checks/saprouter_cert

   1 #!/usr/bin/python
   2 # -*- encoding: utf-8; py-indent-offset: 4 -*-
   3 # +------------------------------------------------------------------+
   4 # |             ____ _               _        __  __ _  __           |
   5 # |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
   6 # |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
   7 # |           | |___| | | |  __/ (__|   <    | |  | | . \            |
   8 # |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
   9 # |                                                                  |
  10 # | Copyright Mathias Kettner 2016             mk@mathias-kettner.de |
  11 # +------------------------------------------------------------------+
  12 #
  13 # This file is part of Check_MK.
  14 # The official homepage is at http://mathias-kettner.de/check_mk.
  15 #
  16 # check_mk is free software;  you can redistribute it and/or modify it
  17 # under the  terms of the  GNU General Public License  as published by
  18 # the Free Software Foundation in version 2.  check_mk is  distributed
  19 # in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
  20 # out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
  21 # PARTICULAR PURPOSE. See the  GNU General Public License for more de-
  22 # tails. You should have  received  a copy of the  GNU  General Public
  23 # License along with GNU Make; see the file  COPYING.  If  not,  write
  24 # to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
  25 # Boston, MA 02110-1301 USA.
  26
  27
  28 # Valid
  29 # <<<saprouter_cert>>>
  30 # SSO for USER "prdadm"
  31 #   with PSE file "/usr/users/prdadm/saprouter/local.pse"
  32 #
  33 # Validity  -  NotBefore:   Wed Mar 30 11:21:33 2016 (160330102133Z)
  34 #               NotAfter:   Thu Mar 30 11:21:33 2017 (170330102133Z)
  35
  36 # No certificate
  37 # <<<saprouter_cert>>>
  38 # get_my_name: no PSE name supplied, no SSO credentials found!
  39
  40 # running seclogin with USER="root"
  41 # seclogin: No SSO credentials available
  42
  43 # PSE broken
  44 # <<<saprouter_cert>>>
  45 # get_my_name: Couldn't open PSE "/usr/users/prdadm/saprouter/local.pse" (Decoding error)
  46
  47
  48 # Suggested by customer
  49 factory_settings["saprouter_cert_default_levels"] = {
  50     "validity_age" : (86400 * 30, 86400 * 7),
  51 }
  52
  53
  54 def parse_saprouter_cert(info):
  55     def parse_date(list_):
  56         time_struct = time.strptime(" ".join(list_), "%b %d %H:%M:%S %Y")
  57         return time.mktime(time_struct), "%s-%s-%s" % time_struct[:3]
  58
  59     parsed   = {}
  60     validity = None
  61     for line in info:
  62         if line[0] == "Validity":
  63             validity = "valid"
  64             parsed.setdefault(validity, {})
  65
  66         if validity and "NotBefore:" in line:
  67             parsed[validity].setdefault("not_before", parse_date(line[-5:-1]))
  68
  69         elif validity and ("NotAfter:" in line or "NotAfter" in line):
  70             parsed[validity].setdefault("not_after", parse_date(line[-5:-1]))
  71
  72         elif " ".join(line[:3]).lower() == "sso for user":
  73             parsed.setdefault("sso_user", line[-1].replace('"', ""))
  74
  75         elif " ".join(line[:3]).lower() == "with pse file":
  76             parsed.setdefault("pse_file", line[-1].replace('"', ""))
  77
  78         elif not validity:
  79             parsed.setdefault("failed", [])
  80             parsed["failed"].append( " ".join(line) )
  81
  82     return parsed
  83
  84
  85 def inventory_saprouter_cert(parsed):
  86     if parsed:
  87         return [ (None, None) ]
  88
  89
  90 def check_saprouter_cert(_no_item, params, parsed):
  91     if "valid" in parsed:
  92         _not_before, not_before_readable = parsed["valid"]["not_before"]
  93         not_after,  not_after_readable  = parsed["valid"]["not_after"]
  94         validity_age = not_after - time.time()
  95
  96         warn, crit = params["validity_age"]
  97         infotext   = "Valid from %s to %s, %s to go" % \
  98                      (not_before_readable, not_after_readable,
  99                       get_age_human_readable(validity_age))
 100
 101         state = 0
 102         if validity_age < crit:
 103             state = 2
 104         elif validity_age < warn:
 105             state = 1
 106
 107         if state:
 108             infotext += " (warn/crit below %s/%s)" % \
 109                 (get_age_human_readable(warn), get_age_human_readable(crit))
 110
 111         return state, infotext
 112
 113     elif "failed" in parsed:
 114         return 3, " - ".join(parsed["failed"])
 115
 116
 117 check_info['saprouter_cert'] = {
 118     'parse_function'            : parse_saprouter_cert,
 119     'inventory_function'        : inventory_saprouter_cert,
 120     'check_function'            : check_saprouter_cert,
 121     'service_description'       : 'SAP router certificate',
 122     'default_levels_variable'   : 'saprouter_cert_default_levels',
 123     'group'                     : 'saprouter_cert_age'
 124 }