verb=	undef;		# verbose mode
+my $o_verb= undef;        # verbose mode
-my $o_version=	undef;		# print version
+my $o_version=  undef;    # print version
-my $o_timeout=  5;            	# Default 5s Timeout
+my $o_timeout=  5;        # Default 5s Timeout
-my $o_warn=	undef;		# Warning for connections
+my $o_warn= undef;        # Warning for connections
-my $o_crit=	undef;		# Crit for connections
+my $o_crit= undef;        # Crit for connections
-my $o_svn=	undef;		# Check for SVN status
+my $o_warnSR= undef;      # Warning for connectionsSR
-my $o_fw=	undef;		# Check for FW status
+my $o_critSR= undef;      # Crit for connectionsSR
-my $o_ha=	undef;		# Check for HA status
+my $o_svn=  undef;        # Check for SVN status
-my $o_mgmt=	undef;		# Check for management status
+my $o_fw= undef;          # Check for FW status
-my $o_policy=	undef;		# Check for policy name
+my $o_ha= undef;          # Check for HA status
-my $o_conn=	undef;		# Check for connexions
+my $o_mgmt= undef;        # Check for management status
-my $o_perf=	undef;		# Performance data output 
+my $o_policy= undef;      # Check for policy name
+my $o_conn= undef;        # Check for connexions
+my $o_connSR= undef;      # Check for connexionsSR
+my $o_perf= undef;        # Performance data output 
 
 # SNMPv3 specific
-my $o_login=	undef;		# Login for snmpv3
+my $o_login=  undef;      # Login for snmpv3
-my $o_passwd=	undef;		# Pass for snmpv3
+my $o_passwd= undef;      # Pass for snmpv3
-my $v3protocols=undef;	# V3 protocol list.
+my $v3protocols=undef;    # V3 protocol list.
-my $o_authproto='md5';		# Auth protocol
+my $o_authproto='md5';    # Auth protocol
-my $o_privproto='des';		# Priv protocol
+my $o_privproto='des';    # Priv protocol
-my $o_privpass= undef;		# priv password
+my $o_privpass= undef;    # priv password
 
 # functions
 
 sub p_version { print "check_snmp_cpfw version : $Version\n"; }
 
 sub print_usage {
-    print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) [-s] [-w [-p=pol_name] [-c=warn,crit]] [-m] [-a [standby] ] [-f] [-p <port>] [-t <timeout>] [-V]\n";
+    print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) [-s] [-w [-p=pol_name] [-c=warn,crit]] [-r=warn,crit]]  [-m] [-a [standby] ] [-f] [-p <port>] [-t <timeout>] [-V]\n";
 }
 
 sub isnnum { # Return true if arg is not a number
@@ -117,7 +124,7 @@ sub isnnum { # Return true if arg is not a number
 
 sub help {
    print "\nSNMP Checkpoint FW-1 Monitor for Nagios version ",$Version,"\n";
-   print "GPL Licence, (c)2004-2007 - Patrick Proy\n\n";
+   print "GPL Licence, (c)2004-2020 - Patrick Proy\n\n";
    print_usage();
    print <<EOT;
 -v, --verbose
@@ -157,6 +164,8 @@ sub help {
    SNMP port (Default 161)
 -t, --timeout=INTEGER
    timeout for SNMP (Default: Nagios default)   
+-r, --connexionsSR=WARN,CRIT
+   check warn and critical number of connexionsSR (must have -w)
 -V, --version
    prints version number
 EOT
@@ -168,69 +177,81 @@ sub verb { my $t=shift; print $t,"\n" if defined($o_verb) ; }
 sub check_options {
     Getopt::Long::Configure ("bundling");
     GetOptions(
-   	'v'	=> \$o_verb,		'verbose'	=> \$o_verb,
+    'v' => \$o_verb,    'verbose' => \$o_verb,
-        'h'     => \$o_help,    	'help'        	=> \$o_help,
+        'h'     => \$o_help,      'help'          => \$o_help,
-        'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
+        'H:s'   => \$o_host,    'hostname:s'  => \$o_host,
-        'P:i'   => \$o_port,   		'port:i'	=> \$o_port,
+        'P:i'   => \$o_port,      'port:i'  => \$o_port,
-        'C:s'   => \$o_community,	'community:s'	=> \$o_community,
+        'C:s'   => \$o_community, 'community:s' => \$o_community,
-	'2'     => \$o_version2,        'v2c'           => \$o_version2,
+  '2'     => \$o_version2,        'v2c'           => \$o_version2,
-	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
+  'l:s' => \$o_login,   'login:s' => \$o_login,
-	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
+  'x:s' => \$o_passwd,    'passwd:s'  => \$o_passwd,
-	'X:s'	=> \$o_privpass,		'privpass:s'	=> \$o_privpass,
+  'X:s' => \$o_privpass,    'privpass:s'  => \$o_privpass,
-	'L:s'	=> \$v3protocols,		'protocols:s'	=> \$v3protocols,   
+  'L:s' => \$v3protocols,   'protocols:s' => \$v3protocols,   
- 	't:i'   => \$o_timeout,       	'timeout:i'     => \$o_timeout,
+  't:i'   => \$o_timeout,         'timeout:i'     => \$o_timeout,
-	'V'	=> \$o_version,		'version'	=> \$o_version,
+  'V' => \$o_version,   'version' => \$o_version,
-	's'	=> \$o_svn,		'svn'		=> \$o_svn,
+  's' => \$o_svn,   'svn'   => \$o_svn,
-	'w'	=> \$o_fw,		'fw'		=> \$o_fw,
+  'w' => \$o_fw,    'fw'    => \$o_fw,
-	'a:s'	=> \$o_ha,		'ha:s'		=> \$o_ha,
+  'a:s' => \$o_ha,    'ha:s'    => \$o_ha,
-	'm'	=> \$o_mgmt,		'mgmt'		=> \$o_mgmt,
+  'm' => \$o_mgmt,    'mgmt'    => \$o_mgmt,
-	'p:s'	=> \$o_policy,		'policy:s'	=> \$o_policy,
+  'p:s' => \$o_policy,    'policy:s'  => \$o_policy,
-	'c:s'	=> \$o_conn,		'connexions:s'	=> \$o_conn,
+  'c:s' => \$o_conn,    'connexions:s'  => \$o_conn,
-	'f'	=> \$o_perf,		'perfparse'	=> \$o_perf
+  'r:s' => \$o_connSR,   'rate:s' => \$o_connSR,
-    );
+  'f' => \$o_perf,    'perfparse' => \$o_perf
+  );
     if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
     if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
     if ( ! defined($o_host) ) # check host and filter 
-	{ print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print_usage(); exit $ERRORS{"UNKNOWN"}}
     # check snmp information
     if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
-	  { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
+    if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
-	  { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	if (defined ($v3protocols)) {
+    if (defined ($v3protocols)) {
-	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+      if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	  my @v3proto=split(/,/,$v3protocols);
+      my @v3proto=split(/,/,$v3protocols);
-	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	}	# Auth protocol
+      if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];  } # Auth protocol
-	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
+      if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv  protocol
-	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
+      if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
-	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+        print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	}
+    }
     # Check firewall options
     if ( defined($o_conn)) {
       if ( ! defined($o_fw))
- 	{ print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+        { print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
       my @warncrit=split(/,/ , $o_conn);
       if ( $#warncrit != 1 ) 
         { print "Put warn,crit levels with -c option\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
       ($o_warn,$o_crit)=@warncrit;
       if ( isnnum($o_warn) || isnnum($o_crit) )
-	{ print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+        { print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
-      if ($o_warn >= $o_crit)
+          if ($o_warn >= $o_crit)
-	{ print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+           { print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+    }
+    if ( defined($o_connSR)) {
+      if ( ! defined($o_fw))
+        { print "Cannot check connexionsSR without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+      my @warncritSR=split(/,/ , $o_connSR);
+      if ( $#warncritSR != 1 ) 
+        { print "Put warn,crit levels with -c option\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      ($o_warnSR,$o_critSR)=@warncritSR;
+      if ( isnnum($o_warnSR) || isnnum($o_critSR) )
+        { print "Numeric values for warning and critical in -r options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+          if ($o_warnSR >= $o_critSR)
+           { print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
     }
     if ( defined($o_policy)) {
       if (! defined($o_fw))
-	{ print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+        { print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
       if ($o_policy eq "")
         { print "Put a policy name !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
     }
     if (defined($o_perf) && ! defined ($o_conn))
-	{ print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
     if (!defined($o_fw) && !defined($o_ha) && !defined($o_mgmt) && !defined($o_svn))
-	{ print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
     if (defined ($o_ha) && ($o_ha ne "") && ($o_ha ne "standby")) 
-	{ print "-a option comes with 'standby' or nothing !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "-a option comes with 'standby' or nothing !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
-	
 }
 
 ########## MAIN #######
@@ -259,49 +280,49 @@ if ( defined($o_login) && defined($o_passwd)) {
     if (!defined ($o_privpass)) {
   verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
     ($session, $error) = Net::SNMP->session(
-      -hostname   	=> $o_host,
+      -hostname     => $o_host,
-      -version		=> '3',
+      -version    => '3',
-      -username		=> $o_login,
+      -username   => $o_login,
-      -port      	=> $o_port,
+      -port       => $o_port,
-      -authpassword	=> $o_passwd,
+      -authpassword => $o_passwd,
-      -authprotocol	=> $o_authproto,
+      -authprotocol => $o_authproto,
       -timeout          => $o_timeout
     );  
   } else {
     verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
     ($session, $error) = Net::SNMP->session(
-      -hostname   	=> $o_host,
+      -hostname     => $o_host,
-      -version		=> '3',
+      -version    => '3',
-      -username		=> $o_login,
+      -username   => $o_login,
-      -port      	=> $o_port,
+      -port       => $o_port,
-      -authpassword	=> $o_passwd,
+      -authpassword => $o_passwd,
-      -authprotocol	=> $o_authproto,
+      -authprotocol => $o_authproto,
-      -privpassword	=> $o_privpass,
+      -privpassword => $o_privpass,
-	  -privprotocol => $o_privproto,
+      -privprotocol => $o_privproto,
       -timeout          => $o_timeout
     );
   }
 } else {
-	if (defined ($o_version2)) {
+  if (defined ($o_version2)) {
-		# SNMPv2 Login
+    # SNMPv2 Login
-		verb("SNMP v2c login");
+    verb("SNMP v2c login");
-		  ($session, $error) = Net::SNMP->session(
+      ($session, $error) = Net::SNMP->session(
-		 -hostname  => $o_host,
+     -hostname  => $o_host,
-		 -version   => 2,
+     -version   => 2,
-		 -community => $o_community,
+     -community => $o_community,
-		 -port      => $o_port,
+     -port      => $o_port,
-		 -timeout   => $o_timeout
+     -timeout   => $o_timeout
-		);
+    );
-  	} else {
+    } else {
-	  # SNMPV1 login
+    # SNMPV1 login
-	  verb("SNMP v1 login");
+    verb("SNMP v1 login");
-	  ($session, $error) = Net::SNMP->session(
+    ($session, $error) = Net::SNMP->session(
-		-hostname  => $o_host,
+    -hostname  => $o_host,
-		-community => $o_community,
+    -community => $o_community,
-		-port      => $o_port,
+    -port      => $o_port,
-		-timeout   => $o_timeout
+    -timeout   => $o_timeout
-	  );
+    );
-	}
+  }
 }
 if (!defined($session)) {
    printf("ERROR opening session: %s.\n", $error);
@@ -327,8 +348,8 @@ $resultat = $session->get_request(
     foreach $key ( keys %svn_checks) {
       verb("$svn_checks_n{$key} : $svn_checks{$key} / $$resultat{$key}");
       if ( $$resultat{$key} ne $svn_checks{$key} ) {
-	$svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " ";
+  $svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " ";
-	$svn_state=2;
+  $svn_state=2;
       }  
     }
   } else {
@@ -380,6 +401,8 @@ if (defined ($o_mgmt)) {
 my $fw_state=0;
 my $fw_print="";
 my $perf_conn=undef;
+my $perf_connSR=undef;
+my $perf_connPeak=undef;
 
 if (defined ($o_fw)) {
 
@@ -392,6 +415,8 @@ if (defined ($o_fw)) {
     verb("State : $$resultat{$policy_state}");
     verb("Name : $$resultat{$policy_name}");
     verb("connections : $$resultat{$connections}");
+    verb("connectionsSR : $$resultat{$connectionsSR}");
+    verb("connectionsPeak : $$resultat{$connectionsPeak}");
 
     if ($$resultat{$policy_state} ne "Installed") {
       $fw_state=2;
@@ -401,22 +426,38 @@ if (defined ($o_fw)) {
 
     if (defined($o_policy)) {
       if ($$resultat{$policy_name} ne $o_policy) {
-	    $fw_state=2;
+      $fw_state=2;
-	    $fw_print .= "Policy installed : $$resultat{$policy_name}";
+      $fw_print .= "Policy installed : $$resultat{$policy_name}";
       }
     }
 
     if (defined($o_conn)) {
       if ($$resultat{$connections} > $o_crit) {
-	 $fw_state=2;
+        $fw_state=2;
         $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_crit." ";
       } else {
-	if ($$resultat{$connections} > $o_warn) {
+      if ($$resultat{$connections} > $o_warn) {
-	  if ($fw_state!=2) {$fw_state=1;}
+        if ($fw_state!=2) {$fw_state=1;}
-	  $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." ";    
+          $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." ";    
-	}
+          }
       }
       $perf_conn=$$resultat{$connections};
+      $perf_connSR=$$resultat{$connectionsSR};
+      $perf_connPeak=$$resultat{$connectionsPeak};
+    }
+    if (defined($o_connSR)) {
+      if ($$resultat{$connectionsSR} > $o_critSR) {
+        $fw_state=3;
+        $fw_print .= "Conn/seg  : ".$$resultat{$connectionsSR}." > ".$o_critSR." ";
+      } else {
+      if ($$resultat{$connectionsSR} > $o_warnSR) {
+        if ($fw_state!=3) {$fw_state=1;}
+          $fw_print .= "Conn/seg : ".$$resultat{$connectionsSR}." > ".$o_warnSR." ";    
+          }
+      }
+      $perf_conn=$$resultat{$connections};
+      $perf_connSR=$$resultat{$connectionsSR};
+      $perf_connPeak=$$resultat{$connectionsPeak};
     }
   } else {
     $fw_print .= "cannot find oids";
@@ -448,17 +489,17 @@ if (defined ($o_ha)) {
       verb("$ha_checks_n{$key} : $ha_checks{$key} / $$resultat{$key}");
       if ( $o_ha eq "standby" ) {
         if ( $$resultat{$key} ne $ha_checks_stand{$key} ) {
-	  $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
+    $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
-	  $ha_state_n=2;
+    $ha_state_n=2;
         }
       } else {
         if ( $$resultat{$key} ne $ha_checks{$key} ) {
-	  $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
+    $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
-	  $ha_state_n=2;
+    $ha_state_n=2;
         }
       }  
     }
-    #my $ha_mode		= "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only" : ha Working mode
+    #my $ha_mode    = "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only" : ha Working mode
   } else {
     $ha_print .= "cannot find oids";
     #Critical state if not found because it means soft is not activated
@@ -467,7 +508,7 @@ if (defined ($o_ha)) {
 
   # get ha status table
   $resultat = $session->get_table(
-	  Baseoid => $ha_tables
+    Baseoid => $ha_tables
   ); 
   my %status;
   my (@index,@oid) = (undef,undef);
@@ -477,10 +518,10 @@ if (defined ($o_ha)) {
   if (defined($resultat)) {
     foreach $key ( keys %$resultat) {
       if ( $key =~ /$index_search/) {
-	@oid=split (/\./,$key);
+  @oid=split (/\./,$key);
-	pop(@oid);
+  pop(@oid);
-	$index[$nindex]=pop(@oid);
+  $index[$nindex]=pop(@oid);
-	$nindex++; 
+  $nindex++; 
       }
     }
   } else {
@@ -503,10 +544,10 @@ if (defined ($o_ha)) {
       
       $key=$ha_tables . $ha_tables_state . "." . $index[$i] . ".0";
       if (($status{$ha_soft_name} = $$resultat{$key}) ne "OK") {
-	    $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0";
+      $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0";
-	    $status{$ha_soft_name} = $$resultat{$key};
+      $status{$ha_soft_name} = $$resultat{$key};
-	    $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " ";
+      $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " ";
-	    $ha_state_n=2
+      $ha_state_n=2
       }
       verb ("$ha_soft_name : $status{$ha_soft_name}");
     }
@@ -548,6 +589,8 @@ if (($ha_state_n+$svn_state+$fw_state+$mgmt_state) == 0 ) {
 
 if (defined($o_perf) && defined ($perf_conn)) {
   $f_print .= " | fw_connexions=" . $perf_conn;
+  $f_print .= " | fw_connexionsSR=" . $perf_connSR;
+  $f_print .= " | fw_connexionsPeak=" . $perf_connPeak;
 }
 
 print "$f_print\n";

check_xroad_token/check_xroad_token.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+xroad_list_tokens=$(signer-console list-tokens)
+
+if [[ $xroad_list_tokens == "Token: 0 (OK, writable, available, active)" ]]
+then
+        echo "OK - $xroad_list_tokens"
+        exit 0
+elif [[ $xroad_list_tokens != "Token: 0 (OK, writable, available, active)" ]]
+then
+        echo "Critical - $xroad_list_tokens"
+        exit 2
+else
+        echo "Unknown - $xroad_list_tokens"
+        exit 3
+fi

check_xroad_token/nagios-okplugin-check_xroad_token.spec

@@ -0,0 +1,52 @@
+%define debug_package %{nil}
+
+Summary:	A Nagios plugin to check status of XROAD soft-token
+Name:		nagios-okplugin-check_xroad_token
+Version:	1.2
+Release:	1%{?dist}
+License:	GPLv2+
+Group:		Applications/System
+URL:		https://github.com/opinkerfi/nagios-plugins/issues
+Source0:	http://opensource.ok.is/trac/browser/nagios-plugins/check_xroad_token/releases/nagios-okplugin-check_xroad_token-%{version}.tar.gz
+Requires:	nagios-nrpe
+Requires:	xroad-signer
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Packager:	Gardar Thorsteinsson <gardar@ok.is>
+
+
+%description
+A Nagios plugin to check status of XROAD soft-token
+
+
+%prep
+%setup -q
+#perl -pi -e "s|/usr/lib64|%{_libdir}|g" nrpe.d/check_xroad_token.cfg
+
+%build
+
+
+%install
+rm -rf %{buildroot}
+install -D -p -m 0755 check_xroad_token.sh %{buildroot}%{_libdir}/nagios/plugins/check_xroad_token.sh
+install -D -p -m 0755 nrpe.d/check_xroad_token.cfg %{buildroot}/etc/nrpe.d/check_xroad_token.cfg
+install -D -p -m 0644 sudoers.d/check_xroad_token %{buildroot}/etc/sudoers.d/check_xroad_token
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+#%doc README LICENSE
+%{_libdir}/nagios/plugins/*
+/etc/nrpe.d/check_xroad_token.cfg
+/etc/sudoers.d/check_xroad_token
+
+%post
+restorecon -v %{_libdir}/nagios/plugins/check_xroad_token.sh /etc/nrpe.d/check_xroad_token.cfg /etc/sudoers.d/check_xroad_token
+
+%changelog
+* Mon Sep 14 2020 Your Name <you@example.com> 1.2-1
+- new package built with tito
+
+* Fri Sep 11 2020  Gardar Thorsteinsson <gardart@gmail.com> 1.0.1-1
+- Initial packaging

check_xroad_token/nrpe.d/check_xroad_token.cfg

@@ -0,0 +1,2 @@
+# xroad plugin to check for tokens
+command[check_xroad_token]=sudo -u xroad /usr/lib64/nagios/plugins/check_xroad_token.sh

check_xroad_token/readme.md

@@ -0,0 +1,9 @@
+# Required steps to use this check
+
+```shell
+# On RHEL/Centos
+sudo semanage permissive -a nrpe_t
+sudo setsebool -P nagios_run_sudo 1
+sudo yum install nagios-okplugin-check_xroad_token -y
+sudo systemctl restart nrpe
+```

check_xroad_token/sudoers.d/check_xroad_token

@@ -0,0 +1,2 @@
+Defaults:nrpe   !requiretty
+nrpe            ALL = (xroad) NOPASSWD: /usr/bin/signer-console list-tokens, /usr/lib64/nagios/plugins/check_xroad_token.sh

check_yum/check_yum

@@ -1,24 +1,29 @@
-#!/usr/bin/python
+#!/usr/bin/env python
-# coding=utf-8
+#
+#  Author: Hari Sekhon
+#  Date: 2008-04-29 17:21:08 +0100 (Tue, 29 Apr 2008)
+#
+#  https://github.com/harisekhon/nagios-plugins
+#
+#  License: see accompanying LICENSE file
+#
 
-"""Nagios plugin to check the YUM package management system for package updates.
+"""
-   Can optionally alert on any available updates as well as just
+Nagios plugin to test for Yum updates on RedHat / CentOS Linux.
-   security related updates"""
 
-__title__   = "check_yum"
+Can optionally alert on any available updates as well as just security related updates
-__version__ = "0.8.0"
 
-# Standard Nagios return codes
+See also: check_yum.pl (also part of the Advanced Nagios Plugins Collection)
-OK       = 0
+
-WARNING  = 1
+Tested on CentOS 5 / 6 / 7
-CRITICAL = 2
+"""
-UNKNOWN  = 3
 
 import os
 import re
 import sys
 import signal
 OLD_PYTHON = False
+# pylint: disable=wrong-import-position
 try:
     from subprocess import Popen, PIPE, STDOUT
 except ImportError:
@@ -26,28 +31,41 @@ except ImportError:
     import commands
 from optparse import OptionParser
 
+__author__ = "Hari Sekhon"
+__title__ = "Nagios Plugin for Yum updates on RedHat/CentOS systems"
+__version__ = "0.8.9"
+
+# Standard Nagios return codes
+OK = 0
+WARNING = 1
+CRITICAL = 2
+UNKNOWN = 3
+
 DEFAULT_TIMEOUT = 30
 
+support_msg = "Please make sure you have upgraded to the latest version from " + \
+              "https://github.com/harisekhon/nagios-plugins. If the problem persists, " + \
+              "please raise a ticket at https://github.com/harisekhon/nagios-plugins/issues "+ \
+              "with the full -vvv output"
 
-def end(status, message, perfdata=''):
+def end(status, message):
     """Exits the plugin with first arg as the return code and the second
     arg as the message to output"""
-    
+
     check = "YUM "
     if status == OK:
-        print "%sOK: %s | %s" % (check, message, perfdata)
+        print "%sOK: %s" % (check, message)
         sys.exit(OK)
     elif status == WARNING:
-        print "%sWARNING: %s | %s" % (check, message, perfdata)
+        print "%sWARNING: %s" % (check, message)
         sys.exit(WARNING)
     elif status == CRITICAL:
-        print "%sCRITICAL: %s | %s" % (check, message, perfdata)
+        print "%sCRITICAL: %s" % (check, message)
         sys.exit(CRITICAL)
     else:
         print "UNKNOWN: %s" % message
         sys.exit(UNKNOWN)
 
-
 YUM = "/usr/bin/yum"
 
 def check_yum_usable():
@@ -62,26 +80,28 @@ def check_yum_usable():
         end(UNKNOWN, "%s is not executable" % YUM)
 
 
-class YumTester:
+class YumTester(object):
     """Class to hold all portage test functions and state"""
 
     def __init__(self):
         """Initialize all object variables"""
 
-        self.all_updates        = False
+        self.all_updates = False
-        self.no_cache_update    = False
+        self.no_cache_update = False
-        self.no_warn_on_lock    = False
+        self.no_warn_on_lock = False
-        self.enable_repo        = ""
+        self.enable_repo = ""
-        self.disable_repo       = ""
+        self.disable_repo = ""
-        self.timeout            = DEFAULT_TIMEOUT
+        self.disable_plugin = ""
-        self.verbosity          = 0
+        self.yum_config = ""
+        self.timeout = DEFAULT_TIMEOUT
+        self.verbosity = 0
         self.warn_on_any_update = False
 
     def validate_all_variables(self):
-        """Validates all object variables to make sure the 
+        """Validates all object variables to make sure the
         environment is sane"""
 
-        if self.timeout == None:
+        if self.timeout is None:
             self.timeout = DEFAULT_TIMEOUT
         try:
             self.timeout = int(self.timeout)
@@ -92,7 +112,7 @@ class YumTester:
         if self.timeout < 1 or self.timeout > 3600:
             end(UNKNOWN, "Timeout must be a number between 1 and 3600 seconds")
 
-        if self.verbosity == None:
+        if self.verbosity is None:
             self.verbosity = 0
         try:
             self.verbosity = int(self.verbosity)
@@ -104,13 +124,13 @@ class YumTester:
 
 
     def run(self, cmd):
-        """runs a system command and returns 
+        """runs a system command and returns
         an array of lines of the output"""
 
-        if cmd == "" or cmd == None:
+        if not cmd:
             end(UNKNOWN, "Internal python error - " \
                        + "no cmd supplied for run function")
-       
+
         if self.no_cache_update:
             cmd += " -C"
 
@@ -121,32 +141,43 @@ class YumTester:
             for repo in self.disable_repo.split(","):
                 cmd += " --disablerepo=%s" % repo
 
+        if self.disable_plugin:
+            # --disableplugin can take a comma separated list directly
+            #for plugin in self.disable_plugin.split(","):
+                #cmd += " --disableplugin=%s" % plugin
+            cmd += " --disableplugin=%s" % self.disable_plugin
+
+        if self.yum_config:
+            for repo in self.yum_config.split(","):
+                cmd += " --config=%s" % repo
+
         self.vprint(3, "running command: %s" % cmd)
 
         if OLD_PYTHON:
             self.vprint(3, "subprocess not available, probably old python " \
                          + "version, using shell instead")
+            os.environ['LANG'] = "en_US"
             returncode, stdout = commands.getstatusoutput(cmd)
             if returncode >= 256:
                 returncode = returncode / 256
         else:
             try:
-                process = Popen( cmd.split(), 
+                env = {'LANG': 'en_US'}
-                                 stdin=PIPE, 
+                process = Popen(cmd.split(), stdin=PIPE, stdout=PIPE, stderr=STDOUT, env=env)
-                                 stdout=PIPE, 
-                                 stderr=STDOUT )
             except OSError, error:
                 error = str(error)
                 if error == "No such file or directory":
                     end(UNKNOWN, "Cannot find utility '%s'" % cmd.split()[0])
                 end(UNKNOWN, "Error trying to run utility '%s' - %s" \
                                                   % (cmd.split()[0], error))
-        
+
             output = process.communicate()
+            # for using debug outputs, either do not comment above line or explicitly set exit code below
+            #output = [open(os.path.dirname(__file__) + '/test_input.txt').read(), '']
             returncode = process.returncode
             stdout = output[0]
-        
+
-        if stdout == None or stdout == "":
+        if not stdout:
             end(UNKNOWN, "No output from utility '%s'" % cmd.split()[0])
 
         self.vprint(3, "Returncode: '%s'\nOutput: '%s'" \
@@ -158,19 +189,21 @@ class YumTester:
 
 
     def check_returncode(self, returncode, output):
-        """Takes the returncode and output (as an array of lines) 
+        """Takes the returncode and output (as an array of lines)
-        of the YUM program execution and tests for failures, exits 
+        of the yum program execution and tests for failures, exits
         with an appropriate message if any are found"""
 
         if returncode == 0:
-            pass
+            for line in output:
+                if "You must run this command as root" in line:
+                    end(UNKNOWN, "You must run this plugin as root")
         elif returncode == 100:
             # Updates Available
             pass
         elif returncode == 200:
             if "lock" in output[-2] or "another copy is running" in output[-2]:
                 msg = "Cannot check for updates, " \
-                    + "another instance of YUM is running"
+                    + "another instance of yum is running"
                 if self.no_warn_on_lock:
                     end(OK, msg)
                 else:
@@ -179,10 +212,15 @@ class YumTester:
                 output = self.strip_output(output)
                 end(UNKNOWN, "%s" % output)
         else:
-            if not 'Loading "security" plugin' in output \
+            if 'No more mirrors to try' in output:
+                end(UNKNOWN, 'connectivity issue to repos: \'No more mirrors to try\'. ' + \
+                             'You could also try running --cache-only and ' + \
+                             'scheduling a separate \'yum makecache\' via cron or similar')
+            elif (not ('Loading "security" plugin' in output or 'Loaded plugins:.*security' in output)) \
                or "Command line error: no such option: --security" in output:
-                end(UNKNOWN, "Security plugin for YUM is required. Try to "    \
+                end(UNKNOWN, "Security plugin for yum is required. Try to "    \
-                           + "'yum install yum-security' and then re-run "     \
+                           + "'yum install yum-security' (RHEL5) or " \
+                           + "'yum install yum-plugin-security' (RHEL6) and then re-run " \
                            + "this plugin. Alternatively, to just alert on "   \
                            + "any update which does not require the security " \
                            + "plugin, try --all-updates")
@@ -192,8 +230,8 @@ class YumTester:
 
 
     def strip_output(self, output):
-        """Cleans up the output from the plugin and returns it. 
+        """Cleans up the output from the plugin and returns it.
-        Takes and returns an array of the lines of output 
+        Takes and returns an array of the lines of output
         and returns a single string"""
 
         self.vprint(3, "stripping output of 'Loading ... plugin' lines")
@@ -243,149 +281,137 @@ class YumTester:
 
         return number_security_updates, number_other_updates
 
-    
+
     def get_all_updates(self):
-        """Gets all updates. Returns a single integer of the 
+        """Gets all updates. Returns a single integer of the
         number of available updates"""
 
         cmd = "%s check-update" % YUM
-        
+
         output = self.run(cmd)
 
-        output2 = "\n".join(output).split("\n\n")
+        output2 = [_ for _ in "\n".join(output).split("\n\n") if  _]
-        if self.verbosity >= 4 :
+        if self.verbosity >= 4:
             for section in output2:
                 print "\nSection:\n%s\n" % section
         if len(output2) > 2 or \
-           not ( "Setting up repositories" in output2[0] or \
+           not ("Setting up repositories" in output2[0] or \
-                 "Loaded plugins: " in output2[0] or \
+                "Loaded plugins: " in output2[0] or \
-                 re.search('Loading\s+".+"\s+plugin', output2[0]) ):
+                re.search(r'Loading\s+".+"\s+plugin', output2[0])):
             end(WARNING, "Yum output signature does not match current known "  \
-                       + "format. Please make sure you have upgraded to the "  \
+                       + "format. " + support_msg)
-                       + "latest version of this plugin. If the problem "      \
+        number_packages = 0
-                       + "persists, please contact the author for a fix")
         if len(output2) == 1:
-            # There are no updates but we have passed 
+            # There are no updates but we have passed
             # the loading and setting up of repositories
-            number_packages = 0
+            pass
         else:
-            number_packages = len([x for x in output2[1].split("\n") \
+            for line in output2[1].split("\n"):
-                                                        if len(x.split()) > 1 ])
+                if len(line.split()) > 1 and \
-        
+                   line[0:1] != " " and \
+                   "Obsoleting Packages" not in line:
+                    number_packages += 1
+
         try:
             number_packages = int(number_packages)
             if number_packages < 0:
                 raise ValueError
         except ValueError:
             end(UNKNOWN, "Error parsing package information, invalid package " \
-                       + "number, YUM output may have changed. Please make "   \
+                       + "number, yum output may have changed. " + support_msg)
-                       + "sure you have upgraded to the latest version of "    \
-                       + "this plugin. If the problem persists, then please "  \
-                       + "contact the author for a fix")
 
-        # Extra layer of checks. This is a security plugin so it's preferable 
+        # Extra layer of checks. This is a security plugin so it's preferable
-        # to fail on error rather than pass silently leaving you with an 
+        # to fail on error rather than pass silently leaving you with an
         # insecure system
         count = 0
+        re_kernel_security_update = re.compile('^Security: kernel-.+ is an installed security update')
+        re_kernel_update = re.compile('^Security: kernel-.+ is the currently running version')
         re_package_format = \
-                re.compile("^.+\.(i[3456]86|x86_64|noarch)\s+.+\s+.+$")
+                re.compile(r'^.+\.(i[3456]86|x86_64|noarch)\s+.+\s+.+$')
-        # This is to work around a YUM truncation issue effectively changing
+        # This is to work around a yum truncation issue effectively changing
         # the package output format. Currently only very long kmod lines
         # are seen to have caused this so we stick to what we know for safety
         # and raise an unknown error on anything else for maximum security
         #re_package_format_truncated = \
         #        re.compile("^[\w-]+-kmod-\d[\d\.-]+.*\s+.+\s+.+$")
+        obsoleting_packages = False
         for line in output:
+            if ' excluded ' in line:
+                continue
+            elif obsoleting_packages and line[0:1] == " ":
+                continue
+            elif "Obsoleting Packages" in line:
+                obsoleting_packages = True
+                continue
+            elif re_kernel_security_update.match(line):
+                end(WARNING, 'Kernel security update is installed but requires a reboot')
+            elif re_kernel_update.match(line):
+                continue
             if re_package_format.match(line):
                 count += 1
         if count != number_packages:
             end(UNKNOWN, "Error parsing package information, inconsistent "    \
-                       + "package count, yum output may have changed. Please " \
+                       + "package count (%d count vs %s num packages)" % (count, number_packages) \
-                       + "make sure you have upgraded to the latest version "  \
+                       + ", yum output may have changed. " + support_msg)
-                       + "of this plugin. If the problem persists, then "      \
-                       + "please contact the author for a fix")
 
-        return number_packages, "'updates'=%s" % (number_packages)
+        return number_packages
 
-    def get_security_updateinfo(self):
-        """Fetches errata numbers and package names"""
-
-        cmd = "%s list-security" % YUM
-
-        output = self.run(cmd)
-
-        errata = []
-
-        for line in output:
-	    try:
-                if line.split()[1] != "security" and line.split()[1][-4:] != "Sec.":
-                    continue
-            except:
-                continue
-	    (advisoryid, etype, package) = line.split()
-            errata.append( { "name": package, "advisory": advisoryid } )
-    
-        return errata
 
     def get_security_updates(self):
         """Gets all updates, but differentiates between
-        security and normal updates. Returns a tuple of the number 
+        security and normal updates. Returns a tuple of the number
         of security and normal updates"""
 
         cmd = "%s --security check-update" % YUM
 
         output = self.run(cmd)
-        
+
-        re_security_summary_rhel5 = re.compile("Needed \d+ of \d+ packages, for security")
+        re_security_summary = \
-        re_security_summary_rhel6 = re.compile("\d+ package\(s\) needed for security, out of \d+ available")
+                re.compile(r'Needed (\d+) of (\d+) packages, for security')
-        re_no_security_updates_available_rhel5 = re.compile("No packages needed, for security, \d+ available")
+        re_summary_rhel6 = re.compile(r'(\d+) package\(s\) needed for security, out of (\d+) available')
-        re_no_security_updates_available_rhel6 = re.compile("No packages needed for security; \d+ packages available")
+        re_no_sec_updates = \
+                re.compile(r'No packages needed,? for security[;,] (\d+) (?:packages )?available')
+        re_kernel_update = re.compile(r'^Security: kernel-.+ is an installed security update')
         summary_line_found = False
         for line in output:
-            if re_no_security_updates_available_rhel5.match(line):
+            _ = re_summary_rhel6.match(line)
+            if _:
+                summary_line_found = True
+                number_security_updates = _.group(1)
+                number_total_updates = _.group(2)
+                break
+            _ = re_no_sec_updates.match(line)
+            if _:
                 summary_line_found = True
                 number_security_updates = 0
-                number_total_updates    = line.split()[5]
+                number_total_updates = _.group(1)
                 break
-            if re_no_security_updates_available_rhel6.match(line):
+            _ = re_security_summary.match(line)
+            if _:
                 summary_line_found = True
-                number_security_updates = 0
+                number_security_updates = _.group(1)
-                number_total_updates    = line.split()[5]
+                number_total_updates = _.group(2)
-                break
-            if re_security_summary_rhel5.match(line):
-                summary_line_found = True
-                number_security_updates = line.split()[1]
-                number_total_updates    = line.split()[3]
-                break
-            if re_security_summary_rhel6.match(line):
-                summary_line_found = True
-                number_security_updates = line.split()[0]
-                number_total_updates    = line.split()[7]
                 break
+            _ = re_kernel_update.match(line)
+            if _:
+                end(CRITICAL, "Kernel security update is installed but requires a reboot")
 
         if not summary_line_found:
-            end(WARNING, "Cannot find summary line in YUM output. Please "     \
+            end(WARNING, "Cannot find summary line in yum output. " + support_msg)
-                       + "make sure you have upgraded to the latest version "  \
-                       + "of this plugin. If the problem persists, please "    \
-                       + "contact the author for a fix")
 
         try:
             number_security_updates = int(number_security_updates)
             number_total_updates = int(number_total_updates)
         except ValueError:
-            end(WARNING, "Error parsing package information, YUM output " \
+            end(WARNING, "Error parsing package information, yum output " \
-                       + "may have changed. Please make sure you have "     \
+                       + "may have changed. " + support_msg)
-                       + "upgraded to the latest version of this plugin. "  \
-                       + "If the problem persists, the please contact the " \
-                       + "author for a fix")
 
         number_other_updates = number_total_updates - number_security_updates
-         
+
-        if len(output) > number_total_updates + 25:
+        from_excluded_regex = re.compile(' from .+ excluded ')
+        if len([_ for _ in output if not from_excluded_regex.search(_)]) > number_total_updates + 25:
             end(WARNING, "Yum output signature is larger than current known "  \
-                       + "format, please make sure you have upgraded to the "  \
+                       + "format. " + support_msg)
-                       + "latest version of this plugin. If the problem "      \
-                       + "persists, please contact the author for a fix")
 
         return number_security_updates, number_other_updates
 
@@ -394,26 +420,25 @@ class YumTester:
         """Starts tests and controls logic flow"""
 
         check_yum_usable()
-        self.vprint(3, "%s - Version %s\n" \
+        self.vprint(3, "%s - Version %s\nAuthor: %s\n" \
-            % (__title__, __version__))
+            % (__title__, __version__, __author__))
-        
+
         self.validate_all_variables()
         self.set_timeout()
-  
+
         if self.all_updates:
             return self.test_all_updates()
-        else:
+        return self.test_security_updates()
-            return self.test_security_updates()
 
 
     def test_all_updates(self):
-        """Tests for all updates, and returns a tuple 
+        """Tests for all updates, and returns a tuple
         of the status code and output"""
 
-        status  = UNKNOWN
+        status = UNKNOWN
-        message = "code error - please contact author for a fix"
+        message = "code error. " + support_msg
 
-        number_updates, perfdata = self.get_all_updates()
+        number_updates = self.get_all_updates()
         if number_updates == 0:
             status = OK
             message = "0 Updates Available"
@@ -424,20 +449,20 @@ class YumTester:
             else:
                 message = "%s Updates Available" % number_updates
 
-        return status, message, perfdata
+        message += " | total_updates_available=%s" % number_updates
+
+        return status, message
 
 
     def test_security_updates(self):
         """Tests for security updates and returns a tuple
         of the status code and output"""
 
-        status  = UNKNOWN
+        status = UNKNOWN
-        message = "code error - please contact author for a fix"
+        message = "code error. " + support_msg
-        
+
         number_security_updates, number_other_updates = \
                                                     self.get_security_updates()
-
-	perfdata = "'security_updates'=%s 'other_updates'=%s" % (number_security_updates, number_other_updates)
         if number_security_updates == 0:
             status = OK
             message = "0 Security Updates Available"
@@ -448,6 +473,7 @@ class YumTester:
             elif number_security_updates > 1:
                 message = "%s Security Updates Available" \
                                                     % number_security_updates
+
         if number_other_updates != 0:
             if self.warn_on_any_update and status != CRITICAL:
                 status = WARNING
@@ -456,13 +482,10 @@ class YumTester:
             else:
                 message += ". %s Non-Security Updates Available" \
                                                         % number_other_updates
-                                
+        message += " | security_updates_available=%s non_security_updates_available=%s total_updates_available=%s" \
-        if number_security_updates and self.long_output:
+                   % (number_security_updates, number_other_updates, number_security_updates + number_other_updates)
-            errata = self.get_security_updateinfo()
+
-            for e in errata:
+        return status, message
-                message += "\n%s - %s" % (e['advisory'], e['name'])
-    
-        return status, message, perfdata
 
 
     def vprint(self, threshold, message):
@@ -479,88 +502,97 @@ def main():
     tester = YumTester()
     parser = OptionParser()
 
-    parser.add_option( "--all-updates",
+    parser.add_option("-A",
-                       action="store_true",
+                      "--all-updates",
-                       dest="all_updates",
+                      action="store_true",
-                       help="Does not distinguish between security and "      \
+                      dest="all_updates",
-                          + "non-security updates, but returns critical for " \
+                      help="Does not distinguish between security and "      \
-                          + "any available update. This may be used if the "  \
+                         + "non-security updates, but returns critical for " \
-                          + "YUM security plugin is absent or you want to "   \
+                         + "any available update. This may be used if the "  \
-                          + "maintain every single package at the latest "    \
+                         + "yum security plugin is absent or you want to "   \
-                          + "version. You may want to use "                   \
+                         + "maintain every single package at the latest "    \
-                          + "--warn-on-any-update instead of this option")
+                         + "version. You may want to use "                   \
+                         + "--warn-on-any-update instead of this option")
 
-    parser.add_option( "--warn-on-any-update",
+    parser.add_option("-W",
-                       action="store_true",
+                      "--warn-on-any-update",
-                       dest="warn_on_any_update",
+                      action="store_true",
-                       help="Warns if there are any (non-security) package "   \
+                      dest="warn_on_any_update",
-                          + "updates available. By default only warns when "   \
+                      help="Warns if there are any (non-security) package "   \
-                          + "security related updates are available. If "      \
+                         + "updates available. By default only warns when "   \
-                          + "--all-updates is used, then this option is "      \
+                         + "security related updates are available. If "      \
-                          + "redundant as --all-updates will return a "        \
+                         + "--all-updates is used, then this option is "      \
-                          + "critical result on any available update, "        \
+                         + "redundant as --all-updates will return a "        \
-                          + "whereas using this switch still allows you to "   \
+                         + "critical result on any available update, "        \
-                          + "differentiate between the severity of updates ")
+                         + "whereas using this switch still allows you to "   \
+                         + "differentiate between the severity of updates ")
 
-    parser.add_option( "-C",
+    parser.add_option("-C",
-                       "--cache-only",
+                      "--cache-only",
-                       action="store_true",
+                      action="store_true",
-                       dest="no_cache_update",
+                      dest="no_cache_update",
-                       help="Run entirely from cache and do not update the " \
+                      help="Run entirely from cache and do not update the " \
-                          + "cache when running YUM. Useful if you have "    \
+                         + "cache when running yum. Useful if you have "    \
-                          + "'yum makecache' cronned so that the nagios "    \
+                         + "'yum makecache' cronned so that the nagios "    \
-                          + "check itself doesn't have to do it, possibly "  \
+                         + "check itself doesn't have to do it, possibly "  \
-                          + "speeding up execution (by 1-2 seconds in tests)")
+                         + "speeding up execution (by 1-2 seconds in tests)")
 
-    parser.add_option( "--no-warn-on-lock",
+    parser.add_option("-c",
-                       action="store_true",
+                      "--config",
-                       dest="no_warn_on_lock",
+                      dest="yum_config",
-                       help="Return OK instead of WARNING when YUM is locked " \
+                      help="Run with custom repository config in order to use " \
-                          + "and fails to check for updates due to another "   \
+                         + "custom repositories in case of special setup for")
-                          + "instance running. This is not recommended from "  \
-                          + "the security standpoint, but may be wanted to "   \
-                          + "reduce the number of alerts that may "            \
-                          + "intermittently pop up when someone is running "   \
-                          + "YUM interactively for package management")
 
-    parser.add_option( "--enablerepo",
+    parser.add_option("-N",
-                       dest="repository_to_enable",
+                      "--no-warn-on-lock",
-                       help="Explicitly enables a reposity when calling YUM. "
+                      action="store_true",
-                          + "Can take a comma separated list of repositories")
+                      dest="no_warn_on_lock",
+                      help="Return OK instead of WARNING when yum is locked " \
+                         + "and fails to check for updates due to another "   \
+                         + "instance running. This is not recommended from "  \
+                         + "the security standpoint, but may be wanted to "   \
+                         + "reduce the number of alerts that may "            \
+                         + "intermittently pop up when someone is running "   \
+                         + "yum for package management")
 
-    parser.add_option( "--disablerepo",
+    parser.add_option("-e",
-                       dest="repository_to_disable",
+                      "--enablerepo",
-                       help="Explicitly disables a repository when calling YUM "
+                      dest="repository_to_enable",
-                          + "Can take a comma separated list of repositories")
+                      help="Explicitly enables a reposity when calling yum. " +
+                      "Can take a comma separated list of repositories")
 
-    parser.add_option( "-l",
+    parser.add_option("-d",
-                       "--long-output",
+                      "--disablerepo",
-                       action="store_true",
+                      dest="repository_to_disable",
-                       dest="long_output",
+                      help="Explicitly disables a repository when calling yum. " \
-                       help="Shows more detailed output including the errata "
+                         + "Can take a comma separated list of repositories")
-                          + "ID.")
 
-    parser.add_option( "-t",
+    parser.add_option("--disableplugin",
-                       "--timeout",
+                      dest="plugin_to_disable",
-                       dest="timeout",
+                      help="Explicitly disables a plugin when calling yum. " \
-                       help="Sets a timeout in seconds after which the "  \
+                         + "Can take a comma separated list of plugins")
-                           +"plugin will exit (defaults to %s seconds). " \
+
+    parser.add_option("-t",
+                      "--timeout",
+                      dest="timeout",
+                      help="Sets a timeout in seconds after which the "  \
+                          +"plugin will exit (defaults to %s seconds). " \
                                                       % DEFAULT_TIMEOUT)
 
-    parser.add_option( "-v", 
+    parser.add_option("-v",
-                       "--verbose", 
+                      "--verbose",
-                       action="count", 
+                      action="count",
-                       dest="verbosity",
+                      dest="verbosity",
-                       help="Verbose mode. Can be used multiple times to "     \
+                      help="Verbose mode. Can be used multiple times to "     \
-                          + "increase output. Use -vvv for debugging output. " \
+                         + "increase output. Use -vvv for debugging output. " \
-                          + "By default only one result line is printed as "   \
+                         + "By default only one result line is printed as "   \
-                          + "per Nagios standards")
+                         + "per Nagios standards")
 
-    parser.add_option( "-V",
+    parser.add_option("-V",
-                       "--version",
+                      "--version",
-                       action="store_true",
+                      action="store_true",
-                       dest="version",
+                      dest="version",
-                       help="Print version number and exit")
+                      help="Print version number and exit")
 
     (options, args) = parser.parse_args()
 
@@ -568,23 +600,24 @@ def main():
         parser.print_help()
         sys.exit(UNKNOWN)
 
-    tester.all_updates                 = options.all_updates
+    tester.all_updates = options.all_updates
-    tester.no_cache_update             = options.no_cache_update
+    tester.no_cache_update = options.no_cache_update
-    tester.no_warn_on_lock             = options.no_warn_on_lock
+    tester.no_warn_on_lock = options.no_warn_on_lock
-    tester.enable_repo                 = options.repository_to_enable
+    tester.enable_repo = options.repository_to_enable
-    tester.disable_repo                = options.repository_to_disable
+    tester.disable_repo = options.repository_to_disable
-    tester.timeout                     = options.timeout
+    tester.disable_plugin = options.plugin_to_disable
-    tester.verbosity                   = options.verbosity
+    tester.yum_config = options.yum_config
-    tester.warn_on_any_update          = options.warn_on_any_update
+    tester.timeout = options.timeout
-    tester.long_output                 = options.long_output
+    tester.verbosity = options.verbosity
+    tester.warn_on_any_update = options.warn_on_any_update
 
     if options.version:
-        print "%s - Version %s\n" \
+        print "%s - Version %s\nAuthor: %s\n" \
-            % (__title__, __version__)
+            % (__title__, __version__, __author__)
         sys.exit(OK)
-    
+
-    result, output, perfdata = tester.test_yum_updates()
+    result, output = tester.test_yum_updates()
-    end(result, output, perfdata)
+    end(result, output)
 
 
 if __name__ == "__main__":
@@ -593,37 +626,3 @@ if __name__ == "__main__":
     except KeyboardInterrupt:
         print "Caught Control-C..."
         sys.exit(CRITICAL)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#Copyright © ?–?, Hari Sekhon <harisekhon@gmail.com>.
-#Copyright © 2012, Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>.
-#All rights reserved.
-#
-#
-#This program is free software; you can redistribute it and/or
-#modify it under the terms of the GNU General Public License
-#as published by the Free Software Foundation; version 2
-#of the License.
-#
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU General Public License for more details.
-#
-#You should have received a copy of the GNU General Public License
-#along with this program; if not, write to the Free Software
-#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

rel-eng/packages/nagios-okplugin-check_xroad_token

@@ -0,0 +1 @@
+1.2-1 check_xroad_token/

rel-eng/releasers.conf

@@ -3,6 +3,7 @@
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-7-x86_64
+srpm_disttag = .el7
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel7/x86_64/
 
 # RHEL 7 Test
@@ -10,6 +11,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel7/x86_64/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-7-x86_64
+srpm_disttag = .el7
 builder.test = 1
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel7/x86_64/
 
@@ -19,12 +21,14 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel7/x8
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-x86_64
+srpm_disttag = .el6
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel6/x86_64/
 
 [production-el6-i386]
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-i386
+srpm_disttag = .el6
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel6/i386/
 
 
@@ -34,6 +38,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel6/i386/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-x86_64
+srpm_disttag = .el5
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/x86_64/
 
@@ -42,6 +47,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/x86_64/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-i386
+srpm_disttag = .el5
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/i386/
 
@@ -50,6 +56,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/i386/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-x86_64
+srpm_disttag = .el6
 builder.test = 1
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel6/x86_64/
 
@@ -58,6 +65,7 @@ releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-i386
 builder.test = 1
+srpm_disttag = .el6
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel6/i386/
 
 
@@ -66,6 +74,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel6/i3
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-x86_64
+srpm_disttag = .el5
 builder.test = 1
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/x86_64/
@@ -75,6 +84,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/x8
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-i386
+srpm_disttag = .el5
 builder.test = 1
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/i386/
@@ -86,6 +96,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/i3
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = fedora-20-x86_64
+srpm_disttag = .fc20
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/fedora20/x86_64/
 
 # Fedora FC20
@@ -93,6 +104,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/fedora20/x86_64/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = fedora-20-x86_64
+srpm_disttag = .fc20
 builder.test = 1
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/fedora20/x86_64/