mirror of
https://github.com/opinkerfi/nagios-plugins.git
synced 2024-11-22 10:23:46 +01:00
ee5adc2363
First, use the proper keywords OK/WARN/UNKNOWN so the check follows the plugin guidelines Second, to not confuse things, the UNKNOWN case would give multiline output. The first bit goes to the status line, the second to the extended status info. I tried to not mess around, but I also made SELinux caps :-)
93 lines
2.2 KiB
Bash
93 lines
2.2 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Copyright 2010, Pall Sigurdsson <palli@opensource.is>
|
|
#
|
|
# This script is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This script is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# About this script
|
|
#
|
|
# Checks selinux status of a specified host, using NRPE if the host is remote
|
|
|
|
HOSTN="localhost" # By default check localhost
|
|
CHECK_COMMAND="getenforce" # Default command to check selinux status
|
|
|
|
print_help() {
|
|
echo "check_selinux version $VERSION"
|
|
echo "This plugin checks selinux status of a remote host"
|
|
echo ""
|
|
echo "Usage: $0 -H <host> -s <status>"
|
|
echo ""
|
|
echo "Example: Check if remote host is Enforcing"
|
|
echo "# check_selinux -H remotehost -s Enforcing"
|
|
}
|
|
|
|
if [ $# -eq 0 ]; then
|
|
print_help ;
|
|
exit $UNKNOWN
|
|
fi
|
|
|
|
|
|
# Parse arguments
|
|
while [ $# -gt 0 ]
|
|
do
|
|
case $1
|
|
in
|
|
-H)
|
|
HOSTN=$2
|
|
shift 2
|
|
;;
|
|
|
|
-s)
|
|
STATUS=$2
|
|
shift 2
|
|
;;
|
|
|
|
*)
|
|
print_help ;
|
|
exit $UNKNOWN
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
|
|
# We we are not checking localhost, lets get remote selinux status via NRPE
|
|
if [ "$HOSTN" != "localhost" ]; then
|
|
export PATH=$PATH:/usr/lib/nagios/plugins:/usr/lib64/nagios/plugins:/nagios/usr/lib/nagios/plugins
|
|
CHECK_COMMAND="check_nrpe -H $HOSTN -c get_selinux"
|
|
fi
|
|
|
|
|
|
# Get the selinux status, raise error if we are unsuccessful
|
|
OUTPUT=`$CHECK_COMMAND`
|
|
RESULT=$?
|
|
|
|
if [ $RESULT -gt 0 ]; then
|
|
echo "UNKNOWN - Could not run command $CHECK_COMMAND"
|
|
echo "Error was: $OUTPUT"
|
|
exit 3
|
|
fi
|
|
|
|
# Parse the output from the command
|
|
if [ "$OUTPUT" == "$STATUS" ]; then
|
|
echo "OK - SELinux status is $OUTPUT"
|
|
exit 0
|
|
else
|
|
echo "WARNING - SELinux status is $OUTPUT (supposed to be $STATUS)"
|
|
exit 1
|
|
fi
|
|
|
|
|
|
|