| version 1.2, 2005/08/25 01:56:07 |
version 1.3, 2006/08/29 23:26:31 |
|
|
| #!/usr/bin/perl
|
#!/usr/bin/perl |
| # $RedRiver$
|
# $RedRiver: check_radius.pl,v 1.2 2005/08/25 00:56:07 andrew Exp $ |
| #
|
# |
| # check_radius.pl - nagios plugin
|
# check_radius.pl - nagios plugin |
| #
|
# |
| #
|
# |
| # Copyright (C) 2003 andrew fresh
|
# Copyright (C) 2003 andrew fresh |
| #
|
# |
| # This program is free software; you can redistribute it and/or
|
# This program is free software; you can redistribute it and/or |
| # modify it under the terms of the GNU General Public License
|
# modify it under the terms of the GNU General Public License |
| # as published by the Free Software Foundation; either version 2
|
# as published by the Free Software Foundation; either version 2 |
| # of the License, or (at your option) any later version.
|
# of the License, or (at your option) any later version. |
| #
|
# |
| # This program is distributed in the hope that it will be useful,
|
# This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU General Public License for more details.
|
# GNU General Public License for more details. |
| #
|
# |
| # You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License |
| # along with this program; if not, write to the Free Software
|
# along with this program; if not, write to the Free Software |
| # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| #
|
# |
| #
|
# |
| # Report bugs to: andrew@mad-techies.org
|
# Report bugs to: andrew@mad-techies.org |
| #
|
# |
| # 11.26.2000 Version 1.0
|
# 11.26.2000 Version 1.0 |
| #
|
# |
| # $Id$
|
# $Id$ |
|
|
|
| use strict;
|
use strict; |
| use warnings;
|
use warnings; |
| use diagnostics;
|
use diagnostics; |
|
|
|
| use POSIX;
|
use POSIX; |
| use lib "C:/nrpe_nt/lib" ;
|
use lib "/usr/local/libexec/nagios"; |
| use utils qw($TIMEOUT %ERRORS &print_revision &support);
|
use utils qw($TIMEOUT %ERRORS &print_revision &support); |
|
|
|
| use Getopt::Long;
|
use Getopt::Long; |
| Getopt::Long::Configure('bundling');
|
Getopt::Long::Configure('bundling'); |
|
|
|
| my $PROGNAME = "check_radius";
|
my $PROGNAME = "check_radius"; |
|
|
|
| my $state = 'UNKNOWN'; # tells whether the it is warning, critical, or OK
|
my $state = 'UNKNOWN'; # tells whether the it is warning, critical, or OK |
| my $answer = ''; # stores the test of the errors
|
my $answer = ''; # stores the test of the errors |
| my $hostname = '';
|
my $hostname = ''; |
| my $port = '';
|
my $port = ''; |
| my $secret = '';
|
my $secret = ''; |
| my $user = '';
|
my $user = ''; |
| my $pwd = '';
|
my $pwd = ''; |
| my $timeout = 5;
|
my $timeout = 5; |
| my %states; # This stores the count of states;
|
my %states; # This stores the count of states; |
| my $file;
|
my $file; |
| my $opt_h ;
|
my $opt_h ; |
| my $opt_V ;
|
my $opt_V ; |
|
|
|
|
|
|
| # Just in case of problems, let's not hang Nagios
|
# Just in case of problems, let's not hang Nagios |
| $SIG{'ALRM'} = sub {
|
$SIG{'ALRM'} = sub { |
| print ("ERROR: No radius response from $hostname (alarm timeout)\n");
|
print ("ERROR: No radius response from $hostname (alarm timeout)\n"); |
| exit $ERRORS{"UNKNOWN"};
|
exit $ERRORS{"UNKNOWN"}; |
| };
|
}; |
| alarm($TIMEOUT);
|
alarm($TIMEOUT); |
|
|
|
|
|
|
|
|
|
| #Option checking
|
#Option checking |
| my $status = GetOptions(
|
my $status = GetOptions( |
| "V" => \$opt_V, "version" => \$opt_V,
|
"V" => \$opt_V, "version" => \$opt_V, |
| "h" => \$opt_h, "help" => \$opt_h,
|
"h" => \$opt_h, "help" => \$opt_h, |
| "H=s" => \$hostname, "hostname=s" => \$hostname,
|
"H=s" => \$hostname, "hostname=s" => \$hostname, |
| "s=s" => \$secret, "secret=s" => \$secret,
|
"s=s" => \$secret, "secret=s" => \$secret, |
| "P=i" => \$port, "port=i" => \$port,
|
"P=i" => \$port, "port=i" => \$port, |
| "u=s" => \$user, "username=s" => \$user,
|
"u=s" => \$user, "username=s" => \$user, |
| "p=s" => \$pwd, "password=s" => \$pwd,
|
"p=s" => \$pwd, "password=s" => \$pwd, |
| "t=i" => \$timeout, "timeout=i"=> \$timeout,
|
"t=i" => \$timeout, "timeout=i"=> \$timeout, |
| );
|
); |
|
|
|
| if ($status == 0)
|
if ($status == 0) |
| {
|
{ |
| print_help() ;
|
print_help() ; |
| exit $ERRORS{'OK'};
|
exit $ERRORS{'OK'}; |
| }
|
} |
|
|
|
|
|
|
| if ($opt_V) {
|
if ($opt_V) { |
| print_revision($PROGNAME,'$Revision$ ');
|
print_revision($PROGNAME,'$Revision$ '); |
| exit $ERRORS{'OK'};
|
exit $ERRORS{'OK'}; |
| }
|
} |
|
|
|
| if ($opt_h) {
|
if ($opt_h) { |
| print_help();
|
print_help(); |
| exit $ERRORS{'OK'};
|
exit $ERRORS{'OK'}; |
| }
|
} |
|
|
|
| unless ($hostname && $secret && $user && $pwd) {
|
unless ($hostname && $secret && $user && $pwd) { |
| print_help();
|
print_help(); |
| exit $ERRORS{'OK'};
|
exit $ERRORS{'OK'}; |
| }
|
} |
|
|
|
| if ($port) {
|
if ($port) { |
| $hostname .= ":" . $port;
|
$hostname .= ":" . $port; |
| }
|
} |
|
|
|
| use Authen::Radius;
|
use Authen::Radius; |
|
|
|
| #print "Creating Client . . . ";
|
#print "Creating Client . . . "; |
| my $r = new Authen::Radius(Host => $hostname, Secret => $secret, Timeout => $timeout);
|
my $r = new Authen::Radius(Host => $hostname, Secret => $secret, Timeout => $timeout); |
| #print defined $r ? "" : "not ", "ok\n";
|
#print defined $r ? "" : "not ", "ok\n"; |
|
|
|
| unless (defined $r) {
|
unless (defined $r) { |
| done('UNKNOWN', "Couldn't create socket!");
|
done('UNKNOWN', "Couldn't create socket!"); |
| }
|
} |
|
|
|
|
|
|
| $r->clear_attributes;
|
$r->clear_attributes; |
|
|
|
| $r->add_attributes (
|
$r->add_attributes ( |
| { Name => 1, Value => $user, Type => 'string' }, # Username
|
{ Name => 1, Value => $user, Type => 'string' }, # Username |
| { Name => 2, Value => $pwd, Type => 'string' }, # Password
|
{ Name => 2, Value => $pwd, Type => 'string' }, # Password |
| { Name => 5, Value => '1', Type => 'integer' }, # NASPort
|
{ Name => 5, Value => '1', Type => 'integer' }, # NASPort |
| );
|
); |
|
|
|
| #print "Authenticating . . .";
|
#print "Authenticating . . ."; |
| my $snt = $r->send_packet(ACCESS_REQUEST);
|
my $snt = $r->send_packet(ACCESS_REQUEST); |
| unless (defined $snt) {
|
unless (defined $snt) { |
| done('CRITICAL', "Couldn't sent authentication packet: " . $r->strerror($r->get_error));
|
done('CRITICAL', "Couldn't sent authentication packet: " . $r->strerror($r->get_error)); |
| }
|
} |
|
|
|
| $r->clear_attributes;
|
$r->clear_attributes; |
|
|
|
| my $rcv = $r->recv_packet();
|
my $rcv = $r->recv_packet(); |
|
|
|
| #print "" . (defined($rcv) and $rcv == ACCESS_ACCEPT) ? "" : "not ", "ok\n";
|
#print "" . (defined($rcv) and $rcv == ACCESS_ACCEPT) ? "" : "not ", "ok\n"; |
|
|
|
| unless (defined $rcv) {
|
unless (defined $rcv) { |
| done ('CRITICAL', "Didn't recieve valid response: " . $r->strerror($r->get_error));
|
done ('CRITICAL', "Didn't recieve valid response: " . $r->strerror($r->get_error)); |
| }
|
} |
|
|
|
| unless ($rcv == ACCESS_ACCEPT) {
|
unless ($rcv == ACCESS_ACCEPT) { |
| done ('WARNING', "Access was denied for $user");
|
done ('WARNING', "Access was denied for $user"); |
| }
|
} |
|
|
|
|
|
|
| #my @a = $r->get_attributes;
|
#my @a = $r->get_attributes; |
| #print "Attributes . . . ";
|
#print "Attributes . . . "; |
| #print $#a != -1 ? "" : "not ", "ok\n";
|
#print $#a != -1 ? "" : "not ", "ok\n"; |
| #for $a (@a) {
|
#for $a (@a) { |
| # print "attr: name=$a->{'Name'} value=$a->{'Value'}\n";
|
# print "attr: name=$a->{'Name'} value=$a->{'Value'}\n"; |
| #}
|
#} |
|
|
|
|
|
|
| if ($state eq 'UNKNOWN') {
|
if ($state eq 'UNKNOWN') { |
| $state = 'OK';
|
$state = 'OK'; |
| $answer = "User $user authenticated correctly!";
|
$answer = "User $user authenticated correctly!"; |
| }
|
} |
|
|
|
| done($state, $answer);
|
done($state, $answer); |
|
|
|
| sub done
|
sub done |
| {
|
{ |
| my $state = shift;
|
my $state = shift; |
| my $answer = shift;
|
my $answer = shift; |
|
|
|
| print "$state: ";
|
print "$state: "; |
| print $answer;
|
print $answer; |
| exit $ERRORS{$state};
|
exit $ERRORS{$state}; |
| }
|
} |
|
|
|
| sub print_help {
|
sub print_help { |
| printf "$PROGNAME plugin for Nagios monitors radius authentication\n";
|
printf "$PROGNAME plugin for Nagios monitors radius authentication\n"; |
| printf " $PROGNAME -H <HOSTNAME> -u <USERNAME> -p <PASSWORD>\n";
|
printf " $PROGNAME -H <HOSTNAME> -u <USERNAME> -p <PASSWORD>\n"; |
| printf "\nUsage:\n";
|
printf "\nUsage:\n"; |
| printf " -H (--hostname) Hostname to query (required)\n";
|
printf " -H (--hostname) Hostname to query (required)\n"; |
| printf " -s (--secret) Radius Secret (required)\n";
|
printf " -s (--secret) Radius Secret (required)\n"; |
| printf " -P (--port) Radius auth port\n";
|
printf " -P (--port) Radius auth port\n"; |
| printf " -u (--username) Username to try authenticating (required)\n";
|
printf " -u (--username) Username to try authenticating (required)\n"; |
| printf " -p (--password) Password to authenticate with (required)\n";
|
printf " -p (--password) Password to authenticate with (required)\n"; |
| printf " -t (--timeout) Time to wait for response (defaults to 5 secs)\n";
|
printf " -t (--timeout) Time to wait for response (defaults to 5 secs)\n"; |
| printf " -h (--help) usage help \n\n";
|
printf " -h (--help) usage help \n\n"; |
| print_revision($PROGNAME, '$Revision$');
|
print_revision($PROGNAME, '$Revision$'); |
| }
|
} |
|
|
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to check_radius.pl CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [local] / nagios / check_radius