File: [local] / nagios / check_radius / check_radius.pl (download)
Revision 1.3, Tue Aug 29 22:26:31 2006 UTC (17 years, 10 months ago) by andrew
Branch: MAIN
CVS Tags: HEAD Changes since 1.2: +182 -182 lines
unix line endings and change the 'lib' directory
|
#!/usr/bin/perl
# $RedRiver: check_radius.pl,v 1.2 2005/08/25 00:56:07 andrew Exp $
#
# check_radius.pl - nagios plugin
#
#
# Copyright (C) 2003 andrew fresh
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
#
# Report bugs to: andrew@mad-techies.org
#
# 11.26.2000 Version 1.0
#
# $Id: check_radius.pl,v 1.3 2006/08/29 22:26:31 andrew Exp $
use strict;
use warnings;
use diagnostics;
use POSIX;
use lib "/usr/local/libexec/nagios";
use utils qw($TIMEOUT %ERRORS &print_revision &support);
use Getopt::Long;
Getopt::Long::Configure('bundling');
my $PROGNAME = "check_radius";
my $state = 'UNKNOWN'; # tells whether the it is warning, critical, or OK
my $answer = ''; # stores the test of the errors
my $hostname = '';
my $port = '';
my $secret = '';
my $user = '';
my $pwd = '';
my $timeout = 5;
my %states; # This stores the count of states;
my $file;
my $opt_h ;
my $opt_V ;
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print ("ERROR: No radius response from $hostname (alarm timeout)\n");
exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);
#Option checking
my $status = GetOptions(
"V" => \$opt_V, "version" => \$opt_V,
"h" => \$opt_h, "help" => \$opt_h,
"H=s" => \$hostname, "hostname=s" => \$hostname,
"s=s" => \$secret, "secret=s" => \$secret,
"P=i" => \$port, "port=i" => \$port,
"u=s" => \$user, "username=s" => \$user,
"p=s" => \$pwd, "password=s" => \$pwd,
"t=i" => \$timeout, "timeout=i"=> \$timeout,
);
if ($status == 0)
{
print_help() ;
exit $ERRORS{'OK'};
}
if ($opt_V) {
print_revision($PROGNAME,'$Revision: 1.3 $ ');
exit $ERRORS{'OK'};
}
if ($opt_h) {
print_help();
exit $ERRORS{'OK'};
}
unless ($hostname && $secret && $user && $pwd) {
print_help();
exit $ERRORS{'OK'};
}
if ($port) {
$hostname .= ":" . $port;
}
use Authen::Radius;
#print "Creating Client . . . ";
my $r = new Authen::Radius(Host => $hostname, Secret => $secret, Timeout => $timeout);
#print defined $r ? "" : "not ", "ok\n";
unless (defined $r) {
done('UNKNOWN', "Couldn't create socket!");
}
$r->clear_attributes;
$r->add_attributes (
{ Name => 1, Value => $user, Type => 'string' }, # Username
{ Name => 2, Value => $pwd, Type => 'string' }, # Password
{ Name => 5, Value => '1', Type => 'integer' }, # NASPort
);
#print "Authenticating . . .";
my $snt = $r->send_packet(ACCESS_REQUEST);
unless (defined $snt) {
done('CRITICAL', "Couldn't sent authentication packet: " . $r->strerror($r->get_error));
}
$r->clear_attributes;
my $rcv = $r->recv_packet();
#print "" . (defined($rcv) and $rcv == ACCESS_ACCEPT) ? "" : "not ", "ok\n";
unless (defined $rcv) {
done ('CRITICAL', "Didn't recieve valid response: " . $r->strerror($r->get_error));
}
unless ($rcv == ACCESS_ACCEPT) {
done ('WARNING', "Access was denied for $user");
}
#my @a = $r->get_attributes;
#print "Attributes . . . ";
#print $#a != -1 ? "" : "not ", "ok\n";
#for $a (@a) {
# print "attr: name=$a->{'Name'} value=$a->{'Value'}\n";
#}
if ($state eq 'UNKNOWN') {
$state = 'OK';
$answer = "User $user authenticated correctly!";
}
done($state, $answer);
sub done
{
my $state = shift;
my $answer = shift;
print "$state: ";
print $answer;
exit $ERRORS{$state};
}
sub print_help {
printf "$PROGNAME plugin for Nagios monitors radius authentication\n";
printf " $PROGNAME -H <HOSTNAME> -u <USERNAME> -p <PASSWORD>\n";
printf "\nUsage:\n";
printf " -H (--hostname) Hostname to query (required)\n";
printf " -s (--secret) Radius Secret (required)\n";
printf " -P (--port) Radius auth port\n";
printf " -u (--username) Username to try authenticating (required)\n";
printf " -p (--password) Password to authenticate with (required)\n";
printf " -t (--timeout) Time to wait for response (defaults to 5 secs)\n";
printf " -h (--help) usage help \n\n";
print_revision($PROGNAME, '$Revision: 1.3 $');
}