Add command and service config

Fix some bugs (especially processing a downloaded file)
2022-03-06 22:19:43 +01:00 · 2022-03-06 22:19:20 +01:00
4 changed files with 72 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -4,5 +4,5 @@ A check script for icinga2 to check for the expiration of GPG keys (local or onl

    Check gpg expiration date. Arguments:
    --url URL: Where to find the GPG key. Path to a local file or an URL to download from.
-    --warn DAYS: Warning threshold (integer in days)
-    --crit DAYS: Critical threshold (integer in days)
+    --warning DAYS: Warning threshold (integer in days)
+    --critical DAYS: Critical threshold (integer in days)
--- a/check_gpg_key_expiration.sh
+++ b/check_gpg_key_expiration.sh
@ -2,6 +2,19 @@

 function echoerr { echo "$@" 1>&2; }

+function cleanup {
+	if [ -n "$TMPFILE" -a -f "$TMPFILE" ]; then
+		rm -f "$TMPFILE"
+	fi
+	if [ -n "$TMPFILE2" -a -f "$TMPFILE2" ]; then
+		rm -f "$TMPFILE2"
+	fi
+	if [ -n "$TMPDIR" -a -d "$TMPDIR" ]; then
+		rm -rf "$TMPDIR"
+	fi
+}
+trap 'cleanup' EXIT
+
 function checkEnvironment {
    ### Check the environment ###
    if ! which gpg 2>&1 >/dev/null; then
@ -12,7 +25,11 @@ function checkEnvironment {
    # Command to download a file
    DOWNLOAD=""
    if which curl 2>&1 >/dev/null; then
-        DOWNLOAD="curl -s -o "
+		if $DEBUG; then
+			DOWNLOAD="curl -o "
+		else
+			DOWNLOAD="curl -s -o "
+		fi
    elif which wget 2>&1 >/dev/null; then
        DOWNLOAD="wget -o /dev/null -O "
    else 
@ -21,6 +38,8 @@ function checkEnvironment {
    fi

    # Command to get information about all subkeys
+	TMPDIR=$(mktemp -d) || exit 3
+	export GNUPGHOME=$TMPDIR # don't create ~/.gnupg directory
    GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys"
 }

@ -36,15 +55,15 @@ function parseArguments {
    CRIT=2 # days
    while [[ $# -gt 0 ]]; do
        case $1 in
-            -u|--url)		URL="$2"; shift;;
-            -w|--warn)      WARN=$2; shift;;
-            -c|--crit)      CRIT=$2; shift;;
-            -d|--debug) 	DEBUG=true;;
+            -u|--url|--file)		URL="$2"; shift;;
+            -w|--warn|--warning)    WARN=$2; shift;;
+            -c|--crit|--critical)   CRIT=$2; shift;;
+            -d|--debug) 			DEBUG=true;;
            -?|--help)
                echo "Check gpg expiration date. Arguments:"
-                echo "--url URL: Where to find the GPG key"
-                echo "--warn DAYS: Warning threshold (integer in days)"
-                echo "--crit DAYS: Critical threshold (integer in days)"
+                echo "--url URL: Where to find the GPG key (URL or path to file)"
+                echo "--warning DAYS: Warning threshold (integer in days)"
+                echo "--critical DAYS: Critical threshold (integer in days)"
                exit 0
                ;;
            *)
@ -145,7 +164,7 @@ function metrics {
    local expirationDate=$2
    local remaining_s=$3

-    METRICS="${METRICS}'$key expiration date'=$(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate) "
+    METRICS="${METRICS}'$key expiration date: $(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate)'=0 "
    METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s "
 }

@ -179,26 +198,26 @@ function getAndParseKey {

    # for appropriate error handling we cannot use pipes (at least I don't know how to)
    TMPFILE=$(mktemp) || exit 3
-    #trap 'rm -f "$TMPFILE"' RETURN
-    #trap 'rm -f "$TMPFILE"' EXIT

    # If the URL is a local path, use it as input to GPG_SHOW
    if [ ! -f "$URL" ]; then
-        log "Downloading $URL"
-        $DOWNLOAD "$TMPFILE" "$URL"
+		TMPFILE2=$(mktemp) || exit 3
+        log "Downloading $URL to $TMPFILE2: $DOWNLOAD \"$TMPFILE2\" \"$URL\""
+        $DOWNLOAD "$TMPFILE2" "$URL"
        exit=$?
        if [ $exit -ne 0 ]; then
            echo "ERROR - Downloading failed with $exit"
            exit 3
        fi
-        infile="$TMPFILE"
+        infile="$TMPFILE2"
    else
        log "Using local file $URL"
        infile="$URL"
    fi

    # Process with GPG
-    cat "$infile" | $GPG_SHOW > "$TMPFILE"
+	log "Processing $infile: cat \"$infile\" | $GPG_SHOW > \"$TMPFILE\""
+    cat "$infile" | $GPG_SHOW > "$TMPFILE" 2> /dev/null
    exit=$?
    if [ $exit -ne 0 ]; then
        echo "ERROR - gpg failed with $exit"
@ -209,7 +228,10 @@ function getAndParseKey {
        parseLine "$line"
    done < "$TMPFILE"

-    trap - EXIT
+	rm -f "$TMPFILE" && TMPFILE=""
+	if [ -n "$TMPFILE2" ]; then
+		rm -f "$TMPFILE2" && TMPFILE2=""
+	fi
 }


@ -228,8 +250,8 @@ function printResult {



-checkEnvironment
 parseArguments "$@"
+checkEnvironment
 getAndParseKey
 printResult
 exit $RESULT
--- a/command_check_gpg_key_expiration.conf
+++ b/command_check_gpg_key_expiration.conf
@ -0,0 +1,12 @@
+object CheckCommand "gpg-key-expiration" {
+	import "plugin-check-command"
+
+	command = [ "/home/nagios/check_gpg_key_expiration.sh/check_gpg_key_expiration.sh" ]
+
+	arguments = {
+		"--warning"  = "$check_gpg_key_expiration_warn$"
+		"--critical" = "$check_gpg_key_expiration_crit$"
+		"--url"      = "$check_gpg_key_expiration_url$"
+	}
+}
+
--- a/service_check_gpg_key_expiration.conf
+++ b/service_check_gpg_key_expiration.conf
@ -0,0 +1,19 @@
+apply Service "gpg-key " for (key => config in host.vars["gpg-key-expiration"]) {
+	import "generic-service"
+
+	check_command = "gpg-key-expiration"
+	check_interval = 1d
+	retry_interval = 4h
+	vars.notification_interval = 1d
+
+	vars.check_gpg_key_expiration_url = key
+
+	for (k => v in config) {
+		if (match("_*", k)) {
+			vars[k.substr(1)] = v
+		} else {
+			vars["check_gpg_key_expiration_" + k] = v
+		}
+	}
+}
+
Author	SHA1	Message	Date
Jonny007-MKD	b8a0a4abbd	Add command and service config	2022-03-06 22:19:43 +01:00
Jonny007-MKD	597e47bb82	Fix some bugs (especially processing a downloaded file)	2022-03-06 22:19:20 +01:00