Create readme.md

Merge pull request #45 from monitoreoDotOsiAtUchileDotCl/master
:D
2025-04-01 21:53:40 +02:00 · 2022-01-04 13:20:15 +00:00 · 2020-10-28 16:34:34 +00:00 · 2020-10-28 12:24:56 -03:00 · 2020-10-28 12:17:15 -03:00 · 2020-10-26 21:34:49 +00:00
12 changed files with 963 additions and 430 deletions
--- a/check_service.sh/check_service.sh
+++ b/check_service.sh/check_service.sh
@ -0,0 +1,349 @@
+#!/usr/bin/env bash
+set -o pipefail
+
+# Author: Jon Schipp
+# 2015-03-09 [Pascal Hegy] - Add sudo for linux
+# 2015-03-09 [Pascal Hegy] - Change USER variable to USERNAME to avoid the use and confusion with the USER env variable
+# 2017-08-30 [Roberto Leibman] - Reordered checks to make sure dead and inactive get checked first
+# 2018-04-25 [Robin Gierse] - Update check via systemctl for Linux with grep to produce better output for systemctl
+# 2019-03-15 [nem / liberodark] - Add support for check all failed services in linux
+
+########
+# Examples:
+
+# 1.) List services for osx
+# $ ./check_service.sh -l -o osx
+#
+# 2.) Check status of SSH service on a linux machine
+# $ ./check_service.sh -o linux -s sshd
+
+# 3.) Manually select service management tool and service
+# $ ./check_service.sh -o linux -t "service rsyslog status"
+# Exemple for check all failed services
+# $ ./check_service.sh -o linux -t "systemctl list-units --state=failed"
+
+# Nagios Exit Codes
+OK=0
+WARNING=1
+CRITICAL=2
+UNKNOWN=3
+
+# Weather or not we can trust the exit code from the service management tool.
+# Defaults to 0, put to 1 for systemd.  Otherwise we must rely on parsing the
+# output from the service management tool.
+TRUST_EXIT_CODE=0
+
+usage()
+{
+cat <<EOF
+
+Check status of system services for Linux, FreeBSD, OSX, and AIX.
+
+     Options:
+        -s <service>    Specify service name
+        -l              List services
+        -o <os>         OS type, "linux/osx/freebsd/aix"
+        -u <user>       User if you need to ``sudo -u'' for launchctl (def: nagios, linux and osx only)
+        -t <tool>       Manually specify service management tool (def: autodetect) with status and service
+                        e.g. ``-t "service nagios status"''
+
+
+EOF
+}
+
+argcheck() {
+# if less than n argument
+if [ $ARGC -lt $1 ]; then
+        echo "Missing arguments! Use \`\`-h'' for help."
+        exit 1
+fi
+}
+
+os_check() {
+if [ "$OS" == null ]; then
+	unamestr=$(uname)
+        if [[ $unamestr == 'Linux' ]]; then
+                OS='linux'
+        elif [[ $unamestr == 'FreeBSD' ]]; then
+               OS='freebsd'
+        elif [[ $unamestr == 'Darwin' ]]; then
+               OS='osx'	       
+        else
+                echo "OS not recognized, Use \`-o\` and specify the OS as an argument"
+                exit 3
+        fi
+fi
+}
+
+
+
+determine_service_tool() {
+if [[ $OS == linux ]]; then
+        if command -v systemctl >/dev/null 2>&1; then
+                SERVICETOOL="systemctl status $SERVICE | grep -i Active"
+                LISTTOOL="systemctl"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME systemctl status $SERVICE"
+                    LISTTOOL="sudo -u $USERNAME systemctl"
+                fi
+		TRUST_EXIT_CODE=1
+        elif command -v service >/dev/null 2>&1; then
+                SERVICETOOL="service $SERVICE status"
+                LISTTOOL="service --status-all"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME service $SERVICE status"
+                    LISTTOOL="sudo -u $USERNAME service --status-all"
+                fi
+        elif command -v initctl >/dev/null 2>&1; then
+                SERVICETOOL="status $SERVICE"
+                LISTTOOL="initctl list"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME status $SERVICE"
+                    LISTTOOL="sudo -u $USERNAME initctl list"
+                fi
+        elif command -v chkconfig >/dev/null 2>&1; then
+                SERVICETOOL=chkconfig
+                LISTTOOL="chkconfig --list"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME chkconfig"
+                    LISTTOOL="sudo -u $USERNAME chkconfig --list"
+                fi
+        elif [ -f /etc/init.d/$SERVICE ] || [ -d /etc/init.d ]; then
+                SERVICETOOL="/etc/init.d/$SERVICE status | tail -1"
+                LISTTOOL="ls -1 /etc/init.d/"
+                if [ $USERNAME ]; then
+                    SERVICETOOL="sudo -u $USERNAME /etc/init.d/$SERVICE status | tail -1"
+                    LISTTOOL="sudo -u $USERNAME ls -1 /etc/init.d/"
+                fi
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+
+if [[ $OS == freebsd ]]; then
+        if command -v service >/dev/null 2>&1; then
+                SERVICETOOL="service $SERVICE status"
+                LISTTOOL="service -l"
+        elif [ -f /etc/rc.d/$SERVICE ] || [ -d /etc/rc.d ]; then
+                SERVICETOOL="/etc/rc.d/$SERVICE status"
+                LISTTOOL="ls -1 /etc/rc.d/"
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+
+if [[ $OS == osx ]]; then
+        if [ -f /usr/sbin/serveradmin >/dev/null 2>&1 ] && serveradmin list | grep "$SERVICE" 2>&1 >/dev/null; then
+                SERVICETOOL="serveradmin status $SERVICE"
+                LISTTOOL="serveradmin list"
+        elif [ -f /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin >/dev/null 2>&1 ] && \
+               /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin list | \
+                grep "$SERVICE" 2>&1 >/dev/null; then
+                SERVICETOOL="/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin status $SERVICE"
+                LISTTOOL="/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin list"
+        elif command -v launchctl >/dev/null 2>&1; then
+                SERVICETOOL="launchctl list | grep -v ^- | grep $SERVICE || echo $SERVICE not running! "
+                LISTTOOL="launchctl list"
+                if [ $USERNAME ]; then
+                        SERVICETOOL="sudo -u $USERNAME launchctl list | grep -v ^- | grep $SERVICE || echo $SERVICE not running! "
+                        LISTTOOL="sudo -u $USERNAME launchctl list"
+                fi
+        elif command -v service >/dev/null 2>&1; then
+                SERVICETOOL="service --test-if-configured-on $SERVICE"
+                LISTTOOL="service list"
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+
+if [[ $OS == aix ]]; then
+        if command -v lssrc >/dev/null 2>&1; then
+                SERVICETOOL="lssrc -s $SERVICE | grep -v Subsystem"
+                LISTTOOL="lssrc -a"
+        else
+                echo "Unable to determine the system's service tool!"
+                exit 1
+        fi
+fi
+}
+
+ARGC=$#
+LIST=0
+MANUAL=0
+OS=null
+SERVICETOOL=null
+LISTTOOL=null
+SERVICE=".*"
+#USERNAME=nagios
+
+argcheck 1
+
+while getopts "hls:o:t:u:" OPTION
+do
+     case $OPTION in
+         h)
+             usage
+             exit 0
+             ;;
+         l)
+             LIST=1
+             ;;
+         s)
+             SERVICE="$OPTARG"
+             ;;
+         o)
+             if [[ "$OPTARG" == linux ]]; then
+                     OS="$OPTARG"
+             elif [[ "$OPTARG" == osx ]]; then
+                     OS="$OPTARG"
+             elif [[ "$OPTARG" == freebsd ]]; then
+                     OS="$OPTARG"
+             elif [[ "$OPTARG" == aix ]]; then
+                     OS="$OPTARG"
+             else
+                     echo "Unknown type!"
+                     exit 1
+             fi
+             ;;
+         t)
+             MANUAL=1
+             MANUALSERVICETOOL="$OPTARG"
+             ;;
+         u)
+             USERNAME="$OPTARG"
+             ;;
+         \?)
+             exit 1
+             ;;
+     esac
+done
+
+os_check
+
+if [ $MANUAL -eq 1 ]; then
+SERVICETOOL=$MANUALSERVICETOOL
+else
+determine_service_tool
+fi
+
+# -l conflicts with -t                                                                                                                                                   
+if [ $MANUAL -eq 1 ] && [ $LIST -eq 1 ]; then
+    echo "Options conflict: \`\`-t'' and \`\`-l''"
+    exit 2
+fi
+
+if [ $LIST -eq 1 ]; then
+        if [[ $LISTTOOL != null ]]; then
+                $LISTTOOL
+                exit 0
+        else
+                echo "OS not specified! Use \`\`-o''"
+                exit 2
+        fi
+fi
+
+# Check the status of a service
+STATUS_MSG=$(eval "$SERVICETOOL" 2>&1)
+EXIT_CODE=$?
+
+## Exit code from the service tool - if it's non-zero, we should
+## probably return CRITICAL.  (though, in some cases UNKNOWN would
+## probably be more appropriate)
+[ $EXIT_CODE -ne 0 ] && echo "$STATUS_MSG" && exit $CRITICAL
+
+## For systemd and most systems, $EXIT_CODE can be trusted - if it's 0, the service is running.
+## Ref https://github.com/jonschipp/nagios-plugins/issues/15
+[ $TRUST_EXIT_CODE -eq 1 ] && [ $EXIT_CODE -eq 0 ] && echo "$STATUS_MSG" && exit $OK 
+
+case $STATUS_MSG in
+
+*stop*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*STOPPED*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*not*running*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*NOT*running*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*NOT*RUNNING*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+#*inactive*)
+#        echo "$STATUS_MSG"
+#        exit $CRITICAL
+#        ;;
+*dead*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*running*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*RUNNING*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*SUCCESS*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*[eE]rr*)
+        echo "Error in command: $STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[fF]ailed*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[eE]nable*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*[dD]isable*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[cC]annot*)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+*[aA]ctive*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+*Subsystem*not*on*file)
+        echo "$STATUS_MSG"
+        exit $CRITICAL
+        ;;
+[1-9][1-9]*)
+        echo "$SERVICE running: $STATUS_MSG"
+        exit $OK
+        ;;
+"")
+	echo "$SERVICE is not running: no output from service command"
+	exit $CRITICAL
+	;;
+*)
+        echo "Unknown status: $STATUS_MSG"
+        echo "Is there a typo in the command or service configuration?: $STATUS_MSG"
+        exit $UNKNOWN
+        ;;
+*0\ loaded*)
+        echo "$STATUS_MSG"
+        exit $OK
+        ;;
+esac
+
--- a/check_service.sh/nagios-plugins-check_service.spec
+++ b/check_service.sh/nagios-plugins-check_service.spec
@ -0,0 +1,48 @@
+%define debug_package %{nil}
+
+Summary:	A Nagios plugin to check services on Linux servers
+Name:		nagios-plugins-check_service
+Version:	0
+Release:	1%{?dist}
+License:	GPLv2+
+Group:		Applications/System
+URL:		https://github.com/jonschipp/nagios-plugins/blob/master/check_service.sh
+Source0:	http://opensource.ok.is/trac/browser/nagios-plugins/check_service/releases/nagios-plugins-check_service-%{version}.tar.gz
+Requires:	nrpe
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Packager:	Gardar Thorsteinsson <gardar@ok.is>
+BuildArch:	noarch
+
+%description
+Check status of system services for Linux, FreeBSD, OSX, and AIX.
+
+%prep
+%setup -q
+perl -pi -e "s|/usr/lib/|%{_libdir}/|g" nrpe.d/check_service.cfg
+perl -pi -e "s|/usr/lib64/|%{_libdir}/|g" nrpe.d/check_service.cfg
+
+%build
+
+
+%install
+rm -rf %{buildroot}
+install -D -p -m 0755 check_service.sh %{buildroot}%{_libdir}/nagios/plugins/check_service.sh
+install -D -p -m 0755 nrpe.d/check_service.cfg %{buildroot}/etc/nrpe.d/check_service.cfg
+
+%clean
+rm -rf %{buildroot}
+
+%post
+/sbin/service nrpe reload
+
+%files
+%defattr(-,root,root,-)
+#%doc README LICENSE
+%{_libdir}/nagios/plugins/*
+/etc/nrpe.d/check_service.cfg
+
+
+%changelog
+* Tue Apr 21 2020  <gardar@ok.is> 0.1-1
+- Initial packaging
+
--- a/check_service.sh/nrpe.d/check_service.cfg
+++ b/check_service.sh/nrpe.d/check_service.cfg
@ -0,0 +1 @@
+command[check_service]=/usr/lib/nagios/plugins/check_service.sh
--- a/check_snmp/check_snmp_cpfw.pl
+++ b/check_snmp/check_snmp_cpfw.pl
@ -5,6 +5,9 @@
 # Author  : Patrick Proy (patrick at proy.org)
 # Help : http://nagios.manubulon.com
 # Licence : GPL - http://www.fsf.org/licenses/gpl.txt
+# Patch 1.2.1c
+# Author : monitoreo.osi@uchile.cl
+# Desc:  warn/crit threshold to conns/seg check
 # TODO : 
 # - check sync method
 #################################################################
@ -19,6 +22,7 @@ use Getopt::Long;
 # Nagios specific

 use lib "/usr/local/nagios/libexec";
+#use lib "/usr/lib/nagios/plugins"; # use in ubugtu
 use utils qw(%ERRORS $TIMEOUT);
 #my $TIMEOUT = 15;
 #my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
@ -26,87 +30,90 @@ use utils qw(%ERRORS $TIMEOUT);
 ########### SNMP Datas ########### 

 ###### FW data
-my $policy_state	= "1.3.6.1.4.1.2620.1.1.1.0"; # "Installed"
-my $policy_name		= "1.3.6.1.4.1.2620.1.1.2.0"; # Installed policy name
-my $connections		= "1.3.6.1.4.1.2620.1.1.25.3.0"; # number of connections
-#my $connections_peak	= "1.3.6.1.4.1.2620.1.1.25.4.0"; # peak number of connections
-my @fw_checks 		= ($policy_state,$policy_name,$connections);
+my $policy_state     = "1.3.6.1.4.1.2620.1.1.1.0";        # Installed
+my $policy_name      = "1.3.6.1.4.1.2620.1.1.2.0";        # Installed policy name
+my $connections      = "1.3.6.1.4.1.2620.1.1.25.3.0";     # Number of connections
+my $connectionsSR    = "1.3.6.1.4.1.2620.1.1.26.11.6.0" ; # FwConnectionsStatConnectionRate aka connx/seg
+my $connectionsPeak  = "1.3.6.1.4.1.2620.1.1.25.4.0";     # Peak number of connections
+my @fw_checks        = ($policy_state,$policy_name,$connections,$connectionsSR,$connectionsPeak);

 ###### SVN data
-my $svn_status		= "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status
-my %svn_checks		= ($svn_status,"OK");
-my %svn_checks_n	= ($svn_status,"SVN status");
-my @svn_checks_oid	= ($svn_status);
+my $svn_status    = "1.3.6.1.4.1.2620.1.6.102.0"; # "OK" svn status
+my %svn_checks    = ($svn_status,"OK");
+my %svn_checks_n  = ($svn_status,"SVN status");
+my @svn_checks_oid  = ($svn_status);

 ###### HA data

-my $ha_active		= "1.3.6.1.4.1.2620.1.5.5.0"; 	# "yes"
-my $ha_state		= "1.3.6.1.4.1.2620.1.5.6.0"; 	# "active" / "standby"
-my $ha_block_state	= "1.3.6.1.4.1.2620.1.5.7.0"; 	#"OK" : ha blocking state
-my $ha_status		= "1.3.6.1.4.1.2620.1.5.102.0"; # "OK" : ha status
+my $ha_active       = "1.3.6.1.4.1.2620.1.5.5.0";       # "yes"
+my $ha_state        = "1.3.6.1.4.1.2620.1.5.6.0";       # "active" / "standby"
+my $ha_status       = "1.3.6.1.4.1.2620.1.5.102.0";     # "OK" : ha status
+my $ha_block_state  = "1.3.6.1.4.1.2620.1.5.7.0";       # "OK" : ha blocking state

-my %ha_checks		=( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK");
-my %ha_checks_stand	=( $ha_active,"yes",$ha_state,"standby",$ha_block_state,"OK",$ha_status,"OK");
-my %ha_checks_n		=( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status");
-my @ha_checks_oid	=( $ha_active,$ha_state,$ha_block_state,$ha_status);
+my %ha_checks       =( $ha_active,"yes",$ha_state,"active",$ha_block_state,"OK",$ha_status,"OK");
+my %ha_checks_stand =( $ha_active,"yes",$ha_state,"standby",$ha_block_state,"OK",$ha_status,"OK");
+my %ha_checks_n     =( $ha_active,"HA active",$ha_state,"HA state",$ha_block_state,"HA block state",$ha_status,"ha_status");
+my @ha_checks_oid   =( $ha_active,$ha_state,$ha_block_state,$ha_status);

-my $ha_mode		= "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only"/"High Availability (Active Up)" : ha Working mode
+my $ha_mode         = "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only"/"High Availability (Active Up)" : ha Working mode
+my $ha_tables       = "1.3.6.1.4.1.2620.1.5.13.1";  # ha status table
+my $ha_tables_index = ".1";
+my $ha_tables_name  = ".2";
+my $ha_tables_state = ".3"; # "OK"
+my $ha_tables_prbdesc = ".6"; # Description if state is != "OK"

-my $ha_tables		= "1.3.6.1.4.1.2620.1.5.13.1"; 	# ha status table
-my $ha_tables_index	= ".1";
-my $ha_tables_name	= ".2";
-my $ha_tables_state	= ".3"; # "OK"
-my $ha_tables_prbdesc	= ".6"; # Description if state is != "OK"
-
-#my @ha_table_check	= ("Synchronization","Filter","cphad","fwd"); # process to check
+#my @ha_table_check = ("Synchronization","Filter","cphad","fwd"); # process to check

 ####### MGMT data

-my $mgmt_status		= "1.3.6.1.4.1.2620.1.7.5.0";	# "active" : management status
-my $mgmt_alive		= "1.3.6.1.4.1.2620.1.7.6.0";   # 1 : management is alive if 1
-my $mgmt_stat_desc	= "1.3.6.1.4.1.2620.1.7.102.0"; # Management status description
-my $mgmt_stats_desc_l	= "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description
+my $mgmt_status   = "1.3.6.1.4.1.2620.1.7.5.0";       # "active" : management status
+my $mgmt_alive    = "1.3.6.1.4.1.2620.1.7.6.0";       # 1 : management is alive if 1
+my $mgmt_stat_desc  = "1.3.6.1.4.1.2620.1.7.102.0";   # Management status description
+my $mgmt_stats_desc_l = "1.3.6.1.4.1.2620.1.7.103.0"; # Management status long description

-my %mgmt_checks		= ($mgmt_status,"active",$mgmt_alive,"1");
-my %mgmt_checks_n	= ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive");
-my @mgmt_checks_oid	= ($mgmt_status,$mgmt_alive);
+my %mgmt_checks   = ($mgmt_status,"active",$mgmt_alive,"1");
+my %mgmt_checks_n = ($mgmt_status,"Mgmt status",$mgmt_alive,"Mgmt alive");
+my @mgmt_checks_oid = ($mgmt_status,$mgmt_alive);

 #################################### Globals ##############################""

-my $Version='1.2.1';
+my $Version='1.2.1b';

-my $o_host = 	undef; 		# hostname
-my $o_community = undef; 	# community
-my $o_version2	=undef;		# Version 2
-my $o_port = 	161; 		# port
-my $o_help=	undef; 		# wan't some help ?
-my $o_verb=	undef;		# verbose mode
-my $o_version=	undef;		# print version
-my $o_timeout=  5;            	# Default 5s Timeout
-my $o_warn=	undef;		# Warning for connections
-my $o_crit=	undef;		# Crit for connections
-my $o_svn=	undef;		# Check for SVN status
-my $o_fw=	undef;		# Check for FW status
-my $o_ha=	undef;		# Check for HA status
-my $o_mgmt=	undef;		# Check for management status
-my $o_policy=	undef;		# Check for policy name
-my $o_conn=	undef;		# Check for connexions
-my $o_perf=	undef;		# Performance data output 
+my $o_host =  undef;      # hostname
+my $o_community = undef;  # community
+my $o_version2  = undef;  # Version 2
+my $o_port =  161;        # port
+my $o_help= undef;        # wan't some help ?
+my $o_verb= undef;        # verbose mode
+my $o_version=  undef;    # print version
+my $o_timeout=  5;        # Default 5s Timeout
+my $o_warn= undef;        # Warning for connections
+my $o_crit= undef;        # Crit for connections
+my $o_warnSR= undef;      # Warning for connectionsSR
+my $o_critSR= undef;      # Crit for connectionsSR
+my $o_svn=  undef;        # Check for SVN status
+my $o_fw= undef;          # Check for FW status
+my $o_ha= undef;          # Check for HA status
+my $o_mgmt= undef;        # Check for management status
+my $o_policy= undef;      # Check for policy name
+my $o_conn= undef;        # Check for connexions
+my $o_connSR= undef;      # Check for connexionsSR
+my $o_perf= undef;        # Performance data output 

 # SNMPv3 specific
-my $o_login=	undef;		# Login for snmpv3
-my $o_passwd=	undef;		# Pass for snmpv3
-my $v3protocols=undef;	# V3 protocol list.
-my $o_authproto='md5';		# Auth protocol
-my $o_privproto='des';		# Priv protocol
-my $o_privpass= undef;		# priv password
+my $o_login=  undef;      # Login for snmpv3
+my $o_passwd= undef;      # Pass for snmpv3
+my $v3protocols=undef;    # V3 protocol list.
+my $o_authproto='md5';    # Auth protocol
+my $o_privproto='des';    # Priv protocol
+my $o_privpass= undef;    # priv password

 # functions

 sub p_version { print "check_snmp_cpfw version : $Version\n"; }

 sub print_usage {
-    print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) [-s] [-w [-p=pol_name] [-c=warn,crit]] [-m] [-a [standby] ] [-f] [-p <port>] [-t <timeout>] [-V]\n";
+    print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) [-s] [-w [-p=pol_name] [-c=warn,crit]] [-r=warn,crit]]  [-m] [-a [standby] ] [-f] [-p <port>] [-t <timeout>] [-V]\n";
 }

 sub isnnum { # Return true if arg is not a number
@ -117,7 +124,7 @@ sub isnnum { # Return true if arg is not a number

 sub help {
   print "\nSNMP Checkpoint FW-1 Monitor for Nagios version ",$Version,"\n";
-   print "GPL Licence, (c)2004-2007 - Patrick Proy\n\n";
+   print "GPL Licence, (c)2004-2020 - Patrick Proy\n\n";
   print_usage();
   print <<EOT;
 -v, --verbose
@ -157,6 +164,8 @@ sub help {
   SNMP port (Default 161)
 -t, --timeout=INTEGER
   timeout for SNMP (Default: Nagios default)   
+-r, --connexionsSR=WARN,CRIT
+   check warn and critical number of connexionsSR (must have -w)
 -V, --version
   prints version number
 EOT
@ -168,69 +177,81 @@ sub verb { my $t=shift; print $t,"\n" if defined($o_verb) ; }
 sub check_options {
    Getopt::Long::Configure ("bundling");
    GetOptions(
-   	'v'	=> \$o_verb,		'verbose'	=> \$o_verb,
-        'h'     => \$o_help,    	'help'        	=> \$o_help,
-        'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
-        'P:i'   => \$o_port,   		'port:i'	=> \$o_port,
-        'C:s'   => \$o_community,	'community:s'	=> \$o_community,
-	'2'     => \$o_version2,        'v2c'           => \$o_version2,
-	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
-	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
-	'X:s'	=> \$o_privpass,		'privpass:s'	=> \$o_privpass,
-	'L:s'	=> \$v3protocols,		'protocols:s'	=> \$v3protocols,   
- 	't:i'   => \$o_timeout,       	'timeout:i'     => \$o_timeout,
-	'V'	=> \$o_version,		'version'	=> \$o_version,
-	's'	=> \$o_svn,		'svn'		=> \$o_svn,
-	'w'	=> \$o_fw,		'fw'		=> \$o_fw,
-	'a:s'	=> \$o_ha,		'ha:s'		=> \$o_ha,
-	'm'	=> \$o_mgmt,		'mgmt'		=> \$o_mgmt,
-	'p:s'	=> \$o_policy,		'policy:s'	=> \$o_policy,
-	'c:s'	=> \$o_conn,		'connexions:s'	=> \$o_conn,
-	'f'	=> \$o_perf,		'perfparse'	=> \$o_perf
-    );
+    'v' => \$o_verb,    'verbose' => \$o_verb,
+        'h'     => \$o_help,      'help'          => \$o_help,
+        'H:s'   => \$o_host,    'hostname:s'  => \$o_host,
+        'P:i'   => \$o_port,      'port:i'  => \$o_port,
+        'C:s'   => \$o_community, 'community:s' => \$o_community,
+  '2'     => \$o_version2,        'v2c'           => \$o_version2,
+  'l:s' => \$o_login,   'login:s' => \$o_login,
+  'x:s' => \$o_passwd,    'passwd:s'  => \$o_passwd,
+  'X:s' => \$o_privpass,    'privpass:s'  => \$o_privpass,
+  'L:s' => \$v3protocols,   'protocols:s' => \$v3protocols,   
+  't:i'   => \$o_timeout,         'timeout:i'     => \$o_timeout,
+  'V' => \$o_version,   'version' => \$o_version,
+  's' => \$o_svn,   'svn'   => \$o_svn,
+  'w' => \$o_fw,    'fw'    => \$o_fw,
+  'a:s' => \$o_ha,    'ha:s'    => \$o_ha,
+  'm' => \$o_mgmt,    'mgmt'    => \$o_mgmt,
+  'p:s' => \$o_policy,    'policy:s'  => \$o_policy,
+  'c:s' => \$o_conn,    'connexions:s'  => \$o_conn,
+  'r:s' => \$o_connSR,   'rate:s' => \$o_connSR,
+  'f' => \$o_perf,    'perfparse' => \$o_perf
+  );
    if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
    if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
    if ( ! defined($o_host) ) # check host and filter 
-	{ print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print_usage(); exit $ERRORS{"UNKNOWN"}}
    # check snmp information
    if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
-	  { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
-	  { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	if (defined ($v3protocols)) {
-	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	  my @v3proto=split(/,/,$v3protocols);
-	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	}	# Auth protocol
-	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
-	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
-	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
-	}
+      { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
+      { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    if (defined ($v3protocols)) {
+      if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+      my @v3proto=split(/,/,$v3protocols);
+      if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];  } # Auth protocol
+      if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv  protocol
+      if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
+        print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    }
    # Check firewall options
    if ( defined($o_conn)) {
      if ( ! defined($o_fw))
- 	{ print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+        { print "Cannot check connexions without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
      my @warncrit=split(/,/ , $o_conn);
      if ( $#warncrit != 1 ) 
        { print "Put warn,crit levels with -c option\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
      ($o_warn,$o_crit)=@warncrit;
      if ( isnnum($o_warn) || isnnum($o_crit) )
-	{ print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
-      if ($o_warn >= $o_crit)
-	{ print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+        { print "Numeric values for warning and critical in -c options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+          if ($o_warn >= $o_crit)
+           { print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+    }
+    if ( defined($o_connSR)) {
+      if ( ! defined($o_fw))
+        { print "Cannot check connexionsSR without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+      my @warncritSR=split(/,/ , $o_connSR);
+      if ( $#warncritSR != 1 ) 
+        { print "Put warn,crit levels with -c option\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      ($o_warnSR,$o_critSR)=@warncritSR;
+      if ( isnnum($o_warnSR) || isnnum($o_critSR) )
+        { print "Numeric values for warning and critical in -r options\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+          if ($o_warnSR >= $o_critSR)
+           { print "warning <= critical ! \n";print_usage(); exit $ERRORS{"UNKNOWN"}}
    }
    if ( defined($o_policy)) {
      if (! defined($o_fw))
-	{ print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+        { print "Cannot check policy name without checking fw\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
      if ($o_policy eq "")
        { print "Put a policy name !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    }
    if (defined($o_perf) && ! defined ($o_conn))
-	{ print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "Nothing selected for perfparse !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
    if (!defined($o_fw) && !defined($o_ha) && !defined($o_mgmt) && !defined($o_svn))
-	{ print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
+      { print "Must select a product to check !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
    if (defined ($o_ha) && ($o_ha ne "") && ($o_ha ne "standby")) 
-	{ print "-a option comes with 'standby' or nothing !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
-	
+      { print "-a option comes with 'standby' or nothing !\n";print_usage(); exit $ERRORS{"UNKNOWN"}}
 }

 ########## MAIN #######
@ -259,49 +280,49 @@ if ( defined($o_login) && defined($o_passwd)) {
    if (!defined ($o_privpass)) {
  verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
    ($session, $error) = Net::SNMP->session(
-      -hostname   	=> $o_host,
-      -version		=> '3',
-      -username		=> $o_login,
-      -port      	=> $o_port,
-      -authpassword	=> $o_passwd,
-      -authprotocol	=> $o_authproto,
+      -hostname     => $o_host,
+      -version    => '3',
+      -username   => $o_login,
+      -port       => $o_port,
+      -authpassword => $o_passwd,
+      -authprotocol => $o_authproto,
      -timeout          => $o_timeout
    );  
  } else {
    verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
    ($session, $error) = Net::SNMP->session(
-      -hostname   	=> $o_host,
-      -version		=> '3',
-      -username		=> $o_login,
-      -port      	=> $o_port,
-      -authpassword	=> $o_passwd,
-      -authprotocol	=> $o_authproto,
-      -privpassword	=> $o_privpass,
-	  -privprotocol => $o_privproto,
+      -hostname     => $o_host,
+      -version    => '3',
+      -username   => $o_login,
+      -port       => $o_port,
+      -authpassword => $o_passwd,
+      -authprotocol => $o_authproto,
+      -privpassword => $o_privpass,
+      -privprotocol => $o_privproto,
      -timeout          => $o_timeout
    );
  }
 } else {
-	if (defined ($o_version2)) {
-		# SNMPv2 Login
-		verb("SNMP v2c login");
-		  ($session, $error) = Net::SNMP->session(
-		 -hostname  => $o_host,
-		 -version   => 2,
-		 -community => $o_community,
-		 -port      => $o_port,
-		 -timeout   => $o_timeout
-		);
-  	} else {
-	  # SNMPV1 login
-	  verb("SNMP v1 login");
-	  ($session, $error) = Net::SNMP->session(
-		-hostname  => $o_host,
-		-community => $o_community,
-		-port      => $o_port,
-		-timeout   => $o_timeout
-	  );
-	}
+  if (defined ($o_version2)) {
+    # SNMPv2 Login
+    verb("SNMP v2c login");
+      ($session, $error) = Net::SNMP->session(
+     -hostname  => $o_host,
+     -version   => 2,
+     -community => $o_community,
+     -port      => $o_port,
+     -timeout   => $o_timeout
+    );
+    } else {
+    # SNMPV1 login
+    verb("SNMP v1 login");
+    ($session, $error) = Net::SNMP->session(
+    -hostname  => $o_host,
+    -community => $o_community,
+    -port      => $o_port,
+    -timeout   => $o_timeout
+    );
+  }
 }
 if (!defined($session)) {
   printf("ERROR opening session: %s.\n", $error);
@ -327,8 +348,8 @@ $resultat = $session->get_request(
    foreach $key ( keys %svn_checks) {
      verb("$svn_checks_n{$key} : $svn_checks{$key} / $$resultat{$key}");
      if ( $$resultat{$key} ne $svn_checks{$key} ) {
-	$svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " ";
-	$svn_state=2;
+  $svn_print .= $svn_checks_n{$key} . ":" . $$resultat{$key} . " ";
+  $svn_state=2;
      }  
    }
  } else {
@ -380,6 +401,8 @@ if (defined ($o_mgmt)) {
 my $fw_state=0;
 my $fw_print="";
 my $perf_conn=undef;
+my $perf_connSR=undef;
+my $perf_connPeak=undef;

 if (defined ($o_fw)) {

@ -392,6 +415,8 @@ if (defined ($o_fw)) {
    verb("State : $$resultat{$policy_state}");
    verb("Name : $$resultat{$policy_name}");
    verb("connections : $$resultat{$connections}");
+    verb("connectionsSR : $$resultat{$connectionsSR}");
+    verb("connectionsPeak : $$resultat{$connectionsPeak}");

    if ($$resultat{$policy_state} ne "Installed") {
      $fw_state=2;
@ -401,22 +426,38 @@ if (defined ($o_fw)) {

    if (defined($o_policy)) {
      if ($$resultat{$policy_name} ne $o_policy) {
-	    $fw_state=2;
-	    $fw_print .= "Policy installed : $$resultat{$policy_name}";
+      $fw_state=2;
+      $fw_print .= "Policy installed : $$resultat{$policy_name}";
      }
    }

    if (defined($o_conn)) {
      if ($$resultat{$connections} > $o_crit) {
-	 $fw_state=2;
+        $fw_state=2;
        $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_crit." ";
      } else {
-	if ($$resultat{$connections} > $o_warn) {
-	  if ($fw_state!=2) {$fw_state=1;}
-	  $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." ";    
-	}
+      if ($$resultat{$connections} > $o_warn) {
+        if ($fw_state!=2) {$fw_state=1;}
+          $fw_print .= "Connexions : ".$$resultat{$connections}." > ".$o_warn." ";    
+          }
      }
      $perf_conn=$$resultat{$connections};
+      $perf_connSR=$$resultat{$connectionsSR};
+      $perf_connPeak=$$resultat{$connectionsPeak};
+    }
+    if (defined($o_connSR)) {
+      if ($$resultat{$connectionsSR} > $o_critSR) {
+        $fw_state=3;
+        $fw_print .= "Conn/seg  : ".$$resultat{$connectionsSR}." > ".$o_critSR." ";
+      } else {
+      if ($$resultat{$connectionsSR} > $o_warnSR) {
+        if ($fw_state!=3) {$fw_state=1;}
+          $fw_print .= "Conn/seg : ".$$resultat{$connectionsSR}." > ".$o_warnSR." ";    
+          }
+      }
+      $perf_conn=$$resultat{$connections};
+      $perf_connSR=$$resultat{$connectionsSR};
+      $perf_connPeak=$$resultat{$connectionsPeak};
    }
  } else {
    $fw_print .= "cannot find oids";
@ -448,17 +489,17 @@ if (defined ($o_ha)) {
      verb("$ha_checks_n{$key} : $ha_checks{$key} / $$resultat{$key}");
      if ( $o_ha eq "standby" ) {
        if ( $$resultat{$key} ne $ha_checks_stand{$key} ) {
-	  $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
-	  $ha_state_n=2;
+    $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
+    $ha_state_n=2;
        }
      } else {
        if ( $$resultat{$key} ne $ha_checks{$key} ) {
-	  $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
-	  $ha_state_n=2;
+    $ha_print .= $ha_checks_n{$key} . ":" . $$resultat{$key} . " "; 
+    $ha_state_n=2;
        }
      }  
    }
-    #my $ha_mode		= "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only" : ha Working mode
+    #my $ha_mode    = "1.3.6.1.4.1.2620.1.5.11.0";  # "Sync only" : ha Working mode
  } else {
    $ha_print .= "cannot find oids";
    #Critical state if not found because it means soft is not activated
@ -467,7 +508,7 @@ if (defined ($o_ha)) {

  # get ha status table
  $resultat = $session->get_table(
-	  Baseoid => $ha_tables
+    Baseoid => $ha_tables
  ); 
  my %status;
  my (@index,@oid) = (undef,undef);
@ -477,10 +518,10 @@ if (defined ($o_ha)) {
  if (defined($resultat)) {
    foreach $key ( keys %$resultat) {
      if ( $key =~ /$index_search/) {
-	@oid=split (/\./,$key);
-	pop(@oid);
-	$index[$nindex]=pop(@oid);
-	$nindex++; 
+  @oid=split (/\./,$key);
+  pop(@oid);
+  $index[$nindex]=pop(@oid);
+  $nindex++; 
      }
    }
  } else {
@ -503,10 +544,10 @@ if (defined ($o_ha)) {
      
      $key=$ha_tables . $ha_tables_state . "." . $index[$i] . ".0";
      if (($status{$ha_soft_name} = $$resultat{$key}) ne "OK") {
-	    $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0";
-	    $status{$ha_soft_name} = $$resultat{$key};
-	    $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " ";
-	    $ha_state_n=2
+      $key=$ha_tables . $ha_tables_prbdesc . "." . $index[$i] . ".0";
+      $status{$ha_soft_name} = $$resultat{$key};
+      $ha_print .= $ha_soft_name . ":" . $status{$ha_soft_name} . " ";
+      $ha_state_n=2
      }
      verb ("$ha_soft_name : $status{$ha_soft_name}");
    }
@ -548,6 +589,8 @@ if (($ha_state_n+$svn_state+$fw_state+$mgmt_state) == 0 ) {

 if (defined($o_perf) && defined ($perf_conn)) {
  $f_print .= " | fw_connexions=" . $perf_conn;
+  $f_print .= " | fw_connexionsSR=" . $perf_connSR;
+  $f_print .= " | fw_connexionsPeak=" . $perf_connPeak;
 }

 print "$f_print\n";
--- a/check_xroad_token/check_xroad_token.sh
+++ b/check_xroad_token/check_xroad_token.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+xroad_list_tokens=$(signer-console list-tokens)
+
+if [[ $xroad_list_tokens == "Token: 0 (OK, writable, available, active)" ]]
+then
+        echo "OK - $xroad_list_tokens"
+        exit 0
+elif [[ $xroad_list_tokens != "Token: 0 (OK, writable, available, active)" ]]
+then
+        echo "Critical - $xroad_list_tokens"
+        exit 2
+else
+        echo "Unknown - $xroad_list_tokens"
+        exit 3
+fi
--- a/check_xroad_token/nagios-okplugin-check_xroad_token.spec
+++ b/check_xroad_token/nagios-okplugin-check_xroad_token.spec
@ -0,0 +1,52 @@
+%define debug_package %{nil}
+
+Summary:	A Nagios plugin to check status of XROAD soft-token
+Name:		nagios-okplugin-check_xroad_token
+Version:	1.2
+Release:	1%{?dist}
+License:	GPLv2+
+Group:		Applications/System
+URL:		https://github.com/opinkerfi/nagios-plugins/issues
+Source0:	http://opensource.ok.is/trac/browser/nagios-plugins/check_xroad_token/releases/nagios-okplugin-check_xroad_token-%{version}.tar.gz
+Requires:	nagios-nrpe
+Requires:	xroad-signer
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Packager:	Gardar Thorsteinsson <gardar@ok.is>
+
+
+%description
+A Nagios plugin to check status of XROAD soft-token
+
+
+%prep
+%setup -q
+#perl -pi -e "s|/usr/lib64|%{_libdir}|g" nrpe.d/check_xroad_token.cfg
+
+%build
+
+
+%install
+rm -rf %{buildroot}
+install -D -p -m 0755 check_xroad_token.sh %{buildroot}%{_libdir}/nagios/plugins/check_xroad_token.sh
+install -D -p -m 0755 nrpe.d/check_xroad_token.cfg %{buildroot}/etc/nrpe.d/check_xroad_token.cfg
+install -D -p -m 0644 sudoers.d/check_xroad_token %{buildroot}/etc/sudoers.d/check_xroad_token
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+#%doc README LICENSE
+%{_libdir}/nagios/plugins/*
+/etc/nrpe.d/check_xroad_token.cfg
+/etc/sudoers.d/check_xroad_token
+
+%post
+restorecon -v %{_libdir}/nagios/plugins/check_xroad_token.sh /etc/nrpe.d/check_xroad_token.cfg /etc/sudoers.d/check_xroad_token
+
+%changelog
+* Mon Sep 14 2020 Your Name <you@example.com> 1.2-1
+- new package built with tito
+
+* Fri Sep 11 2020  Gardar Thorsteinsson <gardart@gmail.com> 1.0.1-1
+- Initial packaging
--- a/check_xroad_token/nrpe.d/check_xroad_token.cfg
+++ b/check_xroad_token/nrpe.d/check_xroad_token.cfg
@ -0,0 +1,2 @@
+# xroad plugin to check for tokens
+command[check_xroad_token]=sudo -u xroad /usr/lib64/nagios/plugins/check_xroad_token.sh
--- a/check_xroad_token/readme.md
+++ b/check_xroad_token/readme.md
@ -0,0 +1,9 @@
+# Required steps to use this check
+
+```shell
+# On RHEL/Centos
+sudo semanage permissive -a nrpe_t
+sudo setsebool -P nagios_run_sudo 1
+sudo yum install nagios-okplugin-check_xroad_token -y
+sudo systemctl restart nrpe
+```
--- a/check_xroad_token/sudoers.d/check_xroad_token
+++ b/check_xroad_token/sudoers.d/check_xroad_token
@ -0,0 +1,2 @@
+Defaults:nrpe   !requiretty
+nrpe            ALL = (xroad) NOPASSWD: /usr/bin/signer-console list-tokens, /usr/lib64/nagios/plugins/check_xroad_token.sh
--- a/check_yum/check_yum
+++ b/check_yum/check_yum
@ -1,24 +1,29 @@
-#!/usr/bin/python
-# coding=utf-8
+#!/usr/bin/env python
+#
+#  Author: Hari Sekhon
+#  Date: 2008-04-29 17:21:08 +0100 (Tue, 29 Apr 2008)
+#
+#  https://github.com/harisekhon/nagios-plugins
+#
+#  License: see accompanying LICENSE file
+#

-"""Nagios plugin to check the YUM package management system for package updates.
-   Can optionally alert on any available updates as well as just
-   security related updates"""
+"""
+Nagios plugin to test for Yum updates on RedHat / CentOS Linux.

-__title__   = "check_yum"
-__version__ = "0.8.0"
+Can optionally alert on any available updates as well as just security related updates

-# Standard Nagios return codes
-OK       = 0
-WARNING  = 1
-CRITICAL = 2
-UNKNOWN  = 3
+See also: check_yum.pl (also part of the Advanced Nagios Plugins Collection)
+
+Tested on CentOS 5 / 6 / 7
+"""

 import os
 import re
 import sys
 import signal
 OLD_PYTHON = False
+# pylint: disable=wrong-import-position
 try:
    from subprocess import Popen, PIPE, STDOUT
 except ImportError:
@ -26,28 +31,41 @@ except ImportError:
    import commands
 from optparse import OptionParser

+__author__ = "Hari Sekhon"
+__title__ = "Nagios Plugin for Yum updates on RedHat/CentOS systems"
+__version__ = "0.8.9"
+
+# Standard Nagios return codes
+OK = 0
+WARNING = 1
+CRITICAL = 2
+UNKNOWN = 3
+
 DEFAULT_TIMEOUT = 30

+support_msg = "Please make sure you have upgraded to the latest version from " + \
+              "https://github.com/harisekhon/nagios-plugins. If the problem persists, " + \
+              "please raise a ticket at https://github.com/harisekhon/nagios-plugins/issues "+ \
+              "with the full -vvv output"

-def end(status, message, perfdata=''):
+def end(status, message):
    """Exits the plugin with first arg as the return code and the second
    arg as the message to output"""
-    
+
    check = "YUM "
    if status == OK:
-        print "%sOK: %s | %s" % (check, message, perfdata)
+        print "%sOK: %s" % (check, message)
        sys.exit(OK)
    elif status == WARNING:
-        print "%sWARNING: %s | %s" % (check, message, perfdata)
+        print "%sWARNING: %s" % (check, message)
        sys.exit(WARNING)
    elif status == CRITICAL:
-        print "%sCRITICAL: %s | %s" % (check, message, perfdata)
+        print "%sCRITICAL: %s" % (check, message)
        sys.exit(CRITICAL)
    else:
        print "UNKNOWN: %s" % message
        sys.exit(UNKNOWN)

-
 YUM = "/usr/bin/yum"

 def check_yum_usable():
@ -62,26 +80,28 @@ def check_yum_usable():
        end(UNKNOWN, "%s is not executable" % YUM)


-class YumTester:
+class YumTester(object):
    """Class to hold all portage test functions and state"""

    def __init__(self):
        """Initialize all object variables"""

-        self.all_updates        = False
-        self.no_cache_update    = False
-        self.no_warn_on_lock    = False
-        self.enable_repo        = ""
-        self.disable_repo       = ""
-        self.timeout            = DEFAULT_TIMEOUT
-        self.verbosity          = 0
+        self.all_updates = False
+        self.no_cache_update = False
+        self.no_warn_on_lock = False
+        self.enable_repo = ""
+        self.disable_repo = ""
+        self.disable_plugin = ""
+        self.yum_config = ""
+        self.timeout = DEFAULT_TIMEOUT
+        self.verbosity = 0
        self.warn_on_any_update = False

    def validate_all_variables(self):
-        """Validates all object variables to make sure the 
+        """Validates all object variables to make sure the
        environment is sane"""

-        if self.timeout == None:
+        if self.timeout is None:
            self.timeout = DEFAULT_TIMEOUT
        try:
            self.timeout = int(self.timeout)
@ -92,7 +112,7 @@ class YumTester:
        if self.timeout < 1 or self.timeout > 3600:
            end(UNKNOWN, "Timeout must be a number between 1 and 3600 seconds")

-        if self.verbosity == None:
+        if self.verbosity is None:
            self.verbosity = 0
        try:
            self.verbosity = int(self.verbosity)
@ -104,13 +124,13 @@ class YumTester:


    def run(self, cmd):
-        """runs a system command and returns 
+        """runs a system command and returns
        an array of lines of the output"""

-        if cmd == "" or cmd == None:
+        if not cmd:
            end(UNKNOWN, "Internal python error - " \
                       + "no cmd supplied for run function")
-       
+
        if self.no_cache_update:
            cmd += " -C"

@ -121,32 +141,43 @@ class YumTester:
            for repo in self.disable_repo.split(","):
                cmd += " --disablerepo=%s" % repo

+        if self.disable_plugin:
+            # --disableplugin can take a comma separated list directly
+            #for plugin in self.disable_plugin.split(","):
+                #cmd += " --disableplugin=%s" % plugin
+            cmd += " --disableplugin=%s" % self.disable_plugin
+
+        if self.yum_config:
+            for repo in self.yum_config.split(","):
+                cmd += " --config=%s" % repo
+
        self.vprint(3, "running command: %s" % cmd)

        if OLD_PYTHON:
            self.vprint(3, "subprocess not available, probably old python " \
                         + "version, using shell instead")
+            os.environ['LANG'] = "en_US"
            returncode, stdout = commands.getstatusoutput(cmd)
            if returncode >= 256:
                returncode = returncode / 256
        else:
            try:
-                process = Popen( cmd.split(), 
-                                 stdin=PIPE, 
-                                 stdout=PIPE, 
-                                 stderr=STDOUT )
+                env = {'LANG': 'en_US'}
+                process = Popen(cmd.split(), stdin=PIPE, stdout=PIPE, stderr=STDOUT, env=env)
            except OSError, error:
                error = str(error)
                if error == "No such file or directory":
                    end(UNKNOWN, "Cannot find utility '%s'" % cmd.split()[0])
                end(UNKNOWN, "Error trying to run utility '%s' - %s" \
                                                  % (cmd.split()[0], error))
-        
+
            output = process.communicate()
+            # for using debug outputs, either do not comment above line or explicitly set exit code below
+            #output = [open(os.path.dirname(__file__) + '/test_input.txt').read(), '']
            returncode = process.returncode
            stdout = output[0]
-        
-        if stdout == None or stdout == "":
+
+        if not stdout:
            end(UNKNOWN, "No output from utility '%s'" % cmd.split()[0])

        self.vprint(3, "Returncode: '%s'\nOutput: '%s'" \
@ -158,19 +189,21 @@ class YumTester:


    def check_returncode(self, returncode, output):
-        """Takes the returncode and output (as an array of lines) 
-        of the YUM program execution and tests for failures, exits 
+        """Takes the returncode and output (as an array of lines)
+        of the yum program execution and tests for failures, exits
        with an appropriate message if any are found"""

        if returncode == 0:
-            pass
+            for line in output:
+                if "You must run this command as root" in line:
+                    end(UNKNOWN, "You must run this plugin as root")
        elif returncode == 100:
            # Updates Available
            pass
        elif returncode == 200:
            if "lock" in output[-2] or "another copy is running" in output[-2]:
                msg = "Cannot check for updates, " \
-                    + "another instance of YUM is running"
+                    + "another instance of yum is running"
                if self.no_warn_on_lock:
                    end(OK, msg)
                else:
@ -179,10 +212,15 @@ class YumTester:
                output = self.strip_output(output)
                end(UNKNOWN, "%s" % output)
        else:
-            if not 'Loading "security" plugin' in output \
+            if 'No more mirrors to try' in output:
+                end(UNKNOWN, 'connectivity issue to repos: \'No more mirrors to try\'. ' + \
+                             'You could also try running --cache-only and ' + \
+                             'scheduling a separate \'yum makecache\' via cron or similar')
+            elif (not ('Loading "security" plugin' in output or 'Loaded plugins:.*security' in output)) \
               or "Command line error: no such option: --security" in output:
-                end(UNKNOWN, "Security plugin for YUM is required. Try to "    \
-                           + "'yum install yum-security' and then re-run "     \
+                end(UNKNOWN, "Security plugin for yum is required. Try to "    \
+                           + "'yum install yum-security' (RHEL5) or " \
+                           + "'yum install yum-plugin-security' (RHEL6) and then re-run " \
                           + "this plugin. Alternatively, to just alert on "   \
                           + "any update which does not require the security " \
                           + "plugin, try --all-updates")
@ -192,8 +230,8 @@ class YumTester:


    def strip_output(self, output):
-        """Cleans up the output from the plugin and returns it. 
-        Takes and returns an array of the lines of output 
+        """Cleans up the output from the plugin and returns it.
+        Takes and returns an array of the lines of output
        and returns a single string"""

        self.vprint(3, "stripping output of 'Loading ... plugin' lines")
@ -243,149 +281,137 @@ class YumTester:

        return number_security_updates, number_other_updates

-    
+
    def get_all_updates(self):
-        """Gets all updates. Returns a single integer of the 
+        """Gets all updates. Returns a single integer of the
        number of available updates"""

        cmd = "%s check-update" % YUM
-        
+
        output = self.run(cmd)

-        output2 = "\n".join(output).split("\n\n")
-        if self.verbosity >= 4 :
+        output2 = [_ for _ in "\n".join(output).split("\n\n") if  _]
+        if self.verbosity >= 4:
            for section in output2:
                print "\nSection:\n%s\n" % section
        if len(output2) > 2 or \
-           not ( "Setting up repositories" in output2[0] or \
-                 "Loaded plugins: " in output2[0] or \
-                 re.search('Loading\s+".+"\s+plugin', output2[0]) ):
+           not ("Setting up repositories" in output2[0] or \
+                "Loaded plugins: " in output2[0] or \
+                re.search(r'Loading\s+".+"\s+plugin', output2[0])):
            end(WARNING, "Yum output signature does not match current known "  \
-                       + "format. Please make sure you have upgraded to the "  \
-                       + "latest version of this plugin. If the problem "      \
-                       + "persists, please contact the author for a fix")
+                       + "format. " + support_msg)
+        number_packages = 0
        if len(output2) == 1:
-            # There are no updates but we have passed 
+            # There are no updates but we have passed
            # the loading and setting up of repositories
-            number_packages = 0
+            pass
        else:
-            number_packages = len([x for x in output2[1].split("\n") \
-                                                        if len(x.split()) > 1 ])
-        
+            for line in output2[1].split("\n"):
+                if len(line.split()) > 1 and \
+                   line[0:1] != " " and \
+                   "Obsoleting Packages" not in line:
+                    number_packages += 1
+
        try:
            number_packages = int(number_packages)
            if number_packages < 0:
                raise ValueError
        except ValueError:
            end(UNKNOWN, "Error parsing package information, invalid package " \
-                       + "number, YUM output may have changed. Please make "   \
-                       + "sure you have upgraded to the latest version of "    \
-                       + "this plugin. If the problem persists, then please "  \
-                       + "contact the author for a fix")
+                       + "number, yum output may have changed. " + support_msg)

-        # Extra layer of checks. This is a security plugin so it's preferable 
-        # to fail on error rather than pass silently leaving you with an 
+        # Extra layer of checks. This is a security plugin so it's preferable
+        # to fail on error rather than pass silently leaving you with an
        # insecure system
        count = 0
+        re_kernel_security_update = re.compile('^Security: kernel-.+ is an installed security update')
+        re_kernel_update = re.compile('^Security: kernel-.+ is the currently running version')
        re_package_format = \
-                re.compile("^.+\.(i[3456]86|x86_64|noarch)\s+.+\s+.+$")
-        # This is to work around a YUM truncation issue effectively changing
+                re.compile(r'^.+\.(i[3456]86|x86_64|noarch)\s+.+\s+.+$')
+        # This is to work around a yum truncation issue effectively changing
        # the package output format. Currently only very long kmod lines
        # are seen to have caused this so we stick to what we know for safety
        # and raise an unknown error on anything else for maximum security
        #re_package_format_truncated = \
        #        re.compile("^[\w-]+-kmod-\d[\d\.-]+.*\s+.+\s+.+$")
+        obsoleting_packages = False
        for line in output:
+            if ' excluded ' in line:
+                continue
+            elif obsoleting_packages and line[0:1] == " ":
+                continue
+            elif "Obsoleting Packages" in line:
+                obsoleting_packages = True
+                continue
+            elif re_kernel_security_update.match(line):
+                end(WARNING, 'Kernel security update is installed but requires a reboot')
+            elif re_kernel_update.match(line):
+                continue
            if re_package_format.match(line):
                count += 1
        if count != number_packages:
            end(UNKNOWN, "Error parsing package information, inconsistent "    \
-                       + "package count, yum output may have changed. Please " \
-                       + "make sure you have upgraded to the latest version "  \
-                       + "of this plugin. If the problem persists, then "      \
-                       + "please contact the author for a fix")
+                       + "package count (%d count vs %s num packages)" % (count, number_packages) \
+                       + ", yum output may have changed. " + support_msg)

-        return number_packages, "'updates'=%s" % (number_packages)
+        return number_packages

-    def get_security_updateinfo(self):
-        """Fetches errata numbers and package names"""
-
-        cmd = "%s list-security" % YUM
-
-        output = self.run(cmd)
-
-        errata = []
-
-        for line in output:
-	    try:
-                if line.split()[1] != "security" and line.split()[1][-4:] != "Sec.":
-                    continue
-            except:
-                continue
-	    (advisoryid, etype, package) = line.split()
-            errata.append( { "name": package, "advisory": advisoryid } )
-    
-        return errata

    def get_security_updates(self):
        """Gets all updates, but differentiates between
-        security and normal updates. Returns a tuple of the number 
+        security and normal updates. Returns a tuple of the number
        of security and normal updates"""

        cmd = "%s --security check-update" % YUM

        output = self.run(cmd)
-        
-        re_security_summary_rhel5 = re.compile("Needed \d+ of \d+ packages, for security")
-        re_security_summary_rhel6 = re.compile("\d+ package\(s\) needed for security, out of \d+ available")
-        re_no_security_updates_available_rhel5 = re.compile("No packages needed, for security, \d+ available")
-        re_no_security_updates_available_rhel6 = re.compile("No packages needed for security; \d+ packages available")
+
+        re_security_summary = \
+                re.compile(r'Needed (\d+) of (\d+) packages, for security')
+        re_summary_rhel6 = re.compile(r'(\d+) package\(s\) needed for security, out of (\d+) available')
+        re_no_sec_updates = \
+                re.compile(r'No packages needed,? for security[;,] (\d+) (?:packages )?available')
+        re_kernel_update = re.compile(r'^Security: kernel-.+ is an installed security update')
        summary_line_found = False
        for line in output:
-            if re_no_security_updates_available_rhel5.match(line):
+            _ = re_summary_rhel6.match(line)
+            if _:
+                summary_line_found = True
+                number_security_updates = _.group(1)
+                number_total_updates = _.group(2)
+                break
+            _ = re_no_sec_updates.match(line)
+            if _:
                summary_line_found = True
                number_security_updates = 0
-                number_total_updates    = line.split()[5]
+                number_total_updates = _.group(1)
                break
-            if re_no_security_updates_available_rhel6.match(line):
+            _ = re_security_summary.match(line)
+            if _:
                summary_line_found = True
-                number_security_updates = 0
-                number_total_updates    = line.split()[5]
-                break
-            if re_security_summary_rhel5.match(line):
-                summary_line_found = True
-                number_security_updates = line.split()[1]
-                number_total_updates    = line.split()[3]
-                break
-            if re_security_summary_rhel6.match(line):
-                summary_line_found = True
-                number_security_updates = line.split()[0]
-                number_total_updates    = line.split()[7]
+                number_security_updates = _.group(1)
+                number_total_updates = _.group(2)
                break
+            _ = re_kernel_update.match(line)
+            if _:
+                end(CRITICAL, "Kernel security update is installed but requires a reboot")

        if not summary_line_found:
-            end(WARNING, "Cannot find summary line in YUM output. Please "     \
-                       + "make sure you have upgraded to the latest version "  \
-                       + "of this plugin. If the problem persists, please "    \
-                       + "contact the author for a fix")
+            end(WARNING, "Cannot find summary line in yum output. " + support_msg)

        try:
            number_security_updates = int(number_security_updates)
            number_total_updates = int(number_total_updates)
        except ValueError:
-            end(WARNING, "Error parsing package information, YUM output " \
-                       + "may have changed. Please make sure you have "     \
-                       + "upgraded to the latest version of this plugin. "  \
-                       + "If the problem persists, the please contact the " \
-                       + "author for a fix")
+            end(WARNING, "Error parsing package information, yum output " \
+                       + "may have changed. " + support_msg)

        number_other_updates = number_total_updates - number_security_updates
-         
-        if len(output) > number_total_updates + 25:
+
+        from_excluded_regex = re.compile(' from .+ excluded ')
+        if len([_ for _ in output if not from_excluded_regex.search(_)]) > number_total_updates + 25:
            end(WARNING, "Yum output signature is larger than current known "  \
-                       + "format, please make sure you have upgraded to the "  \
-                       + "latest version of this plugin. If the problem "      \
-                       + "persists, please contact the author for a fix")
+                       + "format. " + support_msg)

        return number_security_updates, number_other_updates

@ -394,26 +420,25 @@ class YumTester:
        """Starts tests and controls logic flow"""

        check_yum_usable()
-        self.vprint(3, "%s - Version %s\n" \
-            % (__title__, __version__))
-        
+        self.vprint(3, "%s - Version %s\nAuthor: %s\n" \
+            % (__title__, __version__, __author__))
+
        self.validate_all_variables()
        self.set_timeout()
-  
+
        if self.all_updates:
            return self.test_all_updates()
-        else:
-            return self.test_security_updates()
+        return self.test_security_updates()


    def test_all_updates(self):
-        """Tests for all updates, and returns a tuple 
+        """Tests for all updates, and returns a tuple
        of the status code and output"""

-        status  = UNKNOWN
-        message = "code error - please contact author for a fix"
+        status = UNKNOWN
+        message = "code error. " + support_msg

-        number_updates, perfdata = self.get_all_updates()
+        number_updates = self.get_all_updates()
        if number_updates == 0:
            status = OK
            message = "0 Updates Available"
@ -424,20 +449,20 @@ class YumTester:
            else:
                message = "%s Updates Available" % number_updates

-        return status, message, perfdata
+        message += " | total_updates_available=%s" % number_updates
+
+        return status, message


    def test_security_updates(self):
        """Tests for security updates and returns a tuple
        of the status code and output"""

-        status  = UNKNOWN
-        message = "code error - please contact author for a fix"
-        
+        status = UNKNOWN
+        message = "code error. " + support_msg
+
        number_security_updates, number_other_updates = \
                                                    self.get_security_updates()
-
-	perfdata = "'security_updates'=%s 'other_updates'=%s" % (number_security_updates, number_other_updates)
        if number_security_updates == 0:
            status = OK
            message = "0 Security Updates Available"
@ -448,6 +473,7 @@ class YumTester:
            elif number_security_updates > 1:
                message = "%s Security Updates Available" \
                                                    % number_security_updates
+
        if number_other_updates != 0:
            if self.warn_on_any_update and status != CRITICAL:
                status = WARNING
@ -456,13 +482,10 @@ class YumTester:
            else:
                message += ". %s Non-Security Updates Available" \
                                                        % number_other_updates
-                                
-        if number_security_updates and self.long_output:
-            errata = self.get_security_updateinfo()
-            for e in errata:
-                message += "\n%s - %s" % (e['advisory'], e['name'])
-    
-        return status, message, perfdata
+        message += " | security_updates_available=%s non_security_updates_available=%s total_updates_available=%s" \
+                   % (number_security_updates, number_other_updates, number_security_updates + number_other_updates)
+
+        return status, message


    def vprint(self, threshold, message):
@ -479,88 +502,97 @@ def main():
    tester = YumTester()
    parser = OptionParser()

-    parser.add_option( "--all-updates",
-                       action="store_true",
-                       dest="all_updates",
-                       help="Does not distinguish between security and "      \
-                          + "non-security updates, but returns critical for " \
-                          + "any available update. This may be used if the "  \
-                          + "YUM security plugin is absent or you want to "   \
-                          + "maintain every single package at the latest "    \
-                          + "version. You may want to use "                   \
-                          + "--warn-on-any-update instead of this option")
+    parser.add_option("-A",
+                      "--all-updates",
+                      action="store_true",
+                      dest="all_updates",
+                      help="Does not distinguish between security and "      \
+                         + "non-security updates, but returns critical for " \
+                         + "any available update. This may be used if the "  \
+                         + "yum security plugin is absent or you want to "   \
+                         + "maintain every single package at the latest "    \
+                         + "version. You may want to use "                   \
+                         + "--warn-on-any-update instead of this option")

-    parser.add_option( "--warn-on-any-update",
-                       action="store_true",
-                       dest="warn_on_any_update",
-                       help="Warns if there are any (non-security) package "   \
-                          + "updates available. By default only warns when "   \
-                          + "security related updates are available. If "      \
-                          + "--all-updates is used, then this option is "      \
-                          + "redundant as --all-updates will return a "        \
-                          + "critical result on any available update, "        \
-                          + "whereas using this switch still allows you to "   \
-                          + "differentiate between the severity of updates ")
+    parser.add_option("-W",
+                      "--warn-on-any-update",
+                      action="store_true",
+                      dest="warn_on_any_update",
+                      help="Warns if there are any (non-security) package "   \
+                         + "updates available. By default only warns when "   \
+                         + "security related updates are available. If "      \
+                         + "--all-updates is used, then this option is "      \
+                         + "redundant as --all-updates will return a "        \
+                         + "critical result on any available update, "        \
+                         + "whereas using this switch still allows you to "   \
+                         + "differentiate between the severity of updates ")

-    parser.add_option( "-C",
-                       "--cache-only",
-                       action="store_true",
-                       dest="no_cache_update",
-                       help="Run entirely from cache and do not update the " \
-                          + "cache when running YUM. Useful if you have "    \
-                          + "'yum makecache' cronned so that the nagios "    \
-                          + "check itself doesn't have to do it, possibly "  \
-                          + "speeding up execution (by 1-2 seconds in tests)")
+    parser.add_option("-C",
+                      "--cache-only",
+                      action="store_true",
+                      dest="no_cache_update",
+                      help="Run entirely from cache and do not update the " \
+                         + "cache when running yum. Useful if you have "    \
+                         + "'yum makecache' cronned so that the nagios "    \
+                         + "check itself doesn't have to do it, possibly "  \
+                         + "speeding up execution (by 1-2 seconds in tests)")

-    parser.add_option( "--no-warn-on-lock",
-                       action="store_true",
-                       dest="no_warn_on_lock",
-                       help="Return OK instead of WARNING when YUM is locked " \
-                          + "and fails to check for updates due to another "   \
-                          + "instance running. This is not recommended from "  \
-                          + "the security standpoint, but may be wanted to "   \
-                          + "reduce the number of alerts that may "            \
-                          + "intermittently pop up when someone is running "   \
-                          + "YUM interactively for package management")
+    parser.add_option("-c",
+                      "--config",
+                      dest="yum_config",
+                      help="Run with custom repository config in order to use " \
+                         + "custom repositories in case of special setup for")

-    parser.add_option( "--enablerepo",
-                       dest="repository_to_enable",
-                       help="Explicitly enables a reposity when calling YUM. "
-                          + "Can take a comma separated list of repositories")
+    parser.add_option("-N",
+                      "--no-warn-on-lock",
+                      action="store_true",
+                      dest="no_warn_on_lock",
+                      help="Return OK instead of WARNING when yum is locked " \
+                         + "and fails to check for updates due to another "   \
+                         + "instance running. This is not recommended from "  \
+                         + "the security standpoint, but may be wanted to "   \
+                         + "reduce the number of alerts that may "            \
+                         + "intermittently pop up when someone is running "   \
+                         + "yum for package management")

-    parser.add_option( "--disablerepo",
-                       dest="repository_to_disable",
-                       help="Explicitly disables a repository when calling YUM "
-                          + "Can take a comma separated list of repositories")
+    parser.add_option("-e",
+                      "--enablerepo",
+                      dest="repository_to_enable",
+                      help="Explicitly enables a reposity when calling yum. " +
+                      "Can take a comma separated list of repositories")

-    parser.add_option( "-l",
-                       "--long-output",
-                       action="store_true",
-                       dest="long_output",
-                       help="Shows more detailed output including the errata "
-                          + "ID.")
+    parser.add_option("-d",
+                      "--disablerepo",
+                      dest="repository_to_disable",
+                      help="Explicitly disables a repository when calling yum. " \
+                         + "Can take a comma separated list of repositories")

-    parser.add_option( "-t",
-                       "--timeout",
-                       dest="timeout",
-                       help="Sets a timeout in seconds after which the "  \
-                           +"plugin will exit (defaults to %s seconds). " \
+    parser.add_option("--disableplugin",
+                      dest="plugin_to_disable",
+                      help="Explicitly disables a plugin when calling yum. " \
+                         + "Can take a comma separated list of plugins")
+
+    parser.add_option("-t",
+                      "--timeout",
+                      dest="timeout",
+                      help="Sets a timeout in seconds after which the "  \
+                          +"plugin will exit (defaults to %s seconds). " \
                                                      % DEFAULT_TIMEOUT)

-    parser.add_option( "-v", 
-                       "--verbose", 
-                       action="count", 
-                       dest="verbosity",
-                       help="Verbose mode. Can be used multiple times to "     \
-                          + "increase output. Use -vvv for debugging output. " \
-                          + "By default only one result line is printed as "   \
-                          + "per Nagios standards")
+    parser.add_option("-v",
+                      "--verbose",
+                      action="count",
+                      dest="verbosity",
+                      help="Verbose mode. Can be used multiple times to "     \
+                         + "increase output. Use -vvv for debugging output. " \
+                         + "By default only one result line is printed as "   \
+                         + "per Nagios standards")

-    parser.add_option( "-V",
-                       "--version",
-                       action="store_true",
-                       dest="version",
-                       help="Print version number and exit")
+    parser.add_option("-V",
+                      "--version",
+                      action="store_true",
+                      dest="version",
+                      help="Print version number and exit")

    (options, args) = parser.parse_args()

@ -568,23 +600,24 @@ def main():
        parser.print_help()
        sys.exit(UNKNOWN)

-    tester.all_updates                 = options.all_updates
-    tester.no_cache_update             = options.no_cache_update
-    tester.no_warn_on_lock             = options.no_warn_on_lock
-    tester.enable_repo                 = options.repository_to_enable
-    tester.disable_repo                = options.repository_to_disable
-    tester.timeout                     = options.timeout
-    tester.verbosity                   = options.verbosity
-    tester.warn_on_any_update          = options.warn_on_any_update
-    tester.long_output                 = options.long_output
+    tester.all_updates = options.all_updates
+    tester.no_cache_update = options.no_cache_update
+    tester.no_warn_on_lock = options.no_warn_on_lock
+    tester.enable_repo = options.repository_to_enable
+    tester.disable_repo = options.repository_to_disable
+    tester.disable_plugin = options.plugin_to_disable
+    tester.yum_config = options.yum_config
+    tester.timeout = options.timeout
+    tester.verbosity = options.verbosity
+    tester.warn_on_any_update = options.warn_on_any_update

    if options.version:
-        print "%s - Version %s\n" \
-            % (__title__, __version__)
+        print "%s - Version %s\nAuthor: %s\n" \
+            % (__title__, __version__, __author__)
        sys.exit(OK)
-    
-    result, output, perfdata = tester.test_yum_updates()
-    end(result, output, perfdata)
+
+    result, output = tester.test_yum_updates()
+    end(result, output)


 if __name__ == "__main__":
@ -593,37 +626,3 @@ if __name__ == "__main__":
    except KeyboardInterrupt:
        print "Caught Control-C..."
        sys.exit(CRITICAL)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#Copyright © ?–?, Hari Sekhon <harisekhon@gmail.com>.
-#Copyright © 2012, Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>.
-#All rights reserved.
-#
-#
-#This program is free software; you can redistribute it and/or
-#modify it under the terms of the GNU General Public License
-#as published by the Free Software Foundation; version 2
-#of the License.
-#
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU General Public License for more details.
-#
-#You should have received a copy of the GNU General Public License
-#along with this program; if not, write to the Free Software
-#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/rel-eng/packages/nagios-okplugin-check_xroad_token
+++ b/rel-eng/packages/nagios-okplugin-check_xroad_token
@ -0,0 +1 @@
+1.2-1 check_xroad_token/
--- a/rel-eng/releasers.conf
+++ b/rel-eng/releasers.conf
@ -3,6 +3,7 @@
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-7-x86_64
+srpm_disttag = .el7
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel7/x86_64/

 # RHEL 7 Test
@ -10,6 +11,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel7/x86_64/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-7-x86_64
+srpm_disttag = .el7
 builder.test = 1
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel7/x86_64/

@ -19,12 +21,14 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel7/x8
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-x86_64
+srpm_disttag = .el6
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel6/x86_64/

 [production-el6-i386]
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-i386
+srpm_disttag = .el6
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel6/i386/


@ -34,6 +38,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel6/i386/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-x86_64
+srpm_disttag = .el5
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/x86_64/

@ -42,6 +47,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/x86_64/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-i386
+srpm_disttag = .el5
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/i386/

@ -50,6 +56,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/rhel5/i386/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-x86_64
+srpm_disttag = .el6
 builder.test = 1
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel6/x86_64/

@ -58,6 +65,7 @@ releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-6-i386
 builder.test = 1
+srpm_disttag = .el6
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel6/i386/


@ -66,6 +74,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel6/i3
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-x86_64
+srpm_disttag = .el5
 builder.test = 1
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/x86_64/
@ -75,6 +84,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/x8
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = epel-5-i386
+srpm_disttag = .el5
 builder.test = 1
 createrepo_command = createrepo -s sha1 .
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/i386/
@ -86,6 +96,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/rhel5/i3
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = fedora-20-x86_64
+srpm_disttag = .fc20
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/fedora20/x86_64/

 # Fedora FC20
@ -93,6 +104,7 @@ rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/fedora20/x86_64/
 releaser = tito.release.YumRepoReleaser
 builder = tito.builder.MockBuilder
 builder.mock = fedora-20-x86_64
+srpm_disttag = .fc20
 builder.test = 1
 rsync = tito@opensource.is:/var/www/sites/opensource.ok.is/repo/testing/fedora20/x86_64/
Author	SHA1	Message	Date
Guðvarður Ólafsson	ffbdd754d4	Create readme.md	2022-01-04 13:20:15 +00:00
Garðar Þorsteinsson	0440124d3a	Merge pull request #45 from monitoreoDotOsiAtUchileDotCl/master :D	2020-10-28 16:34:34 +00:00
monitoreoDotOsiAtUchileDotCl	36582886c9	warn/crit threshold 4 connRate, warning/crit output improvement	2020-10-28 12:24:56 -03:00
monitoreoDotOsiAtUchileDotCl	21c7874418	warn/crit threshold 4 connRate, warning/crit output improvement	2020-10-28 12:17:15 -03:00
Garðar Þorsteinsson	6b12d2414a	Merge pull request #44 from monitoreoDotOsiAtUchileDotCl/master warn/crit threshold 4 connRate	2020-10-26 21:34:49 +00:00
monitoreoDotOsiAtUchileDotCl	ac1f45311e	warn/crit threshold 4 connRate	2020-10-26 17:46:39 -03:00
Garðar Þorsteinsson	be3ea24fd8	Merge pull request #43 from monitoreoDotOsiAtUchileDotCl/master some improvements	2020-10-22 15:34:40 +00:00
monitoreoDotOsiAtUchileDotCl	1f9e1444cc	another minor change, libexec path	2020-10-22 10:37:42 -03:00
monitoreoDotOsiAtUchileDotCl	bdb3233198	minor changes ,using spaces instead of tabs	2020-10-22 10:32:57 -03:00
monitoreoDotOsiAtUchileDotCl	f22a7d8fb8	patch 1.2.1a	2020-10-22 10:27:34 -03:00
Garðar Þorsteinsson	6c12036e30	Update releasers.conf	2020-09-14 12:31:11 +00:00
Your Name	8aed467ab0	Automatic commit of package [nagios-okplugin-check_xroad_token] release [1.2-1].	2020-09-14 11:51:06 +00:00
Garðar Þorsteinsson	df42d6ee6d	Merge pull request #41 from opinkerfi/xroad-check_xroad_token check_xroad_token plugin created	2020-09-11 16:04:15 +00:00
Garðar Þorsteinsson	223331510b	check_xroad_token plugin created	2020-09-11 16:01:05 +00:00
Garðar Þorsteinsson	ea93f8126f	Fix masking of exit code	2020-09-11 11:09:40 +00:00
Garðar Þorsteinsson	3ad7f64f55	Merge pull request #40 from opinkerfi/check_service Added check_service plugin	2020-04-21 12:58:41 +00:00
Gardar Thorsteinsson	e48179add8	Added check_service	2020-04-21 12:56:55 +00:00
Gardar Thorsteinsson	56960140fe	Added check_service plugin	2020-04-21 12:52:47 +00:00
Garðar Þorsteinsson	9eda5324d5	Merge pull request #39 from opinkerfi/plugin_check_yum_update Updated check_yum to 0.8.9	2019-10-23 15:45:05 +00:00
Gardar Thorsteinsson	09f29727fb	Updated check_yum to 0.8.9	2019-10-23 15:44:17 +00:00
				`@ -0,0 +1 @@`
				`command[check_service]=/usr/lib/nagios/plugins/check_service.sh`