checks/saprouter_cert

   1 #!/usr/bin/python
   2 # -*- encoding: utf-8; py-indent-offset: 4 -*-
   3 # +------------------------------------------------------------------+
   4 # |             ____ _               _        __  __ _  __           |
   5 # |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
   6 # |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
   7 # |           | |___| | | |  __/ (__|   <    | |  | | . \            |
   8 # |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
   9 # |                                                                  |
  10 # | Copyright Mathias Kettner 2016             mk@mathias-kettner.de |
  11 # +------------------------------------------------------------------+
  12 #
  13 # This file is part of Check_MK.
  14 # The official homepage is at http://mathias-kettner.de/check_mk.
  15 #
  16 # check_mk is free software;  you can redistribute it and/or modify it
  17 # under the  terms of the  GNU General Public License  as published by
  18 # the Free Software Foundation in version 2.  check_mk is  distributed
  19 # in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
  20 # out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
  21 # PARTICULAR PURPOSE. See the  GNU General Public License for more de-
  22 # tails. You should have  received  a copy of the  GNU  General Public
  23 # License along with GNU Make; see the file  COPYING.  If  not,  write
  24 # to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
  25 # Boston, MA 02110-1301 USA.
  26
  27 # Valid
  28 # <<<saprouter_cert>>>
  29 # SSO for USER "prdadm"
  30 #   with PSE file "/usr/users/prdadm/saprouter/local.pse"
  31 #
  32 # Validity  -  NotBefore:   Wed Mar 30 11:21:33 2016 (160330102133Z)
  33 #               NotAfter:   Thu Mar 30 11:21:33 2017 (170330102133Z)
  34
  35 # No certificate
  36 # <<<saprouter_cert>>>
  37 # get_my_name: no PSE name supplied, no SSO credentials found!
  38
  39 # running seclogin with USER="root"
  40 # seclogin: No SSO credentials available
  41
  42 # PSE broken
  43 # <<<saprouter_cert>>>
  44 # get_my_name: Couldn't open PSE "/usr/users/prdadm/saprouter/local.pse" (Decoding error)
  45
  46 # Suggested by customer
  47 factory_settings["saprouter_cert_default_levels"] = {
  48     "validity_age": (86400 * 30, 86400 * 7),
  49 }
  50
  51
  52 def parse_saprouter_cert(info):
  53     def parse_date(list_):
  54         time_struct = time.strptime(" ".join(list_), "%b %d %H:%M:%S %Y")
  55         return time.mktime(time_struct), "%s-%s-%s" % time_struct[:3]
  56
  57     parsed = {}
  58     validity = None
  59     for line in info:
  60         if line[0] == "Validity":
  61             validity = "valid"
  62             parsed.setdefault(validity, {})
  63
  64         if validity and "NotBefore:" in line:
  65             parsed[validity].setdefault("not_before", parse_date(line[-5:-1]))
  66
  67         elif validity and ("NotAfter:" in line or "NotAfter" in line):
  68             parsed[validity].setdefault("not_after", parse_date(line[-5:-1]))
  69
  70         elif " ".join(line[:3]).lower() == "sso for user":
  71             parsed.setdefault("sso_user", line[-1].replace('"', ""))
  72
  73         elif " ".join(line[:3]).lower() == "with pse file":
  74             parsed.setdefault("pse_file", line[-1].replace('"', ""))
  75
  76         elif not validity:
  77             parsed.setdefault("failed", [])
  78             parsed["failed"].append(" ".join(line))
  79
  80     return parsed
  81
  82
  83 def inventory_saprouter_cert(parsed):
  84     if parsed:
  85         return [(None, None)]
  86
  87
  88 def check_saprouter_cert(_no_item, params, parsed):
  89     if "valid" in parsed:
  90         _not_before, not_before_readable = parsed["valid"]["not_before"]
  91         not_after, not_after_readable = parsed["valid"]["not_after"]
  92         validity_age = not_after - time.time()
  93
  94         warn, crit = params["validity_age"]
  95         infotext   = "Valid from %s to %s, %s to go" % \
  96                      (not_before_readable, not_after_readable,
  97                       get_age_human_readable(validity_age))
  98
  99         state = 0
 100         if validity_age < crit:
 101             state = 2
 102         elif validity_age < warn:
 103             state = 1
 104
 105         if state:
 106             infotext += " (warn/crit below %s/%s)" % \
 107                 (get_age_human_readable(warn), get_age_human_readable(crit))
 108
 109         return state, infotext
 110
 111     elif "failed" in parsed:
 112         return 3, " - ".join(parsed["failed"])
 113
 114
 115 check_info['saprouter_cert'] = {
 116     'parse_function': parse_saprouter_cert,
 117     'inventory_function': inventory_saprouter_cert,
 118     'check_function': check_saprouter_cert,
 119     'service_description': 'SAP router certificate',
 120     'default_levels_variable': 'saprouter_cert_default_levels',
 121     'group': 'saprouter_cert_age'
 122 }