#!/usr/bin/perl # # check_radius.pl - nagios plugin # # # Copyright (C) 2003 andrew fresh # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # # Report bugs to: andrew@mad-techies.org # # 11.26.2000 Version 1.0 # # $Id: check_radius.pl,v 1.1 2005/04/22 17:42:57 andrew Exp $ use strict; use warnings; use diagnostics; use POSIX; use lib "C:/nrpe_nt/lib" ; use utils qw($TIMEOUT %ERRORS &print_revision &support); use Getopt::Long; Getopt::Long::Configure('bundling'); my $PROGNAME = "check_radius"; my $state = 'UNKNOWN'; # tells whether the it is warning, critical, or OK my $answer = ''; # stores the test of the errors my $hostname = ''; my $port = ''; my $secret = ''; my $user = ''; my $pwd = ''; my $timeout = 5; my %states; # This stores the count of states; my $file; my $opt_h ; my $opt_V ; # Just in case of problems, let's not hang Nagios $SIG{'ALRM'} = sub { print ("ERROR: No radius response from $hostname (alarm timeout)\n"); exit $ERRORS{"UNKNOWN"}; }; alarm($TIMEOUT); #Option checking my $status = GetOptions( "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, "H=s" => \$hostname, "hostname=s" => \$hostname, "s=s" => \$secret, "secret=s" => \$secret, "P=i" => \$port, "port=i" => \$port, "u=s" => \$user, "username=s" => \$user, "p=s" => \$pwd, "password=s" => \$pwd, "t=i" => \$timeout, "timeout=i"=> \$timeout, ); if ($status == 0) { print_help() ; exit $ERRORS{'OK'}; } if ($opt_V) { print_revision($PROGNAME,'$Revision: 1.1 $ '); exit $ERRORS{'OK'}; } if ($opt_h) { print_help(); exit $ERRORS{'OK'}; } unless ($hostname && $secret && $user && $pwd) { print_help(); exit $ERRORS{'OK'}; } if ($port) { $hostname .= ":" . $port; } use Authen::Radius; #print "Creating Client . . . "; my $r = new Authen::Radius(Host => $hostname, Secret => $secret, Timeout => $timeout); #print defined $r ? "" : "not ", "ok\n"; unless (defined $r) { done('UNKNOWN', "Couldn't create socket!"); } $r->clear_attributes; $r->add_attributes ( { Name => 1, Value => $user, Type => 'string' }, # Username { Name => 2, Value => $pwd, Type => 'string' }, # Password { Name => 5, Value => '1', Type => 'integer' }, # NASPort ); #print "Authenticating . . ."; my $snt = $r->send_packet(ACCESS_REQUEST); unless (defined $snt) { done('CRITICAL', "Couldn't sent authentication packet: " . $r->strerror($r->get_error)); } $r->clear_attributes; my $rcv = $r->recv_packet(); #print "" . (defined($rcv) and $rcv == ACCESS_ACCEPT) ? "" : "not ", "ok\n"; unless (defined $rcv) { done ('CRITICAL', "Didn't recieve valid response: " . $r->strerror($r->get_error)); } unless ($rcv == ACCESS_ACCEPT) { done ('WARNING', "Access was denied for $user"); } #my @a = $r->get_attributes; #print "Attributes . . . "; #print $#a != -1 ? "" : "not ", "ok\n"; #for $a (@a) { # print "attr: name=$a->{'Name'} value=$a->{'Value'}\n"; #} if ($state eq 'UNKNOWN') { $state = 'OK'; $answer = "User $user authenticated correctly!"; } done($state, $answer); sub done { my $state = shift; my $answer = shift; print "$state: "; print $answer; exit $ERRORS{$state}; } sub print_help { printf "$PROGNAME plugin for Nagios monitors radius authentication\n"; printf " $PROGNAME -H -u -p \n"; printf "\nUsage:\n"; printf " -H (--hostname) Hostname to query (required)\n"; printf " -s (--secret) Radius Secret (required)\n"; printf " -P (--port) Radius auth port\n"; printf " -u (--username) Username to try authenticating (required)\n"; printf " -p (--password) Password to authenticate with (required)\n"; printf " -t (--timeout) Time to wait for response (defaults to 5 secs)\n"; printf " -h (--help) usage help \n\n"; print_revision($PROGNAME, '$Revision: 1.1 $'); }