diff --git a/check_nmap.sh b/check_nmap.sh index fc848ea..8276962 100755 --- a/check_nmap.sh +++ b/check_nmap.sh @@ -29,12 +29,17 @@ while [[ $# -gt 0 ]]; do echo "--input FILE: Read from this file. Default: /proc/mdstat" exit 0 ;; + *) + echoerr "Unknown argument: $1" + exit 3 + ;; esac shift done if [ -z "$HOST" -a -z "$INPUT" ]; then echoerr "Missing host argument (-h)" + exit 3 fi function log { @@ -83,7 +88,8 @@ function runNmap { } NOW_PORTS=false -OPEN_PORTS=() +PORT_STATES=() +PORT_NAMES=() function parseLine { local line="$1" if ! $NOW_PORTS; then @@ -94,53 +100,67 @@ function parseLine { if [ -z "$line" ]; then NOW_PORTS=false else - local x=${line/\/*} - OPEN_PORTS+=($x) + local split + read -ra split <<< "$line" + local number=${split[0]/\/*} + local state=${split[1]} + local name=${split[2]} + PORT_STATES[$number]=$state + PORT_NAMES[$number]=$name fi fi } ERROR=false -NEW_PORTS=() +UNEXP_OPEN_PORTS=() function comparePorts { log ${KNOWN_PORTS[@]} KNOWN_PORTS=($(for each in ${KNOWN_PORTS[@]}; do echo $each; done | sort)) log ${KNOWN_PORTS[@]} - for i in "${OPEN_PORTS[@]}"; do + for port in "${!PORT_STATES[@]}"; do + if [[ "${PORT_STATES[$port]}" != open* ]]; then + continue; + fi + skip=false for j in "${KNOWN_PORTS[@]}"; do - if [ $j -eq $i ]; then + if [ $j -eq $port ]; then skip=true break fi done if ! $skip; then - log Unexpected open port: $i - NEW_PORTS+=($i) + log Unexpected open port: $port + UNEXP_OPEN_PORTS+=($port) fi done - if [ ${#NEW_PORTS[@]} -gt 0 ]; then + if [ ${#UNEXP_OPEN_PORTS[@]} -gt 0 ]; then ERROR=true fi } function print { if $ERROR; then - echo "CRITICAL - These ports should not be open: ${NEW_PORTS[@]}" + echo -n "CRITICAL - These ports should not be open: ${UNEXP_OPEN_PORTS[@]}" else - echo "OK" + echo -n "OK" fi + echo -n " | " - if $ERROR; then - exit 2 - else - exit 0 - fi + for port in "${!PORT_STATES[@]}"; do + echo -n "'${PORT_NAMES[$port]} ($port): ${PORT_STATES[$port]}'=0 " + done } runNmap comparePorts print +if $ERROR; then + exit 2 +else + exit 0 +fi +